lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240116105844.cjnwpzuywukfv5rs@box.shutemov.name>
Date: Tue, 16 Jan 2024 13:58:44 +0300
From: "kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>
To: "Huang, Kai" <kai.huang@...el.com>
Cc: "tglx@...utronix.de" <tglx@...utronix.de>,
	"mingo@...hat.com" <mingo@...hat.com>,
	"bp@...en8.de" <bp@...en8.de>,
	"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
	"hpa@...or.com" <hpa@...or.com>,
	"thomas.lendacky@....com" <thomas.lendacky@....com>,
	"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
	"jpiotrowski@...ux.microsoft.com" <jpiotrowski@...ux.microsoft.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"Cui, Dexuan" <decui@...rosoft.com>,
	"x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCHv2] x86/mm: Fix memory encryption features advertisement

On Tue, Jan 16, 2024 at 10:36:10AM +0000, Huang, Kai wrote:
> On Thu, 2024-01-11 at 14:12 +0300, Kirill A. Shutemov wrote:
> > When memory encryption is enabled, the kernel prints the encryption
> > flavor that the system supports.
> > 
> > The check assumes that everything is AMD SME/SEV if it doesn't have
> > the TDX CPU feature set.
> > 
> > Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest
> > on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory
> > encryption enabled for I/O without the rest of CoCo enabling.
> > 
> > To avoid confusion, check the cc_vendor directly.
> > 
> > Possible alternative is to completely removing the print statement.
> > For a regular TDX guest, the kernel already prints a message indicating
> > that it is booting on TDX. Similarly, AMD and Hyper-V can also display
> > a message during their enumeration process.
> > 
> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> > Cc: Dexuan Cui <decui@...rosoft.com>
> > Cc: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
> 
> Seems this fix is for userspace running in hyperv environment being able to use
> some easy grep to get which coco vendor it is running on?

Making decision in userspace by	grepping dmesg is bad idea and nobody
should do this. It can easily give false result: dmesg is not ABI, format
can change and ring buffer has finite size, the message can be overridden.

If we need a way for userspace to discover which CoCo environment it runs
on, we need proper ABI for that. Maybe sysfs file or something.

> If so I think it would be nice to mention it too.
> 
> Acked-by: Kai Huang <kai.huang@...el.com>

Thanks.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ