| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z8oImITJahUiZbwj@google.com> Date: Thu, 6 Mar 2025 12:43:49 -0800 From: Sean Christopherson <seanjc@...gle.com> To: Paolo Bonzini <pbonzini@...hat.com> Cc: Xiaoyao Li <xiaoyao.li@...el.com>, Adrian Hunter <adrian.hunter@...el.com>, kvm@...r.kernel.org, rick.p.edgecombe@...el.com, kai.huang@...el.com, reinette.chatre@...el.com, tony.lindgren@...ux.intel.com, binbin.wu@...ux.intel.com, dmatlack@...gle.com, isaku.yamahata@...el.com, nik.borisov@...e.com, linux-kernel@...r.kernel.org, yan.y.zhao@...el.com, chao.gao@...el.com, weijiang.yang@...el.com Subject: Re: [PATCH V2 02/12] KVM: x86: Allow the use of kvm_load_host_xsave_state() with guest_state_protected On Thu, Mar 06, 2025, Paolo Bonzini wrote: > I agree with Xiaoyao that this change is sensible but should be proposed > separately for both SNP and TDX. > > Allowing the use of kvm_load_host_xsave_state() is really ugly, especially > since the corresponding code is so simple: > > if (cpu_feature_enabled(X86_FEATURE_PKU) && vcpu->arch.pkru != 0) > wrpkru(vcpu->arch.host_pkru); It's clearly not "so simple", because this code is buggy. The justification for using kvm_load_host_xsave_state() is that either KVM gets the TDX state model correct and the existing flows Just Work, or we handle all that state as one-offs and at best replicate concepts and flows, and at worst have bugs that are unique to TDX, e.g. because we get the "simple" code wrong, we miss flows that subtly consume state, etc.
Powered by blists - more mailing lists