lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <14f9106d-3a34-4f10-ba4e-465c73c94eba@google.com>
Date: Tue, 18 Mar 2025 15:48:47 -0700
From: Junaid Shahid <junaids@...gle.com>
To: Brendan Jackman <jackmanb@...gle.com>, Borislav Petkov <bp@...en8.de>
Cc: akpm@...ux-foundation.org, dave.hansen@...ux.intel.com,
 yosryahmed@...gle.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-mm@...ck.org, peterz@...radead.org, seanjc@...gle.com,
 tglx@...utronix.de, x86@...nel.org
Subject: Re: [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API

On 3/18/25 6:03 AM, Brendan Jackman wrote:
> On Tue Mar 18, 2025 at 12:50 AM UTC, Junaid Shahid wrote:
>> On 3/17/25 4:40 AM, Brendan Jackman wrote:
>>>
>>> static inline void asi_start(void)
>>> {
>>> 	/*
>>> 	 * Cannot currently context switch in the restricted adddress
>>> 	 * space.
>>> 	 */
>>> 	lockdep_assert_preemption_disabled();
>>
>> I assume that this limitation is just for the initial version in this RFC,
>> right?
> 
> Well I think we also wanna get ASI in-tree with this limitation,
> otherwise the initial series will be too big and complex. 

Agreed. That is what I meant as well.

> 
>> But even in that case, I think this should be in asi_start_critical()
>> below, not asi_start(), since IIRC the KVM run loop does contain preemptible
>> code as well. And we would need an explicit asi_exit() in the context switch
>> code like we had in an earlier RFC.
> 
> Oh. Yeah. In my proposal below I had totally forgotten we had
> asi_exit() in the context_switch() path (it is there in this patch).
> 
> So we only need the asi_exit() in the KVM code in order to avoid
> actually hitting e.g. exit_to_user_mode() in the restricted address
> space.
> 
> But... we can just put an asi_exit() there explicitly instead of
> dumping all this weirdness into the "core API" and the KVM codebase.
> 
> So... I think all we really need is asi_start_critical() and
> asi_end_critical()? And make everything else happen as part of the
> normal functioning of the entry and context-switching logic. Am I
> forgetting something else?

Yes, I think this should work.


Thanks,
Junaid

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ