| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Feb 2022 19:39:46 -0800
From: Kees Cook <keescook@...omium.org>
To: Borislav Petkov <bp@...en8.de>
Cc: "Limonciello, Mario" <mario.limonciello@....com>,
Tom Lendacky <thomas.lendacky@....com>,
Martin Fernandez <martin.fernandez@...ypsium.com>,
linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
platform-driver-x86@...r.kernel.org, linux-mm@...ck.org,
tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
x86@...nel.org, hpa@...or.com, ardb@...nel.org,
dvhart@...radead.org, andy@...radead.org,
gregkh@...uxfoundation.org, rafael@...nel.org, rppt@...nel.org,
akpm@...ux-foundation.org, daniel.gutson@...ypsium.com,
hughsient@...il.com, alex.bazhaniuk@...ypsium.com,
alison.schofield@...el.com
Subject: Re: [PATCH v6 6/6] drivers/node: Show in sysfs node's crypto
capabilities
On Fri, Feb 04, 2022 at 05:28:43PM +0100, Borislav Petkov wrote:
> Then we should clear that "sme" flag if memory encryption is not
> enabled. Like we do for all other flags.
Oh, this seems weird to me, as I'd expect it to show up since the CPU is
_capable_ of it, even if it's not in use. (Am I really using avx512vl,
e.g.?)
But as you point out later, it does work that way for a lot of things
and boot params. If this is the way things are supposed to be done,
it looks like we should wire up "nx" vs "noexec=off" boot param to do
the same (separate from this series), though it would need special
care since that bit needs very very early handling both and boot
and resume. Maybe kernel/cpu/common.c should check for _PAGE_NX in
__supported_pte_mask? (And would that break KVM's NX, etc?)
Hmmm.
--
Kees Cook
Powered by blists - more mailing lists