lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <46cf87e2-8100-47ef-b19e-f6a1b76f660d@amd.com>
Date: Thu, 21 Aug 2025 06:06:57 -0500
From: Kim Phillips <kim.phillips@....com>
To: "Kalra, Ashish" <ashish.kalra@....com>, Randy Dunlap
	<rdunlap@...radead.org>, <corbet@....net>, <seanjc@...gle.com>,
	<pbonzini@...hat.com>, <tglx@...utronix.de>, <mingo@...hat.com>,
	<bp@...en8.de>, <dave.hansen@...ux.intel.com>, <x86@...nel.org>,
	<hpa@...or.com>, <thomas.lendacky@....com>, <herbert@...dor.apana.org>
CC: <akpm@...ux-foundation.org>, <rostedt@...dmis.org>, <paulmck@...nel.org>,
	<michael.roth@....com>, <linux-doc@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>
Subject: Re: [PATCH v9 2/2] KVM: SEV: Add SEV-SNP CipherTextHiding support

On 8/21/25 5:58 AM, Kalra, Ashish wrote:
> On 8/21/2025 5:30 AM, Kim Phillips wrote:
>> On 8/20/25 6:23 PM, Kalra, Ashish wrote:
>>> On 8/20/2025 5:45 PM, Randy Dunlap wrote:
>>>> On 8/20/25 1:50 PM, Ashish Kalra wrote:
>>>>> @@ -3064,10 +3070,32 @@ void __init sev_hardware_setup(void)
>>>>>    out:
>>>>>        if (sev_enabled) {
>>>>>            init_args.probe = true;
>>>>> +
>>>>> +        if (sev_is_snp_ciphertext_hiding_supported())
>>>>> +            init_args.max_snp_asid = min(nr_ciphertext_hiding_asids,
>>>>> +                             min_sev_asid - 1);
>>>>> +
>>>>>            if (sev_platform_init(&init_args))
>>>>>                sev_supported = sev_es_supported = sev_snp_supported = false;
>>>>>            else if (sev_snp_supported)
>>>>>                sev_snp_supported = is_sev_snp_initialized();
>>>>> +
>>>>> +        if (sev_snp_supported)
>>>>> +            nr_ciphertext_hiding_asids = init_args.max_snp_asid;
>>>>> +
>>>>> +        /*
>>>>> +         * If ciphertext hiding is enabled, the joint SEV-ES/SEV-SNP
>>>>> +         * ASID range is partitioned into separate SEV-ES and SEV-SNP
>>>>> +         * ASID ranges, with the SEV-SNP range being [1..max_snp_asid]
>>>>> +         * and the SEV-ES range being [max_snp_asid..max_sev_es_asid].
>>>>                                        [max_snp_asid + 1..max_sev_es_asid]
>>>> ?
>>> Yes.
>> So why wouldn't you have left Sean's original "(max_snp_asid..max_sev_es_asid]" as-is?
>>
>> Kim
>>
> Because that i believe is a typo and the correct SEV-ES range is [max_snp_asid + 1..max_sev_es_asid].

It's not, though.

[max_snp_asid..max_sev_es_asid]

and

(max_snp_asid..max_sev_es_asid]

are two completely different things.


You also modified Sean's Documentation/ changes.  A consistent "joint 
SEV-ES+SEV-SNP" is preferred.

Thanks,

Kim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ