lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZnBZostHhjqn6uym@arm.com>
Date: Mon, 17 Jun 2024 16:43:30 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Suzuki K Poulose <suzuki.poulose@....com>
Cc: Michael Kelley <mhklinux@...look.com>,
	Steven Price <steven.price@....com>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"kvmarm@...ts.linux.dev" <kvmarm@...ts.linux.dev>,
	Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>,
	James Morse <james.morse@....com>,
	Oliver Upton <oliver.upton@...ux.dev>,
	Zenghui Yu <yuzenghui@...wei.com>,
	"linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Joey Gouly <joey.gouly@....com>,
	Alexandru Elisei <alexandru.elisei@....com>,
	Christoffer Dall <christoffer.dall@....com>,
	Fuad Tabba <tabba@...gle.com>,
	"linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>,
	Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com>
Subject: Re: [PATCH v3 10/14] arm64: Force device mappings to be non-secure
 shared

On Mon, Jun 17, 2024 at 03:55:22PM +0100, Suzuki K Poulose wrote:
> On 17/06/2024 04:33, Michael Kelley wrote:
> > From: Steven Price <steven.price@....com> Sent: Wednesday, June 5, 2024 2:30 AM
> > > 
> > > From: Suzuki K Poulose <suzuki.poulose@....com>
> > > 
> > > Device mappings (currently) need to be emulated by the VMM so must be
> > > mapped shared with the host.
> > > 
> > > Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com>
> > > Signed-off-by: Steven Price <steven.price@....com>
> > > ---
> > >   arch/arm64/include/asm/pgtable.h | 2 +-
> > >   1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
> > > index 11d614d83317..c986fde262c0 100644
> > > --- a/arch/arm64/include/asm/pgtable.h
> > > +++ b/arch/arm64/include/asm/pgtable.h
> > > @@ -644,7 +644,7 @@ static inline void set_pud_at(struct mm_struct *mm, unsigned long addr,
> > >   #define pgprot_writecombine(prot) \
> > >   	__pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_NC) | PTE_PXN | PTE_UXN)
> > >   #define pgprot_device(prot) \
> > > -	__pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN)
> > > +	__pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN | PROT_NS_SHARED)
> > >   #define pgprot_tagged(prot) \
> > >   	__pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_TAGGED))
> > >   #define pgprot_mhp	pgprot_tagged
> > 
> > In v2 of the patches, Catalin raised a question about the need for
> > pgprot_decrypted(). What was concluded? It still looks to me like
> > pgprot_decrypted() and prot_encrypted() are needed, by
> > dma_direct_mmap() and remap_oldmem_pfn_range(), respectively.
> > Also, assuming Hyper-V supports CCA at some point, the Linux guest
> > drivers for Hyper-V need pgprot_decrypted() in hv_ringbuffer_init().
> 
> Right, I think we could simply do :
> 
> diff --git a/arch/arm64/include/asm/pgtable.h
> b/arch/arm64/include/asm/pgtable.h
> index c986fde262c0..1ed45893d1e6 100644
> --- a/arch/arm64/include/asm/pgtable.h
> +++ b/arch/arm64/include/asm/pgtable.h
> @@ -648,6 +648,10 @@ static inline void set_pud_at(struct mm_struct *mm,
> unsigned long addr,
>  #define pgprot_tagged(prot) \
>         __pgprot_modify(prot, PTE_ATTRINDX_MASK,
> PTE_ATTRINDX(MT_NORMAL_TAGGED))
>  #define pgprot_mhp     pgprot_tagged
> +
> +#define pgprot_decrypted(prot) __pgprot_modify(prot, PROT_NS_SHARED, PROT_NS_SHARED)
> +#define pgprot_encrypted(prot)  __pgprot_modify(prot, PROT_NS_SHARED, 0)

And maybe rewrite pgprot_device() as:

#define __pgprot_device(prot) \
	__pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN)
#define pgprot_device(prot)	__pgprot_device(pgprot_decrypted(prot))

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ