lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 14 Dec 2023 11:28:25 +1300
From:   Kai Huang <kai.huang@...el.com>
To:     dave.hansen@...el.com, arnd@...nel.org
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        kirill.shutemov@...ux.intel.com, bp@...en8.de,
        peterz@...radead.org, tglx@...utronix.de, tony.luck@...el.com,
        mingo@...hat.com, hpa@...or.com, kai.huang@...el.com
Subject: [PATCH] x86/virt/tdx: Make TDX host depend on X86_MCE

A build failure was reported that when INTEL_TDX_HOST is enabled but
X86_MCE is not, the tdx_dump_mce_info() function fails to link:

  ld: vmlinux.o: in function `tdx_dump_mce_info':
  ...: undefined reference to `mce_is_memory_error'
  ...: undefined reference to `mce_usable_address'

The reason is in such configuration, despite there's no caller of
tdx_dump_mce_info() it is still built and there's no implementation for
the two "mce_*()" functions.

Make INTEL_TDX_HOST depend on X86_MCE to fix.

It makes sense to enable MCE support for the TDX host anyway.  Because
the only way that TDX has to report integrity errors is an MCE, and it
is not good to silently ignore such MCE.  The TDX spec also suggests
the host VMM is expected to implement the MCE handler.

Note it also makes sense to make INTEL_TDX_HOST select X86_MCE but this
generates "recursive dependency detected!" error in the Kconfig.

Reported-by: Arnd Bergmann <arnd@...nel.org>
Closes: https://lore.kernel.org/all/20231212214612.GHZXjUpBFa1IwVMTI7@fat_crate.local/T/
Fixes: 70060463cb2b ("x86/mce: Differentiate real hardware #MCs from TDX erratum ones")
Link: https://lore.kernel.org/all/20231212214612.GHZXjUpBFa1IwVMTI7@fat_crate.local/T/#m1a109c29324b2bbd0b3b1d45c218012cd3a13be6
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
 arch/x86/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 01cdb16acff6..92c03cb99b3e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1974,6 +1974,7 @@ config INTEL_TDX_HOST
 	select ARCH_KEEP_MEMBLOCK
 	depends on CONTIG_ALLOC
 	depends on !KEXEC_CORE
+	depends on X86_MCE
 	help
 	  Intel Trust Domain Extensions (TDX) protects guest VMs from malicious
 	  host and certain physical attacks.  This option enables necessary TDX
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ