lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Oct 2022 07:22:36 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Guorui Yu <GuoRui.Yu@...ux.alibaba.com>, kirill.shutemov@...ux.intel.com Cc: ak@...ux.intel.com, bp@...en8.de, dan.j.williams@...el.com, david@...hat.com, elena.reshetova@...el.com, hpa@...or.com, linux-kernel@...r.kernel.org, luto@...nel.org, mingo@...hat.com, peterz@...radead.org, sathyanarayanan.kuppuswamy@...ux.intel.com, seanjc@...gle.com, tglx@...utronix.de, thomas.lendacky@....com, x86@...nel.org Subject: Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory On 10/30/22 21:07, Guorui Yu wrote: > We have encountered similar problems on SEV-ES, here are their fixes > on Kernel [1] and OVMF[2]. SEV-ES and TDX are very different beasts in this area. > Instead of enforcing the ATTR_SEPT_VE_DISABLE in TDX guest kernel, I > think the fix should also include necessary check on the MMIO path of > the #VE routine. Instead? Without ATTR_SEPT_VE_DISABLE, a #VE can occur on basically any instruction. We call those kinds of exceptions "paranoid entry" points. They need special handling like the NMI or #MC handlers. I'd be happy to look at a patch that does the MMIO path check *and* turns the #VE handler into a robust entry point. Bonus points if you can do ~5 lines of C like the approach in this thread.
Powered by blists - more mailing lists