lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 May 2023 08:18:11 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     "Gupta, Pankaj" <pankaj.gupta@....com>,
        Peter Zijlstra <peterz@...radead.org>,
        Tianyu Lan <ltykernel@...il.com>
Cc:     luto@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
        hpa@...or.com, seanjc@...gle.com, pbonzini@...hat.com,
        jgross@...e.com, tiala@...rosoft.com, kirill@...temov.name,
        jiangshan.ljs@...group.com, ashish.kalra@....com,
        srutherford@...gle.com, akpm@...ux-foundation.org,
        anshuman.khandual@....com, pawan.kumar.gupta@...ux.intel.com,
        adrian.hunter@...el.com, daniel.sneddon@...ux.intel.com,
        alexander.shishkin@...ux.intel.com, sandipan.das@....com,
        ray.huang@....com, brijesh.singh@....com, michael.roth@....com,
        thomas.lendacky@....com, venu.busireddy@...cle.com,
        sterritt@...gle.com, tony.luck@...el.com, samitolvanen@...gle.com,
        fenghua.yu@...el.com, pangupta@....com,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        linux-hyperv@...r.kernel.org, linux-arch@...r.kernel.org
Subject: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler

On 5/30/23 05:16, Gupta, Pankaj wrote:
> #HV handler handles both #NMI & #MCE in the guest and nested #HV is
> never raised by the hypervisor. Next #HV exception is only raised by the
> hypervisor when Guest acknowledges the pending #HV exception by clearing
> "NoFurtherSignal” bit in the doorbell page.

There's a big difference between "is never raised by" and "cannot be
raised by".

Either way, this series (and this patch in particular) needs some much
better changelogs so that this behavior is clear.  It would also be nice
to reference the relevant parts of the hardware specs if the "hardware"*
is helping to provide these guarantees.

* I say "hardware" in quotes because on TDX a big chunk of this behavior
  is implemented in software in the TDX module.  SEV probably does it in
  microcode (or maybe in the secure processor), but I kinda doubt it's
  purely silicon.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ