| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250212000747.3403836-1-vannapurve@google.com> Date: Wed, 12 Feb 2025 00:07:43 +0000 From: Vishal Annapurve <vannapurve@...gle.com> To: x86@...nel.org, linux-kernel@...r.kernel.org Cc: pbonzini@...hat.com, seanjc@...gle.com, erdemaktas@...gle.com, ackerleytng@...gle.com, jxgao@...gle.com, sagis@...gle.com, oupton@...gle.com, pgonda@...gle.com, kirill@...temov.name, dave.hansen@...ux.intel.com, linux-coco@...ts.linux.dev, chao.p.peng@...ux.intel.com, isaku.yamahata@...il.com, sathyanarayanan.kuppuswamy@...ux.intel.com, Vishal Annapurve <vannapurve@...gle.com> Subject: [PATCH V4 0/4] x86/tdx: Route safe halt execution via tdx_safe_halt() Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. So "sti;hlt" sequence needs to be replaced with "TDCALL; raw_local_irq_enable()" for TDX VMs. Changes introduced by the series include: - Move *halt() variants outside CONFIG_PARAVIRT_XXL and under CONFIG_PARAVIRT [1]. - Route "sti; hlt" sequences via tdx_safe_halt() for reliability. - Route "hlt" sequences via tdx_halt() to avoid unnecessary #VEs. - Add explicit dependency on CONFIG_PARAVIRT for TDX VMs. - Warn and fail emulation if HLT #VE emulation executes with interrupts enabled. - Clean up TDX specific idle routine override. Changes since v3: 1) Addressed comments from Sean. 2) Included [1] in the series to fix the scenarios where CONFIG_PARAVIRT_XXL could be disabled. v3: https://lore.kernel.org/all/20250206222714.1079059-1-vannapurve@google.com/ [1] https://lore.kernel.org/lkml/20210517235008.257241-1-sathyanarayanan.kuppuswamy@linux.intel.com/ Kirill A. Shutemov (1): x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT Vishal Annapurve (3): x86/tdx: Route safe halt execution via tdx_safe_halt() x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling x86/tdx: Remove TDX specific idle routine arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 26 ++++++++++++++++- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/include/asm/tdx.h | 2 -- arch/x86/kernel/paravirt.c | 14 ++++++---- arch/x86/kernel/process.c | 3 -- 8 files changed, 67 insertions(+), 42 deletions(-) -- 2.48.1.502.g6dc24dfdaf-goog
Powered by blists - more mailing lists