lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Mar 2017 17:21:13 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Borislav Petkov <bp@...e.de>, Brijesh Singh <brijesh.singh@....com> Cc: simon.guinot@...uanux.org, linux-efi@...r.kernel.org, kvm@...r.kernel.org, rkrcmar@...hat.com, matt@...eblueprint.co.uk, linux-pci@...r.kernel.org, linus.walleij@...aro.org, gary.hook@....com, linux-mm@...ck.org, paul.gortmaker@...driver.com, hpa@...or.com, cl@...ux.com, dan.j.williams@...el.com, aarcange@...hat.com, sfr@...b.auug.org.au, andriy.shevchenko@...ux.intel.com, herbert@...dor.apana.org.au, bhe@...hat.com, xemul@...allels.com, joro@...tes.org, x86@...nel.org, peterz@...radead.org, piotr.luc@...el.com, mingo@...hat.com, msalter@...hat.com, ross.zwisler@...ux.intel.com, dyoung@...hat.com, thomas.lendacky@....com, jroedel@...e.de, keescook@...omium.org, arnd@...db.de, toshi.kani@....com, mathieu.desnoyers@...icios.com, luto@...nel.org, devel@...uxdriverproject.org, bhelgaas@...gle.com, tglx@...utronix.de, mchehab@...nel.org, iamjoonsoo.kim@....com, labbott@...oraproject.org, tony.luck@...el.com, alexandre.bounine@....com, kuleshovmail@...il.com, linux-kernel@...r.kernel.org, mcgrof@...nel.org, mst@...hat.com, linux-crypto@...r.kernel.org, tj@...nel.org, akpm@...ux-foundation.org, davem@...emloft.net Subject: Re: [RFC PATCH v2 16/32] x86: kvm: Provide support to create Guest and HV shared per-CPU variables On 28/03/2017 20:39, Borislav Petkov wrote: >> 2) Since the encryption attributes works on PAGE_SIZE hence add some extra >> padding to 'struct kvm-steal-time' to make it PAGE_SIZE and then at runtime >> clear the encryption attribute of the full PAGE. The downside of this was >> now we need to modify structure which may break the compatibility. > From SEV-ES whitepaper: > > "To facilitate this communication, the SEV-ES architecture defines > a Guest Hypervisor Communication Block (GHCB). The GHCB resides in > page of shared memory so it is accessible to both the guest VM and the > hypervisor." > > So this is kinda begging to be implemented with a shared page between > guest and host. And then put steal-time, ... etc in there too. Provided > there's enough room in the single page for the GHCB *and* our stuff. The GHCB would have to be allocated much earlier, possibly even by firmware depending on how things will be designed. I think it's premature to consider SEV-ES requirements. Paolo
Powered by blists - more mailing lists