| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Jun 2024 16:43:30 +0100 From: Catalin Marinas <catalin.marinas@....com> To: Suzuki K Poulose <suzuki.poulose@....com> Cc: Michael Kelley <mhklinux@...look.com>, Steven Price <steven.price@....com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "kvmarm@...ts.linux.dev" <kvmarm@...ts.linux.dev>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, James Morse <james.morse@....com>, Oliver Upton <oliver.upton@...ux.dev>, Zenghui Yu <yuzenghui@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Joey Gouly <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>, Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>, "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com> Subject: Re: [PATCH v3 10/14] arm64: Force device mappings to be non-secure shared On Mon, Jun 17, 2024 at 03:55:22PM +0100, Suzuki K Poulose wrote: > On 17/06/2024 04:33, Michael Kelley wrote: > > From: Steven Price <steven.price@....com> Sent: Wednesday, June 5, 2024 2:30 AM > > > > > > From: Suzuki K Poulose <suzuki.poulose@....com> > > > > > > Device mappings (currently) need to be emulated by the VMM so must be > > > mapped shared with the host. > > > > > > Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com> > > > Signed-off-by: Steven Price <steven.price@....com> > > > --- > > > arch/arm64/include/asm/pgtable.h | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h > > > index 11d614d83317..c986fde262c0 100644 > > > --- a/arch/arm64/include/asm/pgtable.h > > > +++ b/arch/arm64/include/asm/pgtable.h > > > @@ -644,7 +644,7 @@ static inline void set_pud_at(struct mm_struct *mm, unsigned long addr, > > > #define pgprot_writecombine(prot) \ > > > __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_NC) | PTE_PXN | PTE_UXN) > > > #define pgprot_device(prot) \ > > > - __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN) > > > + __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN | PROT_NS_SHARED) > > > #define pgprot_tagged(prot) \ > > > __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_TAGGED)) > > > #define pgprot_mhp pgprot_tagged > > > > In v2 of the patches, Catalin raised a question about the need for > > pgprot_decrypted(). What was concluded? It still looks to me like > > pgprot_decrypted() and prot_encrypted() are needed, by > > dma_direct_mmap() and remap_oldmem_pfn_range(), respectively. > > Also, assuming Hyper-V supports CCA at some point, the Linux guest > > drivers for Hyper-V need pgprot_decrypted() in hv_ringbuffer_init(). > > Right, I think we could simply do : > > diff --git a/arch/arm64/include/asm/pgtable.h > b/arch/arm64/include/asm/pgtable.h > index c986fde262c0..1ed45893d1e6 100644 > --- a/arch/arm64/include/asm/pgtable.h > +++ b/arch/arm64/include/asm/pgtable.h > @@ -648,6 +648,10 @@ static inline void set_pud_at(struct mm_struct *mm, > unsigned long addr, > #define pgprot_tagged(prot) \ > __pgprot_modify(prot, PTE_ATTRINDX_MASK, > PTE_ATTRINDX(MT_NORMAL_TAGGED)) > #define pgprot_mhp pgprot_tagged > + > +#define pgprot_decrypted(prot) __pgprot_modify(prot, PROT_NS_SHARED, PROT_NS_SHARED) > +#define pgprot_encrypted(prot) __pgprot_modify(prot, PROT_NS_SHARED, 0) And maybe rewrite pgprot_device() as: #define __pgprot_device(prot) \ __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN) #define pgprot_device(prot) __pgprot_device(pgprot_decrypted(prot)) -- Catalin
Powered by blists - more mailing lists