| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Feb 2024 16:09:47 -0600 From: Tom Lendacky <thomas.lendacky@....com> To: Borislav Petkov <bp@...en8.de> Cc: "Huang, Kai" <kai.huang@...el.com>, linux-kernel@...r.kernel.org, x86@...nel.org, dave.hansen@...el.com, kirill.shutemov@...ux.intel.com, tglx@...utronix.de, mingo@...hat.com, hpa@...or.com, luto@...nel.org, peterz@...radead.org, chao.gao@...el.com, bhe@...hat.com, nik.borisov@...e.com, pbonzini@...hat.com Subject: Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec On 2/19/24 14:32, Borislav Petkov wrote: > On Mon, Feb 19, 2024 at 01:45:37PM -0600, Tom Lendacky wrote: >> This change won't return the correct answer. The check needs to remain >> against the sev_status value. > > Feel free to explain because this patch is confusing me. In your previous email, you want to put the CC_ATTR_HOST_MEM_INCOHERENT case statement with the CC_ATTR_MEM_ENCRYPT case which is returning sme_me_mask. That will be zero/false if SME is not active, skipping the WBINVD. But, in reality you still need to perform the WBINVD in case the kexec target is doing mem_encrypt=on. That's why the '!(sev_status & MSR_AMD64_SEV_ENABLED)' works here. Basically, if you are bare-metal, it will return true. And it will only return true for machines that support SME and have the MSR_AMD64_SYSCFG_MEM_ENCRYPT bit set in SYS_CFG MSR because of where the 'cc_vendor = CC_VENDOR_AMD' assignment is. However, if you move the 'cc_vendor = CC_VENDOR_AMD' to before the if statement, then you will have the WBINVD called for any machine that supports SME, even if SME is not possible because the proper bit in the SYS_CFG MSR hasn't been set. I know what I'm trying to say, let me know if it is making sense... > >>> So you can't put it before the if - just slap it in both branches. Geez! >> >> I think that will still work because sme_me_mask and sev_status will both be >> 0 on bare-metal if 'msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT' doesn't evaluate to >> true. However, that will cause any platform that hasn't enabled memory >> encryption (see SYS_CFG MSR), to also perform the WBINVD. > > If it keeps the code simpler I don't mind. That's so not a fast path. > >> That won't work, because the current system may not have SME active. The >> cases that needs to be caught are kexec'ing from a mem_encrypt=off to a >> mem_encrypt=on or from a mem_encrypt=on to a mem_encrypt=off. > > And I'm saying, we should keep it simple and simply WBINVD on SME > capable machines, regardless of the encryption setting. In that case, CC_ATTR_HOST_MEM_INCOHERENT needs to be separate from CC_ATTR_MEM_ENCRYPT as the original patch has it. The comment might make more sense as: * CC_ATTR_HOST_MEM_INCOHERENT represents whether SME is possible * on the platform, regardless of whether mem_encrypt=on has been * used to make SME active. Thanks, Tom > > Any downsides to that which are actually real and noticeable? > > Thx. >
Powered by blists - more mailing lists