| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <SN6PR02MB4157BFB2B921202BFC2F7B77D4CD2@SN6PR02MB4157.namprd02.prod.outlook.com> Date: Mon, 17 Jun 2024 15:46:01 +0000 From: Michael Kelley <mhklinux@...look.com> To: Suzuki K Poulose <suzuki.poulose@....com>, Steven Price <steven.price@....com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "kvmarm@...ts.linux.dev" <kvmarm@...ts.linux.dev> CC: Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>, Will Deacon <will@...nel.org>, James Morse <james.morse@....com>, Oliver Upton <oliver.upton@...ux.dev>, Zenghui Yu <yuzenghui@...wei.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Joey Gouly <joey.gouly@....com>, Alexandru Elisei <alexandru.elisei@....com>, Christoffer Dall <christoffer.dall@....com>, Fuad Tabba <tabba@...gle.com>, "linux-coco@...ts.linux.dev" <linux-coco@...ts.linux.dev>, Ganapatrao Kulkarni <gankulkarni@...amperecomputing.com> Subject: RE: [PATCH v3 10/14] arm64: Force device mappings to be non-secure shared From: Suzuki K Poulose <suzuki.poulose@....com> Sent: Monday, June 17, 2024 7:55 AM > > On 17/06/2024 04:33, Michael Kelley wrote: > > From: Steven Price <steven.price@....com> Sent: Wednesday, June 5, 2024 2:30 AM > >> > >> From: Suzuki K Poulose <suzuki.poulose@....com> > >> > >> Device mappings (currently) need to be emulated by the VMM so must be > >> mapped shared with the host. > >> > >> Signed-off-by: Suzuki K Poulose <suzuki.poulose@....com> > >> Signed-off-by: Steven Price <steven.price@....com> > >> --- > >> arch/arm64/include/asm/pgtable.h | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/arch/arm64/include/asm/pgtable.h > b/arch/arm64/include/asm/pgtable.h > >> index 11d614d83317..c986fde262c0 100644 > >> --- a/arch/arm64/include/asm/pgtable.h > >> +++ b/arch/arm64/include/asm/pgtable.h > >> @@ -644,7 +644,7 @@ static inline void set_pud_at(struct mm_struct *mm, unsigned long addr, > >> #define pgprot_writecombine(prot) \ > >> __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_NC) | PTE_PXN | PTE_UXN) > >> #define pgprot_device(prot) \ > >> - __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN) > >> + __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_PXN | PTE_UXN | PROT_NS_SHARED) > >> #define pgprot_tagged(prot) \ > >> __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_TAGGED)) > >> #define pgprot_mhp pgprot_tagged > > > > In v2 of the patches, Catalin raised a question about the need for > > pgprot_decrypted(). What was concluded? It still looks to me like > > pgprot_decrypted() and prot_encrypted() are needed, by > > dma_direct_mmap() and remap_oldmem_pfn_range(), respectively. > > Also, assuming Hyper-V supports CCA at some point, the Linux guest > > drivers for Hyper-V need pgprot_decrypted() in hv_ringbuffer_init(). > > Right, I think we could simply do : > > diff --git a/arch/arm64/include/asm/pgtable.h > b/arch/arm64/include/asm/pgtable.h > index c986fde262c0..1ed45893d1e6 100644 > --- a/arch/arm64/include/asm/pgtable.h > +++ b/arch/arm64/include/asm/pgtable.h > @@ -648,6 +648,10 @@ static inline void set_pud_at(struct mm_struct *mm, unsigned long addr, > #define pgprot_tagged(prot) \ > __pgprot_modify(prot, PTE_ATTRINDX_MASK, PTE_ATTRINDX(MT_NORMAL_TAGGED)) > #define pgprot_mhp pgprot_tagged > + > +#define pgprot_decrypted(prot) __pgprot_modify(prot, PROT_NS_SHARED, PROT_NS_SHARED) > +#define pgprot_encrypted(prot) __pgprot_modify(prot, PROT_NS_SHARED, 0) > + > Yes, looks right to me. Michael
Powered by blists - more mailing lists