| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3036a655-9d09-0f04-62a2-7a72ba9af5c7@amd.com>
Date: Wed, 2 Jun 2021 13:15:23 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Sean Christopherson <seanjc@...gle.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc: Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...el.com>,
Tony Luck <tony.luck@...el.com>,
Borislav Petkov <bp@...en8.de>,
Andi Kleen <ak@...ux.intel.com>,
Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
Dan Williams <dan.j.williams@...el.com>,
Raj Ashok <ashok.raj@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest
abstraction
On 6/2/21 12:20 PM, Sean Christopherson wrote:
> On Tue, Jun 01, 2021, Kuppuswamy Sathyanarayanan wrote:
>> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
>> index 9c80c68d75b5..1492b0eb29d0 100644
>> --- a/arch/x86/include/asm/mem_encrypt.h
>> +++ b/arch/x86/include/asm/mem_encrypt.h
>> @@ -56,6 +56,8 @@ bool sev_es_active(void);
>>
>> #define __bss_decrypted __section(".bss..decrypted")
>>
>> +bool amd_protected_guest_has(unsigned long flag);
>
>
> Why call one by the vendor (amd) and the other by the technology (tdx)?
> sev_protected_guest_has() seems like the more logical name, e.g. if AMD CPUs
> gain a new non-SEV technology then we'll have a mess.
The original suggestion from Boris, IIRC, was for protected_guest_has()
function (below) to be:
if (intel)
return intel_protected_guest_has();
else if (amd)
return amd_protected_guest_has();
else
return false;
And then you could check for TDX or SME/SEV in the respective functions.
>
>> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
>> index f0c1912837c8..cbfe7479f2a3 100644
>> --- a/arch/x86/include/asm/tdx.h
>> +++ b/arch/x86/include/asm/tdx.h
>> @@ -71,6 +71,8 @@ u64 __tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9,
>> u64 __tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15,
>> struct tdx_hypercall_output *out);
>>
>> +bool tdx_protected_guest_has(unsigned long flag);
>
> ...
>
>> +static inline bool protected_guest_has(unsigned long flag)
>> +{
>> + if (is_tdx_guest())
>> + return tdx_protected_guest_has(flag);
>> + else if (mem_encrypt_active())
>
> Shouldn't this be sev_active()? mem_encrypt_active() will return true for SME,
> too.
I believe Boris was wanting to replace the areas where sme_active() was
specifically checked, too. And so protected_guest_has() can be confusing...
Maybe naming it protected_os_has() or protection_attr_active() might work.
This would then work SME or MKTME as well.
Thanks,
Tom
>
>> + return amd_protected_guest_has(flag);
>> +
>> + return false;
>> +}
Powered by blists - more mailing lists