| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170915122430.pnroy6vsg53warel@pd.tnic>
Date: Fri, 15 Sep 2017 14:24:30 +0200
From: Borislav Petkov <bp@...e.de>
To: Brijesh Singh <brijesh.singh@....com>,
Tom Lendacky <thomas.lendacky@....com>
Cc: "H. Peter Anvin" <hpa@...or.com>, Arnd Bergmann <arnd@...db.de>,
David Laight <David.Laight@...lab.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"x86@...nel.org" <x86@...nel.org>,
"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
"linuxppc-dev@...ts.ozlabs.org" <linuxppc-dev@...ts.ozlabs.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
Fenghua Yu <fenghua.yu@...el.com>,
Matt Fleming <matt@...eblueprint.co.uk>,
David Howells <dhowells@...hat.com>,
Paul Mackerras <paulus@...ba.org>,
Christoph Lameter <cl@...ux.com>,
Jonathan Corbet <corbet@....net>,
Radim Krcmár <rkrcmar@...hat.com>,
Piotr Luc <piotr.luc@...el.com>,
Ingo Molnar <mingo@...hat.com>,
Dave Airlie <airlied@...hat.com>,
Kees Cook <keescook@...omium.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Reza Arbab <arbab@...ux.vnet.ibm.com>,
Andy Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Laura Abbott <labbott@...hat.com>,
Tony Luck <tony.luck@...el.com>, Ard.Biesheuvel@...or.com
Subject: Re: [RFC Part1 PATCH v3 13/17] x86/io: Unroll string I/O when SEV is
active
On Tue, Aug 22, 2017 at 06:52:48PM +0200, Borislav Petkov wrote:
> As always, the devil is in the detail.
Ok, actually we can make this much simpler by using a static key. A
conceptual patch below - I only need to fix that crazy include hell I'm
stepping into with this.
In any case, we were talking about having a static branch already so
this fits the whole strategy.
---
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d174b1c4a99e..e45369158632 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -45,6 +45,8 @@ EXPORT_SYMBOL_GPL(sme_me_mask);
unsigned int sev_enabled __section(.data) = 0;
EXPORT_SYMBOL_GPL(sev_enabled);
+DEFINE_STATIC_KEY_FALSE(__sev);
+
/* Buffer used for early in-place encryption by BSP, no locking needed */
static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE);
@@ -790,6 +792,7 @@ void __init __nostackprotector sme_enable(struct boot_params *bp)
/* SEV state cannot be controlled by a command line option */
sme_me_mask = me_mask;
sev_enabled = 1;
+ static_branch_enable(&__sev);
return;
}
diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h
index ea0831a8dbe2..f3ab965a3d6a 100644
--- a/include/linux/mem_encrypt.h
+++ b/include/linux/mem_encrypt.h
@@ -13,6 +13,8 @@
#ifndef __MEM_ENCRYPT_H__
#define __MEM_ENCRYPT_H__
+#include <linux/jump_label.h>
+
#ifndef __ASSEMBLY__
#ifdef CONFIG_ARCH_HAS_MEM_ENCRYPT
@@ -26,6 +28,8 @@
#endif /* CONFIG_ARCH_HAS_MEM_ENCRYPT */
+extern struct static_key_false __sev;
+
static inline bool sme_active(void)
{
return (sme_me_mask && !sev_enabled);
@@ -33,7 +37,7 @@ static inline bool sme_active(void)
static inline bool sev_active(void)
{
- return (sme_me_mask && sev_enabled);
+ return static_branch_unlikely(&__sev);
}
static inline unsigned long sme_get_me_mask(void)
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists