lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a418f9758b5817c70f7345c59111b9e78c0deede.camel@intel.com>
Date: Tue, 19 Aug 2025 21:53:36 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "pbonzini@...hat.com" <pbonzini@...hat.com>, "seanjc@...gle.com"
	<seanjc@...gle.com>
CC: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "ashish.kalra@....com"
	<ashish.kalra@....com>, "Hansen, Dave" <dave.hansen@...el.com>,
	"thomas.lendacky@....com" <thomas.lendacky@....com>, "kas@...nel.org"
	<kas@...nel.org>, "Chatre, Reinette" <reinette.chatre@...el.com>,
	"dwmw@...zon.co.uk" <dwmw@...zon.co.uk>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>,
	"Yamahata, Isaku" <isaku.yamahata@...el.com>, "nik.borisov@...e.com"
	<nik.borisov@...e.com>, "tglx@...utronix.de" <tglx@...utronix.de>,
	"hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org"
	<peterz@...radead.org>, "sagis@...gle.com" <sagis@...gle.com>, "Chen, Farrah"
	<farrah.chen@...el.com>, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
	"bp@...en8.de" <bp@...en8.de>, "binbin.wu@...ux.intel.com"
	<binbin.wu@...ux.intel.com>, "Gao, Chao" <chao.gao@...el.com>, "Williams, Dan
 J" <dan.j.williams@...el.com>, "x86@...nel.org" <x86@...nel.org>
Subject: Re: [PATCH v6 7/7] KVM: TDX: Explicitly do WBINVD when no more TDX
 SEAMCALLs

On Tue, 2025-08-19 at 12:31 +0200, Paolo Bonzini wrote:
> On 8/15/25 02:00, Huang, Kai wrote:
> > On Thu, 2025-08-14 at 16:22 -0700, Sean Christopherson wrote:
> > > On Thu, Aug 14, 2025, Kai Huang wrote:
> > > > On Thu, 2025-08-14 at 11:00 -0700, Sean Christopherson wrote:
> > > > > Reducing the number of lines of code is not always a simplification.  IMO, not
> > > > > checking CONFIG_KEXEC adds "complexity" because anyone that reads the comment
> > > > > (and/or the massive changelog) will be left wondering why there's a bunch of
> > > > > documentation that talks about kexec, but no hint of kexec considerations in the
> > > > > code.
> > 
> > One minor thing is I think we should use IS_ENABLED(CONFIG_KEXEC_CORE)
> > instead.  Besides the CONFIG_KEXEC, there is another CONFIG_KEXEC_FILE,
> > and both of them select CONFIG_KEXEC_CORE.
> 
> Agreed on needing CONFIG_KEXEC_CORE if you did test it, however:
> 
> 1) The big comment, explaining how this is done for kexec, makes it 
> clear that this is what the WBINVD is needed for.  I don't think you'd 
> be left wondering why there's no hint of kexec in the comment.

(Thanks for the feedback.)

Agreed.

> 
> 2) ... but anyway, KVM is the wrong place to do the test.  If anything, 
> since we need a v7 to change the unnecessary stub, you could move that 
> stub under #ifndef CONFIG_KEXEC_CORE and rename the function to 
> tdx_cpu_flush_cache_for_kexec().
> 
> Paolo

Agreed on renaming to tdx_cpu_flush_cache_for_kexec().

But with the "for_kexec()" part in the function name, it already implies
it is related to kexec, and I kinda think there's no need to test
IS_ENABLED(CONFIG_KEXEC_CORE) anymore.

One of the main purpose of this series is to unblock TDX_HOST and KEXEC in
the Kconfig, since otherwise I've been told distros will simply choose to
disable TDX_HOST in the Kconfig.  So in reality, I suppose they will be on
together probably in like 95% cases, if not 100%.

If we want to test CONFIG_KEXEC_CORE in tdx_cpu_flush_cache_for_kexec(),
then it would be a little bit weird that why we don't test it in other
places, e.g., when setting up the boolean.  Testing it in all places would
make the code unnecessarily long and harder to read.

So my preference is to simply rename to tdx_cpu_flush_cache_for_kexec().

Paolo/Sean, are you OK with this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ