lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7u74hxavnqqtcaciqco4ra37rep7k4f4cnv65mk5rmcu3fuo6n@kdhc2oceeu2p>
Date: Tue, 8 Apr 2025 00:08:25 +0300
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Ingo Molnar <mingo@...nel.org>, 
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dionna Amalie Glaze <dionnaglaze@...gle.com>, 
	Ard Biesheuvel <ardb+git@...gle.com>, linux-efi@...r.kernel.org, linux-kernel@...r.kernel.org, 
	x86@...nel.org, Tom Lendacky <thomas.lendacky@....com>, 
	Borislav Petkov <bp@...en8.de>, Kevin Loughlin <kevinloughlin@...gle.com>
Subject: Re: [PATCH v2 3/3] x86/boot: Implement early memory acceptance for
 SEV-SNP

On Mon, Apr 07, 2025 at 07:45:59PM +0200, Ard Biesheuvel wrote:
> On Mon, 7 Apr 2025 at 19:33, Kirill A. Shutemov <kirill@...temov.name> wrote:
> >
> > On Mon, Apr 07, 2025 at 07:21:17PM +0200, Ard Biesheuvel wrote:
> > > On Mon, 7 Apr 2025 at 18:44, Ingo Molnar <mingo@...nel.org> wrote:
> > > >
> > > >
> > > > * Kirill A. Shutemov <kirill.shutemov@...ux.intel.com> wrote:
> > > >
> > > > > On Fri, Apr 04, 2025 at 08:07:03AM -0700, Dionna Amalie Glaze wrote:
> > > > > > If the GHCB is available, we should always prefer it.
> > > > >
> > > > > I believe we should consider the cost of code duplication in this
> > > > > situation.
> > > > >
> > > > > If the non-early version is only used in the kexec path, it will not be
> > > > > tested as frequently and could be more easily broken. I think it would be
> > > > > acceptable for kexec to be slightly slower if it results in more
> > > > > maintainable code.
> > > >
> > > > Absolutely so.
> > > >
> > >
> > > It would be nice if someone could quantify 'slightly slower' - I am
> > > leaning to the same conclusion but I have no clue what the actual
> > > performance impact is.
> >
> > If we can survive the performance of the initial boot, we can live with it
> > for kexec.
> >
> 
> The initial boot does not occur via the decompressor, but via the EFI
> stub, where memory acceptance is handled by the firmware (as it
> should).

I wounder what protocol BIOS uses.

> Given that the traditional decompressor carves out an allocation from
> the raw E820 map without using any of the higher level APIs, it has to
> accept the memory itself if it is marked as unaccepted in the table.
> 
> Perhaps the decompressor should try to avoid unaccepted memory?

It limits KASLR. I would rather wait more on kexec.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ