Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages

[PATCHv5 00/19] MKTME enabling · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 04/19] mm/page_alloc: Unify alloc_hugepage_vma() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 04/19] mm/page_alloc: Unify alloc_hugepage_vma() · Dave Hansen <hidden> · 2018-07-18
[PATCHv5 13/19] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 07/19] x86/mm: Mask out KeyID bits from page table entry pfn · Kirill A. Shutemov <hidden> · 2018-07-20
[PATCHv5 16/19] x86/mm: Calculate direct mapping size · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 06/19] mm/khugepaged: Handle encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 06/19] mm/khugepaged: Handle encrypted pages · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 06/19] mm/khugepaged: Handle encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 06/19] mm/khugepaged: Handle encrypted pages · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 06/19] mm/khugepaged: Handle encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-20
[PATCHv5 15/19] x86/mm: Detect MKTME early · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 09/19] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 09/19] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 09/19] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() · Kirill A. Shutemov <hidden> · 2018-07-20
[PATCHv5 17/19] x86/mm: Implement sync_direct_mapping() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 17/19] x86/mm: Implement sync_direct_mapping() · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 17/19] x86/mm: Implement sync_direct_mapping() · Kirill A. Shutemov <hidden> · 2018-07-23
Re: [PATCHv5 17/19] x86/mm: Implement sync_direct_mapping() · Dave Hansen <hidden> · 2018-07-23
[PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Kirill A. Shutemov <hidden> · 2018-07-20
Re: [PATCHv5 05/19] mm/page_alloc: Handle allocation for encrypted memory · Michal Hocko <mhocko@kernel.org> · 2018-07-26
[PATCHv5 19/19] x86: Introduce CONFIG_X86_INTEL_MKTME · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 19/19] x86: Introduce CONFIG_X86_INTEL_MKTME · Pavel Machek <hidden> · 2018-08-15
Re: [PATCHv5 19/19] x86: Introduce CONFIG_X86_INTEL_MKTME · Kirill A. Shutemov <hidden> · 2018-08-17
[PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() · Thomas Gleixner <hidden> · 2018-07-18
Re: [PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() · Kirill A. Shutemov <hidden> · 2018-07-23
Re: [PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() · Dave Hansen <hidden> · 2018-07-26
Re: [PATCHv5 18/19] x86/mm: Handle encrypted memory in page_to_virt() and __pa() · Kirill A. Shutemov <hidden> · 2018-07-27
[PATCHv5 10/19] x86/mm: Implement page_keyid() using page_ext · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 10/19] x86/mm: Implement page_keyid() using page_ext · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 10/19] x86/mm: Implement page_keyid() using page_ext · Kirill A. Shutemov <hidden> · 2018-07-23
Re: [PATCHv5 10/19] x86/mm: Implement page_keyid() using page_ext · Alison Schofield <alison.schofield@intel.com> · 2018-07-23
[PATCHv5 01/19] mm: Do no merge VMAs with different encryption KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 11/19] x86/mm: Implement vma_keyid() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 11/19] x86/mm: Implement vma_keyid() · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 11/19] x86/mm: Implement vma_keyid() · Kirill A. Shutemov <hidden> · 2018-07-23
[PATCHv5 14/19] x86/mm: Allow to disable MKTME after enumeration · Kirill A. Shutemov <hidden> · 2018-07-17
[PATCHv5 12/19] x86/mm: Implement prep_encrypted_page() and arch_free_page() · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 12/19] x86/mm: Implement prep_encrypted_page() and arch_free_page() · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 12/19] x86/mm: Implement prep_encrypted_page() and arch_free_page() · Kirill A. Shutemov <hidden> · 2018-07-23
[PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-20
[PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Thomas Gleixner <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Thomas Gleixner <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Thomas Gleixner <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-20
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Thomas Gleixner <hidden> · 2018-07-20
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-20
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kirill A. Shutemov <hidden> · 2018-07-20
Re: [PATCHv5 08/19] x86/mm: Introduce variables to store number, shift and mask of KeyIDs · Kai Huang <hidden> · 2018-07-31
[PATCHv5 02/19] mm: Do not use zero page in encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-17
Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages · Dave Hansen <hidden> · 2018-07-18
Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-19
Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages · Dave Hansen <hidden> · 2018-07-19
Re: [PATCHv5 02/19] mm: Do not use zero page in encrypted pages · Kirill A. Shutemov <hidden> · 2018-07-20

From: Kirill A. Shutemov <hidden>
Date: 2018-07-19 07:22:37
Also in: lkml

On Wed, Jul 18, 2018 at 10:36:24AM -0700, Dave Hansen wrote:

On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote:

quoted

Zero page is not encrypted and putting it into encrypted VMA produces
garbage.

We can map zero page with KeyID-0 into an encrypted VMA, but this would
be violation security boundary between encryption domains.

Why?  How is it a violation?

It only matters if they write secrets.  They can't write secrets to the
zero page.

I believe usage of zero page is wrong here. It would indirectly reveal
content of supposedly encrypted memory region.

I can see argument why it should be okay and I don't have very strong
opinion on this.

If folks see it's okay to use zero page in encrypted VMAs I can certainly
make it work.

Is this only because you accidentally inherited ->vm_page_prot on the
zero page PTE?

Yes, in previous patchset I mapped zero page with wrong KeyID. This is one
of possible fixes for this.

-- 
 Kirill A. Shutemov

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help