| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 May 2021 13:49:05 +0200
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
tglx@...utronix.de, jroedel@...e.de, thomas.lendacky@....com,
pbonzini@...hat.com, mingo@...hat.com, dave.hansen@...el.com,
rientjes@...gle.com, seanjc@...gle.com, peterz@...radead.org,
hpa@...or.com, tony.luck@...el.com
Subject: Re: [PATCH Part1 RFC v2 16/20] x86/kernel: Validate rom memory
before accessing when SEV-SNP is active
On Fri, Apr 30, 2021 at 07:16:12AM -0500, Brijesh Singh wrote:
> + /*
> + * The ROM memory is not part of the E820 system RAM and is not pre-validated
> + * by the BIOS. The kernel page table maps the ROM region as encrypted memory,
> + * the SEV-SNP requires the encrypted memory must be validated before the
> + * access. Validate the ROM before accessing it.
> + */
> + n = ((system_rom_resource.end + 1) - video_rom_resource.start) >> PAGE_SHIFT;
> + early_snp_set_memory_private((unsigned long)__va(video_rom_resource.start),
> + video_rom_resource.start, n);
>From last review:
I don't like this sprinkling of SNP-special stuff that needs to be done,
around the tree. Instead, pls define a function called
snp_prep_memory(unsigned long pa, unsigned int num_pages, enum operation);
or so which does all the manipulation needed and the callsites only
simply unconditionally call that function so that all detail is
extracted and optimized away when not config-enabled.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists