lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 26 Oct 2023 08:43:36 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
        "Lutomirski, Andy" <luto@...nel.org>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "Reshetova, Elena" <elena.reshetova@...el.com>,
        "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "Christopherson,, Sean" <seanjc@...gle.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "Cui, Dexuan" <decui@...rosoft.com>,
        "Yamahata, Isaku" <isaku.yamahata@...el.com>,
        "mikelley@...rosoft.com" <mikelley@...rosoft.com>,
        "hpa@...or.com" <hpa@...or.com>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "bp@...en8.de" <bp@...en8.de>,
        "sathyanarayanan.kuppuswamy@...ux.intel.com" 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        "x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH] x86/mm/cpa: Warn if set_memory_XXcrypted() fails

On 10/25/23 20:45, Edgecombe, Rick P wrote:
> On Wed, 2023-10-25 at 13:03 -0500, Tom Lendacky wrote:
>>
>> Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
> 
> Thanks!
>>>
>>
>> Under SEV, when making a page private/encrypted and the hypervisor
>> does
>> not assign the page to the guest (encrypted), but says it did, then
>> when
>> SEV tries to perform the PVALIDATE in the enc_status_change_finish()
>> call,
>> a nested page fault (#NPF) will be generated and exit to the
>> hypervisor.
>> Until the hypervisor assigns the page to the guest, the guest will
>> not be
>> able to make forward progress in regards to updating or using that
>> page.
> 
> Yea, mismatches between guest page tables and EPT/NPT can be trouble
> for TDX as well.
> 
>>
>> And if the hypervisor returns an error when changing the page state,
>> then,
>> yes, the guest will terminate.
> 
> I guess those callbacks could be changed to return an error after all
> these fixes then, if you want.

Probably not necessary as we will want to terminate the guest in these 
situations and having it here in this one area is easier than checking all 
of the call sites.

Thanks,
Tom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ