| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4bd07d7d-f4f8-4175-9384-d90b0e3c6e57@intel.com>
Date: Mon, 18 Aug 2025 18:07:06 +0300
From: Adrian Hunter <adrian.hunter@...el.com>
To: "Brown, Len" <len.brown@...el.com>
CC: <pbonzini@...hat.com>, <kvm@...r.kernel.org>,
<rick.p.edgecombe@...el.com>, <kirill.shutemov@...ux.intel.com>,
<kai.huang@...el.com>, <reinette.chatre@...el.com>, <xiaoyao.li@...el.com>,
<tony.lindgren@...ux.intel.com>, <binbin.wu@...ux.intel.com>,
<isaku.yamahata@...el.com>, <linux-kernel@...r.kernel.org>,
<yan.y.zhao@...el.com>, <chao.gao@...el.com>, <ira.weiny@...el.com>, "Sean
Christopherson" <seanjc@...gle.com>
Subject: Re: [PATCH RFC 1/2] KVM: TDX: Disable general support for MWAIT in
guest
On 18/08/2025 17:05, Sean Christopherson wrote:
> On Sat, Aug 16, 2025, Adrian Hunter wrote:
>> TDX support for using the MWAIT instruction in a guest has issues, so
>> disable it for now.
>>
>> Background
>>
>> Like VMX, TDX can allow the MWAIT instruction to be executed in a guest.
>> Unlike VMX, TDX cannot necessarily provide for virtualization of MSRs that
>> a guest might reasonably expect to exist as well.
>>
>> For example, in the case of a Linux guest, the default idle driver
>> intel_idle may access MSR_POWER_CTL or MSR_PKG_CST_CONFIG_CONTROL. To
>> virtualize those, KVM would need the guest not to enable #VE reduction,
>> which is not something that KVM can control or even be aware of. Note,
>> however, that the consequent unchecked MSR access errors might be harmless.
>>
>> Without #VE reduction enabled, the TDX Module will inject #VE for MSRs that
>> it does not virtualize itself. The guest can then hypercall the host VMM
>> for a resolution.
>>
>> With #VE reduction enabled, accessing MSRs such as the 2 above, results in
>> the TDX Module injecting #GP.
>>
>> Currently, Linux guest opts for #VE reduction unconditionally if it is
>> available, refer reduce_unnecessary_ve(). However, the #VE reduction
>> feature was not added to the TDX Module until versions 1.5.09 and 2.0.04.
>> Refer https://github.com/intel/tdx-module/releases
>>
>> There is also a further issue experienced by a Linux guest. Prior to
>> TDX Module versions 1.5.09 and 2.0.04, the Always-Running-APIC-Timer (ARAT)
>> feature (CPUID leaf 6: EAX bit 2) is not exposed. That results in cpuidle
>> disabling the timer interrupt and invoking the Tick Broadcast framework
>> to provide a wake-up. Currently, that falls back to the PIT timer which
>> does not work for TDX, resulting in the guest becoming stuck in the idle
>> loop.
>>
>> Conclusion
>>
>> User's may expect TDX support of MWAIT in a guest to be similar to VMX
>> support, but KVM cannot ensure that. Consequently KVM should not expose
>> the capability.
>>
>> Fixes: 0186dd29a2518 ("KVM: TDX: add ioctl to initialize VM with TDX specific parameters")
>> Signed-off-by: Adrian Hunter <adrian.hunter@...el.com>
>> ---
>
> NAK.
>
> Fix the guest, or wherever else in the pile there are issues. KVM is NOT carrying
> hack-a-fixes to workaround buggy software/firmware. Been there, done that.
Thanks for the quick reply. Adding Len Brown for intel_idle.
Len, you may recall that MSR_PKG_CST_CONFIG_CONTROL came up in
the following context:
https://bugzilla.kernel.org/show_bug.cgi?id=218792
https://lore.kernel.org/kvm/bug-218792-28872-5sylPIVpHD@https.bugzilla.kernel.org%2F/
For TDX platforms we would need _safe() MSR access for MSR_POWER_CTL
and MSR_PKG_CST_CONFIG_CONTROL. Would that be OK?
Powered by blists - more mailing lists