lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2838eb7a-9d54-48f2-aabe-1428f65a4fd2@intel.com>
Date: Thu, 17 Jul 2025 11:14:09 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Binbin Wu <binbin.wu@...ux.intel.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>,
 Sean Christopherson <seanjc@...gle.com>,
 Rick Edgecombe <rick.p.edgecombe@...el.com>, kvm@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: TDX: Don't report base TDVMCALLs

On 7/17/2025 10:45 AM, Binbin Wu wrote:
> 
> 
> On 7/17/2025 10:20 AM, Xiaoyao Li wrote:
>> Remove TDVMCALLINFO_GET_QUOTE from user_tdvmcallinfo_1_r11 reported to
>> userspace to align with the direction of the GHCI spec.
>>
>> Recently, concern was raised about a gap in the GHCI spec that left
>> ambiguity in how to expose to the guest that only a subset of GHCI
>> TDVMCalls were supported. During the back and forth on the spec 
>> details[0],
>> <GetQuote> was moved from an individually enumerable TDVMCall, to one 
>> that
>> is part of the 'base spec', meaning it doesn't have a specific bit in the
> 
> 'GHCI base API' is more appropriate instead of 'base spec'
> 
>> <GetTDVMCallInfo> return values. Although the spec[1] is still in draft
>> form, the GetQoute part has been agreed by the major TDX VMMs.
> GetQoute  ->  <GetQuote>
> 
> typo and use <> to align with others.
> 
>>
>> Unfortunately the commits that were upstreamed still treat <GetQuote> as
>> individually enumerable. They set bit 0 in the user_tdvmcallinfo_1_r11
>> which is reported to userspace to tell supported optional TDVMCalls,
>> intending to say that <GetQuote> is supported.
>>
>> So stop reporting <GetQute> in user_tdvmcallinfo_1_r11 to align with
> 
> GetQute -> GetQuote
> 
>> the direction of the spec, and allow some future TDVMCall to use that 
>> bit.
>>
>> [0] https://lore.kernel.org/all/aEmuKII8FGU4eQZz@google.com/
>> [1] https://cdrdv2.intel.com/v1/dl/getContent/858626
>>
>> Fixes: 28224ef02b56 ("KVM: TDX: Report supported optional TDVMCALLs in 
>> TDX capabilities")
>> Signed-off-by: Xiaoyao Li <xiaoyao.li@...el.com>
> 
> Nits: typos and wording suggested above.

thanks for catching them!

I would like to leave them to Paolo to fix when he applies the patch 
instead of spinning a v2.

> Reviewed-by: Binbin Wu <binbin.wu@...ux.intel.com>
> 
>> ---
>>   arch/x86/kvm/vmx/tdx.c | 2 --
>>   1 file changed, 2 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
>> index f31ccdeb905b..ea1261ca805f 100644
>> --- a/arch/x86/kvm/vmx/tdx.c
>> +++ b/arch/x86/kvm/vmx/tdx.c
>> @@ -173,7 +173,6 @@ static void td_init_cpuid_entry2(struct 
>> kvm_cpuid_entry2 *entry, unsigned char i
>>       tdx_clear_unsupported_cpuid(entry);
>>   }
>> -#define TDVMCALLINFO_GET_QUOTE                BIT(0)
>>   #define TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT    BIT(1)
>>   static int init_kvm_tdx_caps(const struct tdx_sys_info_td_conf 
>> *td_conf,
>> @@ -192,7 +191,6 @@ static int init_kvm_tdx_caps(const struct 
>> tdx_sys_info_td_conf *td_conf,
>>       caps->cpuid.nent = td_conf->num_cpuid_config;
>>       caps->user_tdvmcallinfo_1_r11 =
>> -        TDVMCALLINFO_GET_QUOTE |
>>           TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT;
>>       for (i = 0; i < td_conf->num_cpuid_config; i++)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ