lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f550303f-3150-4e5a-ba8d-110170735615@amd.com>
Date: Fri, 12 Sep 2025 14:52:27 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Ashish Kalra <Ashish.Kalra@....com>, tglx@...utronix.de,
 mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
 hpa@...or.com, pbonzini@...hat.com, herbert@...dor.apana.org.au,
 nikunj@....com, davem@...emloft.net, aik@....com, ardb@...nel.org,
 john.allen@....com, michael.roth@....com, Neeraj.Upadhyay@....com,
 linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
 linux-crypto@...r.kernel.org
Subject: Re: [PATCH v4 1/3] x86/sev: Add new dump_rmp parameter to
 snp_leak_pages() API

On 9/12/25 14:41, Sean Christopherson wrote:
> On Fri, Sep 12, 2025, Tom Lendacky wrote:
>> On 9/12/25 13:34, Sean Christopherson wrote:
>>> But the below build failures show that they aren't dead code, which means that
>>> kernels with CONFIG_KVM_AMD_SEV=n will silently (until something explodes) do the
>>> wrong thing, because the stubs are hiding the missing dependencies.
>>>
>>> arch/x86/boot/startup/sev-shared.c: In function ‘pvalidate_4k_page’:
>>> arch/x86/boot/startup/sev-shared.c:820:17: error: implicit declaration of function ‘sev_evict_cache’ [-Wimplicit-function-declaration]
>>>   820 |                 sev_evict_cache((void *)vaddr, 1);
>>
>> Yeah, this one is on me. sev_evict_cache() is guest code and should be
>> under the CONFIG_AMD_MEM_ENCRYPT #ifdef.
>>
>>>       |                 ^~~~~~~~~~~~~~~
>>>   AR      arch/x86/realmode/built-in.a
>>> arch/x86/coco/sev/core.c: In function ‘pvalidate_pages’:
>>> arch/x86/coco/sev/core.c:386:25: error: implicit declaration of function ‘sev_evict_cache’ [-Wimplicit-function-declaration]
>>>   386 |                         sev_evict_cache(pfn_to_kaddr(e->gfn), e->pagesize ? 512 : 1);
>>>       |                         ^~~~~~~~~~~~~~~
>>> arch/x86/mm/mem_encrypt.c: In function ‘mem_encrypt_setup_arch’:
>>> arch/x86/mm/mem_encrypt.c:112:17: error: implicit declaration of function ‘snp_fixup_e820_tables’ [-Wimplicit-function-declaration]
>>>   112 |                 snp_fixup_e820_tables();
>>
>> This function is only meant to be used if we're going to run SEV guests,
>> so being guarded by CONFIG_KVM_AMD_SEV was on purpose. I'm just not sure
>> why the stub didn't get used...  or did you remove them?
> 
> I removed all the stubs to see what would break (I was expecting nothing since
> all of KVM's accesses are gated by CONFIG_KVM_AMD_SEV).

Ah, ok. During the SNP host/hypervisor enablement there was feedback about
doing all the RMP type stuff based on whether the kernel could run SNP
guests. So that's why we see things outside of the KVM tree using
CONFIG_KVM_AMD_SEV.

Thanks,
Tom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ