lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a1052ec0-4ea6-d5db-a729-deec08712683@intel.com>
Date:   Thu, 7 Apr 2022 09:29:22 +0800
From:   Xiaoyao Li <xiaoyao.li@...el.com>
To:     Paolo Bonzini <pbonzini@...hat.com>, isaku.yamahata@...el.com,
        kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Cc:     isaku.yamahata@...il.com, Jim Mattson <jmattson@...gle.com>,
        erdemaktas@...gle.com, Connor Kuehl <ckuehl@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>
Subject: Re: [RFC PATCH v5 027/104] KVM: TDX: initialize VM with TDX specific
 parameters

On 4/5/2022 8:58 PM, Paolo Bonzini wrote:
> On 3/4/22 20:48, isaku.yamahata@...el.com wrote:
>> +    td_params->attributes = init_vm->attributes;
>> +    if (td_params->attributes & TDX_TD_ATTRIBUTE_PERFMON) {
>> +        pr_warn("TD doesn't support perfmon. KVM needs to save/restore "
>> +            "host perf registers properly.\n");
>> +        return -EOPNOTSUPP;
>> +    }
> 
> Why does KVM have to hardcode this (and LBR/AMX below)?  Is the level of 
> hardware support available from tdx_caps, for example through the CPUID 
> configs (0xA for this one, 0xD for LBR and AMX)?

It's wrong code. PMU is allowed.

AMX and LBR are disallowed because and the time we wrote the codes they 
are not supported by KVM. Now AMX should be allowed, but (arch-)LBR 
should be still blocked until KVM merges arch-LBR support.

>> +    /* PT can be exposed to TD guest regardless of KVM's XSS support */
>> +    guest_supported_xss &= (supported_xss | XFEATURE_MASK_PT);
>> +    td_params->xfam = guest_supported_xcr0 | guest_supported_xss;
>> +    if (td_params->xfam & TDX_TD_XFAM_LBR) {
>> +        pr_warn("TD doesn't support LBR. KVM needs to save/restore "
>> +            "IA32_LBR_DEPTH properly.\n");
>> +        return -EOPNOTSUPP;
>> +    }
>> +
>> +    if (td_params->xfam & TDX_TD_XFAM_AMX) {
>> +        pr_warn("TD doesn't support AMX. KVM needs to save/restore "
>> +            "IA32_XFD, IA32_XFD_ERR properly.\n");
>> +        return -EOPNOTSUPP;
>> +    }
> 
>>
>> +    if (init_vm->tsc_khz)
>> +        guest_tsc_khz = init_vm->tsc_khz;
>> +    else
>> +        guest_tsc_khz = max_tsc_khz;
> 
> You can just use kvm->arch.default_tsc_khz in the latest kvm/queue.

yes. will change it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ