lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 9 Jul 2018 14:28:11 +0800
From:   lijiang <lijiang@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-kernel@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
        hpa@...or.com, ebiederm@...ssion.com, joro@...tes.org,
        thomas.lendacky@....com, dyoung@...hat.com,
        kexec@...ts.infradead.org, iommu@...ts.linux-foundation.org,
        bhe@...hat.com
Subject: Re: [PATCH 1/5 V5] Add a function(ioremap_encrypted) for kdump when
 AMD sme enabled

在 2018年07月03日 19:44, lijiang 写道:
> 在 2018年07月03日 19:14, Borislav Petkov 写道:
>> On Tue, Jul 03, 2018 at 06:58:14PM +0800, lijiang wrote:
>>> For kdump, the elf header finally use the crash kernel reserved memory, it is not an old memory.
>>
>> Lamme repeat my suggestion:
>>
>> So beef up the logic in __ioremap_caller() to figure out based on the
>> address whether to access the memory encrypted or not. In general, you
>> can deduce, based on the region you're mapping, whether you need to map
>> in encrypted or decrypted.
>>
>> For example:
>>
>>         addr = elfcorehdr_addr;
>>
>>         /* Read Elf header */
>>         rc = elfcorehdr_read((char *)&ehdr, sizeof(Elf64_Ehdr), &addr);
>>         if (rc < 0)
>>                 return rc;
>>
>> elfcorehdr_addr has that elfcorehdr address. So you can check which address
>> you're mapping and do:
>>
>> __ioremap_caller:
>>
>> ...
>> 	prot = __ioremap_compute_prot(...);
>>
>> and that __ioremap_compute_prot() function which you will add will have
>> all that logic to determine encrypted or not by comparing addresses etc.
>>
>> Does that make more sense?
>>
> Thank you, Boris. Good idea, I will rethink about this issue and post it again.
> 
Hi, Boris
Last week, I had tried many ways to do this work, but it looks like that the ways of
deducing address is not suitable to another scenarios, such as mapping some devices
mmio space, which are unencrypted, and the device mmio space is outside kdump kernel
like the old memory, but the old memory is encrypted, we can't find the general rules
to decide when to encrypt or not. So it should be the best way that the caller care about
encryption or not. What do you think?

> Regards,
> Lianbo
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ