lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Oct 2017 11:56:57 -0500
From:   Brijesh Singh <brijesh.singh@....com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     brijesh.singh@....com, kvm@...r.kernel.org,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Gary Hook <gary.hook@....com>,
        Tom Lendacky <thomas.lendacky@....com>,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted
 Virtualization (SEV) command support



On 10/26/2017 08:56 AM, Borislav Petkov wrote:
> On Mon, Oct 23, 2017 at 02:57:04PM -0500, Brijesh Singh wrote:
>> Calling PLATFORM_GET_STATUS is not required, we can manage the state through
>> a simple ref count variable. Issuing PSP commands will always be much more
>> expensive compare to accessing a protected global variable.
> 
> What does "protected" mean here?
> 

Access global variable after acquiring the semaphore.


> In any case, that variable can be a simple bool as you use it as such.
> 

I am not using the variable (fw_init_count) as boolean. The variable 
gets incremented in sev_platform_init() and decremented in 
sev_platform_shutdown(). In very first call to sev_platform_init (i.e 
when variable is zero) we issue  PLATFORM_INIT command, similarly 
PLATFORM_SHUTDOWN is issued on the last (i.e when variable value is 
reached to zero). The variable is used as ref counter.


>> I would prefer to avoid invoking PSP command if possible.
>> Additionally, the global semaphore is still needed to serialize
>> the sev_platform_init() and sev_platform_shutdown() from multiple
>> processes. e.g If process "A" calls sev_platform_init() and if it gets
>> preempted due to whatever reason then we don't want another process
>> to issue the shutdown command while process "A" is in middle of
>> sev_platform_init().
> 
> How? You're holding fw_init_mutex.
> 

In your previous reply you comments on global semaphore (fw_init_mutex) 
and in response I tried to highlight why we need the global semaphore. 
Did I misunderstood your comment ?

-Brijesh

Powered by blists - more mailing lists