| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YrTq3WfOeA6ehsk6@google.com>
Date: Thu, 23 Jun 2022 22:36:13 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: "Kalra, Ashish" <Ashish.Kalra@....com>
Cc: Dave Hansen <dave.hansen@...el.com>,
"x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"jroedel@...e.de" <jroedel@...e.de>,
"Lendacky, Thomas" <Thomas.Lendacky@....com>,
"hpa@...or.com" <hpa@...or.com>,
"ardb@...nel.org" <ardb@...nel.org>,
"pbonzini@...hat.com" <pbonzini@...hat.com>,
"vkuznets@...hat.com" <vkuznets@...hat.com>,
"jmattson@...gle.com" <jmattson@...gle.com>,
"luto@...nel.org" <luto@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"slp@...hat.com" <slp@...hat.com>,
"pgonda@...gle.com" <pgonda@...gle.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"srinivas.pandruvada@...ux.intel.com"
<srinivas.pandruvada@...ux.intel.com>,
"rientjes@...gle.com" <rientjes@...gle.com>,
"dovmurik@...ux.ibm.com" <dovmurik@...ux.ibm.com>,
"tobin@....com" <tobin@....com>, "bp@...en8.de" <bp@...en8.de>,
"Roth, Michael" <Michael.Roth@....com>,
"vbabka@...e.cz" <vbabka@...e.cz>,
"kirill@...temov.name" <kirill@...temov.name>,
"ak@...ux.intel.com" <ak@...ux.intel.com>,
"tony.luck@...el.com" <tony.luck@...el.com>,
"marcorr@...gle.com" <marcorr@...gle.com>,
"sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"alpergun@...gle.com" <alpergun@...gle.com>,
"dgilbert@...hat.com" <dgilbert@...hat.com>,
"jarkko@...nel.org" <jarkko@...nel.org>
Subject: Re: [PATCH Part2 v6 05/49] x86/sev: Add RMP entry lookup helpers
On Wed, Jun 22, 2022, Kalra, Ashish wrote:
> On 6/22/22 12:43, Kalra, Ashish wrote:
> >>> I think that needs to be fixed. It should be as simple as a
> >>> model/family check, though. If someone (for example) attempts to use
> >>> SNP (and thus snp_lookup_rmpentry() and dump_rmpentry()) code on a
> >>> newer CPU, the kernel should refuse.
> >> More specifically I am thinking of adding RMP entry field accessors so
> >> that they can do this cpu model/family check and return the correct
> >> field as per processor architecture.
>
> >That will be helpful down the road when there's more than one format. But,
> >the real issue is that the kernel doesn't *support* a different RMP format.
> >So, the SNP support should be disabled when encountering a model/family
> >other than the known good one.
>
> Yes, that makes sense, will add an additional check in snp_rmptable_init().
And as I suggested in v5[*], bury the microarchitectural struct in sev.c so that
nothing outside of the few bits of SNP code that absolutely need to know the layout
of the struct should even be aware that there's a struct overlay for RMP entries.
[*] https://lore.kernel.org/all/YPCAZaROOHNskGlO@google.com
Powered by blists - more mailing lists