lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180829131331.GE6337@nazgul.tnic>
Date:   Wed, 29 Aug 2018 15:13:31 +0200
From:   Borislav Petkov <bp@...e.de>
To:     Brijesh Singh <brijesh.singh@....com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        stable@...r.kernel.org, Tom Lendacky <thomas.lendacky@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <sean.j.christopherson@...el.com>,
        Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH v2 1/3] x86/mm: Restructure sme_encrypt_kernel()

On Tue, Aug 28, 2018 at 05:12:55PM -0500, Brijesh Singh wrote:
> Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
> logic in a separate static function. There are no logical changes in this
> patch. The restructuring will allow us to expand the sme_encrypt_kernel
> in future.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
> Cc: stable@...r.kernel.org

This patch is going to be a prerequisite for the actual fix so you
probably should write here:

Cc: stable@...r.kernel.org # prerequisite for <patch name>

or better yet do a separate backport/submission to stable@ once those
have been upstreamed.

...

> +void __init sme_encrypt_kernel(struct boot_params *bp)
> +{
> +	struct sme_populate_pgd_data ppd;
> +	struct sme_workarea_data wa;
> +
> +	if (!sme_active())
> +		return;
> +
> +	build_workarea_map(bp, &wa, &ppd);
> +
> +	/* When SEV is active, encrypt kernel and initrd */
> +	sme_encrypt_execute(wa.kernel_start,
> +			    wa.kernel_start + wa.decrypted_base,
> +			    wa.kernel_len, wa.workarea_start,
> +			    (unsigned long)ppd.pgd);
> +
> +	if (wa.initrd_len)
> +		sme_encrypt_execute(wa.initrd_start,
> +				    wa.initrd_start + wa.decrypted_base,
> +				    wa.initrd_len, wa.workarea_start,
> +				    (unsigned long)ppd.pgd);
> +
> +	remove_workarea_map(&wa, &ppd);

teardown_workarea_map() is a better naming counterpart to
build_workarea_map().

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ