lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YXAqBOGdK91ieVIT@zn.tnic>
Date:   Wed, 20 Oct 2021 16:39:00 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Tianyu Lan <ltykernel@...il.com>
Cc:     Tom Lendacky <thomas.lendacky@....com>,
        Tianyu Lan <Tianyu.Lan@...rosoft.com>, kys@...rosoft.com,
        haiyangz@...rosoft.com, sthemmin@...rosoft.com, wei.liu@...nel.org,
        decui@...rosoft.com, tglx@...utronix.de, mingo@...hat.com,
        x86@...nel.org, hpa@...or.com, dave.hansen@...ux.intel.com,
        luto@...nel.org, peterz@...radead.org, davem@...emloft.net,
        kuba@...nel.org, gregkh@...uxfoundation.org, arnd@...db.de,
        jroedel@...e.de, brijesh.singh@....com, pgonda@...gle.com,
        akpm@...ux-foundation.org, kirill.shutemov@...ux.intel.com,
        rppt@...nel.org, tj@...nel.org, aneesh.kumar@...ux.ibm.com,
        saravanand@...com, hannes@...xchg.org, rientjes@...gle.com,
        michael.h.kelley@...rosoft.com, linux-arch@...r.kernel.org,
        linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, vkuznets@...hat.com,
        konrad.wilk@...cle.com, hch@....de, robin.murphy@....com,
        joro@...tes.org, parri.andrea@...il.com, dave.hansen@...el.com
Subject: Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb
 hv call out of sev code

On Wed, Oct 20, 2021 at 10:23:06PM +0800, Tianyu Lan wrote:
> This follows Joreg's previous comment and I implemented similar version in
> the V! patchset([PATCH 05/13] HV: Add Write/Read MSR registers via ghcb page
> https://lkml.org/lkml/2021/7/28/668).
> "Instead, factor out a helper function which contains what Hyper-V needs and
> use that in sev_es_ghcb_hv_call() and Hyper-V code."
> 
> https://lkml.org/lkml/2021/8/2/375

If you wanna point to mails on a mailing list, you simply do

https://lore.kernel.org/r/<Message-id>

No need to use some random, unreliable web pages.

As to Joerg's suggestion, in the version I'm seeing, you're checking the
*context* - and the one you sent today, avoids the __pa(ghcb) MSR write.

So which is it?

Because your current version will look at the context too, see

	return verify_exception_info(ghcb, ctxt);

at the end of the function.

So is the issue what Tom said that "the paravisor uses the same GHCB MSR
and GHCB protocol, it just can't use __pa() to get the address of the
GHCB."?

If that is the case and the only thing you want is to avoid the GHCB PA
write, then, in the future, we might drop that MSR write altogether on
the enlightened Linux guests too and then the same function will be used
by your paravisor and the Linux guest.

So please explain in detail what exactly you want to avoid from
sev_es_ghcb_hv_call()'s current version and why.

As I said before, I don't want to export any random details of the SEV
implementation in the kernel without any justification for it.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ