| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250530160809.GBaDnX6auAVJu9PFLr@fat_crate.local>
Date: Fri, 30 May 2025 18:08:09 +0200
From: Borislav Petkov <bp@...en8.de>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org,
linux-efi@...r.kernel.org, x86@...nel.org,
Ingo Molnar <mingo@...nel.org>,
Dionna Amalie Glaze <dionnaglaze@...gle.com>,
Kevin Loughlin <kevinloughlin@...gle.com>,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFT PATCH v3 12/21] x86/sev: Unify SEV-SNP hypervisor feature
check
On Fri, May 30, 2025 at 04:28:52PM +0200, Ard Biesheuvel wrote:
> > > +u64 __head snp_check_hv_features(void)
> > > +{
> > > + /*
> > > + * SNP is supported in v2 of the GHCB spec which mandates support for HV
> > > + * features.
> > > + */
>
> ... get_hv_features() is only when SEV-SNP has already been detected.
Hmm, I see
void sev_enable(struct boot_params *bp)
{
...
/*
* Setup/preliminary detection of SNP. This will be sanity-checked
* against CPUID/MSR values later.
*/
snp = early_snp_init(bp);
...
snp_check_hv_features();
if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED))
This is called here without checking the snp boolean.
And without checking the version it is fragile anyway. Why do you even need to
remove the version check?
Just leave it in.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists