lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bd391db213179a52d68bb84531775117805d6932.camel@intel.com>
Date: Wed, 2 Apr 2025 21:12:44 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "Gao, Chao" <chao.gao@...el.com>, "Hansen, Dave" <dave.hansen@...el.com>,
	"seanjc@...gle.com" <seanjc@...gle.com>, "x86@...nel.org" <x86@...nel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"tglx@...utronix.de" <tglx@...utronix.de>, "kvm@...r.kernel.org"
	<kvm@...r.kernel.org>, "pbonzini@...hat.com" <pbonzini@...hat.com>
CC: "ebiggers@...gle.com" <ebiggers@...gle.com>, "vigbalas@....com"
	<vigbalas@....com>, "dave.hansen@...ux.intel.com"
	<dave.hansen@...ux.intel.com>, "Bae, Chang Seok" <chang.seok.bae@...el.com>,
	"levymitchell0@...il.com" <levymitchell0@...il.com>,
	"samuel.holland@...ive.com" <samuel.holland@...ive.com>, "Li, Xin3"
	<xin3.li@...el.com>, "Yang, Weijiang" <weijiang.yang@...el.com>,
	"mingo@...hat.com" <mingo@...hat.com>, "mlevitsk@...hat.com"
	<mlevitsk@...hat.com>, "john.allen@....com" <john.allen@....com>, "Spassov,
 Stanislav" <stanspas@...zon.de>, "attofari@...zon.de" <attofari@...zon.de>,
	"Li, Rongqing" <lirongqing@...du.com>, "hpa@...or.com" <hpa@...or.com>,
	"peterz@...radead.org" <peterz@...radead.org>, "aruna.ramakrishna@...cle.com"
	<aruna.ramakrishna@...cle.com>, "bp@...en8.de" <bp@...en8.de>, "Liu, Zhao1"
	<zhao1.liu@...el.com>, "ubizjak@...il.com" <ubizjak@...il.com>
Subject: Re: [PATCH v4 0/8] Introduce CET supervisor state support

Xin and I were discussing the dependencies we have going here.

For arch reasons, CET supervisor shadow stack was waiting for FRED support. And
for KVM development process reasons KVM FRED support is waiting for KVM CET
support. It’s almost a circle.


It looks like Chao has re-arranged the patches such that the space saving
optimization could be dropped. It would just look like switching to the pretty
trivial patches 1-3 I guess. However, he didn’t actually advocate for that to
happen. But the subtext seems to be that it should be considered?

I think there aren't concerns with the bones of the optimization in the later
patches. It’s just polishing that is needed. But some of the polishing needed
(i.e. the long debated naming of for the guest category of features) is
downstream of the growing complexity of the FPU, which we were planning to
accept. So maybe it’s turning out more costly than we expected?

In any case, at this point I think we need to either double down on polishing
this thing up (by pausing other work) and have a clear “please do this with
these patches" request, or declare failure and argue for the smaller version.

I guess I still lean towards keeping the optimization. But I do think it's worth
considering at this point.

Rick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ