lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 6 Dec 2020 11:25:18 +0100
From:   Paolo Bonzini <pbonzini@...hat.com>
To:     Ashish Kalra <ashish.kalra@....com>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>
Cc:     tglx@...utronix.de, mingo@...hat.com, hpa@...or.com,
        joro@...tes.org, bp@...e.de, thomas.lendacky@....com,
        x86@...nel.org, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
        srutherford@...gle.com, brijesh.singh@....com,
        dovmurik@...ux.vnet.ibm.com, tobin@....com, jejb@...ux.ibm.com,
        frankeh@...ibm.com
Subject: Re: [PATCH v2 2/9] KVM: X86: Introduce KVM_HC_PAGE_ENC_STATUS
 hypercall

On 02/12/20 22:22, Ashish Kalra wrote:
> Hello Dave,
> 
> On Wed, Dec 02, 2020 at 04:54:20PM +0000, Dr. David Alan Gilbert wrote:
>> * Ashish Kalra (Ashish.Kalra@....com) wrote:
>>> From: Brijesh Singh <brijesh.singh@....com>
>>>
>>> This hypercall is used by the SEV guest to notify a change in the page
>>> encryption status to the hypervisor. The hypercall should be invoked
>>> only when the encryption attribute is changed from encrypted -> decrypted
>>> and vice versa. By default all guest pages are considered encrypted.
>>
>> Is it defined whether these are supposed to be called before or after
>> the the page type has been changed; is it change the type and then
>> notify or the other way around?

It doesn't matter.  However, you have do it before writing to the page, 
and the content of the page is unspecified between the hypercall and the 
write to the page.

So you cannot for example encrypt a page in place (using the same PFN 
but different settings of the C bit), you need to do:

	hypercall(); /* mark enc_data as encrypted */
	/*
	 * The contents of enc_data is now undefined as it can change
	 * across migration.
	 */
	memset(enc_data, unenc_data, PAGE_SIZE);

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ