lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <s4frmqwtuvclinuu7ttyzfpe7bj7hju5xgt6sxzy3gyt3prr62@rrgvhkv4lgwv>
Date: Tue, 19 Nov 2024 10:21:05 +0200
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, 
	Andy Lutomirski <luto@...nel.org>, Albert Ou <aou@...s.berkeley.edu>, 
	Alexei Starovoitov <ast@...nel.org>, Andrea Parri <parri.andrea@...il.com>, 
	Arnd Bergmann <arnd@...db.de>, Daniel Borkmann <daniel@...earbox.net>, 
	Eric Chan <ericchancf@...gle.com>, Jason Gunthorpe <jgg@...pe.ca>, Kai Huang <kai.huang@...el.com>, 
	Kefeng Wang <wangkefeng.wang@...wei.com>, Kent Overstreet <kent.overstreet@...ux.dev>, 
	Palmer Dabbelt <palmer@...osinc.com>, Paul Walmsley <paul.walmsley@...ive.com>, 
	Russell King <linux@...linux.org.uk>, Samuel Holland <samuel.holland@...ive.com>, 
	Suren Baghdasaryan <surenb@...gle.com>, Yuntao Wang <ytcoode@...il.com>, 
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org, 
	Tom Lendacky <thomas.lendacky@....com>, Ashish Kalra <ashish.kalra@....com>, 
	"Maciej W. Rozycki" <macro@...am.me.uk>
Subject: Re: [PATCHv2 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as
 encrypted by default

On Mon, Nov 18, 2024 at 05:46:16PM +0100, Borislav Petkov wrote:
> On Mon, Oct 21, 2024 at 01:57:23PM +0300, Kirill A. Shutemov wrote:
> > It fixes crash on kexec in TDX guests if CONFIG_EISA is enabled.
> 
> Do TDX guests even need EISA?
> 
> "The EISA bus saw limited use between 1988 and 1995 when it was made obsolete
> by the PCI bus."
> 
> Sounds like no to me.
> 
> We usually simply stop coco guests from touching such legacy ranges:
> 
> f30470c190c2 ("x86/boot: Skip video memory access in the decompressor for SEV-ES/SNP")
> 
> so can you do that too?

Sure, we can workaround every place that touches such ranges. Or we can
address problem at the root and make creating decrypted/shared mappings
explicit.

Such mappings have both functional (as we see here) and security
implications (VMM can manipulate the guest memory range). We should not
create decrypted mappings by default on legacy interfaces.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ