| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Nov 2022 10:02:32 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Kai Huang <kai.huang@...el.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-mm@...ck.org, seanjc@...gle.com, pbonzini@...hat.com,
dave.hansen@...el.com, dan.j.williams@...el.com,
rafael.j.wysocki@...el.com, kirill.shutemov@...ux.intel.com,
ying.huang@...el.com, reinette.chatre@...el.com,
len.brown@...el.com, tony.luck@...el.com, ak@...ux.intel.com,
isaku.yamahata@...el.com, chao.gao@...el.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, bagasdotme@...il.com,
sagis@...gle.com, imammedo@...hat.com
Subject: Re: [PATCH v7 04/20] x86/virt/tdx: Add skeleton to initialize TDX on
demand
On Mon, Nov 21, 2022 at 01:26:26PM +1300, Kai Huang wrote:
> +static int __tdx_enable(void)
> +{
> + int ret;
> +
> + /*
> + * Initializing the TDX module requires doing SEAMCALL on all
> + * boot-time present CPUs. For simplicity temporarily disable
> + * CPU hotplug to prevent any CPU from going offline during
> + * the initialization.
> + */
> + cpus_read_lock();
> +
> + /*
> + * Check whether all boot-time present CPUs are online and
> + * return early with a message so the user can be aware.
> + *
> + * Note a non-buggy BIOS should never support physical (ACPI)
> + * CPU hotplug when TDX is enabled, and all boot-time present
> + * CPU should be enabled in MADT, so there should be no
> + * disabled_cpus and num_processors won't change at runtime
> + * either.
> + */
> + if (disabled_cpus || num_online_cpus() != num_processors) {
> + pr_err("Unable to initialize the TDX module when there's offline CPU(s).\n");
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + ret = init_tdx_module();
> + if (ret == -ENODEV) {
> + pr_info("TDX module is not loaded.\n");
> + tdx_module_status = TDX_MODULE_NONE;
> + goto out;
> + }
> +
> + /*
> + * Shut down the TDX module in case of any error during the
> + * initialization process. It's meaningless to leave the TDX
> + * module in any middle state of the initialization process.
> + *
> + * Shutting down the module also requires doing SEAMCALL on all
> + * MADT-enabled CPUs. Do it while CPU hotplug is disabled.
> + *
> + * Return all errors during the initialization as -EFAULT as the
> + * module is always shut down.
> + */
> + if (ret) {
> + pr_info("Failed to initialize TDX module. Shut it down.\n");
> + shutdown_tdx_module();
> + tdx_module_status = TDX_MODULE_SHUTDOWN;
> + ret = -EFAULT;
> + goto out;
> + }
> +
> + pr_info("TDX module initialized.\n");
> + tdx_module_status = TDX_MODULE_INITIALIZED;
> +out:
> + cpus_read_unlock();
> +
> + return ret;
> +}
Uhm.. so if we've offlined all the SMT siblings because of some
speculation fail or other, this TDX thing will fail to initialize?
Because as I understand it; this TDX initialization happens some random
time after boot, when the first (TDX using) KVM instance gets created,
long after the speculation mitigations are enforced.
Powered by blists - more mailing lists