| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGtprH-WuXg8aNe=xyQxzmwJQS0kOVLDRPQnC9vxCaQF2+VqJQ@mail.gmail.com> Date: Thu, 23 Oct 2025 09:54:53 -0700 From: Vishal Annapurve <vannapurve@...gle.com> To: "Huang, Kai" <kai.huang@...el.com> Cc: "Hansen, Dave" <dave.hansen@...el.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "binbin.wu@...ux.intel.com" <binbin.wu@...ux.intel.com>, "Gao, Chao" <chao.gao@...el.com>, "ashish.kalra@....com" <ashish.kalra@....com>, "thomas.lendacky@....com" <thomas.lendacky@....com>, "Reshetova, Elena" <elena.reshetova@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "kas@...nel.org" <kas@...nel.org>, "dwmw@...zon.co.uk" <dwmw@...zon.co.uk>, "pbonzini@...hat.com" <pbonzini@...hat.com>, "mingo@...hat.com" <mingo@...hat.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "Yamahata, Isaku" <isaku.yamahata@...el.com>, "seanjc@...gle.com" <seanjc@...gle.com>, "nik.borisov@...e.com" <nik.borisov@...e.com>, "hpa@...or.com" <hpa@...or.com>, "peterz@...radead.org" <peterz@...radead.org>, "sagis@...gle.com" <sagis@...gle.com>, "Chen, Farrah" <farrah.chen@...el.com>, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "bp@...en8.de" <bp@...en8.de>, "Chatre, Reinette" <reinette.chatre@...el.com>, "jgross@...e.com" <jgross@...e.com>, "x86@...nel.org" <x86@...nel.org>, "Williams, Dan J" <dan.j.williams@...el.com> Subject: Re: [PATCH 4/7] x86/kexec: Disable kexec/kdump on platforms with TDX partial write erratum On Wed, Oct 22, 2025 at 2:05 PM Huang, Kai <kai.huang@...el.com> wrote: > > > > * Modifying the logic in this patch [2] to enable kdump and keep kexec > > support disabled in this series > > Resetting TDX private is a complete solution which allows to enable both > kdump and kexec. If we choose to reset TDX private memory, then we can > just revert [2]. > > > > > as a viable direction upstream for now until a better solution comes along? > > The alternative could be to simply modify [2] to allow kdump (but leave > TDX private memory untouched to the new kernel) but not normal kexec. The > risk of doing so has already been covered in this thread AFAICT: > > 1) If the kdump kernel does partial write to vmcore, the kdump kernel may > see unexpected #MCE. Ideally a kdump kernel should not write to vmcore. > 2) As Elena pointed out, if the old kernel has bug and somehow already > does partial write to TDX private memory (which leads to poison), the > consumption of such poison may be deferred to the kdump kernel. Is this case very different from hardware memory failures leading to poisoned memory ranges? i.e. kdump solution has an existing scenario of possible poison consumption during generation of kdump. Is it okay to advertise kdump functionality to be the best effort and live with this caveat until a cleaner solution comes along? > > > > > If not, can kdump be made optional as Juergen suggested? > > IIUC Juergen suggested: > > Then we could add a kernel boot parameter to let the user opt-in > for kexec being possible in spite of the potential #MC. > > I don't have opinion on this, other than that I think the boot parameter > only makes sense if we do the "alternative" mentioned above, i.e., not > resetting TDX private memory. > > > > > [1] https://lore.kernel.org/lkml/6960ef6d7ee9398d164bf3997e6009df3e88cb67.1727179214.git.kai.huang@intel.com/ > > [2] https://lore.kernel.org/all/20250901160930.1785244-5-pbonzini@redhat.com/
Powered by blists - more mailing lists