lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 May 2022 07:55:37 -0700
From:   Isaku Yamahata <isaku.yamahata@...il.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     "Kirill A. Shutemov" <kirill@...temov.name>,
        Isaku Yamahata <isaku.yamahata@...el.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        frederic@...nel.org, paulmck@...nel.org, rjw@...ysocki.net,
        x86@...nel.org, linux-kernel@...r.kernel.org, jpoimboe@...nel.org,
        isaku.yamahata@...il.com
Subject: Re: [RFC][PATCH 9/9] arch/idle: Change arch_cpu_idle() IRQ behaviour

On Fri, May 20, 2022 at 02:58:19PM +0200,
Peter Zijlstra <peterz@...radead.org> wrote:

> On Fri, May 20, 2022 at 01:13:22PM +0300, Kirill A. Shutemov wrote:
> 
> > So you want to call call the HLT hypercall with .irq_disabled=false and
> > .do_sti=false, but actual RFLAGS.IF in the guest is 0 and avoid CLI on
> > wake up expecting it to be cleared already, right?
> 
> Yep, just like MWAIT can, avoids pointless IF flipping.
> 
> > My reading of the spec is "don't do that". But actual behaviour is up to
> > VMM and TDX module implementation. VMM doens't have access to the guest
> > register file, so it *may* work, I donno.
> 
> Yeah, it totally *can* work, but I've no idea if they done the right
> thing.

There are two cases when interrupt arrives.

- If interrupts arrives after the CPU start executing VMM (or the TDX module),
  VMM can know if interrupt for vCPU arrives. VMM will unblock vcpu scheduling.
  The HLT hypercall returns back to guest.

- If interrupts arrives and vcpu recognizes it before the CPU starts executing
  VMM (or TDX module), the interrupt request is recorded in vRVI (VMCS.RVI)
  due to vRFLAGS.IF=0.  After that, CPU exits from guest to VMM due to HLT
  hypercall.
  Before KVM blocking vcpu scheduling, due to irq_disable=false TDX KVM checks
  if deliverable interrupt events is pending by TDX SEAMCALL (because CPU state
  is protected, VMM can't peek vRVI and vPPR directly.  Note that vRFLAGS.IF is
  ignored in this check).  If vcpu has deliverable pending interrupt, HLT
  hypercall returns.

  Anyway this scenario isn't tested, I need to test it.
-- 
Isaku Yamahata <isaku.yamahata@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ