lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 24 Apr 2024 12:57:43 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Rick P Edgecombe <rick.p.edgecombe@...el.com>
Cc: "jmattson@...gle.com" <jmattson@...gle.com>, Chao Gao <chao.gao@...el.com>, 
	"vkuznets@...hat.com" <vkuznets@...hat.com>, Vishal Annapurve <vannapurve@...gle.com>, 
	Xiaoyao Li <xiaoyao.li@...el.com>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Vishal L Verma <vishal.l.verma@...el.com>, 
	Reinette Chatre <reinette.chatre@...el.com>, "pbonzini@...hat.com" <pbonzini@...hat.com>, 
	Erdem Aktas <erdemaktas@...gle.com>, Isaku Yamahata <isaku.yamahata@...el.com>, 
	"mlevitsk@...hat.com" <mlevitsk@...hat.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>
Subject: Re: [PATCH V4 0/4] KVM: x86: Make bus clock frequency for vAPIC timer configurable

On Wed, Apr 24, 2024, Rick P Edgecombe wrote:
> Long term though, I have been wondering about how to prevent TDX regressions
> especially on the MMU pieces. It is one thing to have the TDX setups available
> for maintainers, but most normal developers will likely not have access to TDX
> HW for a bit. Just a problem without a solution.

I wouldn't worry too much about hardware availability.  As you said, it's not
a problem we can really solve, and we already have to be concious of the fact
that not all developers have comparable hardware.  E.g. most people don't have
a 4-sock, multi-hundred CPU system with TiBs of RAM.  Not being able to test at
all is obviously a little different, but it's not entirely new.

Instead, I would encourage spending time and effort (after things have settled
down patch wise) to build out selftests.   I tried to run a "real" SEV-ES VM
and gave up because I needed the "right" OVMF build, blah blah blah.  At some
point I'll probably bite the bullet and get a "full" CoCo setup working, but it's
not exactly at the top of my todo list, in no small part because the triage and
debug experience when things go wrong is miles and miles better in selftests.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ