lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2659d6eef84f008635ba300f4712501ac88cef2c.camel@intel.com>
Date:   Fri, 30 Jun 2023 09:55:32 +0000
From:   "Huang, Kai" <kai.huang@...el.com>
To:     "peterz@...radead.org" <peterz@...radead.org>
CC:     "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        "Raj, Ashok" <ashok.raj@...el.com>,
        "Luck, Tony" <tony.luck@...el.com>,
        "david@...hat.com" <david@...hat.com>,
        "bagasdotme@...il.com" <bagasdotme@...il.com>,
        "Hansen, Dave" <dave.hansen@...el.com>,
        "ak@...ux.intel.com" <ak@...ux.intel.com>,
        "Wysocki, Rafael J" <rafael.j.wysocki@...el.com>,
        "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
        "Chatre, Reinette" <reinette.chatre@...el.com>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        "pbonzini@...hat.com" <pbonzini@...hat.com>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "Yamahata, Isaku" <isaku.yamahata@...el.com>,
        "nik.borisov@...e.com" <nik.borisov@...e.com>,
        "hpa@...or.com" <hpa@...or.com>, "Shahar, Sagi" <sagis@...gle.com>,
        "imammedo@...hat.com" <imammedo@...hat.com>,
        "bp@...en8.de" <bp@...en8.de>, "Gao, Chao" <chao.gao@...el.com>,
        "Brown, Len" <len.brown@...el.com>,
        "sathyanarayanan.kuppuswamy@...ux.intel.com" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        "Huang, Ying" <ying.huang@...el.com>,
        "Williams, Dan J" <dan.j.williams@...el.com>,
        "x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on
 demand

On Fri, 2023-06-30 at 11:26 +0200, Peter Zijlstra wrote:
> On Thu, Jun 29, 2023 at 12:10:00AM +0000, Huang, Kai wrote:
> > On Wed, 2023-06-28 at 15:17 +0200, Peter Zijlstra wrote:
> > > On Tue, Jun 27, 2023 at 02:12:37AM +1200, Kai Huang wrote:
> > > > +EXPORT_SYMBOL_GPL(tdx_cpu_enable);
> > > 
> > > I can't find a single caller of this.. why is this exported?
> > 
> > It's for KVM TDX patch to use, which isn't in this series.
> > 
> > I'll remove the export.  KVM TDX series can export it.
> 
> Fair enough; where will the KVM TDX series call this? Earlier there was
> talk about doing it at kvm module load time -- but I objected (and still
> do object) to that.
> 
> What's the current plan?
> 

The direction is still doing it during module load (not my series anyway).  But
this can be a separate discussion with KVM maintainers involved.

I understand you have concern that you don't want to have the memory & cpu time
wasted on enabling TDX by default.  For that we can have a kernel command line
to disable TDX once for all (we can even make it default).  It's just not in
this initial TDX support series but I'll send one once this initial support is
done, as mentioned in the cover letter of the previous version (sadly I removed
this paragraph for the sake of making the cover letter shorter):

"
Also, the patch to add the new kernel comline tdx="force" isn't included
in this initial version, as Dave suggested it isn't mandatory.  But I
will add one once this initial version gets merged.
"

Also, KVM will have a module parameter 'enable_tdx'.  I am hoping this could
reduce your concern too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ