| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2024 18:28:18 +0100 From: Paolo Bonzini <pbonzini@...hat.com> To: Michael Roth <michael.roth@....com> Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, seanjc@...gle.com, aik@....com, isaku.yamahata@...el.com, thomas.lendacky@....com Subject: Re: [PATCH 09/10] KVM: SEV: introduce KVM_SEV_INIT2 operation On Thu, Feb 15, 2024 at 3:44 PM Michael Roth <michael.roth@....com> wrote: > What I mean is that if userspace is modified for these checks, it's > reasonable to also inform them that only VMSA features present in > those older kernels (i.e. debug-swap) will be available via KVM_SEV_INIT, > and for anything else they will need to use KVM_SEV_INIT. > > That way we can provide clear documentation on what to expect regarding > VMSA features for KVM_SEV_INIT and not have to have the "undefined" > wording: it'll never use anything other than debug-swap depending on the > module param setting. Ah, I agree. > That seems reasonable, but the main thing I was hoping to avoid was > another round of VMSA features changing out from underneath the covers > again. The module param setting is something we've needed to convey > internally/externally a good bit due to the fallout and making this > change would lead to another repeat. Not the end of the world but would > be nice to avoid if possible. The fallout was caused by old kernels not supporting debug-swap and now by failing measurements. As far as I know there is no downside of leaving it disabled by default, and it will fix booting old guest kernels. Paolo
Powered by blists - more mailing lists