Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()

From: Andi Kleen
Date: Mon Oct 31 2022 - 15:27:35 EST

Next message: Al Viro: "Re: [PATCH v2] fs: use acquire ordering in __fget_light()"
Previous message: tip-bot2 for Jason A. Donenfeld: "[tip: x86/misc] x86/espfix: Use get_random_long() rather than archrandom"
In reply to: Kirill A. Shutemov: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Next in thread: Dave Hansen: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sted-by's would be appreciated.

One thing that I must bring up is that it seems that there's no way to get
the panic message to user. I tried to convinced myself that it is qemu
misconfiguration on my part or some race, but no: it is just too early for
earlyprintk.

We only get earlyprintk working after parse_early_options() which happens
well after tdx_early_init().

Moving panic() after earlyprintk working is not good idea as it exposes
kernel more: by the time we already have full #VE handler.

It should be fine to move since there is no user land at this point (the attack requires user land)

We can move it earlier into decompresser which has different earlyprintk
implementation. Not sure if it worth this. What do you think?

That would make uncompressed kernels unsafe.

-Andi

Next message: Al Viro: "Re: [PATCH v2] fs: use acquire ordering in __fget_light()"
Previous message: tip-bot2 for Jason A. Donenfeld: "[tip: x86/misc] x86/espfix: Use get_random_long() rather than archrandom"
In reply to: Kirill A. Shutemov: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Next in thread: Dave Hansen: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]