lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Apr 2023 07:23:27 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Lai Jiangshan <jiangshanlai@...il.com>,
        linux-kernel@...r.kernel.org
Cc:     Lai Jiangshan <jiangshan.ljs@...group.com>,
        "H. Peter Anvin" <hpa@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Andrew Cooper <andrew.cooper3@...rix.com>,
        Andy Lutomirski <luto@...nel.org>,
        Asit Mallick <asit.k.mallick@...el.com>,
        Cfir Cohen <cfir@...gle.com>,
        Dan Williams <dan.j.williams@...el.com>,
        David Kaplan <David.Kaplan@....com>,
        David Rientjes <rientjes@...gle.com>,
        Dirk Hohndel <dirkhh@...are.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Jan Kiszka <jan.kiszka@...mens.com>,
        Jiri Slaby <jslaby@...e.cz>, Joerg Roedel <joro@...tes.org>,
        Juergen Gross <jgross@...e.com>,
        Kees Cook <keescook@...omium.org>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Mike Stunes <mstunes@...are.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Raj Ashok <ashok.raj@...el.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        Tony Luck <tony.luck@...el.com>, kvm@...r.kernel.org,
        linux-coco@...ts.linux.dev, x86@...nel.org
Subject: Re: [RFC PATCH 0/7] x86/entry: Atomic statck switching for IST

On 4/3/23 07:05, Lai Jiangshan wrote:
> 2.3 #VE
> -------
> 
> The approach for fixing the kernel mode #VE recursion issue is to just
> NOT use IST for #VE although #VE is also considered to be one of the
> super exceptions and had raised some worries:
> https://lore.kernel.org/lkml/YCEQiDNSHTGBXBcj@hirez.programming.kicks-ass.net/
> https://lore.kernel.org/lkml/CALCETrU9XypKbj-TrXLB3CPW6=MZ__5ifLz0ckbB=c=Myegn9Q@mail.gmail.com/
> https://lore.kernel.org/lkml/1843debc-05e8-4d10-73e4-7ddce3b3eae2@intel.com/
> 
> To remit the worries,  SEPT_VE_DISABLE is forced used currently and
> also disables its abilities (accept-on-demand or memory balloon which
> is critical to lightweight VMs like Kata Containers):
> https://lore.kernel.org/lkml/YCb0%2FDg28uI7TRD%2F@google.com/

You don't need #VE for accept-on-demand.  Pages go through _very_
well-defined software choke points before they get used *and* before
they get ballooned.  Thus:

> https://lore.kernel.org/lkml/20230330114956.20342-3-kirill.shutemov@linux.intel.com/

BTW, _who_ considers #VE to be a "super exception"?  Can you explain how
it is any more "super" than #PF?  #PF can recurse.  You can take #PF in
the entry paths.

I kinda don't think you should be using TDX and #VE as part of the
justification for this series.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ