[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240705160404.GA15452@prme-hs2-i1009>
Date: Fri, 5 Jul 2024 09:04:17 -0700
From: Tim Merrifield <tim.merrifield@...adcom.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>,
Xin Li <xin3.li@...el.com>, Ard Biesheuvel <ardb@...nel.org>,
Kai Huang <kai.huang@...el.com>,
Kevin Loughlin <kevinloughlin@...gle.com>,
Thomas Zimmermann <tzimmermann@...e.de>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
Kees Cook <kees@...nel.org>, Mike Rapoport <rppt@...nel.org>,
Brian Gerst <brgerst@...il.com>, linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org, Ajay Kaher <ajay.kaher@...adcom.com>,
Alexey Makhalov <alexey.amakhalov@...adcom.com>,
Broadcom internal kernel review list <bcm-kernel-feedback-list@...adcom.com>,
virtualization@...ts.linux.dev, alex.james@...adcom.com,
doug.covelli@...adcom.com, jeffrey.sheldon@...adcom.com
Subject: Re: [PATCH 0/2] Support userspace hypercalls for TDX
Thanks for the response, Dave.
On Wed, Jul 03, 2024 at 05:18:22PM -0700, Dave Hansen wrote:
>
> Could we please be frank and transparent about what you actually want
> here and how you expect this mechanism to be used?
>
Sorry for being unclear. open-vm-tools is currently broken on TDX and
the intent here is to fix that. The idea is that versions of open-vm-tools
that have been audited and restricted to certain hypercalls, would execute
prctl to mark the process as capable of executing hypercalls.
> This inheritance model seems more suited to wrapping a tiny helper app
> around an existing binary, a la:
>
> prctl(ARCH_SET_COCO_USER_HCALL);
> execve("/existing/binary/that/i/surely/did/not/audit", ...);
>
> ... as opposed to something that you set in new versions of
> open-vm-tools after an extensive audit and a bug fixing campaign to
> clean up everything that the audit found.
I understand the concern about inheritance. I chose prctl primarily
because of some existing options that seemed similar, mainly speculation
control. Is there an alternative approach that doesn't suffer from the
inheritance issue?
Powered by blists - more mailing lists