lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87k03au36k.wl-maz@kernel.org>
Date:   Thu, 01 Dec 2022 23:14:43 +0000
From:   Marc Zyngier <maz@...nel.org>
To:     Oliver Upton <oliver.upton@...ux.dev>
Cc:     Akihiko Odaki <akihiko.odaki@...nix.com>,
        linux-kernel@...r.kernel.org, kvmarm@...ts.linux.dev,
        kvmarm@...ts.cs.columbia.edu, linux-arm-kernel@...ts.infradead.org,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Alexandru Elisei <alexandru.elisei@....com>,
        James Morse <james.morse@....com>,
        Will Deacon <will@...nel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        asahi@...ts.linux.dev, Alyssa Rosenzweig <alyssa@...enzweig.io>,
        Sven Peter <sven@...npeter.dev>,
        Hector Martin <marcan@...can.st>
Subject: Re: [PATCH 0/3] KVM: arm64: Handle CCSIDR associativity mismatches

On Thu, 01 Dec 2022 18:29:51 +0000,
Oliver Upton <oliver.upton@...ux.dev> wrote:
> 
> On Thu, Dec 01, 2022 at 11:06:50AM +0000, Marc Zyngier wrote:
> 
> [...]
> 
> > It would be a lot better to expose a virtual topology
> > (one set, one way, one level). It would also save us from the CCSIDRX
> > silliness.
> > 
> > The only complexity would be to still accept different topologies from
> > userspace so that we can restore a VM saved before this virtual
> > topology.
> 
> I generally agree that the reported topology is meaningless to
> non-secure software.
> 
> However, with the cloud vendor hat on, I'm worried that inevitably some
> customer will inspect the cache topology of the VM we've provided them
> and complain.

That's their prerogative. It is idiotic, but I guess paying customers
get this privilege ;-).

> Could we extend your suggestion about accepting different topologies to
> effectively tolerate _any_ topology provided by userspace? KVM can
> default to the virtual topology, but a well-informed userspace could
> still provide different values to its guest. No point in trying to
> babyproofing the UAPI further, IMO.

I think this is *exactly* what I suggested. Any valid topology should
be able to be restored, as we currently present the VM with any
topology the host HW may have. This must be preserved.

Eventually, we may even have to expose CCSIDRX, but let's cross that
bridge when we get to it.

Thanks,

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ