lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fb858e9d16762fbc9c44ef357c670c475f559709.camel@intel.com>
Date: Tue, 19 Aug 2025 15:07:29 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "Hunter, Adrian" <adrian.hunter@...el.com>, "seanjc@...gle.com"
	<seanjc@...gle.com>
CC: "Gao, Chao" <chao.gao@...el.com>, "Brown, Len" <len.brown@...el.com>,
	"Huang, Kai" <kai.huang@...el.com>, "binbin.wu@...ux.intel.com"
	<binbin.wu@...ux.intel.com>, "Li, Xiaoyao" <xiaoyao.li@...el.com>, "Chatre,
 Reinette" <reinette.chatre@...el.com>, "kirill.shutemov@...ux.intel.com"
	<kirill.shutemov@...ux.intel.com>, "tony.lindgren@...ux.intel.com"
	<tony.lindgren@...ux.intel.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"pbonzini@...hat.com" <pbonzini@...hat.com>, "Yamahata, Isaku"
	<isaku.yamahata@...el.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "Zhao, Yan Y" <yan.y.zhao@...el.com>, "Weiny,
 Ira" <ira.weiny@...el.com>
Subject: Re: [PATCH RFC 1/2] KVM: TDX: Disable general support for MWAIT in
 guest

On Tue, 2025-08-19 at 10:38 +0300, Adrian Hunter wrote:
> On 18/08/2025 21:49, Edgecombe, Rick P wrote:
> > Attn: Binbin, Xiaoyao
> > 
> > On Mon, 2025-08-18 at 07:05 -0700, Sean Christopherson wrote:
> > > NAK.
> > > 
> > > Fix the guest, or wherever else in the pile there are issues.  KVM is NOT carrying
> > > hack-a-fixes to workaround buggy software/firmware.  Been there, done that.
> > 
> > Yes, I would have thought we should have at least had a TDX module change option
> > for this.
> 
> That would not help with existing TDX Modules, and would possibly require
> a guest opt-in, which would not help with existing guests.  Hence, to start
> with disabling the feature first, and look for another solution second.

I think you have the priorities wrong. There are only so many kludges we can ask
KVM to take. Across all the changes people want for TDX, do you think not having
to update the TDX module, backport a guest fix or even just adjust qemu args is
more important the other stuff?

TDX support is still very early. We need to think about long term sustainable
solutions. So a fix that doesn't support existing TDX modules or guests (the
intel_idle fix is also in this category anyway) should absolutely be on the
table.

> 
> In the MWAIT case, Sean has rejected supporting MSR_PKG_CST_CONFIG_CONTROL
> even for VMX, because it is an optional MSR, so altering intel_idle is
> being proposed.

It seems reasonable for this specific case.

> 
> > 
> > But side topic. We have an existing arch TODO around creating some guidelines
> > around how CPUID bit configuration should evolve.
> > 
> > A new directly configurable CPUID bit that affects host state is an obvious no-
> > no. But how about a directly configurable bit that can't hurt the host, but
> > requires host changes to virtualize in an x86 arch compliant way? (not quite
> > like this MWAIT case)
> 
> It is still "new stuff that breaks old stuff" which is generally
> "just don't do that".
> 

I don't think so? It doesn't necessarily break old stuff if userspace doesn't
use the bit yet.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ