lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250530160809.GBaDnX6auAVJu9PFLr@fat_crate.local>
Date: Fri, 30 May 2025 18:08:09 +0200
From: Borislav Petkov <bp@...en8.de>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Ard Biesheuvel <ardb+git@...gle.com>, linux-kernel@...r.kernel.org,
	linux-efi@...r.kernel.org, x86@...nel.org,
	Ingo Molnar <mingo@...nel.org>,
	Dionna Amalie Glaze <dionnaglaze@...gle.com>,
	Kevin Loughlin <kevinloughlin@...gle.com>,
	Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFT PATCH v3 12/21] x86/sev: Unify SEV-SNP hypervisor feature
 check

On Fri, May 30, 2025 at 04:28:52PM +0200, Ard Biesheuvel wrote:
> > > +u64 __head snp_check_hv_features(void)
> > > +{
> > > +     /*
> > > +      * SNP is supported in v2 of the GHCB spec which mandates support for HV
> > > +      * features.
> > > +      */
> 
> ... get_hv_features() is only when SEV-SNP has already been detected.

Hmm, I see

void sev_enable(struct boot_params *bp)
{
	...

        /*
         * Setup/preliminary detection of SNP. This will be sanity-checked
         * against CPUID/MSR values later.
         */
        snp = early_snp_init(bp);

	...

        snp_check_hv_features();

        if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED))

This is called here without checking the snp boolean.

And without checking the version it is fragile anyway. Why do you even need to
remove the version check?

Just leave it in.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ