| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c00e269c-da4c-c703-0182-0221c73a76cc@intel.com>
Date: Wed, 28 Jul 2021 08:29:41 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Tianyu Lan <ltykernel@...il.com>, kys@...rosoft.com,
haiyangz@...rosoft.com, sthemmin@...rosoft.com, wei.liu@...nel.org,
decui@...rosoft.com, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, x86@...nel.org, hpa@...or.com,
dave.hansen@...ux.intel.com, luto@...nel.org, peterz@...radead.org,
konrad.wilk@...cle.com, boris.ostrovsky@...cle.com,
jgross@...e.com, sstabellini@...nel.org, joro@...tes.org,
will@...nel.org, davem@...emloft.net, kuba@...nel.org,
jejb@...ux.ibm.com, martin.petersen@...cle.com, arnd@...db.de,
hch@....de, m.szyprowski@...sung.com, robin.murphy@....com,
thomas.lendacky@....com, brijesh.singh@....com, ardb@...nel.org,
Tianyu.Lan@...rosoft.com, rientjes@...gle.com,
martin.b.radev@...il.com, akpm@...ux-foundation.org,
rppt@...nel.org, kirill.shutemov@...ux.intel.com,
aneesh.kumar@...ux.ibm.com, krish.sadhukhan@...cle.com,
saravanand@...com, xen-devel@...ts.xenproject.org,
pgonda@...gle.com, david@...hat.com, keescook@...omium.org,
hannes@...xchg.org, sfr@...b.auug.org.au,
michael.h.kelley@...rosoft.com
Cc: iommu@...ts.linux-foundation.org, linux-arch@...r.kernel.org,
linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-scsi@...r.kernel.org, netdev@...r.kernel.org,
vkuznets@...hat.com, anparri@...rosoft.com
Subject: Re: [PATCH 03/13] x86/HV: Add new hvcall guest address host
visibility support
On 7/28/21 7:52 AM, Tianyu Lan wrote:
> @@ -1986,7 +1988,9 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
> int ret;
>
> /* Nothing to do if memory encryption is not active */
> - if (!mem_encrypt_active())
> + if (hv_is_isolation_supported())
> + return hv_set_mem_enc(addr, numpages, enc);
> + else if (!mem_encrypt_active())
> return 0;
__set_memory_enc_dec() is turning into a real mess. SEV, TDX and now
Hyper-V are messing around in here.
It doesn't help that these additions are totally uncommented. Even
worse is that hv_set_mem_enc() was intentionally named "enc" when it
presumably has nothing to do with encryption.
This needs to be refactored. The current __set_memory_enc_dec() can
become __set_memory_enc_pgtable(). It gets used for the hypervisors
that get informed about "encryption" status via page tables: SEV and TDX.
Then, rename hv_set_mem_enc() to hv_set_visible_hcall(). You'll end up
with:
int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
{
if (hv_is_isolation_supported())
return hv_set_visible_hcall(...);
if (mem_encrypt_active() || ...)
return __set_memory_enc_pgtable();
/* Nothing to do */
return 0;
}
That tells the story pretty effectively, in code.
> +int hv_set_mem_enc(unsigned long addr, int numpages, bool enc)
> +{
> + return hv_set_mem_host_visibility((void *)addr,
> + numpages * HV_HYP_PAGE_SIZE,
> + enc ? VMBUS_PAGE_NOT_VISIBLE
> + : VMBUS_PAGE_VISIBLE_READ_WRITE);
> +}
I know this is off in Hyper-V code, but this just makes my eyes bleed.
I'd much rather see something which is less compact but readable.
> +/* Hyper-V GPA map flags */
> +#define VMBUS_PAGE_NOT_VISIBLE 0
> +#define VMBUS_PAGE_VISIBLE_READ_ONLY 1
> +#define VMBUS_PAGE_VISIBLE_READ_WRITE 3
That looks suspiciously like an enum.
Powered by blists - more mailing lists