lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Apr 2019 20:22:22 +0800
From:   lijiang <lijiang@...hat.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     linux-kernel@...r.kernel.org, kexec@...ts.infradead.org,
        tglx@...utronix.de, mingo@...hat.com, akpm@...ux-foundation.org,
        dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
        x86@...nel.org, hpa@...or.com, dyoung@...hat.com, bhe@...hat.com,
        Thomas.Lendacky@....com
Subject: Re: [PATCH 1/2 RESEND v10] x86/mm, resource: add a new I/O resource
 descriptor 'IORES_DESC_RESERVED'

在 2019年04月02日 20:43, Borislav Petkov 写道:
> On Tue, Apr 02, 2019 at 08:02:04PM +0800, lijiang wrote:
>> These regions(E820_TYPE_{RESERVED_KERN,RAM,UNUSABLE}) are still marked as
>> IORES_DESC_NONE and should not be mapped encrypted when using ioremap().
> 
> Seems to me like we're going in circles. You said here:
> 
> https://lkml.kernel.org/r/9eb61523-7a08-24c4-ac15-050537bd9203@redhat.com
> 
> that the kernel doesn't pass the e820 reserved ranges to the second
> kernel.
> 
> I suggested to use a special IORES descriptor for them -
> IORES_DES_RESERVED.
> 
> Now you say that that is not enough and some of those you want passed,
> are still marked as IORES_DESC_NONE.
> 
Sorry for the delay.

They are different problems.

The first problem is that passes the e820 reserved ranges to the second kernel,
for this case, it is good enough to use the IORES_DESC_RESERVED, which can
ensure that exactly matches the reserved resource ranges when walking through
iomem resources.

The second problem is about the SEV case. Now, the IORES_DESC_RESERVED has been
created for the reserved areas, therefore the check needs to be expanded so that
these areas are not mapped encrypted when using ioremap().

+static int __ioremap_check_desc_none_and_reserved(struct resource *res)
 {
-       return (res->desc != IORES_DESC_NONE);
+       return ((res->desc != IORES_DESC_NONE) &&
+               (res->desc != IORES_DESC_RESERVED));
 }


Maybe i should split it into two patches. The change of __ioremap_check_desc_none_and_reserved()
should be a separate patch. Any idea?

Thanks.
Lianbo

> Sounds to me like you need try again.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ