Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Wed, May 31, 2017 at 08:37:50AM -0500, Tom Lendacky wrote: > I like keeping the command line option and the values together. It may > not look the greatest but I like it more than defining the command line > option in head_64.S and passing it in as an argument. > > OTOH, I don't think the rip-r

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 5/31/2017 3:49 AM, Borislav Petkov wrote: On Tue, May 30, 2017 at 10:37:03AM -0500, Tom Lendacky wrote: I can define the command line option and the "on" and "off" values as character buffers in the function and initialize them on a per character basis (using a static string causes the same i

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Tue, May 30, 2017 at 10:48:27AM -0500, Tom Lendacky wrote: > I'll look at doing that instead of removing the support for the whole > file. Right, so I don't think the stack protector is even ready that early - we do set it up later: /* Set up %gs. * * The base of %gs

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Tue, May 30, 2017 at 10:37:03AM -0500, Tom Lendacky wrote: > I can define the command line option and the "on" and "off" values as > character buffers in the function and initialize them on a per character > basis (using a static string causes the same issues as referencing a > string constant),

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 5/19/2017 3:16 PM, Josh Poimboeuf wrote: On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote: it is called so early. I can get past it by adding: CFLAGS_mem_encrypt.o := $(nostackp) in the arch/x86/mm/Makefile, but that obviously eliminates the support for the whole file. Would

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 5/19/2017 6:30 AM, Borislav Petkov wrote: On Fri, Apr 21, 2017 at 01:56:13PM -0500, Tom Lendacky wrote: On 4/18/2017 4:22 PM, Tom Lendacky wrote: Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configurat

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 5/30/2017 9:55 AM, Borislav Petkov wrote: > On Tue, May 30, 2017 at 09:38:36AM -0500, Tom Lendacky wrote: >> In this case we're running identity mapped and the "on" constant ends up >> as kernel address (0x81...) which results in a segfault. > > Would > > static const char *__on_

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Tue, May 30, 2017 at 09:38:36AM -0500, Tom Lendacky wrote: > In this case we're running identity mapped and the "on" constant ends up > as kernel address (0x81...) which results in a segfault. Would static const char *__on_str = "on"; ... if (!strncmp(buffer,

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 5/19/2017 6:27 AM, Borislav Petkov wrote: On Tue, Apr 18, 2017 at 04:22:23PM -0500, Tom Lendacky wrote: Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encry

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Fri, May 19, 2017 at 01:30:05PM +0200, Borislav Petkov wrote: > > it is called so early. I can get past it by adding: > > > > CFLAGS_mem_encrypt.o := $(nostackp) > > > > in the arch/x86/mm/Makefile, but that obviously eliminates the support > > for the whole file. Would it be better to split

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Fri, May 19, 2017 at 03:16:51PM -0500, Josh Poimboeuf wrote: > I'm the stack validation guy, not the stack protection guy :-) LOL. I thought you were *the* stacks guy. :-))) But once you've validated it, you could protect it then too. :-) -- Regards/Gruss, Boris. Good mailing practices

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Fri, Apr 21, 2017 at 01:56:13PM -0500, Tom Lendacky wrote: > On 4/18/2017 4:22 PM, Tom Lendacky wrote: > > Add support to check if SME has been enabled and if memory encryption > > should be activated (checking of command line option based on the > > configuration of the default state). If memo

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On Tue, Apr 18, 2017 at 04:22:23PM -0500, Tom Lendacky wrote: > Add support to check if SME has been enabled and if memory encryption > should be activated (checking of command line option based on the > configuration of the default state). If memory encryption is to be > activated, then the encry

Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

On 4/18/2017 4:22 PM, Tom Lendacky wrote: Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encryption is to be activated, then the encryption mask is set and the

[PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encryption is to be activated, then the encryption mask is set and the kernel is encrypted "in place." Signed-off-