| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aCWVGtLo7XhW7aT0@gmail.com> Date: Thu, 15 May 2025 09:17:46 +0200 From: Ingo Molnar <mingo@...nel.org> To: Ard Biesheuvel <ardb@...nel.org> Cc: Borislav Petkov <bp@...en8.de>, Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org, x86@...nel.org, Dionna Amalie Glaze <dionnaglaze@...gle.com>, Kevin Loughlin <kevinloughlin@...gle.com>, Tom Lendacky <thomas.lendacky@....com>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [RFT PATCH v3 00/21] x86: strict separation of startup code * Ard Biesheuvel <ardb@...nel.org> wrote: > On Wed, 14 May 2025 at 07:32, Ingo Molnar <mingo@...nel.org> wrote: > > > > > > * Ard Biesheuvel <ardb@...nel.org> wrote: > > > ... > > > In any case, there is no urgency wrt these changes as far as I am > > > concerned, and given that I already found an issue myself with v3, > > > perhaps it is better if we disregard it for the time being, and we can > > > come back to it for the next cycle. In the mean time, I can compare > > > notes with Boris and Tom directly to ensure that this is in the right > > > shape, and perhaps we could at least fix the pgtable_l5_enabled() mess > > > as well (for which I sent out a RFC/v3 today). > > > ... > > We could perhaps do the mechanical code movement to > > arch/x86/boot/startup/ alone, without any of the followup functional > > changes. This would reduce the cross section of the riskiest part of > > your series substantially. > > The first phase of this work, which is already queued up, was to move > all of the source files that were using RIP_REL_REF() into > arch/x86/boot/startup to be built with -fPIC so that RIP_REL_REF() > could be removed. > > The current phase is to separate code that really needs to live under > startup/ from code that doesn't. This is the bit that was > straight-forward for mapping the kernel (including the SME encryption > pieces) because they were already in dedicated source files, but not > so straight-forward for SEV-SNP. > > In reality, the mechanical code movement in this phase is mostly in > the opposite direction, where things are separated into startup and > non-startup code at a high level of detail, and the latter is moved > out again. > > > If that sounds good to you, please send a > > series for review. > > > > Not sure what happened to the tip/x86/boot branch in the meantime, It got merged into tip:x86/core. I wrote you an email about it yesterday, should be somewhere in your inbox. :) > [...] but assuming that what was already queued up is still scheduled > for the next cycle, I don't think there are any parts of this series > that could be meaningfully rearranged. IOW, the SEV-SNP refactoring > needs to be completed first, which accounts for most of the code > movement. Understood. Thanks, Ingo
Powered by blists - more mailing lists