lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAGtprH82OjizyORJ91d6f6VAn_E9LY7WptN-DsoxwLT4VwOccg@mail.gmail.com>
Date: Thu, 30 Jan 2025 11:45:01 -0800
From: Vishal Annapurve <vannapurve@...gle.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, pbonzini@...hat.com, 
	seanjc@...gle.com, erdemaktas@...gle.com, ackerleytng@...gle.com, 
	jxgao@...gle.com, sagis@...gle.com, oupton@...gle.com, pgonda@...gle.com, 
	dave.hansen@...ux.intel.com, linux-coco@...ts.linux.dev, 
	chao.p.peng@...ux.intel.com, isaku.yamahata@...il.com, stable@...r.kernel.org
Subject: Re: [PATCH V2 1/1] x86/tdx: Route safe halt execution via tdx_safe_halt()

On Thu, Jan 30, 2025 at 10:48 AM Kirill A. Shutemov
<kirill@...temov.name> wrote:
> ...
> > >
> > > I think it is worth to putting this into a separate patch and not
> > > backport. The rest of the patch is bugfix and this doesn't belong.
> > >
> > > Otherwise, looks good to me:
> > >
> > > Reviewed-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>@linux.intel.com>
> > >
> > > --
> > >   Kiryl Shutsemau / Kirill A. Shutemov
> >
> > Thanks Kirill for the review.
> >
> > Thinking more about this fix, now I am wondering why the efforts [1]
> > to move halt/safe_halt under CONFIG_PARAVIRT were abandoned. Currently
> > proposed fix is incomplete as it would not handle scenarios where
> > CONFIG_PARAVIRT_XXL is disabled. I am tilting towards reviving [1] and
> > requiring CONFIG_PARAVIRT for TDX VMs. WDYT?
> >
> > [1] https://lore.kernel.org/lkml/20210517235008.257241-1-sathyanarayanan.kuppuswamy@linux.intel.com/
>
> Many people dislike paravirt callbacks. We tried to avoid relying on them
> for core TDX enabling.
>
> Can you explain the issue you see with CONFIG_PARAVIRT_XXL being disabled?
> I don't think I follow.

Relevant callers of *_safe_halt() are:
1) kvm_wait() -> safe_halt() -> raw_safe_halt() -> arch_safe_halt()
2) acpi_safe_halt() -> safe_halt() -> raw_safe_halt() -> arch_safe_halt()

arch_safe_halt() can get routed to native_safe_halt if
CONFIG_PARAVIRT_XXL is disabled and will use "sti; hlt" combination
which is unsafe for TDX VMs as of now.

Either patch suggested by Sean [1] earlier or the implementation [2]
to implement safe_halt always for TDX VMs seem functionally more
correct to me. [2] being better where it avoids #VEs altogether. I
haven't come across configurations where CONFIG_PARAVIRT_XXL is
disabled but I don't see any guarantees around keeping it enabled for
TDX VMs.

[1] https://lore.kernel.org/lkml/Z5l6L3Hen9_Y3SGC@google.com/
[2] https://lore.kernel.org/lkml/20210517235008.257241-1-sathyanarayanan.kuppuswamy@linux.intel.com/

>
> --
>   Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ