| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jun 2024 23:27:43 -0500 From: "Kalra, Ashish" <ashish.kalra@....com> To: Borislav Petkov <bp@...en8.de> Cc: tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com, x86@...nel.org, rafael@...nel.org, hpa@...or.com, peterz@...radead.org, adrian.hunter@...el.com, sathyanarayanan.kuppuswamy@...ux.intel.com, jun.nakajima@...el.com, rick.p.edgecombe@...el.com, thomas.lendacky@....com, michael.roth@....com, seanjc@...gle.com, kai.huang@...el.com, bhe@...hat.com, kirill.shutemov@...ux.intel.com, bdas@...hat.com, vkuznets@...hat.com, dionnaglaze@...gle.com, anisinha@...hat.com, jroedel@...e.de, ardb@...nel.org, dyoung@...hat.com, kexec@...ts.infradead.org, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org Subject: Re: [PATCH v9 3/3] x86/snp: Convert shared memory back to private on kexec Hello Boris, On 6/24/2024 10:59 PM, Borislav Petkov wrote: > On Mon, Jun 24, 2024 at 03:57:34PM -0500, Kalra, Ashish wrote: >> ... Hence, added simple static functions make_pte_private() and >> set_pte_enc() to make use of the more optimized snp_set_memory_private() to >> use the GHCB instead of the MSR protocol. Additionally, make_pte_private() >> adds check for GHCB addresses during unshare_all_memory() loop. > IOW, what you're saying is: "Boris, what you're asking can't be done." > > Well, what *you're* asking - for me to maintain crap - can't be done either. > So this will stay where it is. > > Unless you make a genuine effort and refactor the code... There is an issue with calling __set_clr_pte_enc() here for the _bss_decrypted section being made private again, when calling __set_clr_pte_enc() on _bss_decrypted section pages, clflush_cache_range() will fail as __va() on this physical range fails as the bss_decrypted section pages are not in kernel direct map. Hence, clflush_cache_range() in __set_clr_pte_enc() causes an implicit page state change which is not resolved as below and causes fatal guest exit : qemu-system-x86_64: warning: memory fault: GPA 0x4000000 size 0x1000 flags 0x8 kvm_convert_memory start 0x4000000 size 0x1000 shared_to_private ... KVM: unknown exit reason 24 EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000 EIP=00000000 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ... This is the reason why i had to pass the vaddr to set_pte_enc(), added here for kexec code, so that i can use it for clflush_cache_range(). So for specific cases such as this, where we can't call __set_clr_pte_enc() on _bss_decrypted section, we probably need a separate set_pte_enc(). Thanks, Ashish
Powered by blists - more mailing lists