| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Apr 2022 12:53:30 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Paolo Bonzini <pbonzini@...hat.com>, isaku.yamahata@...el.com,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: isaku.yamahata@...il.com, Jim Mattson <jmattson@...gle.com>,
erdemaktas@...gle.com, Connor Kuehl <ckuehl@...hat.com>,
Sean Christopherson <seanjc@...gle.com>
Subject: Re: [RFC PATCH v5 101/104] KVM: TDX: Silently ignore INIT/SIPI
On 4/5/22 10:48, Paolo Bonzini wrote:
> On 3/4/22 20:49, isaku.yamahata@...el.com wrote:
>> + if (kvm_init_sipi_unsupported(vcpu->kvm))
>> + /*
>> + * TDX doesn't support INIT. Ignore INIT event. In the
>> + * case of SIPI, the callback of
>> + * vcpu_deliver_sipi_vector ignores it.
>> + */
>> vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
>> - else
>> - vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
>> + else {
>> + kvm_vcpu_reset(vcpu, true);
>> + if (kvm_vcpu_is_bsp(apic->vcpu))
>> + vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
>> + else
>> + vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
>> + }
>
> Should you check vcpu->arch.guest_state_protected instead of
> special-casing TDX? KVM_APIC_INIT is not valid for SEV-ES either, if I
> remember correctly.
While the INIT doesn't update any actual state that is in the encrypted
VMSA, SEV-ES still calls kvm_vcpu_reset() to allow KVM to set any internal
tracking state, etc. I haven't ever tested SEV-ES where that is bypassed.
Thanks,
Tom
>
> Paolo
Powered by blists - more mailing lists