lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2v2egjmdpb2fzjriqc2ylvqns3heo5bpirtqm7cn32h3zsuwry@y5ejrbyniwxq>
Date: Fri, 13 Sep 2024 18:53:31 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Dave Hansen <dave.hansen@...el.com>
Cc: Sean Christopherson <seanjc@...gle.com>, 
	Alexey Gladkov <legion@...nel.org>, linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev, 
	Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, Yuan Yao <yuan.yao@...el.com>, 
	Geert Uytterhoeven <geert@...ux-m68k.org>, Yuntao Wang <ytcoode@...il.com>, Kai Huang <kai.huang@...el.com>, 
	Baoquan He <bhe@...hat.com>, Oleg Nesterov <oleg@...hat.com>, cho@...rosoft.com, 
	decui@...rosoft.com, John.Starks@...rosoft.com, Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH v6 0/6] x86/tdx: Allow MMIO instructions from userspace

On Thu, Sep 12, 2024 at 08:49:21AM -0700, Dave Hansen wrote:
> On 9/12/24 02:45, Kirill A. Shutemov wrote:
> > On Wed, Sep 11, 2024 at 09:19:04AM -0700, Sean Christopherson wrote:
> >> Yep.  Based on the original report[*], it sounds like the userspace program is
> >> doing a memcpy(), so it's hard to even argue that userspace is being silly.
> > The kernel does MMIO accesses using special helpers that use well-known
> > instructions. I believe we should educate userspace to do the same by
> > rejecting emulation of anything more complex than plain loads and stores.
> > Otherwise these asks will keep coming.
> 
> My assumption is that folks have VMM-specific kernel drivers and crusty
> old userspace that mmap()'s an MMIO region exposed by that driver. They
> want to keep their old userspace.
> 
> Once we're dictating that specific instructions be used, the old
> userspace doesn't work and it needs to be changed. Once it needs to be
> changed, then some _other_ new ABI might as well be considered.
> 
> Basically:
> 
> 	New ABI =~ Specific Kernel-mandated Instructions

If we are going to say "no" to userspace MMIO emulation for TDX, the same
has to be done for SEV. Or we can bring TDX to SEV level and draw the line
there.

SEV and TDX run similar workloads and functional difference in this area
is hard to justify.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ