| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 May 2022 19:39:04 -0700
From: Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Kai Huang <kai.huang@...el.com>,
"Kirill A. Shutemov" <kirill@...temov.name>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H . Peter Anvin" <hpa@...or.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Andi Kleen <ak@...ux.intel.com>,
Wander Lairson Costa <wander@...hat.com>,
Isaku Yamahata <isaku.yamahata@...il.com>,
marcelo.cerri@...onical.com, tim.gardner@...onical.com,
khalid.elmously@...onical.com, philip.cox@...onical.com,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 3/3] x86/tdx: Add Quote generation support
On 5/2/22 7:18 PM, Kai Huang wrote:
> On Tue, 2022-05-03 at 04:27 +0300, Kirill A. Shutemov wrote:
>> On Mon, May 02, 2022 at 02:40:26PM +1200, Kai Huang wrote:
>>>
>>>> +
>>>> + /* Get order for Quote buffer page allocation */
>>>> + order = get_order(quote_req.len);
>>>> +
>>>> + /*
>>>> + * Allocate buffer to get TD Quote from the VMM.
>>>> + * Size needs to be 4KB aligned (which is already
>>>> + * met in page allocation).
>>>> + */
>>>> + tdquote = (void *)__get_free_pages(GFP_KERNEL | __GFP_ZERO, order);
>>>> + if (!tdquote) {
>>>> + ret = -ENOMEM;
>>>> + goto quote_failed;
>>>> + }
>>>
>>> You can use alloc_pages_exact().
>>>
>>>> +
>>>> + /*
>>>> + * Since this buffer will be shared with the VMM via GetQuote
>>>> + * hypercall, decrypt it.
>>>> + */
>>>> + ret = set_memory_decrypted((unsigned long)tdquote, 1UL << order);
>>>> + if (ret)
>>>> + goto quote_failed;
>>>
>>>
>>> Again, Dave and Andi already commented you should use vmap() to avoid breaking
>>> up the direct-mapping. Please use vmap() instead.
>>>
>>> https://lore.kernel.org/all/ce0feeec-a949-35f8-3010-b0d69acbbc2e@linux.intel.com/
>>>
>>> Will review the rest later.
>>
>> I would rather convert it to use DMA API for memory allocation. It will
>> tap into swiotlb buffer that already converted and there's no need to
>> touch direct mapping. Both allocation and freeing such memory is cheaper
>> because of that.
>>
>
> Does each DMA allocation and free internally do the actual private/shared
> conversion? Or the swiotlb is converted at the beginning at boot and DMA
> allocation will always get the shared buffer automatically?
DMA allocation will always return shared buffer.
>
> The problem of using DMA API is it will need to bring additional code to use
> platform device, which isn't necessary.
Yes.
>
> Using vmap() we can still (almost) avoid private/shared conversion at IOCTL time
> by allocating a default size buffer (which is large enough to cover 99% cases,
> etc) at driver initialization time:
Allocating fixed size buffer pool will work for dma buffer allocation
as well.
So the comparison is between platform driver boilerplate code vs vmap
and shared/unshared code addition. It is arguable which is better. I
think it is about preference.
>
> https://lore.kernel.org/lkml/20220422233418.1203092-2-sathyanarayanan.kuppuswamy@linux.intel.com/T/#maf7e5f6894548972c5de71f607199a79645856ff
>
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Powered by blists - more mailing lists