lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aMnBpRnI4fNx390T@google.com>
Date: Tue, 16 Sep 2025 12:59:33 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Xiaoyao Li <xiaoyao.li@...el.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, Binbin Wu <binbin.wu@...ux.intel.com>, 
	Ira Weiny <ira.weiny@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Sagi Shahar <sagis@...gle.com>, 
	linux-kernel@...r.kernel.org, kvm@...r.kernel.org, x86@...nel.org
Subject: Re: [PATCH v2] KVM: TDX: Force split irqchip for TDX at irqchip
 creation time

On Tue, Sep 16, 2025, Xiaoyao Li wrote:
> On 9/16/2025 8:25 AM, Sean Christopherson wrote:
> > On Tue, 26 Aug 2025 18:17:26 -0700, Sagi Shahar wrote:
> > > TDX module protects the EOI-bitmap which prevents the use of in-kernel
> > > I/O APIC. See more details in the original patch [1]
> > > 
> > > The current implementation already enforces the use of split irqchip for
> > > TDX but it does so at the vCPU creation time which is generally to late
> > > to fallback to split irqchip.
> > > 
> > > [...]
> > 
> > Applied to kvm-x86 misc, thanks!
> 
> The latest one of this patch is v4:
> 
> https://lore.kernel.org/all/20250904062007.622530-1-sagis@google.com/

Yeah, I had applied v2 quite some time ago, just took me a while to do final
testing and send the "thank you".

> > [1/1] KVM: TDX: Force split irqchip for TDX at irqchip creation time
> >        https://github.com/kvm-x86/linux/commit/2569c8c5767b
> 
> What got queued, added a superfluous new line in tdx_vm_init()

Drat.  I force pushed to fix that goof, and added Kai's Acked-by in the process.

[1/1] KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs
      https://github.com/kvm-x86/linux/commit/b3a37bff8daf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ