Xen project Mailing List

Re: [PATCH 1/5] x86/tboot: drop failed attempt to hash shadow page tables

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 6 Dec 2022 14:58:18 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WodNBYfIE6V7S2xRgR9bLeRTZMdP6q8X3QuEMlQdKK4=; b=J2YPKugnDRfbLZODpQtIq3mjIiosl/R2cHIo+qOXlywnvaGp3SXORDnhm/IcTnyqNodmdEscSXai3edW1FKkChOaWZ0lnchAZc0lCqEbll4Fr0Ak8aATdxZsNuR0UFn0oRN4kiW7TLbVBBDZRSgjKsqU8sYQx5rq1ZbDHduu+CX8QZQgGbHWmxdOJ6UIRFYa0VZv7t+R4ocXW1oph7lJLhzEm6a3qBAOLVnB6UW7GYQD5kguaxWaHnPO6a+P2byII3TobrBbD4phawXBS/A2/BvhsI0KFAQEo7f1AXbm1ioUP8lXZWJrGW2J3auadaCSgTWyhOiMD+rwdg48Mk3lAQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OHACVKA919VXuVrNKLn/WmavLCDS5mN5oCuc1r/yAHUO/vl5ouMxPuQJT/A5e/pRzSXflhDyIrXyGBXgzSD3iKWCwPPrnCFvk3zDubRq60+56Gpq3J1xZrRLHPJ8x9w8O4DxTi/s9TfDB4cBZZLImVSOCH6vnAHSZfDB8bT/ZNunhiP+HqMxE4Apm0xPDPTBv1Dns7tUM8H6t+3R48MTMP9nsdR0gFiJjbBlTP8RfiJt7r4jBL3i9j5ScXgkDwbpKdGm7Gn/tteybhooxn83Udw6c56Z2sinjo39l6+7rPQrCL0iY/t3de8yyUhPl9T7rm76+eo3snXbjrRif1t1JQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Lukasz Hawrylko <lukasz@xxxxxxxxxxx>, Mateusz Mówka <mateusz.mowka@xxxxxxxxx>, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 06 Dec 2022 13:58:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 06.12.2022 14:53, Jan Beulich wrote: > While plausible to do what was intended based on the name of the flag > (PGC_page_table), that name was misleading and is going to be changed. > It marks page tables pages _having_ a shadow, not shadows of page table > pages. The attempt also didn't cover the HAP case at all, and it > constituted a potentially very long loop doing nothing when > !SHADOW_PAGING. Instead leave a comment of what actually wants doing > there (which then also may need to account for e.g. the risk of A/D bits > becoming set behind our backs). > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> I'm sorry, I should have Cc-ed tboot reviewers here as well. Jan > --- a/xen/arch/x86/tboot.c > +++ b/xen/arch/x86/tboot.c > @@ -177,29 +177,6 @@ static void update_iommu_mac(vmac_ctx_t > #define is_page_in_use(page) \ > (page_state_is(page, inuse) || page_state_is(page, offlining)) > > -static void update_pagetable_mac(vmac_ctx_t *ctx) > -{ > - unsigned long mfn; > - > - for ( mfn = 0; mfn < max_page; mfn++ ) > - { > - struct page_info *page = mfn_to_page(_mfn(mfn)); > - > - if ( !mfn_valid(_mfn(mfn)) ) > - continue; > - if ( is_page_in_use(page) && !is_special_page(page) ) > - { > - if ( page->count_info & PGC_page_table ) > - { > - void *pg = map_domain_page(_mfn(mfn)); > - > - vmac_update(pg, PAGE_SIZE, ctx); > - unmap_domain_page(pg); > - } > - } > - } > -} > - > static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE], > vmac_t *mac) > { > @@ -233,8 +210,7 @@ static void tboot_gen_domain_integrity(c > } > } > > - /* MAC all shadow page tables */ > - update_pagetable_mac(&ctx); > + /* TODO: MAC all shadow / HAP page tables */ > > *mac = vmac(NULL, 0, nonce, NULL, &ctx); > > >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.