| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190508144422.13171-4-kirill.shutemov@linux.intel.com>
Date: Wed, 8 May 2019 17:43:23 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Andrew Morton <akpm@...ux-foundation.org>, x86@...nel.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...capital.net>,
David Howells <dhowells@...hat.com>
Cc: Kees Cook <keescook@...omium.org>,
Dave Hansen <dave.hansen@...el.com>,
Kai Huang <kai.huang@...ux.intel.com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Alison Schofield <alison.schofield@...el.com>,
linux-mm@...ck.org, kvm@...r.kernel.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCH, RFC 03/62] mm/ksm: Do not merge pages with different KeyIDs
KeyID indicates what key to use to encrypt and decrypt page's content.
Depending on the implementation a cipher text may be tied to physical
address of the page. It means that pages with an identical plain text
would appear different if KSM would look at a cipher text. It effectively
disables KSM for encrypted pages.
In addition, some implementations may not allow to read cipher text at all.
KSM compares plain text instead (transparently to KSM code).
But we still need to make sure that pages with identical plain text will
not be merged together if they are encrypted with different keys.
To make it work kernel only allows merging pages with the same KeyID.
The approach guarantees that the merged page can be read by all users.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
---
include/linux/mm.h | 7 +++++++
mm/ksm.c | 17 +++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 13c40c43ce00..07c36f4673f6 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1606,6 +1606,13 @@ static inline int vma_keyid(struct vm_area_struct *vma)
}
#endif
+#ifndef page_keyid
+static inline int page_keyid(struct page *page)
+{
+ return 0;
+}
+#endif
+
#ifdef CONFIG_SHMEM
/*
* The vma_is_shmem is not inline because it is used only by slow
diff --git a/mm/ksm.c b/mm/ksm.c
index fc64874dc6f4..91bce4799c45 100644
--- a/mm/ksm.c
+++ b/mm/ksm.c
@@ -1227,6 +1227,23 @@ static int try_to_merge_one_page(struct vm_area_struct *vma,
if (!PageAnon(page))
goto out;
+ /*
+ * KeyID indicates what key to use to encrypt and decrypt page's
+ * content.
+ *
+ * KSM compares plain text instead (transparently to KSM code).
+ *
+ * But we still need to make sure that pages with identical plain
+ * text will not be merged together if they are encrypted with
+ * different keys.
+ *
+ * To make it work kernel only allows merging pages with the same KeyID.
+ * The approach guarantees that the merged page can be read by all
+ * users.
+ */
+ if (kpage && page_keyid(page) != page_keyid(kpage))
+ goto out;
+
/*
* We need the page lock to read a stable PageSwapCache in
* write_protect_page(). We use trylock_page() instead of
--
2.20.1
Powered by blists - more mailing lists