lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c219ec47-1a1f-5d19-0b5b-0cebb706ca6c@amd.com>
Date:   Thu, 6 Sep 2018 14:24:32 -0500
From:   Brijesh Singh <brijesh.singh@....com>
To:     Sean Christopherson <sean.j.christopherson@...el.com>
Cc:     brijesh.singh@....com, Borislav Petkov <bp@...e.de>,
        x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        Tom Lendacky <thomas.lendacky@....com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH v5 5/5] x86/kvm: Avoid dynamic allocation of pvclock data
 when SEV is active



On 09/06/2018 01:47 PM, Sean Christopherson wrote:
> On Thu, Sep 06, 2018 at 01:37:50PM -0500, Brijesh Singh wrote:
>>
>>
>> On 09/06/2018 09:18 AM, Sean Christopherson wrote:
>> ....
>>
>>>>>
>>>>> So are we going to be defining a decrypted section for every piece of
>>>>> machinery now?
>>>>>
>>>>> That's a bit too much in my book.
>>>>>
>>>>> Why can't you simply free everything in .data..decrypted on !SVE guests?
>>>>
>>>> That would prevent adding __decrypted to existing declarations, e.g.
>>>> hv_clock_boot, which would be ugly in its own right.  A more generic
>>>> solution would be to add something like __decrypted_exclusive to mark
>>>> data that is used if and only if SEV is active, and then free the
>>>> SEV-only data when SEV is disabled.
>>>
>>> Oh, and we'd need to make sure __decrypted_exclusive is freed when
>>> !CONFIG_AMD_MEM_ENCRYPT, and preferably !sev_active() since the big
>>> array is used only if SEV is active.  This patch unconditionally
>>> defines hv_clock_dec but only frees it if CONFIG_AMD_MEM_ENCRYPT=y &&
>>> !mem_encrypt_active().
>>>
>>
>> Again we have to consider the bare metal scenario while doing this. The
>> aux array you proposed will be added in decrypted section only when
>> CONFIG_AMD_MEM_ENCRYPT=y.  If CONFIG_AMD_MEM_ENCRYPT=n then nothng
>> gets put in .data.decrypted section. At the runtime, if memory
>> encryption is active then .data.decrypted_hvclock will contains useful
>> data.
>>
>> The __decrypted attribute in "" when CONFIG_AMD_MEM_ENCRYPT=n.
> 
> Right, but won't the data get dumped into the regular .bss in that
> case, i.e. needs to be freed?
> 


Yes, the auxiliary array will dumped into the regular .bss when
CONFIG_AMD_MEM_ENCRYPT=n. Typically it will be few k, I am not
sure if its worth complicating the code to save those extra memory.
Most of the distro's have CONFIG_AMD_MEM_ENCRYPT=y anyways.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ