| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87qzz1mb9z.ffs@tglx>
Date: Mon, 30 Jun 2025 18:42:16 +0200
From: Thomas Gleixner <tglx@...utronix.de>
To: Khalid Ali <khaliidcaliy@...il.com>, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com
Cc: x86@...nel.org, hpa@...or.com, linux-kernel@...r.kernel.org, Khalid Ali
<khaliidcaliy@...il.com>, Kai Huang <kai.huang@...el.com>
Subject: Re: [RESEND PATCH v5] x86/boot: Don't return encryption mask from
__startup_64()
Khalid!
On Wed, Jun 25 2025 at 16:02, Khalid Ali wrote:
> From: Khalid Ali <khaliidcaliy@...il.com>
>
> Currently, __startup_64() returns encryption mask to the caller, however
> caller can directly access the encryption.
>
> The C code can access encryption by including
> arch/x86/include/asm/setup.h and calling sme_get_me_mask(). The assembly
> code can access directly via "sme_me_mask" variable.
>
> This patches accounts that, by adjusting __startup_64() to not return
This patch.... I pointed you to the tip tree documentation before ....
> encryption mask, and update startup_64() to access "sme_me_mask" only if
> CONFIG_AMD_MEM_ENCRYPT is set.
>
> This cleans up the function and does seperation of concern.
> __startup_64() should focus on action like encrypting the kernel, and
> let the caller retrieve the mask directly.
>
> CHanges in v5:
> * Improve commit message for better clarity.
> * Fix some issues returned by kernel test robot.
> * Add Huang, Kai Ack tag.
Please put this behind the --- seperator. It's not part of the change
log. That's documented too.
> Signed-off-by: Khalid Ali <khaliidcaliy@...il.com>
> Acked-by: Kai Huang <kai.huang@...el.com>
> ---
> arch/x86/boot/startup/map_kernel.c | 11 +++--------
> arch/x86/include/asm/setup.h | 2 +-
> arch/x86/kernel/head_64.S | 8 +++-----
> 3 files changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map_kernel.c
> index 332dbe6688c4..0425d49be16e 100644
> --- a/arch/x86/boot/startup/map_kernel.c
> +++ b/arch/x86/boot/startup/map_kernel.c
> @@ -30,7 +30,7 @@ static inline bool check_la57_support(void)
> return true;
> }
>
> -static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> +static void __head sme_postprocess_startup(struct boot_params *bp,
> pmdval_t *pmd,
> unsigned long p2v_offset)
See documentation about parameter alignment.
> {
> @@ -68,11 +68,6 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> }
> }
>
> - /*
> - * Return the SME encryption mask (if SME is active) to be used as a
> - * modifier for the initial pgdir entry programmed into CR3.
> - */
> - return sme_get_me_mask();
> }
>
> /*
> @@ -84,7 +79,7 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> * the 1:1 mapping of memory. Kernel virtual addresses can be determined by
> * subtracting p2v_offset from the RIP-relative address.
> */
> -unsigned long __head __startup_64(unsigned long p2v_offset,
> +void __head __startup_64(unsigned long p2v_offset,
> struct boot_params *bp)
Ditto
> /*
> * Perform pagetable fixups. Additionally, if SME is active, encrypt
> - * the kernel and retrieve the modifier (SME encryption mask if SME
> - * is active) to be added to the initial pgdir entry that will be
> - * programmed into CR3.
> + * the kernel.
Why are you dropping valuable information from that comment, instead of
moving the important information about the SME mask next to the code
which retrieves it?
Thanks,
tglx
Powered by blists - more mailing lists