lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 22 Apr 2022 10:40:56 -0500
From:   Michael Roth <michael.roth@....com>
To:     Tom Lendacky <thomas.lendacky@....com>
CC:     <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        "Ingo Molnar" <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>,
        "H . Peter Anvin" <hpa@...or.com>,
        Kees Cook <keescook@...omium.org>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>,
        "Nick Desaulniers" <ndesaulniers@...gle.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Venu Busireddy <venu.busireddy@...cle.com>,
        Joerg Roedel <jroedel@...e.de>,
        Tianyu Lan <Tianyu.Lan@...rosoft.com>,
        Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v3 2/2] x86/sev: Get the AP jump table address from
 secrets page

On Fri, Apr 22, 2022 at 10:15:08AM -0500, Tom Lendacky wrote:
> On 4/22/22 08:56, Michael Roth wrote:
> > From: Brijesh Singh <brijesh.singh@....com>
> > 
> > The GHCB specification section 2.7 states that when SEV-SNP is enabled,
> > a hypervisor must provide the AP jump table physical address through
> 
> I missed this on the first version. It's not the hypervisor, but the guest
> BIOS that directly provides the AP jump table physical address, in our case
> OVMF sets the address in the SNP secrets page. This allows communication
> between UEFI/BIOS and OS without hypervisor involvement.

How about this wording for the commit message?

  The GHCB specification section 2.7 states that when SEV-SNP is enabled,
  a guest should not rely on the hypervisor to provide the address of the
  AP jump table. Instead, if a guest BIOS wants provide an AP jump table,
  it should record the address in the SNP secrets page so the guest
  operating system can obtain it directly from there.

  Fix this on the guest kernel side by having SNP guests use the AP jump
  table address published in the secrets page rather than issuing a GHCB
  request to get it.

> 
> > the SNP secrets pages.
> > 
> > Fixes: 0afb6b660a6b ("x86/sev: Use SEV-SNP AP creation to start secondary CPUs")
> > Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> > [ mroth: improve error handling when ioremap()/memremap() return NULL ]
> > [ mroth: don't mix function calls with declarations ]
> > [ mroth: add missing __init ]
> > Signed-off-by: Michael Roth <michael.roth@....com>
> 
> With the commit message change:
> 
> Reviewed-by: Tom Lendacky <thomas.lendacky@....com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ