lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2017 11:56:57 -0500 From: Brijesh Singh <brijesh.singh@....com> To: Borislav Petkov <bp@...en8.de> Cc: brijesh.singh@....com, kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>, Radim Krčmář <rkrcmar@...hat.com>, Herbert Xu <herbert@...dor.apana.org.au>, Gary Hook <gary.hook@....com>, Tom Lendacky <thomas.lendacky@....com>, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support On 10/26/2017 08:56 AM, Borislav Petkov wrote: > On Mon, Oct 23, 2017 at 02:57:04PM -0500, Brijesh Singh wrote: >> Calling PLATFORM_GET_STATUS is not required, we can manage the state through >> a simple ref count variable. Issuing PSP commands will always be much more >> expensive compare to accessing a protected global variable. > > What does "protected" mean here? > Access global variable after acquiring the semaphore. > In any case, that variable can be a simple bool as you use it as such. > I am not using the variable (fw_init_count) as boolean. The variable gets incremented in sev_platform_init() and decremented in sev_platform_shutdown(). In very first call to sev_platform_init (i.e when variable is zero) we issue PLATFORM_INIT command, similarly PLATFORM_SHUTDOWN is issued on the last (i.e when variable value is reached to zero). The variable is used as ref counter. >> I would prefer to avoid invoking PSP command if possible. >> Additionally, the global semaphore is still needed to serialize >> the sev_platform_init() and sev_platform_shutdown() from multiple >> processes. e.g If process "A" calls sev_platform_init() and if it gets >> preempted due to whatever reason then we don't want another process >> to issue the shutdown command while process "A" is in middle of >> sev_platform_init(). > > How? You're holding fw_init_mutex. > In your previous reply you comments on global semaphore (fw_init_mutex) and in response I tried to highlight why we need the global semaphore. Did I misunderstood your comment ? -Brijesh
Powered by blists - more mailing lists