lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID:
 <SN6PR02MB4157D8770347E8C2EC49EBBBD496A@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Tue, 13 May 2025 15:30:28 +0000
From: Michael Kelley <mhklinux@...look.com>
To: Roman Kisel <romank@...ux.microsoft.com>, Saurabh Singh Sengar
	<ssengar@...rosoft.com>, Wei Liu <wei.liu@...nel.org>
CC: Naman Jain <namjain@...ux.microsoft.com>, KY Srinivasan
	<kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Dexuan Cui
	<decui@...rosoft.com>, Anirudh Rayabharam <anrayabh@...ux.microsoft.com>,
	Saurabh Sengar <ssengar@...ux.microsoft.com>, Stanislav Kinsburskii
	<skinsburskii@...ux.microsoft.com>, Nuno Das Neves
	<nunodasneves@...ux.microsoft.com>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "linux-hyperv@...r.kernel.org"
	<linux-hyperv@...r.kernel.org>
Subject: RE: [EXTERNAL] Re: [PATCH] Drivers: hv: Introduce mshv_vtl driver

From: Roman Kisel <romank@...ux.microsoft.com> Sent: Friday, May 9, 2025 11:05 AM
> 
> On 5/9/2025 11:02 AM, Saurabh Singh Sengar wrote:
> >
> >
> 
> [...]
> 
> >> Yep. We don't rely on user land software doing sane things to maintain
> >> correctness in kernel, so this needs to be fixed.
> >>
> >> Thanks,
> >> Wei.
> >
> >
> > How about fixing this for normal x86 for now and put a TODO for CVM to be fixed
> later, when we bring in CVM support ?
> 
> That seems to strike the right balance ihmo :)
> Thanks for coming up with the suggestion!
> 

FWIW, it seems like it would be pretty easy to fix the CVM case as well.  Do
the following:

1. Allocate memory at runtime using the normal kmalloc()
2. Copy from user space to that allocated memory
3. Disable interrupts as usual for using the per-cpu hypercall arg pages
4. Copy from the allocated memory to the per-cpu hypercall arg pages.
   In a CVM this will do the conversion from encrypted memory to
   decrypted memory.
5. Make the hypercall
6. Copy out any results to the allocated memory. Again, this will do
   the conversion from decrypted to encrypted.
7. Enable interrupts
8. Copy results from the allocated memory to user space
9. Free the allocated memory

(And maybe Steps 6 and 8 don't apply if there's no output data to copy
back to user space.)

The performance penalty is the memory allocation/free, plus the extra
copying of the input/output hypercall arguments. But I'm guessing the
arguments are usually on the small side, so the extra copy isn't a big issue.

Michael

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ