lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Nov 2022 15:14:17 -0600 From: Tom Lendacky <thomas.lendacky@....com> To: Michael Kelley <mikelley@...rosoft.com>, hpa@...or.com, kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org, decui@...rosoft.com, luto@...nel.org, peterz@...radead.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, lpieralisi@...nel.org, robh@...nel.org, kw@...ux.com, bhelgaas@...gle.com, arnd@...db.de, hch@...radead.org, m.szyprowski@...sung.com, robin.murphy@....com, brijesh.singh@....com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, Tianyu.Lan@...rosoft.com, kirill.shutemov@...ux.intel.com, sathyanarayanan.kuppuswamy@...ux.intel.com, ak@...ux.intel.com, isaku.yamahata@...el.com, dan.j.williams@...el.com, jane.chu@...cle.com, seanjc@...gle.com, tony.luck@...el.com, x86@...nel.org, linux-kernel@...r.kernel.org, linux-hyperv@...r.kernel.org, netdev@...r.kernel.org, linux-pci@...r.kernel.org, linux-arch@...r.kernel.org, iommu@...ts.linux.dev Subject: Re: [Patch v3 06/14] init: Call mem_encrypt_init() after Hyper-V hypercall init is done On 11/16/22 12:41, Michael Kelley wrote: > Full Hyper-V initialization, including support for hypercalls, is done > as an apic_post_init callback via late_time_init(). mem_encrypt_init() > needs to make hypercalls when it marks swiotlb memory as decrypted. > But mem_encrypt_init() is currently called a few lines before > late_time_init(), so the hypercalls don't work. > > Fix this by moving mem_encrypt_init() after late_time_init() and > related clock initializations. The intervening initializations don't > do any I/O that requires the swiotlb, so moving mem_encrypt_init() > slightly later has no impact. > > Signed-off-by: Michael Kelley <mikelley@...rosoft.com> Some quick testing with mem_encrypt_init() in the new location hasn't shown any problems under SME/SEV. Reviewed-by: Tom Lendacky <thomas.lendacky@....com> > --- > init/main.c | 19 +++++++++++-------- > 1 file changed, 11 insertions(+), 8 deletions(-) > > diff --git a/init/main.c b/init/main.c > index e1c3911..5a7c466 100644 > --- a/init/main.c > +++ b/init/main.c > @@ -1088,14 +1088,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) > */ > locking_selftest(); > > - /* > - * This needs to be called before any devices perform DMA > - * operations that might use the SWIOTLB bounce buffers. It will > - * mark the bounce buffers as decrypted so that their usage will > - * not cause "plain-text" data to be decrypted when accessed. > - */ > - mem_encrypt_init(); > - > #ifdef CONFIG_BLK_DEV_INITRD > if (initrd_start && !initrd_below_start_ok && > page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) { > @@ -1112,6 +1104,17 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void) > late_time_init(); > sched_clock_init(); > calibrate_delay(); > + > + /* > + * This needs to be called before any devices perform DMA > + * operations that might use the SWIOTLB bounce buffers. It will > + * mark the bounce buffers as decrypted so that their usage will > + * not cause "plain-text" data to be decrypted when accessed. It > + * must be called after late_time_init() so that Hyper-V x86/x64 > + * hypercalls work when the SWIOTLB bounce buffers are decrypted. > + */ > + mem_encrypt_init(); > + > pid_idr_init(); > anon_vma_init(); > #ifdef CONFIG_X86
Powered by blists - more mailing lists