| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0cb00d72e7ebb0969a7ac10f6ade9eea20deaef5.camel@intel.com>
Date: Tue, 18 Jul 2023 10:32:20 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"nik.borisov@...e.com" <nik.borisov@...e.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
CC: "Hansen, Dave" <dave.hansen@...el.com>,
"Christopherson,, Sean" <seanjc@...gle.com>,
"bp@...en8.de" <bp@...en8.de>, "x86@...nel.org" <x86@...nel.org>,
"hpa@...or.com" <hpa@...or.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"pbonzini@...hat.com" <pbonzini@...hat.com>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"Yamahata, Isaku" <isaku.yamahata@...el.com>,
"sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>
Subject: Re: [PATCH 08/10] x86/tdx: Unify TDX_HYPERCALL and TDX_MODULE_CALL
assembly
On Mon, 2023-07-17 at 07:58 +0000, Huang, Kai wrote:
> > On 17.07.23 г. 9:35 ч., Huang, Kai wrote:
> > >
> > > > > +/* Called from __tdx_hypercall() for unrecoverable failure */
> > > > > +static noinstr void __tdx_hypercall_failed(void) {
> > > > > + instrumentation_begin();
> > > > > + panic("TDVMCALL failed. TDX module bug?"); }
> > > >
> > > > So what's the deal with this instrumentation here. The instruction is
> > > > noinstr, so you want to make just the panic call itself
> > > > instrumentable?, if so where's the instrumentation_end() cal;?No
> > > > instrumentation_end() call. Actually is this complexity really worth it for the
> > failure case?
> > > >
> > > > AFAICS there is a single call site for __tdx_hypercall_failed so why
> > > > noot call panic() directly ?
> > >
> > > W/o this patch, the __tdx_hypercall_failed() is called from the
> > > TDX_HYPERCALL assembly, which is in .noinstr.text, and
> > > 'instrumentation_begin()' was needed to avoid the build warning I suppose.
> > >
> > > However now with this patch __tdx_hypercall_failed() is called from
> > > __tdx_hypercall() which is a C function w/o 'noinstr' annotation, thus
> > > I believe
> > > instrumentation_begin() and 'noinstr' annotation are not needed anymore.
> > >
> > > I didn't notice this while moving this function around and my kernel
> > > build test didn't warn me about this. I'll change in next version.
> > >
> > > In fact, perhaps this patch perhaps is too big for review. I will
> > > also try to split it to smaller ones.
> >
> > Can't you simply call panic() directly? Less going around the code while someone
> > is reading it?
>
> I can and will do.
After rebasing to the latest TDX code, I found we should keep the
__tdx_hypercall_failed(). The reason is both the core-kernel (vmlinux) and the
compressed code need the __tdx_hypercall() implementation. Implementing the
__tdx_hypercall_failed() in both core-kernel and compressed code separately
allows the __tdx_hypercall() to be shared by both code, otherwise both of them
need to implement their own __tdx_hypercall().
Note __tdx_hypercall_failed() in the vmlinux calls panic(), but the one in the
compressed code calls error().
Powered by blists - more mailing lists