lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 19 Mar 2024 14:57:06 -0700
From: Isaku Yamahata <isaku.yamahata@...el.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: isaku.yamahata@...el.com, kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org, isaku.yamahata@...il.com,
	Paolo Bonzini <pbonzini@...hat.com>, erdemaktas@...gle.com,
	Sagi Shahar <sagis@...gle.com>, Kai Huang <kai.huang@...el.com>,
	chen.bo@...el.com, hang.yuan@...el.com, tina.zhang@...el.com,
	isaku.yamahata@...ux.intel.com
Subject: Re: [PATCH v19 098/130] KVM: TDX: Add a place holder to handle TDX
 VM exit

On Fri, Mar 15, 2024 at 10:45:04AM -0700,
Sean Christopherson <seanjc@...gle.com> wrote:

> On Mon, Feb 26, 2024, isaku.yamahata@...el.com wrote:
> > +int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> > +{
> > +	union tdx_exit_reason exit_reason = to_tdx(vcpu)->exit_reason;
> > +
> > +	/* See the comment of tdh_sept_seamcall(). */
> > +	if (unlikely(exit_reason.full == (TDX_OPERAND_BUSY | TDX_OPERAND_ID_SEPT)))
> > +		return 1;
> > +
> > +	/*
> > +	 * TDH.VP.ENTRY checks TD EPOCH which contend with TDH.MEM.TRACK and
> > +	 * vcpu TDH.VP.ENTER.
> > +	 */
> > +	if (unlikely(exit_reason.full == (TDX_OPERAND_BUSY | TDX_OPERAND_ID_TD_EPOCH)))
> > +		return 1;
> > +
> > +	if (unlikely(exit_reason.full == TDX_SEAMCALL_UD)) {
> > +		kvm_spurious_fault();
> > +		/*
> > +		 * In the case of reboot or kexec, loop with TDH.VP.ENTER and
> > +		 * TDX_SEAMCALL_UD to avoid unnecessarily activity.
> > +		 */
> > +		return 1;
> 
> No.  This is unnecessarily risky.  KVM_BUG_ON() and exit to userspace.  The
> response to "SEAMCALL faulted" should never be, "well, let's try again!".
> 
> Also, what about #GP on SEAMCALL?  In general, the error handling here seems
> lacking.

As I replied at [1], let me revise error handling in general TDX KVM code.
[1] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com/T/#macc431c87676995d65ddcd8de632261a2dedc525
-- 
Isaku Yamahata <isaku.yamahata@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ