| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d5aed06ae4b46df5db97fdbac9c01843920a2f96.camel@intel.com>
Date: Wed, 13 Nov 2024 11:26:32 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "Hansen, Dave" <dave.hansen@...el.com>, "seanjc@...gle.com"
<seanjc@...gle.com>, "bp@...en8.de" <bp@...en8.de>, "peterz@...radead.org"
<peterz@...radead.org>, "hpa@...or.com" <hpa@...or.com>, "mingo@...hat.com"
<mingo@...hat.com>, "kirill.shutemov@...ux.intel.com"
<kirill.shutemov@...ux.intel.com>, "tglx@...utronix.de" <tglx@...utronix.de>,
"pbonzini@...hat.com" <pbonzini@...hat.com>, "Williams, Dan J"
<dan.j.williams@...el.com>
CC: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "kvm@...r.kernel.org"
<kvm@...r.kernel.org>, "nik.borisov@...e.com" <nik.borisov@...e.com>,
"Hunter, Adrian" <adrian.hunter@...el.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "Yamahata, Isaku" <isaku.yamahata@...el.com>,
"x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH v7 00/10] TDX host: metadata reading tweaks, bug fix and
info dump
On Mon, 2024-11-11 at 21:28 +0000, Huang, Kai wrote:
> On Mon, 2024-11-11 at 13:00 -0800, Hansen, Dave wrote:
> > On 11/11/24 12:49, Huang, Kai wrote:
> > > It also has a patch to fail module initialization when NO_MOD_BBP feature is not
> > > support.
> > >
> > > Just want to confirm, do you want to remove the code to:
> > >
> > > - print CMRs;
> > > - print TDX module versoin;
> >
> > What is your goal? What is the bare minimum amount of code to get there?
>
> The goal is to get everything that KVM TDX needs merged, plus the bug fix.
>
> KVM TDX needs the new metadata infrastructure and the NO_MOD_BRP patch, so yeah
> only printing CMRs and TDX module version are not needed.
>
> I'll remove them in the next version.
I removed the "version" part in the 'tdx_global_metadata.py' script in order to
remove the code which reads TDX module version from the auto-generated code.
For the sake of having a lore link of the script that I used in the new version,
I attached the updated script here. It just got "version" part removed thus is
not interesting to read.
And Sorry I didn't provide enough info about the "goal" in my previous reply:
The goal of this series is to provide a new TDX global metadata infrastructure
to:
1) address two issues in the current TDX module initialization code, and
2) have an extendable infrastructure which is super easy to read more metadata
and share with KVM for KVM TDX support (and other kernel components for TDX
Connect in the future).
And the reason that we need a new global metadata infrastructure is the current
one can only read TDMR related metadata fields and it is not extendable to read
more metadata fields, which is required to address both 1) and 2) above.
Specifically, below two issues in the current module initialization code need to
be addressed:
1) Module initialization may fail on some large systems (e.g., with 4 or more
sockets).
2) Some old modules can clobber host's RBP when existing from the TDX guest, and
currently they can be initialized successfully. We don't want to use such
modules thus we should just fail to initialize them to avoid memory/cpu cycle
cost of initializing TDX module.
The minimal code to achieve this goal is to remove the code which prints TDX
module version and CMR info in this series. After removing them, the fist 6
patches in this series introduce the new metadata infrastructure, and the rest
patches address the two above issues.
View attachment "tdx_global_metadata.py" of type "text/x-python3" (6151 bytes)
Powered by blists - more mailing lists