| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Feb 2022 11:28:16 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
luto@...nel.org, peterz@...radead.org,
sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 02/32] x86/coco: Add API to handle encryption mask
On 2/18/22 13:33, Kirill A. Shutemov wrote:
> On Fri, Feb 18, 2022 at 12:36:02PM -0800, Dave Hansen wrote:
>> On 2/18/22 08:16, Kirill A. Shutemov wrote:
>>> +#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
>>> +u64 cc_get_mask(bool enc);
>>> +u64 cc_mkenc(u64 val);
>>> +u64 cc_mkdec(u64 val);
>>> +#else
>>> +#define cc_get_mask(enc) 0
>>> +#define cc_mkenc(val) (val)
>>> +#define cc_mkdec(val) (val)
>>> +#endif
>>
>> Is there a reason the stubs as #defines? Static inlines are preferred
>> for consistent type safety among other things.
>
> I was slightly worried about 32-bit non-PAE that has phys_addr_t and
> pgprotval_t 32-bit. I was not completely sure it will not cause any
> issue due to type mismatch. Maybe it is ungrounded.
>
> With CONFIG_ARCH_HAS_CC_PLATFORM=y, all relevant types are 64-bit.
>
>> It would also be nice to talk about the u64 type in the changelog. If I
>> remember right, there was a reason you didn't want to have a pgprot_t
>> here.
>
> With standalone <asm/coco.h> I think we can make it work with other type.
> But I'm not sure what it has to be.
>
> I found helpers useful for modifying pgprotval_t and phys_addr_t. I
> considered u64 a common ground.
>
> Should I change this to something else?
cc_get_mask() is only used once and is assigned to a pgprot_t variable.
I expect it to return a pgprot_t.
...
>>> +u64 cc_mkenc(u64 val)
>>> +{
>>> + switch (cc_vendor) {
>>> + case CC_VENDOR_AMD:
>>> + return val | cc_mask;
>>> + default:
>>> + return val;
>>> + }
>>> +}
>>> +
>>> +u64 cc_mkdec(u64 val)
>>> +{
>>> + switch (cc_vendor) {
>>> + case CC_VENDOR_AMD:
>>> + return val & ~cc_mask;
>>> + default:
>>> + return val;
>>> + }
>>> +}
>>> +EXPORT_SYMBOL_GPL(cc_mkdec);
I'm just a bit confused why *this* was chosen as the cc_whatever() hook.
Just like the mask function, it has one spot where it gets used:
+#define pgprot_encrypted(prot) __pgprot(cc_mkenc(pgprot_val(prot)))
+#define pgprot_decrypted(prot) __pgprot(cc_mkdec(pgprot_val(prot)))
So, why bother having another level of abstraction?
Why don't we just have:
pgprot_t cc_mkenc(pgprot prot)
pgprot_t cc_mkenc(pgprot prot)
and *no* pgprot_{en,de}crypted()?
...
>>> +out:
>>> physical_mask &= ~sme_me_mask;
>>> + if (sme_me_mask)
>>> + cc_init(CC_VENDOR_AMD, sme_me_mask);
>>> }
>>
>> I don't think you need to mop it up here, but where does this leave
>> sme_me_mask?
>
> I think sme_me_mask still can be useful to indicate that the code is only
> relevant for AMD context.
Shouldn't we be able to tell that because something is in an
AMD-specific file, function or #ifdef?
Is there ever a time where sme_me_mask is populated by cc_mask is not?
This seems like it is just making a copy of sme_me_mask.
sme_me_mask does look quite AMD-specialized, like its assembly
manipulation. Even if it's just a copy of cc_mask, it would be nice to
call that out so the relationship is crystal clear.
Powered by blists - more mailing lists