From: Kees Cook <keescook@chromium.org>
To: Martin Fernandez <martin.fernandez@eclypsium.com>
Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
platform-driver-x86@vger.kernel.org, linux-mm@kvack.org,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
ardb@kernel.org, dvhart@infradead.org, andy@infradead.org,
gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org,
akpm@linux-foundation.org, daniel.gutson@eclypsium.com,
hughsient@gmail.com, alex.bazhaniuk@eclypsium.com,
alison.schofield@intel.com
Subject: Re: [PATCH v6 4/6] x86/e820: Tag e820_entry with crypto capabilities
Date: Mon, 7 Feb 2022 13:56:14 -0800 [thread overview]
Message-ID: <202202071351.AEEEA92@keescook> (raw)
In-Reply-To: <20220203164328.203629-5-martin.fernandez@eclypsium.com>
On Thu, Feb 03, 2022 at 01:43:26PM -0300, Martin Fernandez wrote:
> Add a new enum for crypto capabilities.
>
> Add a new member in e820_entry to hold whether an entry is able to do
> hardware memory encryption or not.
>
> Add a new function e820__range_set_crypto_capable to mark all the
> entries in a range of addresses as encryptable. This will be called
> when initializing EFI.
>
> Change e820__update_table to handle merging and overlap problems
> taking into account crypto_capable.
>
> Signed-off-by: Martin Fernandez <martin.fernandez@eclypsium.com>
> ---
> arch/x86/include/asm/e820/api.h | 1 +
> arch/x86/include/asm/e820/types.h | 12 +++-
> arch/x86/kernel/e820.c | 114 ++++++++++++++++++++++++++++--
> 3 files changed, 119 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/include/asm/e820/api.h b/arch/x86/include/asm/e820/api.h
> index e8f58ddd06d9..4b3b01fafdd1 100644
> --- a/arch/x86/include/asm/e820/api.h
> +++ b/arch/x86/include/asm/e820/api.h
> @@ -17,6 +17,7 @@ extern bool e820__mapped_all(u64 start, u64 end, enum e820_type type);
> extern void e820__range_add (u64 start, u64 size, enum e820_type type);
> extern u64 e820__range_update(u64 start, u64 size, enum e820_type old_type, enum e820_type new_type);
> extern u64 e820__range_remove(u64 start, u64 size, enum e820_type old_type, bool check_type);
> +extern u64 e820__range_set_crypto_capable(u64 start, u64 size);
>
> extern void e820__print_table(char *who);
> extern int e820__update_table(struct e820_table *table);
> diff --git a/arch/x86/include/asm/e820/types.h b/arch/x86/include/asm/e820/types.h
> index 314f75d886d0..aef03c665f5e 100644
> --- a/arch/x86/include/asm/e820/types.h
> +++ b/arch/x86/include/asm/e820/types.h
> @@ -46,6 +46,11 @@ enum e820_type {
> E820_TYPE_RESERVED_KERN = 128,
> };
>
> +enum e820_crypto_capabilities {
> + E820_NOT_CRYPTO_CAPABLE = 0,
> + E820_CRYPTO_CAPABLE = 1,
> +};
Is this expected to grow beyond a bool?
> +
> /*
> * A single E820 map entry, describing a memory range of [addr...addr+size-1],
> * of 'type' memory type:
> @@ -53,9 +58,10 @@ enum e820_type {
> * (We pack it because there can be thousands of them on large systems.)
> */
> struct e820_entry {
> - u64 addr;
> - u64 size;
> - enum e820_type type;
> + u64 addr;
> + u64 size;
> + enum e820_type type;
> + enum e820_crypto_capabilities crypto_capable;
> } __attribute__((packed));
Is there any concern about growing this structure? The "thousands" note
in the comment is likely rare. FWIW, this seems fine to me, but I
thought I'd mention it.
--
Kees Cook
next prev parent reply other threads:[~2022-02-07 21:56 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-03 16:43 [PATCH v6 0/6] x86: Show in sysfs if a memory node is able to do encryption Martin Fernandez
2022-02-03 16:43 ` [PATCH v6 1/6] mm/memblock: Tag memblocks with crypto capabilities Martin Fernandez
2022-02-03 18:07 ` Mike Rapoport
2022-02-03 18:24 ` Martin Fernandez
2022-02-07 21:18 ` Kees Cook
2022-02-08 14:39 ` Martin Fernandez
2022-02-03 16:43 ` [PATCH v6 2/6] mm/mmzone: Tag pg_data_t " Martin Fernandez
2022-02-07 21:19 ` Kees Cook
2022-02-03 16:43 ` [PATCH v6 3/6] x86/e820: Refactor range_update and range_remove Martin Fernandez
2022-02-07 21:45 ` Kees Cook
2022-02-08 8:40 ` Mike Rapoport
2022-02-08 21:01 ` Martin Fernandez
2022-02-15 7:10 ` Mike Rapoport
2022-02-15 14:14 ` Martin Fernandez
2022-02-08 21:09 ` Martin Fernandez
2022-03-04 20:32 ` Martin Fernandez
2022-02-08 21:04 ` Daniel Gutson
2022-02-03 16:43 ` [PATCH v6 4/6] x86/e820: Tag e820_entry with crypto capabilities Martin Fernandez
2022-02-07 21:56 ` Kees Cook [this message]
2022-02-08 14:46 ` Martin Fernandez
2022-02-03 16:43 ` [PATCH v6 5/6] x86/efi: Tag e820_entries as crypto capable from EFI memmap Martin Fernandez
2022-02-03 16:43 ` [PATCH v6 6/6] drivers/node: Show in sysfs node's crypto capabilities Martin Fernandez
2022-02-04 3:47 ` Limonciello, Mario
2022-02-04 13:21 ` Martin Fernandez
2022-02-04 15:59 ` Tom Lendacky
2022-02-04 16:23 ` Limonciello, Mario
[not found] ` <Yf1UO6jF91o9k4jB@zn.tnic>
2022-02-04 17:12 ` Tom Lendacky
2022-02-04 17:49 ` Limonciello, Mario
[not found] ` <Yf1p0ZjPf9Qaqwtg@zn.tnic>
2022-02-04 18:49 ` Tom Lendacky
2022-02-04 21:49 ` Borislav Petkov
2022-02-07 3:39 ` Kees Cook
2022-02-04 4:56 ` Mike Rapoport
2022-02-04 12:27 ` Martin Fernandez
2022-02-04 13:37 ` Mike Rapoport
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202202071351.AEEEA92@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=alex.bazhaniuk@eclypsium.com \
--cc=alison.schofield@intel.com \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=daniel.gutson@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=martin.fernandez@eclypsium.com \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox