| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BYAPR21MB168836495869ABB4E3D61D61D7AB9@BYAPR21MB1688.namprd21.prod.outlook.com>
Date: Thu, 23 Feb 2023 20:51:49 +0000
From: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To: Dave Hansen <dave.hansen@...el.com>,
Sean Christopherson <seanjc@...gle.com>
CC: Borislav Petkov <bp@...en8.de>, "hpa@...or.com" <hpa@...or.com>,
KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
"wei.liu@...nel.org" <wei.liu@...nel.org>,
Dexuan Cui <decui@...rosoft.com>,
"luto@...nel.org" <luto@...nel.org>,
"peterz@...radead.org" <peterz@...radead.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"lpieralisi@...nel.org" <lpieralisi@...nel.org>,
"robh@...nel.org" <robh@...nel.org>, "kw@...ux.com" <kw@...ux.com>,
"bhelgaas@...gle.com" <bhelgaas@...gle.com>,
"arnd@...db.de" <arnd@...db.de>, "hch@....de" <hch@....de>,
"m.szyprowski@...sung.com" <m.szyprowski@...sung.com>,
"robin.murphy@....com" <robin.murphy@....com>,
"thomas.lendacky@....com" <thomas.lendacky@....com>,
"brijesh.singh@....com" <brijesh.singh@....com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
Tianyu Lan <Tianyu.Lan@...rosoft.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"ak@...ux.intel.com" <ak@...ux.intel.com>,
"isaku.yamahata@...el.com" <isaku.yamahata@...el.com>,
"dan.j.williams@...el.com" <dan.j.williams@...el.com>,
"jane.chu@...cle.com" <jane.chu@...cle.com>,
"tony.luck@...el.com" <tony.luck@...el.com>,
"x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>
Subject: RE: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range
to map as encrypted
From: Dave Hansen <dave.hansen@...el.com> Sent: Thursday, February 23, 2023 12:42 PM
>
> On 2/23/23 12:26, Dave Hansen wrote:
> >> + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
> >> + /*
> >> + * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot
> >> + * bits, just like normal ioremap():
> >> + */
> >> + if (x86_platform.hyper.is_private_mmio(phys))
> >> + flags = pgprot_encrypted(flags);
> >> + else
> >> + flags = pgprot_decrypted(flags);
> >> + }
> ...
> > It does seem a bit odd that there's a new CC_ATTR_GUEST_MEM_ENCRYPT
> > check wrapping this whole thing. I guess the trip through
> > pgprot_decrypted() is harmless on normal platforms, though.
>
> Yeah, that's _really_ odd. Sean, were you trying to optimize away the
> indirect call or something?
>
> I would just expect the Hyper-V/vTOM code to leave
> x86_platform.hyper.is_private_mmio alone unless
> it *knows* the platform has private MMIO *and* CC_ATTR_GUEST_MEM_ENCRYPT.
Agreed.
>
> Is there ever a case where CC_ATTR_GUEST_MEM_ENCRYPT==0 and he
> Hyper-V/vTOM code would need to set x86_platform.hyper.is_private_mmio?
There's no such case.
I agree that gating with CC_ATTR_GUEST_MEM_ENCRYPT isn't really necessary.
Current upstream code always does the pgprot_decrypted(), and as you said,
that's a no-op on platforms with no memory encryption.
Michael
Powered by blists - more mailing lists