lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1908292018500.1938@nanos.tec.linutronix.de>
Date:   Thu, 29 Aug 2019 20:21:33 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Borislav Petkov <bp@...e.de>
cc:     "Singh, Brijesh" <brijesh.singh@....com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Joerg Roedel <joro@...tes.org>,
        "Lendacky, Thomas" <Thomas.Lendacky@....com>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v3 10/11] mm: x86: Invoke hypercall when page encryption
 status is changed

On Thu, 29 Aug 2019, Borislav Petkov wrote:

> On Wed, Jul 10, 2019 at 08:13:11PM +0000, Singh, Brijesh wrote:
> > @@ -2060,6 +2067,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
> >  	 */
> >  	cpa_flush(&cpa, 0);
> >  
> > +	/*
> > +	 * When SEV is active, notify hypervisor that a given memory range is mapped
> > +	 * encrypted or decrypted. Hypervisor will use this information during
> > +	 * the VM migration.
> > +	 */
> > +	if (sev_active())
> > +		set_memory_enc_dec_hypercall(addr, numpages << PAGE_SHIFT, enc);
> 
> Btw, tglx has a another valid design concern here: why isn't this a
> pv_ops thing? So that it is active only when the hypervisor is actually
> present?
> 
> I know, I know, this will run on SEV guests only because it is all
> (hopefully) behind "if (sev_active())" checks but the clean and accepted
> design is a paravirt call, I'd say.

No. sev_active() has nothing to do with guest mode. It tells whether SEV is
active or not. So yes, this calls into this function on both guest and
host. The latter is beyond pointless.

Thanks,

	tglx


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ