| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190508144422.13171-41-kirill.shutemov@linux.intel.com>
Date: Wed, 8 May 2019 17:44:00 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Andrew Morton <akpm@...ux-foundation.org>, x86@...nel.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, Borislav Petkov <bp@...en8.de>,
Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...capital.net>,
David Howells <dhowells@...hat.com>
Cc: Kees Cook <keescook@...omium.org>,
Dave Hansen <dave.hansen@...el.com>,
Kai Huang <kai.huang@...ux.intel.com>,
Jacob Pan <jacob.jun.pan@...ux.intel.com>,
Alison Schofield <alison.schofield@...el.com>,
linux-mm@...ck.org, kvm@...r.kernel.org, keyrings@...r.kernel.org,
linux-kernel@...r.kernel.org,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCH, RFC 40/62] keys/mktme: Program new PCONFIG targets with MKTME keys
From: Alison Schofield <alison.schofield@...el.com>
When a new PCONFIG target is added to an MKTME platform, its
key table needs to be programmed to match the key tables across
the entire platform. This type of newly added PCONFIG target
may appear during a memory hotplug event.
This key programming path will differ from the normal key
programming path in that it will only program a single PCONFIG
target, AND, it will only do that programming if allowed.
Allowed means that either user type keys are stored, or, no
user type keys are currently programmed.
So, after checking if programming is allowable, this helper
function will program the one new PCONFIG target, with all
the currently programmed keys.
This will be used in MKTME's memory notifier callback supporting
MEM_GOING_ONLINE events.
Signed-off-by: Alison Schofield <alison.schofield@...el.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
---
security/keys/mktme_keys.c | 44 ++++++++++++++++++++++++++++++++++++++
1 file changed, 44 insertions(+)
diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c
index 2c975c48fe44..489dddb8c623 100644
--- a/security/keys/mktme_keys.c
+++ b/security/keys/mktme_keys.c
@@ -582,6 +582,50 @@ static int mktme_get_new_pconfig_target(void)
return new_target;
}
+static int mktme_program_new_pconfig_target(int new_pkg)
+{
+ struct mktme_payload *payload;
+ int cpu, keyid, ret;
+
+ /*
+ * Only program new target when user type keys are stored or,
+ * no user type keys are currently programmed.
+ */
+ if (!mktme_storekeys &&
+ (bitmap_weight(mktme_bitmap_user_type, mktme_nr_keyids)))
+ return -EPERM;
+
+ /* Set mktme_leadcpus to only include new target */
+ cpumask_clear(mktme_leadcpus);
+ for_each_online_cpu(cpu) {
+ if (topology_physical_package_id(cpu) == new_pkg) {
+ __cpumask_set_cpu(cpu, mktme_leadcpus);
+ break;
+ }
+ }
+ /* Program the stored keys into the new key table */
+ for (keyid = 1; keyid <= mktme_nr_keyids; keyid++) {
+ /*
+ * When a KeyID slot is not in use, the corresponding key
+ * pointer is 0. '-1' is an intermediate state where the
+ * key is on it's way out, but not gone yet. Program '-1's.
+ */
+ if (mktme_map->key[keyid] == 0)
+ continue;
+
+ payload = &mktme_key_store[keyid];
+ ret = mktme_program_keyid(keyid, payload);
+ if (ret != MKTME_PROG_SUCCESS) {
+ /* Quit on first failure to program key table */
+ pr_debug("mktme: %s\n", mktme_error[ret].msg);
+ ret = -ENOKEY;
+ break;
+ }
+ }
+ mktme_update_pconfig_targets(); /* Restore mktme_leadcpus */
+ return ret;
+}
+
static int __init init_mktme(void)
{
int ret, cpuhp;
--
2.20.1
Powered by blists - more mailing lists