lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <YhTk8ZoBtxkHkJHI@zn.tnic>
Date:   Tue, 22 Feb 2022 14:28:17 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     Dave Hansen <dave.hansen@...el.com>, tglx@...utronix.de,
        mingo@...hat.com, luto@...nel.org, peterz@...radead.org,
        sathyanarayanan.kuppuswamy@...ux.intel.com, aarcange@...hat.com,
        ak@...ux.intel.com, dan.j.williams@...el.com, david@...hat.com,
        hpa@...or.com, jgross@...e.com, jmattson@...gle.com,
        joro@...tes.org, jpoimboe@...hat.com, knsathya@...nel.org,
        pbonzini@...hat.com, sdeep@...are.com, seanjc@...gle.com,
        tony.luck@...el.com, vkuznets@...hat.com, wanpengli@...cent.com,
        x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv3 02/32] x86/coco: Add API to handle encryption mask

On Tue, Feb 22, 2022 at 02:18:31AM +0300, Kirill A. Shutemov wrote:
> On Mon, Feb 21, 2022 at 11:56:00PM +0100, Borislav Petkov wrote:
> > On Tue, Feb 22, 2022 at 01:21:49AM +0300, Kirill A. Shutemov wrote:
> > > Well, it actually going to be
> > > 
> > >  	cpa.mask_set = enc ? cc_mkenc(__pgprot(0)) : cc_mkdec(__pgprot(0));
> > >  	cpa.mask_clr = enc ? cc_mkdec(__pgprot(0)) : cc_mkenc(__pgprot(0));
> > > 
> > > as '0' is not a valid pgprot_t.
> > > 
> > > Still wonna go this path?
> > 
> > Why "still"? What's wrong with that?
> 
> IMO, it makes these statement substantially uglier.

As opposed to what you had:

+	cpa.mask_set = __pgprot(cc_get_mask(enc));
+	cpa.mask_clr = __pgprot(cc_get_mask(!enc));

?

Sorry, but cc_get_mask() - first, the name is very misleading - and then
a function argument saying what mask to return is more confusing.

The fact that each vendor chose alternating representations of what an
encrypted page means needs to be abstracted away - the API should not
ask the user of the function what mask she wants. Your functions need
to return an encrypted mask or a decripted mask, not "hey, what kind of
mask do you want".

If you want to make it even simpler, you can hide the pgprot creation
inside the function even - I'm looking at how pgprot_nx() is defined:

	cpa.mask_set = enc ? pgprot_enc(0) : pgprot_dec(0);
	cpa.mask_clr = enc ? pgprot_dec(0) : pgprot_enc(0);

Or, if you think this is still not readable enough, you carve it out
into a separate function:

	cpa_set_masks(struct cpa_data *cpa, bool enc);

and go to town there, do comments, do pgprot conversion per-hand,
whatever.

*BUT* it all depends on what your full requirements for those functions
are for how these masks are going to be used throughout the tree. So I'm
guessing a usage analysis will give you the proper design.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ