lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 21 Nov 2023 10:57:27 +0000
From:   Salil Mehta <salil.mehta@...wei.com>
To:     Oliver Upton <oliver.upton@...ux.dev>,
        "Russell King (Oracle)" <linux@...linux.org.uk>
CC:     Jianyong Wu <jianyong.wu@....com>,
        "maz@...nel.org" <maz@...nel.org>,
        "james.morse@....com" <james.morse@....com>,
        "will@...nel.org" <will@...nel.org>,
        "suzuki.poulose@....com" <suzuki.poulose@....com>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        "kvmarm@...ts.linux.dev" <kvmarm@...ts.linux.dev>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "justin.he@....com" <justin.he@....com>
Subject: RE: [PATCH] arm64/kvm: Introduce feature extension for SMCCC filter

> From: Oliver Upton <oliver.upton@...ux.dev>
> Sent: Thursday, November 16, 2023 11:22 PM
> To: Russell King (Oracle) <linux@...linux.org.uk>
> 
> On Thu, Nov 16, 2023 at 07:06:18PM +0000, Russell King (Oracle) wrote:
> > On Thu, Nov 16, 2023 at 11:41:52AM +0000, Jianyong Wu wrote:
> > > 821d935c87b introduces support for userspace SMCCC filtering, but lack
> > > of a way to tell userspace if we have this feature. Add a corresponding
> > > feature extension can resolve this issue.
> > >
> > > For example, the incoming feature Vcpu Hotplug needs the SMCCC filter.
> > > As there is no way to check this feature, VMM will run into error when
> > > it calls this feature on an old kernel. It's bad for backward compatible.
> >
> > Can't you just attempt to use the SMCCC filtering, and if it errors out
> > with the appropriate error code, decide that SMCCC filtering is not
> > available?
> 
> That would also work, as we return ENXIO for the unsupported ioctl.
> 
> > That's how most things like kernel syscalls work - if they're not
> > implemented they return -ENOSYS. glibc can detect that and use a
> > fallback.
> 
> I generally agree, but KVM has gone in the other direction of providing
> auxiliary interfaces for discovering new UAPI. ENXIO has been slightly
> overloaded to imply that a given ioctl is non-existent or otherwise
> unsupported due to some dynamic configuration.


Agreed. We require this check for vCPU Hotplug series as well exactly
for the reason you stated above i.e. to clearly distinguish the case
when KVM host does not support SMCCC filter and when it does but an
error is purged out during configuration of this filter. In the later
we would like to abort the VM initialization (as being done in RFC V2)
but in former we would just continue without supporting vCPU Hotplug
feature. Handling is different in each.

Thanks
Salil.

> 
> Is it ideal? Of course not. With that said userspace may as well use the
> preferred / documented discoverability mechanism. And in Jianyong's case
> the KVM documentation is rather unambiguous (for once) about how you
> discover device attributes.
> 
> https://docs.kernel.org/virt/kvm/api.html#kvm-has-device-attr
> 
> --
> Thanks,
> Oliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ