Re: [PATCH Part1 RFC v4 22/36] x86/sev: move MSR-based VMGEXITs for CPUID to helper

From: Borislav Petkov
Date: Mon Aug 23 2021 - 00:49:46 EST

Next message: Borislav Petkov: "Re: [PATCH Part1 RFC v4 24/36] x86/compressed/acpi: move EFI config table access to common code"
Previous message: DENG Qingfang: "[PATCH net] net: phy: mediatek: add the missing suspend/resume callbacks"
In reply to: Michael Roth: "Re: [PATCH Part1 RFC v4 22/36] x86/sev: move MSR-based VMGEXITs for CPUID to helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 19, 2021 at 10:29:08PM -0500, Michael Roth wrote:
> The select cases where we still fetch CPUID values from hypervisor in
> SNP need careful consideration, so for the purposes of auditing the code
> for security, or just noticing things in patches, I think it's important
> to make it clear what is the "normal" SNP case (not trusting hypervisor
> CPUID values) and what are exceptional cases (getting select values from
> hypervisor). If something got added in the future, I think something
> like:
>
> +sev_cpuid_hv(0x8000001f, ...)
>
> would be more likely to raise eyebrows and get more scrutiny than:
>
> +sev_cpuid(0x8000001f, ...)
>
> where it might get lost in the noise or mistaken as similar to
> sev_snp_cpuid().
>
> Maybe a bit contrived, and probably not a big deal in practice, but
> conveying the source it in the naming does seem at least seem slightly
> better than not doing so.

Ok, makes sense.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Borislav Petkov: "Re: [PATCH Part1 RFC v4 24/36] x86/compressed/acpi: move EFI config table access to common code"
Previous message: DENG Qingfang: "[PATCH net] net: phy: mediatek: add the missing suspend/resume callbacks"
In reply to: Michael Roth: "Re: [PATCH Part1 RFC v4 22/36] x86/sev: move MSR-based VMGEXITs for CPUID to helper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]