lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 25 Mar 2024 10:39:10 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "Yamahata, Isaku" <isaku.yamahata@...el.com>
CC: "Zhang, Tina" <tina.zhang@...el.com>, "seanjc@...gle.com"
	<seanjc@...gle.com>, "Yuan, Hang" <hang.yuan@...el.com>, "Chen, Bo2"
	<chen.bo@...el.com>, "sagis@...gle.com" <sagis@...gle.com>,
	"isaku.yamahata@...il.com" <isaku.yamahata@...il.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Aktas, Erdem"
	<erdemaktas@...gle.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"pbonzini@...hat.com" <pbonzini@...hat.com>, "Li, Xiaoyao"
	<xiaoyao.li@...el.com>, "isaku.yamahata@...ux.intel.com"
	<isaku.yamahata@...ux.intel.com>
Subject: Re: [PATCH v19 039/130] KVM: TDX: initialize VM with TDX specific
 parameters

On Fri, 2024-03-22 at 18:22 -0700, Yamahata, Isaku wrote:
> On Fri, Mar 22, 2024 at 11:20:01AM +0000,
> "Huang, Kai" <kai.huang@...el.com> wrote:
> 
> > On Mon, 2024-02-26 at 00:25 -0800, isaku.yamahata@...el.com wrote:
> > > +struct kvm_tdx_init_vm {
> > > +	__u64 attributes;
> > > +	__u64 mrconfigid[6];	/* sha384 digest */
> > > +	__u64 mrowner[6];	/* sha384 digest */
> > > +	__u64 mrownerconfig[6];	/* sha384 digest */
> > > +	/*
> > > +	 * For future extensibility to make sizeof(struct kvm_tdx_init_vm) = 8KB.
> > > +	 * This should be enough given sizeof(TD_PARAMS) = 1024.
> > > +	 * 8KB was chosen given because
> > > +	 * sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES(=256) = 8KB.
> > > +	 */
> > > +	__u64 reserved[1004];
> > 
> > This is insane.
> > 
> > You said you want to reserve 8K for CPUID entries, but how can these 1004 * 8
> > bytes be used for CPUID entries since ...
> 
> I tried to overestimate it. It's too much, how about to make it
> 1024, reserved[109]?
> 

I am not sure why we need 1024B either.

IIUC, the inputs here in 'kvm_tdx_init_vm' should be a subset of the members in
TD_PARAMS.  This IOCTL() isn't intended to carry any additional input besides
these defined in TD_PARAMS, right?

If so, then it seems to me you "at most" only need to reserve the space for the
members excluding the CPUID entries, because for the CPUID entries we will
always pass them as a flexible array at the end of the structure.

Based on the spec, the "non-CPUID-entry" part only occupies 256 bytes.  To me it
seems we have no reason to reserve more space than 256 bytes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ