| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51fb66d6-f2e0-f11c-68a3-525723d56dd4@linux.intel.com>
Date: Tue, 6 Dec 2022 11:37:42 -0800
From: Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Michael Kelley <mikelley@...rosoft.com>, hpa@...or.com,
kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
decui@...rosoft.com, luto@...nel.org, peterz@...radead.org,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, lpieralisi@...nel.org, robh@...nel.org,
kw@...ux.com, bhelgaas@...gle.com, arnd@...db.de,
hch@...radead.org, m.szyprowski@...sung.com, robin.murphy@....com,
thomas.lendacky@....com, brijesh.singh@....com, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com,
Tianyu.Lan@...rosoft.com, kirill.shutemov@...ux.intel.com,
ak@...ux.intel.com, isaku.yamahata@...el.com,
dan.j.williams@...el.com, jane.chu@...cle.com, seanjc@...gle.com,
tony.luck@...el.com, x86@...nel.org, linux-kernel@...r.kernel.org,
linux-hyperv@...r.kernel.org, netdev@...r.kernel.org,
linux-pci@...r.kernel.org, linux-arch@...r.kernel.org,
iommu@...ts.linux.dev
Subject: Re: [Patch v4 05/13] init: Call mem_encrypt_init() after Hyper-V
hypercall init is done
On 12/1/22 7:30 PM, Michael Kelley wrote:
> Full Hyper-V initialization, including support for hypercalls, is done
> as an apic_post_init callback via late_time_init(). mem_encrypt_init()
> needs to make hypercalls when it marks swiotlb memory as decrypted.
> But mem_encrypt_init() is currently called a few lines before
> late_time_init(), so the hypercalls don't work.
Did you consider moving hyper-v hypercall initialization before
mem_encrypt_init(). Is there any dependency issue?
>
> Fix this by moving mem_encrypt_init() after late_time_init() and
> related clock initializations. The intervening initializations don't
> do any I/O that requires the swiotlb, so moving mem_encrypt_init()
> slightly later has no impact.
>
> Signed-off-by: Michael Kelley <mikelley@...rosoft.com>
> Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> init/main.c | 19 +++++++++++--------
> 1 file changed, 11 insertions(+), 8 deletions(-)
>
> diff --git a/init/main.c b/init/main.c
> index e1c3911..5a7c466 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -1088,14 +1088,6 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
> */
> locking_selftest();
>
> - /*
> - * This needs to be called before any devices perform DMA
> - * operations that might use the SWIOTLB bounce buffers. It will
> - * mark the bounce buffers as decrypted so that their usage will
> - * not cause "plain-text" data to be decrypted when accessed.
> - */
> - mem_encrypt_init();
> -
> #ifdef CONFIG_BLK_DEV_INITRD
> if (initrd_start && !initrd_below_start_ok &&
> page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) {
> @@ -1112,6 +1104,17 @@ asmlinkage __visible void __init __no_sanitize_address start_kernel(void)
> late_time_init();
> sched_clock_init();
> calibrate_delay();
> +
> + /*
> + * This needs to be called before any devices perform DMA
> + * operations that might use the SWIOTLB bounce buffers. It will
> + * mark the bounce buffers as decrypted so that their usage will
> + * not cause "plain-text" data to be decrypted when accessed. It
> + * must be called after late_time_init() so that Hyper-V x86/x64
> + * hypercalls work when the SWIOTLB bounce buffers are decrypted.
> + */
> + mem_encrypt_init();
> +
> pid_idr_init();
> anon_vma_init();
> #ifdef CONFIG_X86
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Powered by blists - more mailing lists