lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a22425b3-5c2f-4b19-09d5-e4a9373efea4@amd.com>
Date:   Thu, 27 Jul 2017 09:53:02 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Ingo Molnar <mingo@...nel.org>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Andy Lutomirski <luto@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Dave Young <dyoung@...hat.com>,
        Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH v1 2/2] acpi, x86: Remove encryption mask from ACPI page
 protection type

On 7/27/2017 2:39 AM, Ingo Molnar wrote:
> 
> * Tom Lendacky <thomas.lendacky@....com> wrote:
> 
>> The function arch_apei_get_mem_attributes() is used to set the page
>> protection type for ACPI physical addresses. When SME is active, the
>> associated protection type needs to not have the encryption mask set
>> since the ACPI tables live in un-encrypted memory. Modify the
>> arch_apei_get_mem_attributes() function to remove the encryption mask
>> when SME is active by returning the PAGE_KERNEL_IO protection type.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
>> ---
>>   arch/x86/include/asm/acpi.h | 7 ++++++-
>>   1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/include/asm/acpi.h b/arch/x86/include/asm/acpi.h
>> index 562286f..89df39d 100644
>> --- a/arch/x86/include/asm/acpi.h
>> +++ b/arch/x86/include/asm/acpi.h
>> @@ -34,6 +34,7 @@
>>   
>>   #ifdef CONFIG_ACPI_APEI
>>   # include <asm/pgtable_types.h>
>> +# include <linux/mem_encrypt.h>
>>   #endif
>>   
>>   #ifdef CONFIG_ACPI
>> @@ -164,8 +165,12 @@ static inline pgprot_t arch_apei_get_mem_attribute(phys_addr_t addr)
>>   	 * anything other than PAGE_KERNEL (some arm64 platforms
>>   	 * require the equivalent of PAGE_KERNEL_NOCACHE), return that
>>   	 * until we know differently.
>> +	 *
>> +	 * When SME is active, the ACPI information will not reside in
>> +	 * in memory in an encrypted state so return a protection attribute
>> +	 * that does not have the encryption bit set.
>>   	 */
>> -	 return PAGE_KERNEL;
>> +	 return sme_active() ? PAGE_KERNEL_IO : PAGE_KERNEL;
> 
> 'in in memory'?

Should just be one 'in', will fix.

> 
> Also, this seems a bit ad-hoc to me. What are the rules for what is encrypted and
> what is not?
> 
> I presume the main rule is that everything that was written before the kernel
> activates SME, and which the kernel will read later on, is unencrypted -
> everything else is encrypted. Is that correct?

Yes, that is the basic rule.  Anything from BIOS/UEFI is unencrypted
and much of everything else after the kernel encrypts itself will be
encrypted.  Kernel related hings that aren't be encrypted are, for
example, the SWIOTLB bounce buffers, the trampoline area for bringing
up APs, etc.

> 
> How about things like kexec creating a separate mptable for the kexec kernel -
> would that code have to create unencrypted data? See
> e820__memblock_alloc_reserved() and related code.

Yes, that would need to be unencrypted since it will be considered to
be something supplied by BIOS/UEFI (even though kexec builds it). I'm
not familiar with where kexec creates a new mptable. I see the refs to
it in e820.c, but I'm missing something. Can you point me to that?

Thanks,
Tom

> 
> Thanks,
> 
> 	Ingo
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ