| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a418f9758b5817c70f7345c59111b9e78c0deede.camel@intel.com> Date: Tue, 19 Aug 2025 21:53:36 +0000 From: "Huang, Kai" <kai.huang@...el.com> To: "pbonzini@...hat.com" <pbonzini@...hat.com>, "seanjc@...gle.com" <seanjc@...gle.com> CC: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "ashish.kalra@....com" <ashish.kalra@....com>, "Hansen, Dave" <dave.hansen@...el.com>, "thomas.lendacky@....com" <thomas.lendacky@....com>, "kas@...nel.org" <kas@...nel.org>, "Chatre, Reinette" <reinette.chatre@...el.com>, "dwmw@...zon.co.uk" <dwmw@...zon.co.uk>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...hat.com" <mingo@...hat.com>, "Yamahata, Isaku" <isaku.yamahata@...el.com>, "nik.borisov@...e.com" <nik.borisov@...e.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org" <peterz@...radead.org>, "sagis@...gle.com" <sagis@...gle.com>, "Chen, Farrah" <farrah.chen@...el.com>, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "bp@...en8.de" <bp@...en8.de>, "binbin.wu@...ux.intel.com" <binbin.wu@...ux.intel.com>, "Gao, Chao" <chao.gao@...el.com>, "Williams, Dan J" <dan.j.williams@...el.com>, "x86@...nel.org" <x86@...nel.org> Subject: Re: [PATCH v6 7/7] KVM: TDX: Explicitly do WBINVD when no more TDX SEAMCALLs On Tue, 2025-08-19 at 12:31 +0200, Paolo Bonzini wrote: > On 8/15/25 02:00, Huang, Kai wrote: > > On Thu, 2025-08-14 at 16:22 -0700, Sean Christopherson wrote: > > > On Thu, Aug 14, 2025, Kai Huang wrote: > > > > On Thu, 2025-08-14 at 11:00 -0700, Sean Christopherson wrote: > > > > > Reducing the number of lines of code is not always a simplification. IMO, not > > > > > checking CONFIG_KEXEC adds "complexity" because anyone that reads the comment > > > > > (and/or the massive changelog) will be left wondering why there's a bunch of > > > > > documentation that talks about kexec, but no hint of kexec considerations in the > > > > > code. > > > > One minor thing is I think we should use IS_ENABLED(CONFIG_KEXEC_CORE) > > instead. Besides the CONFIG_KEXEC, there is another CONFIG_KEXEC_FILE, > > and both of them select CONFIG_KEXEC_CORE. > > Agreed on needing CONFIG_KEXEC_CORE if you did test it, however: > > 1) The big comment, explaining how this is done for kexec, makes it > clear that this is what the WBINVD is needed for. I don't think you'd > be left wondering why there's no hint of kexec in the comment. (Thanks for the feedback.) Agreed. > > 2) ... but anyway, KVM is the wrong place to do the test. If anything, > since we need a v7 to change the unnecessary stub, you could move that > stub under #ifndef CONFIG_KEXEC_CORE and rename the function to > tdx_cpu_flush_cache_for_kexec(). > > Paolo Agreed on renaming to tdx_cpu_flush_cache_for_kexec(). But with the "for_kexec()" part in the function name, it already implies it is related to kexec, and I kinda think there's no need to test IS_ENABLED(CONFIG_KEXEC_CORE) anymore. One of the main purpose of this series is to unblock TDX_HOST and KEXEC in the Kconfig, since otherwise I've been told distros will simply choose to disable TDX_HOST in the Kconfig. So in reality, I suppose they will be on together probably in like 95% cases, if not 100%. If we want to test CONFIG_KEXEC_CORE in tdx_cpu_flush_cache_for_kexec(), then it would be a little bit weird that why we don't test it in other places, e.g., when setting up the boolean. Testing it in all places would make the code unnecessarily long and harder to read. So my preference is to simply rename to tdx_cpu_flush_cache_for_kexec(). Paolo/Sean, are you OK with this?
Powered by blists - more mailing lists