lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Sep 2018 13:37:50 -0500
From:   Brijesh Singh <>
To:     Sean Christopherson <>,
        Borislav Petkov <>
        Tom Lendacky <>,
        Thomas Gleixner <>,
        "H. Peter Anvin" <>,
        Paolo Bonzini <>,
        Radim Krčmář <>
Subject: Re: [PATCH v5 5/5] x86/kvm: Avoid dynamic allocation of pvclock data
 when SEV is active

On 09/06/2018 09:18 AM, Sean Christopherson wrote:

>>> So are we going to be defining a decrypted section for every piece of
>>> machinery now?
>>> That's a bit too much in my book.
>>> Why can't you simply free everything in .data..decrypted on !SVE guests?
>> That would prevent adding __decrypted to existing declarations, e.g.
>> hv_clock_boot, which would be ugly in its own right.  A more generic
>> solution would be to add something like __decrypted_exclusive to mark
>> data that is used if and only if SEV is active, and then free the
>> SEV-only data when SEV is disabled.
> Oh, and we'd need to make sure __decrypted_exclusive is freed when
> !CONFIG_AMD_MEM_ENCRYPT, and preferably !sev_active() since the big
> array is used only if SEV is active.  This patch unconditionally
> defines hv_clock_dec but only frees it if CONFIG_AMD_MEM_ENCRYPT=y &&
> !mem_encrypt_active().

Again we have to consider the bare metal scenario while doing this. The
aux array you proposed will be added in decrypted section only when
gets put in .data.decrypted section. At the runtime, if memory
encryption is active then .data.decrypted_hvclock will contains useful

The __decrypted attribute in "" when CONFIG_AMD_MEM_ENCRYPT=n.


Powered by blists - more mailing lists