lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <152887381150e434e6080347abf23cec45ca6cf3.camel@intel.com>
Date: Tue, 6 Aug 2024 21:01:53 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "Hansen, Dave" <dave.hansen@...el.com>, "seanjc@...gle.com"
	<seanjc@...gle.com>, "bp@...en8.de" <bp@...en8.de>, "peterz@...radead.org"
	<peterz@...radead.org>, "hpa@...or.com" <hpa@...or.com>, "mingo@...hat.com"
	<mingo@...hat.com>, "Williams, Dan J" <dan.j.williams@...el.com>,
	"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
	"pbonzini@...hat.com" <pbonzini@...hat.com>, "tglx@...utronix.de"
	<tglx@...utronix.de>
CC: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "kvm@...r.kernel.org"
	<kvm@...r.kernel.org>, "Yamahata, Isaku" <isaku.yamahata@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Gao, Chao"
	<chao.gao@...el.com>, "binbin.wu@...ux.intel.com"
	<binbin.wu@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH v2 06/10] x86/virt/tdx: Refine a comment to reflect the
 latest TDX spec

On Tue, 2024-08-06 at 12:06 -0700, Williams, Dan J wrote:
> Huang, Kai wrote:
> [..]
> > > Given this is JSON any plan to just check-in "global_metadata.json"
> > > somewhere in tools/ with a script that queries for a set of fields and
> > > spits them out into a Linux data structure + set of TD_SYSINFO_*_MAP()
> > > calls? Then no future review bandwidth needs to be spent on manually
> > > checking offsets names and values, they will just be pulled from the
> > > script.
> > 
> > This seems a good idea.  I'll add this to my TODO list and evaluate it
> > first.
> > 
> > One minor issue is some metadata fields may need special handling.  E.g.,
> > MAX_VCPUS_PER_TD (which is u16) may not be supported by some old TDX
> > modules, but this isn't an error because we can just treats it as
> > U16_MAX.
> 
> TDX Module had better not be breaking us when they remove metadata
> fields. So if you know of fields that get removed the module absolutely
> cannot cause existing code paths. 
> 

I don't think they will remove any metadata field.  They may add more
field(s) when new feature is added to a new version module, but not
remove.

One thing we might need to confirm is an new version of module should
always support the features that old modules support.  But IMHO this
should not be relevant if we have a policy below.

> Linux could maybe grant that some
> values start returning an explicit "deprecated" error code in the future
> and Linux adds handling for that common case. Outside of that metadata
> fields are forever and the module needs to ship placeholder values that
> fail gracefully on older kernels.
> 
> OS software should not be expected to keep up with the whims of metadata
> field removals without an explicit plan to make those future removals
> benign to legacy kernels.

I think we can have a simple rule like below?

The kernel decides which metadata fields are essential, and which are
optional.  If any essential field is missing, then kernel cannot use TDX.

In this way the kernel doesn't depend on whims of TDX module version
changes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ