| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <uwr4a2pgvv45xfzvbceghdkm6kgb25y7c2wdkxquphmq2e7rxq@tr5dud4khhl5> Date: Tue, 10 Sep 2024 15:58:16 +0300 From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> To: "Kalra, Ashish" <ashish.kalra@....com> Cc: Tom Lendacky <thomas.lendacky@....com>, "Maciej W. Rozycki" <macro@...am.me.uk>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Kevin Loughlin <kevinloughlin@...gle.com>, linux-kernel@...r.kernel.org, Rick Edgecombe <rick.p.edgecombe@...el.com>, Isaku Yamahata <isaku.yamahata@...el.com> Subject: Re: [PATCH] x86/tdx: Fix crash on kexec with CONFIG_EISA On Fri, Aug 30, 2024 at 03:47:50PM -0500, Kalra, Ashish wrote: > Hello Kirill, > > On 8/29/2024 7:53 AM, Kirill A. Shutemov wrote: > > On Wed, Aug 28, 2024 at 02:43:23PM -0500, Kalra, Ashish wrote: > >> Hello Kirill, > >> > >> On 8/28/2024 1:21 AM, Kirill A. Shutemov wrote: > >>>>>> memremap() > >>>>>> arch_memremap_wb() > >>>>>> ioremap_cache() > >>>>>> __ioremap_caller(.encrytped = false) > >>>>>> > >>>>>> I think arch_memremap_wb() should be mapped ioremap_encrypted() in x86 > >>>>>> case. See the patch below. > >>>>>> > >>>>>> It seems to be working fine on TDX, but I am not sure about SEV. > >>>>>> > >>>>>> Tom, any comments? > >>>>> I haven't dug through the code that thoroughly, but I don't think making > >>>>> arch_memremap_wb() be ioremap_encrypted() will work for SME, where some > >>>>> data, e.g. setup data, is unencrypted and needs to be mapped shared. > >>>>> > >>>>> Let me add @Ashish to the thread and have him investigate this since he > >>>>> has been working on the kexec support under SNP. Can someone provide the > >>>>> specific kernel options that need to be in place? > >>>> As Tom asked for, please provide the specific kernel options to test > >>>> with this configuration. > >>> It is not about testing a specific configuration. The question is if it > >>> safe for memremap() to map all WB memory as encrypted by default. > >>> > >>> Looks like it is safe for TDX, but I am not sure about SME/SEV. > >> For SEV it may make sense, but for SME we don't want memremap() to map > >> all WB memory as encrypted by default. > > Could you elaborate why? > > > > I mean if it is specific memory ranges that can be identified as such we > > could make exception for them. > Looks like that the exception is already made for some of these memory ranges with MEMREMAP_DEC flag set along with MEMREMAP_WB. > >>> Maybe we want a specific flag to make memremap() map WB memory as > >>> decrypted/shared. Make everything encrypted by default seems like a sane > >>> default. > >> What are MEMREMAP_ENC, MEMREMAP_DEC flags being used for currently ? > > Good question. > > > > I see zero use of MEMREMAP_ENC in the kernel. And MEMREMAP_DEC only used > > for setup data which I believe AMD thing. > > > > If it is the only memory that must be decrypted, I guess we can make it > > work with encrypted by default. > > Yes, and this looks pretty much covered with: > > arch_memremap_can_ram_remap(..) > > -> if (CC_ATTR_HOST_MEM_REMAP) > > --> memremap_is_setup_data() > > ---> memremap(.., MEMREMAP_WB | MEMREMAP_DEC); > > It does look like that it can work with encrypted by default and any memory ranges which need special handling and need to be setup as decrypted can use MEMREMAP_WB | MEMREMAP_DEC flag. > Could you actually test the patch that makes memremap() map WB memory as encrypted by default: https://lore.kernel.org/all/g3tswlyhrnuzfqf2upq6h23manyrzhnxttnay66nycy2moi4es@5n4oblzpzcjc/ ? If it works, I will submit a proper patch. -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists