lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e7b259b0a986f3cf1578b000f9113933ef80a324.camel@intel.com>
Date: Thu, 13 Mar 2025 22:47:38 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "tglx@...utronix.de" <tglx@...utronix.de>, "peterz@...radead.org"
	<peterz@...radead.org>, "mingo@...hat.com" <mingo@...hat.com>, "Hansen, Dave"
	<dave.hansen@...el.com>, "Huang, Kai" <kai.huang@...el.com>, "bp@...en8.de"
	<bp@...en8.de>, "kirill.shutemov@...ux.intel.com"
	<kirill.shutemov@...ux.intel.com>
CC: "dwmw@...zon.co.uk" <dwmw@...zon.co.uk>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "seanjc@...gle.com" <seanjc@...gle.com>,
	"x86@...nel.org" <x86@...nel.org>, "sagis@...gle.com" <sagis@...gle.com>,
	"hpa@...or.com" <hpa@...or.com>, "Chatre, Reinette"
	<reinette.chatre@...el.com>, "Williams, Dan J" <dan.j.williams@...el.com>,
	"thomas.lendacky@....com" <thomas.lendacky@....com>, "bhe@...hat.com"
	<bhe@...hat.com>, "ashish.kalra@....com" <ashish.kalra@....com>,
	"nik.borisov@...e.com" <nik.borisov@...e.com>, "pbonzini@...hat.com"
	<pbonzini@...hat.com>, "Yamahata, Isaku" <isaku.yamahata@...el.com>
Subject: Re: [RFC PATCH 3/5] x86/kexec: Disable kexec/kdump on platforms with
 TDX partial write erratum

On Thu, 2025-03-13 at 22:32 +0000, Huang, Kai wrote:
> > > 
> > > We can add a kernel parameter 'tdx_host={on|off}' and skip all TDX code
> > > (thus
> > > no
> > > erratum detection) when it is off.  I suppose it will be useful in general
> > > anyway even w/o the context of kexec.
> > 
> > What exactly are you thinking? Add a tdx_host parameter, but what is the
> > default
> > behavior? When tdx_host=on with the errata, kexec must still be disabled,
> > right?
> > Better to return an error, than proceed and crash.
> 
> The default behaviour is tdx_host=off in order to not disrupt kexec/kdump
> behaviour on the TDX platforms with erratum.  The distros will be able to ship
> kernels with both CONFIG_KEXEC_CORE and CONFIG_INTEL_TDX_HOST on, and no
> visible
> impact to the user who doesn't care about TDX.
> 
> If the user is interested in TDX, tdx_host=on must be set in the kernel
> command
> line, but in this case user is expected to know kexec/kdump can only work
> normally if the TDX platform doesn't have the erratum -- kexec/kdump are
> disabled if the platform has the erratum.

So this will switch all of TDX to be default off then, unless the kernel gets a
parameter set. In which case we could also just unlock the Kconfig with just one
small change. TDX and kexec would still mutually exclusive, but just at runtime.
We should try to flag Paolo and see what he thinks.

Or is the proposal to only be default tdx_host=off on the errata platforms? And
tdx_host=on otherwise?

It seems like this series is close though, and would probably be wanted sooner
than later.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ