lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ae2bdc6655d2b7ccb264546e5f36a20a65002a7b.camel@HansenPartnership.com>
Date: Thu, 18 Sep 2025 10:21:12 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Peter Zijlstra <peterz@...radead.org>, Naman Jain
	 <namjain@...ux.microsoft.com>
Cc: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini
 <pbonzini@...hat.com>,  Roman Kisel <romank@...ux.microsoft.com>, "K . Y .
 Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>,
 Wei Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, Thomas
 Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav
 Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
 x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>, 
 linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
 mhklinux@...look.com
Subject: Re: [PATCH] x86/hyperv: Export hv_hypercall_pg unconditionally

On Thu, 2025-09-18 at 08:47 +0200, Peter Zijlstra wrote:
> On Thu, Sep 18, 2025 at 11:33:18AM +0530, Naman Jain wrote:
> 
> > Thank you so much Sean and Paolo for your valuable inputs. I will
> > try out these things. Summarizing the suggestions here:
> > * Use noinstr (no instrumentation)
> > * Have separate .S file
> > * Don't use "register asm".
> > * Use static calls for solving IBT problems
> > * RAX:RCX is probably ok to be used, considering ABI. Whether we
> > would still need to use STACK_FRAME_NON_STANDARD, I am not sure,
> > but I will see based on how it goes.
> > 
> > I hope this addresses the concerns Peter raised. If there's
> > anything I might have missed, I'm happy to make further adjustments
> > if needed.
> 
> It would be a definite improvement. I'm just *really* sad people
> still create interfaces like this, even though we've known for years
> how bad they are.

Thanks for that.  Our only defence at Microsoft is that the hypervisor
ABI for this is 10 years old and counting.

> At some point we've really have to push back and say enough is
> enough.

Although we can't really do anything about the old ABI since we have
tons of things that use it, there is interest in Microsoft for co-
designing a new ABI that we could add to hyper-v for Linux use and
which would also be a part of bringing up and using virtual secure mode
(VSM) in KVM via the planes API.  I was thinking the best way of
discussing it as a community would be the PUCK call, but if there are
alternative forums, we could use that as well.  This is going to be
pretty long term: besides designing and testing a new ABI, we were
counting on Amazon upstreaming their VSM implementation for KVM and
we're a bit under resourced here if it turns out we have to do
everything.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ