lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YwbQtaaCkBwezpB+@kernel.org>
Date:   Thu, 25 Aug 2022 04:30:29 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Peter Gonda <pgonda@...gle.com>
Cc:     "Kalra, Ashish" <Ashish.Kalra@....com>,
        the arch/x86 maintainers <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        kvm list <kvm@...r.kernel.org>,
        "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
        "Lendacky, Thomas" <Thomas.Lendacky@....com>,
        "H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Sergio Lopez <slp@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
        David Rientjes <rientjes@...gle.com>,
        Dov Murik <dovmurik@...ux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@....com>,
        Borislav Petkov <bp@...en8.de>,
        "Roth, Michael" <Michael.Roth@....com>,
        Vlastimil Babka <vbabka@...e.cz>,
        "Kirill A . Shutemov" <kirill@...temov.name>,
        Andi Kleen <ak@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>, Marc Orr <marcorr@...gle.com>,
        Sathyanarayanan Kuppuswamy 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Alper Gun <alpergun@...gle.com>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>
Subject: Re: [PATCH Part2 v6 02/49] iommu/amd: Introduce function to check
 SEV-SNP support

On Thu, Aug 25, 2022 at 04:28:12AM +0300, jarkko@...nel.org wrote:
> On Tue, Jun 21, 2022 at 11:50:59AM -0600, Peter Gonda wrote:
> > On Tue, Jun 21, 2022 at 11:45 AM Kalra, Ashish <Ashish.Kalra@....com> wrote:
> > >
> > > [AMD Official Use Only - General]
> > >
> > > Hello Peter,
> > >
> > > >> +bool iommu_sev_snp_supported(void)
> > > >> +{
> > > >> +       struct amd_iommu *iommu;
> > > >> +
> > > >> +       /*
> > > >> +        * The SEV-SNP support requires that IOMMU must be enabled, and is
> > > >> +        * not configured in the passthrough mode.
> > > >> +        */
> > > >> +       if (no_iommu || iommu_default_passthrough()) {
> > > >> +               pr_err("SEV-SNP: IOMMU is either disabled or
> > > >> + configured in passthrough mode.\n");
> > >
> > > > Like below could this say something like snp support is disabled because of iommu settings.
> > >
> > > Here we may need to be more precise with the error information indicating why SNP is not enabled.
> > > Please note that this patch may actually become part of the IOMMU + SNP patch series, where
> > > additional checks are done, for example, not enabling SNP if IOMMU v2 page tables are enabled,
> > > so precise error information will be useful here.
> > 
> > I agree we should be more precise. I just thought we should explicitly
> > state something like: "SEV-SNP: IOMMU is either disabled or configured
> > in passthrough mode, SNP cannot be supported".
> 
> It really should be, in order to have any practical use:
> 
> 	if (no_iommu) {
> 		pr_err("SEV-SNP: IOMMU is disabled.\n");
> 		return false;
> 	}
> 
> 	if (iommu_default_passthrough()) {
> 		pr_err("SEV-SNP: IOMMU is configured in passthrough mode.\n");
> 		return false;
> 	}
> 
> The comment is *completely* redundant, it absolutely does
> not serve any sane purpose. It just tells what the code
> already clearly stating.
> 
> The combo error message on the other hand leaves you to
> the question "which one was it", and for that reason
> combining the checks leaves you to a louse debugging
> experience.

Also, are those really *errors*? That implies that there
is something wrong.

Since you can have a legit configuration, IMHO they should
be either warn or info. What do you think?

They are definitely not errors.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ