lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 May 2020 12:02:01 +0200 From: Borislav Petkov <bp@...en8.de> To: Joerg Roedel <joro@...tes.org> Cc: x86@...nel.org, hpa@...or.com, Andy Lutomirski <luto@...nel.org>, Dave Hansen <dave.hansen@...ux.intel.com>, Peter Zijlstra <peterz@...radead.org>, Thomas Hellstrom <thellstrom@...are.com>, Jiri Slaby <jslaby@...e.cz>, Dan Williams <dan.j.williams@...el.com>, Tom Lendacky <thomas.lendacky@....com>, Juergen Gross <jgross@...e.com>, Kees Cook <keescook@...omium.org>, David Rientjes <rientjes@...gle.com>, Cfir Cohen <cfir@...gle.com>, Erdem Aktas <erdemaktas@...gle.com>, Masami Hiramatsu <mhiramat@...nel.org>, Mike Stunes <mstunes@...are.com>, Joerg Roedel <jroedel@...e.de>, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, virtualization@...ts.linux-foundation.org Subject: Re: [PATCH v3 22/75] x86/boot/compressed/64: Add set_page_en/decrypted() helpers On Tue, Apr 28, 2020 at 05:16:32PM +0200, Joerg Roedel wrote: > From: Joerg Roedel <jroedel@...e.de> > > The functions are needed to map the GHCB for SEV-ES guests. The GHCB is > used for communication with the hypervisor, so its content must not be > encrypted. After the GHCB is not needed anymore it must be mapped > encrypted again so that the running kernel image can safely re-use the > memory. > > Signed-off-by: Joerg Roedel <jroedel@...e.de> > --- > arch/x86/boot/compressed/ident_map_64.c | 134 ++++++++++++++++++++++++ > arch/x86/boot/compressed/misc.h | 2 + > 2 files changed, 136 insertions(+) ... > + > +static int set_clr_page_flags(struct x86_mapping_info *info, > + unsigned long address, > + pteval_t set, pteval_t clr) > +{ > + unsigned long scratch, *target; > + pgd_t *pgdp = (pgd_t *)top_level_pgt; > + p4d_t *p4dp; > + pud_t *pudp; > + pmd_t *pmdp; > + pte_t *ptep, pte; > + > + /* > + * First make sure there is a PMD mapping for 'address'. > + * It should already exist, but keep things generic. > + * > + * To map the page just read from it and fault it in if there is no > + * mapping yet. add_identity_map() can't be called here because that > + * would unconditionally map the address on PMD level, destroying any > + * PTE-level mappings that might already exist. Also do something > + * useless You mean something like this? asm volatile("mov %[address], %%r9" :: [address] "g" (*(unsigned long *)address) : "r9", "memory"); The "memory" clobber should prevent gcc from optimizing that thing away and r9 is callee-clobbered. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists