| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Apr 2023 00:32:55 +0800
From: Lai Jiangshan <jiangshanlai@...il.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: linux-kernel@...r.kernel.org,
Lai Jiangshan <jiangshan.ljs@...group.com>,
"H. Peter Anvin" <hpa@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>,
Andrew Cooper <andrew.cooper3@...rix.com>,
Andy Lutomirski <luto@...nel.org>,
Asit Mallick <asit.k.mallick@...el.com>,
Cfir Cohen <cfir@...gle.com>,
Dan Williams <dan.j.williams@...el.com>,
David Kaplan <David.Kaplan@....com>,
David Rientjes <rientjes@...gle.com>,
Erdem Aktas <erdemaktas@...gle.com>,
Jan Kiszka <jan.kiszka@...mens.com>,
Jiri Slaby <jslaby@...e.cz>, Joerg Roedel <joro@...tes.org>,
Juergen Gross <jgross@...e.com>,
Kees Cook <keescook@...omium.org>,
Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Mike Stunes <mstunes@...are.com>,
Peter Zijlstra <peterz@...radead.org>,
Raj Ashok <ashok.raj@...el.com>,
Sean Christopherson <seanjc@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Tom Lendacky <thomas.lendacky@....com>,
Tony Luck <tony.luck@...el.com>, kvm@...r.kernel.org,
linux-coco@...ts.linux.dev, x86@...nel.org
Subject: Re: [RFC PATCH 0/7] x86/entry: Atomic statck switching for IST
On Mon, Apr 3, 2023 at 10:23 PM Dave Hansen <dave.hansen@...el.com> wrote:
>
> On 4/3/23 07:05, Lai Jiangshan wrote:
> > 2.3 #VE
> > -------
> >
> > The approach for fixing the kernel mode #VE recursion issue is to just
> > NOT use IST for #VE although #VE is also considered to be one of the
> > super exceptions and had raised some worries:
> > https://lore.kernel.org/lkml/YCEQiDNSHTGBXBcj@hirez.programming.kicks-ass.net/
> > https://lore.kernel.org/lkml/CALCETrU9XypKbj-TrXLB3CPW6=MZ__5ifLz0ckbB=c=Myegn9Q@mail.gmail.com/
> > https://lore.kernel.org/lkml/1843debc-05e8-4d10-73e4-7ddce3b3eae2@intel.com/
> >
> > To remit the worries, SEPT_VE_DISABLE is forced used currently and
> > also disables its abilities (accept-on-demand or memory balloon which
> > is critical to lightweight VMs like Kata Containers):
> > https://lore.kernel.org/lkml/YCb0%2FDg28uI7TRD%2F@google.com/
>
> You don't need #VE for accept-on-demand. Pages go through _very_
> well-defined software choke points before they get used *and* before
> they get ballooned. Thus:
>
> > https://lore.kernel.org/lkml/20230330114956.20342-3-kirill.shutemov@linux.intel.com/
>
Thanks for the information.
I will have a look to see how it supports memory balloons.
And if accept-on-demand were supported, do we still need this
CONFIG_UNACCEPTED_MEMORY?
> BTW, _who_ considers #VE to be a "super exception"? Can you explain how
> it is any more "super" than #PF? #PF can recurse. You can take #PF in
> the entry paths.
>
> I kinda don't think you should be using TDX and #VE as part of the
> justification for this series.
You are right, #VE is not a super exception anymore since SEPT_VE_DISABLE
is forced set in the Linux kernel and it is nothing to do with this series.
But #VE was once thought to be a super exception (I will correct the
sentence in the cover letter), so it is worth mentioning it.
And since SEPT_VE_DISABLE is configurable, it would allow some paranoids
to have a try with SEPT_VE_DISABLE=false even without FRED.
The paranoids can try it with IST #VE.
Thanks
Lai
Powered by blists - more mailing lists