| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2022 23:21:44 +0800
From: Tianyu Lan <ltykernel@...il.com>
To: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>,
"luto@...nel.org" <luto@...nel.org>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"bp@...en8.de" <bp@...en8.de>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
"seanjc@...gle.com" <seanjc@...gle.com>,
"pbonzini@...hat.com" <pbonzini@...hat.com>,
"jgross@...e.com" <jgross@...e.com>,
Tianyu Lan <Tianyu.Lan@...rosoft.com>,
"kirill@...temov.name" <kirill@...temov.name>,
"jiangshan.ljs@...group.com" <jiangshan.ljs@...group.com>,
"peterz@...radead.org" <peterz@...radead.org>,
"ashish.kalra@....com" <ashish.kalra@....com>,
"srutherford@...gle.com" <srutherford@...gle.com>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"anshuman.khandual@....com" <anshuman.khandual@....com>,
"pawan.kumar.gupta@...ux.intel.com"
<pawan.kumar.gupta@...ux.intel.com>,
"adrian.hunter@...el.com" <adrian.hunter@...el.com>,
"daniel.sneddon@...ux.intel.com" <daniel.sneddon@...ux.intel.com>,
"alexander.shishkin@...ux.intel.com"
<alexander.shishkin@...ux.intel.com>,
"sandipan.das@....com" <sandipan.das@....com>,
"ray.huang@....com" <ray.huang@....com>,
"brijesh.singh@....com" <brijesh.singh@....com>,
"michael.roth@....com" <michael.roth@....com>,
"thomas.lendacky@....com" <thomas.lendacky@....com>,
"venu.busireddy@...cle.com" <venu.busireddy@...cle.com>,
"sterritt@...gle.com" <sterritt@...gle.com>,
"tony.luck@...el.com" <tony.luck@...el.com>,
"samitolvanen@...gle.com" <samitolvanen@...gle.com>,
"fenghua.yu@...el.com" <fenghua.yu@...el.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>
Subject: Re: [RFC PATCH V2 04/18] x86/hyperv: Decrypt hv vp assist page in
sev-snp enlightened guest
On 12/13/2022 3:41 AM, Michael Kelley (LINUX) wrote:
>> @@ -228,6 +234,12 @@ static int hv_cpu_die(unsigned int cpu)
>>
>> if (hv_vp_assist_page && hv_vp_assist_page[cpu]) {
>> union hv_vp_assist_msr_contents msr = { 0 };
>> +
>> + if (hv_isolation_type_en_snp())
>> + WARN_ON_ONCE(set_memory_encrypted(
>> + (unsigned long)hv_vp_assist_page[cpu],
>> + 1) != 0);
>> +
> The re-encryption should not be done here (or anywhere else, for
> that matter) since the VP assist pages are never freed. The Hyper-V
> synthetic MSR pointing to the page gets cleared, but the memory isn't
> freed. If the CPU should come back online later, the previously allocated
> VP assist page is reused. The decryption in hv_cpu_init() is done only
> when a new page is allocated to use as a VP assist page. So just leave
> the page decrypted here, and it will get reused in its decrypted state.
>
> This handling of the VP assist page is admittedly a bit weird. But
> it is needed. See discussion with Vitaly Kuznetsov here:
> https://lore.kernel.org/linux-hyperv/878rkqr7ku.fsf@ovpn-192-136.brq.redhat.com/
>
Agree. Good point. Will update in the next version.
Thanks.
Powered by blists - more mailing lists