lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7ebd6ba1-85a4-6fee-c897-22ed108ac8b7@intel.com>
Date:   Mon, 21 Feb 2022 11:28:16 -0800
From:   Dave Hansen <dave.hansen@...el.com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
        luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 02/32] x86/coco: Add API to handle encryption mask

On 2/18/22 13:33, Kirill A. Shutemov wrote:
> On Fri, Feb 18, 2022 at 12:36:02PM -0800, Dave Hansen wrote:
>> On 2/18/22 08:16, Kirill A. Shutemov wrote:
>>> +#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
>>> +u64 cc_get_mask(bool enc);
>>> +u64 cc_mkenc(u64 val);
>>> +u64 cc_mkdec(u64 val);
>>> +#else
>>> +#define cc_get_mask(enc)	0
>>> +#define cc_mkenc(val)		(val)
>>> +#define cc_mkdec(val)		(val)
>>> +#endif
>>
>> Is there a reason the stubs as #defines?  Static inlines are preferred
>> for consistent type safety among other things.
> 
> I was slightly worried about 32-bit non-PAE that has phys_addr_t and
> pgprotval_t 32-bit. I was not completely sure it will not cause any
> issue due to type mismatch. Maybe it is ungrounded.
> 
> With CONFIG_ARCH_HAS_CC_PLATFORM=y, all relevant types are 64-bit.
> 
>> It would also be nice to talk about the u64 type in the changelog.  If I
>> remember right, there was a reason you didn't want to have a pgprot_t
>> here.
> 
> With standalone <asm/coco.h> I think we can make it work with other type.
> But I'm not sure what it has to be.
> 
> I found helpers useful for modifying pgprotval_t and phys_addr_t. I
> considered u64 a common ground.
> 
> Should I change this to something else?

cc_get_mask() is only used once and is assigned to a pgprot_t variable.
 I expect it to return a pgprot_t.

...
>>> +u64 cc_mkenc(u64 val)
>>> +{
>>> +	switch (cc_vendor) {
>>> +	case CC_VENDOR_AMD:
>>> +		return val | cc_mask;
>>> +	default:
>>> +		return val;
>>> +	}
>>> +}
>>> +
>>> +u64 cc_mkdec(u64 val)
>>> +{
>>> +	switch (cc_vendor) {
>>> +	case CC_VENDOR_AMD:
>>> +		return val & ~cc_mask;
>>> +	default:
>>> +		return val;
>>> +	}
>>> +}
>>> +EXPORT_SYMBOL_GPL(cc_mkdec);

I'm just a bit confused why *this* was chosen as the cc_whatever() hook.
 Just like the mask function, it has one spot where it gets used:

+#define pgprot_encrypted(prot)	__pgprot(cc_mkenc(pgprot_val(prot)))
+#define pgprot_decrypted(prot)	__pgprot(cc_mkdec(pgprot_val(prot)))

So, why bother having another level of abstraction?

Why don't we just have:

	pgprot_t cc_mkenc(pgprot prot)
	pgprot_t cc_mkenc(pgprot prot)

and *no* pgprot_{en,de}crypted()?

...
>>> +out:
>>>  	physical_mask &= ~sme_me_mask;
>>> +	if (sme_me_mask)
>>> +		cc_init(CC_VENDOR_AMD, sme_me_mask);
>>>  }
>>
>> I don't think you need to mop it up here, but where does this leave
>> sme_me_mask?
> 
> I think sme_me_mask still can be useful to indicate that the code is only
> relevant for AMD context.

Shouldn't we be able to tell that because something is in an
AMD-specific file, function or #ifdef?

Is there ever a time where sme_me_mask is populated by cc_mask is not?
This seems like it is just making a copy of sme_me_mask.

sme_me_mask does look quite AMD-specialized, like its assembly
manipulation.  Even if it's just a copy of cc_mask, it would be nice to
call that out so the relationship is crystal clear.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ