From: Dave Hansen <dave.hansen@intel.com>
To: Boris Petkov <bp@alien8.de>, Dan Williams <dan.j.williams@intel.com>
Cc: Martin Fernandez <martin.fernandez@eclypsium.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-efi <linux-efi@vger.kernel.org>,
Linux MM <linux-mm@kvack.org>,
platform-driver-x86@vger.kernel.org, daniel.gutson@eclypsium.com,
Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Darren Hart <dvhart@infradead.org>,
"Schofield, Alison" <alison.schofield@intel.com>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Mike Rapoport <rppt@kernel.org>, Ard Biesheuvel <ardb@kernel.org>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
X86 ML <x86@kernel.org>,
alex.bazhaniuk@eclypsium.com, hughsient@gmail.com,
Andy Shevchenko <andy@infradead.org>,
Greg KH <gregkh@linuxfoundation.org>,
Ben Widawsky <ben.widawsky@intel.com>,
"Huang, Kai" <kai.huang@intel.com>
Subject: Re: [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption
Date: Fri, 6 May 2022 11:43:39 -0700 [thread overview]
Message-ID: <4bc56567-e2ce-40ec-19ab-349c8de8d969@intel.com> (raw)
In-Reply-To: <FDABC5C8-B80A-4977-9F97-5A8FC47F69D6@alien8.de>
On 5/6/22 11:25, Boris Petkov wrote:
> On May 6, 2022 6:14:00 PM UTC, Dave Hansen <dave.hansen@intel.com>
> wrote:
>> But, this interface will *work* both for the uniform and
>> non-uniform systems alike.
> And what would that additional information that some "node" -
> whatever "node" means nowadays - is not encrypted give you?
Tying it to the node ties it to the NUMA ABIs. For instance, it lets
you say: "allocate memory with encryption capabilities" with a
set_mempolicy() to nodes that are enumerated as encryption-capable.
Imagine that we have a non-uniform system: some memory supports TDX (or
SEV-SNP) and some doesn't. QEMU calls mmap() to allocate some guest
memory and then its ioctl()s to get its addresses stuffed into EPT/NPT.
The memory might be allocated from anywhere, CPU_CRYPTO-capable or not.
VM creation will fail because the (hardware-enforced) security checks
can't be satisfied on non-CPU_CRYPTO memory.
Userspace has no recourse to fix this. It's just stuck. In that case,
the *kernel* needs to be responsible for ensuring that the backing
physical memory supports TDX (or SEV).
This node attribute punts the problem back out to userspace. It gives
userspace the ability to steer allocations to compatible NUMA nodes. If
something goes wrong, they can use other NUMA ABIs to inspect the
situation, like /proc/$pid/numa_maps.
next prev parent reply other threads:[~2022-05-06 18:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-29 20:17 [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 1/8] mm/memblock: Tag memblocks with crypto capabilities Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 2/8] mm/mmzone: Tag pg_data_t " Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 3/8] x86/e820: Add infrastructure to refactor e820__range_{update,remove} Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 4/8] x86/e820: Refactor __e820__range_update Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 5/8] x86/e820: Refactor e820__range_remove Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 6/8] x86/e820: Tag e820_entry with crypto capabilities Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 7/8] x86/efi: Mark e820_entries as crypto capable from EFI memmap Martin Fernandez
2022-04-29 20:17 ` [PATCH v8 8/8] drivers/node: Show in sysfs node's crypto capabilities Martin Fernandez
2022-05-04 16:38 ` [PATCH v8 0/8] x86: Show in sysfs if a memory node is able to do encryption Borislav Petkov
2022-05-04 17:18 ` Martin Fernandez
2022-05-06 12:44 ` Borislav Petkov
2022-05-06 14:18 ` Limonciello, Mario
2022-05-06 15:32 ` Dave Hansen
2022-05-06 16:00 ` Dan Williams
2022-05-06 17:55 ` Boris Petkov
2022-05-06 18:14 ` Dave Hansen
2022-05-06 18:25 ` Boris Petkov
2022-05-06 18:43 ` Dave Hansen [this message]
2022-05-06 19:02 ` Boris Petkov
2022-05-09 18:47 ` Dave Hansen
2022-05-09 22:17 ` Borislav Petkov
2022-05-09 22:56 ` Dave Hansen
2022-05-16 8:39 ` Richard Hughes
2022-05-18 7:52 ` Borislav Petkov
2022-05-18 18:28 ` Dan Williams
2022-05-18 20:23 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4bc56567-e2ce-40ec-19ab-349c8de8d969@intel.com \
--to=dave.hansen@intel.com \
--cc=akpm@linux-foundation.org \
--cc=alex.bazhaniuk@eclypsium.com \
--cc=alison.schofield@intel.com \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=ben.widawsky@intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=daniel.gutson@eclypsium.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=hughsient@gmail.com \
--cc=kai.huang@intel.com \
--cc=keescook@chromium.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=martin.fernandez@eclypsium.com \
--cc=mingo@redhat.com \
--cc=platform-driver-x86@vger.kernel.org \
--cc=rafael@kernel.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).