lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y8lh59ZYZkq4fsOX@google.com>
Date:   Thu, 19 Jan 2023 15:29:43 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     "Huang, Kai" <kai.huang@...el.com>
Cc:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "Yamahata, Isaku" <isaku.yamahata@...el.com>,
        "sean.j.christopherson@...el.com" <sean.j.christopherson@...el.com>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "Shahar, Sagi" <sagis@...gle.com>,
        "Aktas, Erdem" <erdemaktas@...gle.com>,
        "isaku.yamahata@...il.com" <isaku.yamahata@...il.com>,
        "dmatlack@...gle.com" <dmatlack@...gle.com>
Subject: Re: [PATCH v11 018/113] KVM: TDX: create/destroy VM structure

On Thu, Jan 19, 2023, Huang, Kai wrote:
> On Thu, 2023-01-12 at 08:31 -0800, isaku.yamahata@...el.com wrote:
> > +static void tdx_clear_page(unsigned long page_pa)
> > +{
> > +	const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0)));
> > +	void *page = __va(page_pa);
> > +	unsigned long i;
> > +
> > +	if (!static_cpu_has(X86_FEATURE_MOVDIR64B)) {
> > +		clear_page(page);
> > +		return;
> > +	}
> 
> There might be below issues here:
> 
> 1) The kernel says static_cpu_has() should only be used in fast patch where each
> cycle is counted, otherwise use boot_cpu_has().  I don't know whether here you
> should use static_cpu_has().

That documentation is stale[*], go ahead and use cpu_feature_enabled().

https://lore.kernel.org/all/20221107211505.8572-1-bp@alien8.de

> 2) IIUC a CPU feature bit can be cleared by 'clearcpuid=xxx' kernel command

As you note below, using clearcpuid taints the kernel, i.e. any breakage due to
clearcpuid is user error.

> line, so looks you should use CPUID directly otherwise the MOVDIR64B below can
> be unintentionally skipped.  In practice w/o doing MOVDIR64B is fine since KeyID
> 0 doesn't have integrity enabled, but for the purpose you want to achieve
> checking real CPUID should be better.
> 
> But maybe you don't want to do CPUID check here each time when reclaiming a
> page.  In that case you can do CPUID during module initialization and cache
> whether MOVDIR64B is truly present.  static_key is a good fit for this purpose
> too I think.
> 
> But I am also seeing below in the kernel documentation:
> 
>         clearcpuid=X[,X...] [X86]
> 			......
>                         Note that using this option will taint your kernel.
>                         Also note that user programs calling CPUID directly
>                         or using the feature without checking anything
>                         will still see it. This just prevents it from
>                         being used by the kernel or shown in /proc/cpuinfo.
>                         Also note the kernel might malfunction if you disable
>                         some critical bits.
> 
> So the kernel is claiming using this will taint the kernel and it can even
> malfunction.  So maybe it's OK to use static_cpu_has()/boot_cpu_has().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ