lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jul 2018 21:55:35 +0800
From:   lijiang <lijiang@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
        hpa@...or.com, ebiederm@...ssion.com, joro@...tes.org,
        thomas.lendacky@....com, dyoung@...hat.com,
        kexec@...ts.infradead.org, iommu@...ts.linux-foundation.org,
        bhe@...hat.com
Subject: Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when
 AMD sme enabled

在 2018年07月09日 17:29, Borislav Petkov 写道:
> On Mon, Jul 09, 2018 at 02:28:11PM +0800, lijiang wrote:
>> Last week, I had tried many ways to do this work, but it looks
>> like that the ways of deducing address is not suitable to another
>> scenarios, such as mapping some devices mmio space, which are
>> unencrypted, and the device mmio space is outside kdump kernel like
>> the old memory, but the old memory is encrypted, we can't find the
>> general rules to decide when to encrypt or not.
> 
> If we can't find the "general rules" how is the caller supposed to know
> how to access the memory?
> 
About this issue, i want to use an example to describe it.
/* drivers/iommu/amd_iommu_init.c */
static u8 __iomem * __init iommu_map_mmio_space(u64 address, u64 end)
{
        if (!request_mem_region(address, end, "amd_iommu")) {
                pr_err("AMD-Vi: Can not reserve memory region %llx-%llx for mmio\n",
                        address, end);
                pr_err("AMD-Vi: This is a BIOS bug. Please contact your hardware vendor\n");
                return NULL;
        }

        return (u8 __iomem *)ioremap_nocache(address, end);
}

[root@...dl385g10-03 linux]# cat /proc/iomem |grep -i crash
  7fa000000-879ffffff : Crash kernel
[root@...dl385g10-03 linux]# cat /proc/iomem |grep amd_iommu
  9c800000-9c87ffff : amd_iommu
  a9800000-a987ffff : amd_iommu
  b6800000-b687ffff : amd_iommu
  c3800000-c387ffff : amd_iommu
  d0800000-d087ffff : amd_iommu
  dd800000-dd87ffff : amd_iommu
  ea800000-ea87ffff : amd_iommu
  fd800000-fd87ffff : amd_iommu

Obviously, the iommu mmio space is not encrypted, and the device mmio space is outside kdump
kernel. We know that the old memory is encrypted, and the old memory is also outside kdump
kernel. For the current case, e820__get_entry_type() and walk_iomem_res_desc() can't get the
desired result, so we can't also decide whether encryption or not according to this result(rules).
If we want to know whether encryption or not by deducing the address, we will need to read
the content of memory and have a reference value for comparison, then what's a reference value?
Sometimes we don't know that.

Regards,
Lianbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ