From: Dave Hansen <dave.hansen@intel.com>
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Kai Huang <kai.huang@linux.intel.com>,
Jacob Pan <jacob.jun.pan@linux.intel.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages
Date: Thu, 19 Jul 2018 06:58:14 -0700 [thread overview]
Message-ID: <d50d89d2-f93b-4b4b-bf8d-2f53cedebcd1@intel.com> (raw)
In-Reply-To: <20180719071606.dkeq5btz5wlzk4oq@kshutemo-mobl1>
On 07/19/2018 12:16 AM, Kirill A. Shutemov wrote:
> On Wed, Jul 18, 2018 at 10:36:24AM -0700, Dave Hansen wrote:
>> On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote:
>>> Zero page is not encrypted and putting it into encrypted VMA produces
>>> garbage.
>>>
>>> We can map zero page with KeyID-0 into an encrypted VMA, but this would
>>> be violation security boundary between encryption domains.
>> Why? How is it a violation?
>>
>> It only matters if they write secrets. They can't write secrets to the
>> zero page.
> I believe usage of zero page is wrong here. It would indirectly reveal
> content of supposedly encrypted memory region.
>
> I can see argument why it should be okay and I don't have very strong
> opinion on this.
I think we should make the zero page work. If folks are
security-sensitive, they need to write to guarantee it isn't being
shared. That's a pretty low bar.
I'm struggling to think of a case where an attacker has access to the
encrypted data, the virt->phys mapping, *and* can glean something
valuable from the presence of the zero page.
Please spend some time and focus on your patch descriptions. Use facts
that are backed up and are *precise* or tell the story of how your patch
was developed. In this case, citing the "security boundary" is not
precise enough without explaining what the boundary is and how it is
violated.
next prev parent reply other threads:[~2018-07-19 13:58 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-17 11:20 [PATCHv5 00/19] MKTME enabling Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 01/19] mm: Do no merge VMAs with different encryption KeyIDs Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 02/19] mm: Do not use zero page in encrypted pages Kirill A. Shutemov
2018-07-18 17:36 ` Dave Hansen
2018-07-19 7:16 ` Kirill A. Shutemov
2018-07-19 13:58 ` Dave Hansen [this message]
2018-07-20 12:16 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs Kirill A. Shutemov
2018-07-18 17:38 ` Dave Hansen
2018-07-19 7:32 ` Kirill A. Shutemov
2018-07-19 14:02 ` Dave Hansen
2018-07-20 12:23 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 04/19] mm/page_alloc: Unify alloc_hugepage_vma() Kirill A. Shutemov
2018-07-18 17:43 ` Dave Hansen
2018-07-17 11:20 ` [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory Kirill A. Shutemov
2018-07-18 23:03 ` Dave Hansen
2018-07-19 8:27 ` Kirill A. Shutemov
2018-07-19 14:05 ` Dave Hansen
2018-07-20 12:25 ` Kirill A. Shutemov
2018-07-26 14:25 ` Michal Hocko
2018-07-17 11:20 ` [PATCHv5 06/19] mm/khugepaged: Handle encrypted pages Kirill A. Shutemov
2018-07-18 23:11 ` Dave Hansen
2018-07-19 8:59 ` Kirill A. Shutemov
2018-07-19 14:13 ` Dave Hansen
2018-07-20 12:29 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn Kirill A. Shutemov
2018-07-18 23:13 ` Dave Hansen
2018-07-19 9:54 ` Kirill A. Shutemov
2018-07-19 14:19 ` Dave Hansen
2018-07-20 12:31 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs Kirill A. Shutemov
2018-07-18 23:19 ` Dave Hansen
2018-07-19 10:21 ` Kirill A. Shutemov
2018-07-19 12:37 ` Thomas Gleixner
2018-07-19 13:12 ` Kirill A. Shutemov
2018-07-19 13:18 ` Thomas Gleixner
2018-07-19 13:23 ` Kirill A. Shutemov
2018-07-19 13:40 ` Thomas Gleixner
2018-07-20 12:34 ` Kirill A. Shutemov
2018-07-20 13:17 ` Thomas Gleixner
2018-07-20 13:40 ` Kirill A. Shutemov
2018-07-19 14:23 ` Dave Hansen
2018-07-20 12:34 ` Kirill A. Shutemov
2018-07-31 0:08 ` Kai Huang
2018-07-17 11:20 ` [PATCHv5 09/19] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() Kirill A. Shutemov
2018-07-18 23:30 ` Dave Hansen
2018-07-20 12:42 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 10/19] x86/mm: Implement page_keyid() using page_ext Kirill A. Shutemov
2018-07-18 23:38 ` Dave Hansen
2018-07-23 9:45 ` Kirill A. Shutemov
2018-07-23 17:22 ` Alison Schofield
2018-07-17 11:20 ` [PATCHv5 11/19] x86/mm: Implement vma_keyid() Kirill A. Shutemov
2018-07-18 23:40 ` Dave Hansen
2018-07-23 9:47 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 12/19] x86/mm: Implement prep_encrypted_page() and arch_free_page() Kirill A. Shutemov
2018-07-18 23:53 ` Dave Hansen
2018-07-23 9:50 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 13/19] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 14/19] x86/mm: Allow to disable MKTME after enumeration Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 15/19] x86/mm: Detect MKTME early Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 16/19] x86/mm: Calculate direct mapping size Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 17/19] x86/mm: Implement sync_direct_mapping() Kirill A. Shutemov
2018-07-19 0:01 ` Dave Hansen
2018-07-23 10:04 ` Kirill A. Shutemov
2018-07-23 12:25 ` Dave Hansen
2018-07-17 11:20 ` [PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() Kirill A. Shutemov
2018-07-18 22:21 ` Thomas Gleixner
2018-07-23 10:12 ` Kirill A. Shutemov
2018-07-26 17:26 ` Dave Hansen
2018-07-27 13:49 ` Kirill A. Shutemov
2018-07-17 11:20 ` [PATCHv5 19/19] x86: Introduce CONFIG_X86_INTEL_MKTME Kirill A. Shutemov
2018-08-15 7:48 ` Pavel Machek
2018-08-17 9:24 ` Kirill A. Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d50d89d2-f93b-4b4b-bf8d-2f53cedebcd1@intel.com \
--to=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=kai.huang@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).