[PATCHv2 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default
Borislav Petkov
bp at alien8.de
Thu Nov 21 03:49:52 PST 2024
On Tue, Nov 19, 2024 at 10:21:05AM +0200, Kirill A. Shutemov wrote:
> Sure, we can workaround every place that touches such ranges.
Every place? Which every place? I thought this is only an EISA issue?
Then clearly your changelogs need to expand considerably more what we're
*really* addressing here.
> Or we can address problem at the root and make creating decrypted/shared
> mappings explicit.
What is the problem? That KVM implicitly converts memory to shared? Why does
KVM do that an can it be fixed not to?
Doesn't sound like the guest's problem.
Or maybe this needs a lot more explanation what we're fixing here.
> Such mappings have both functional (as we see here) and security
> implications (VMM can manipulate the guest memory range). We should not
> create decrypted mappings by default on legacy interfaces.
So we're getting closer.
The changes themselves are fine but your text is missing a lot about what
we're fixing here. When I asked, I barely scratched the surface. So can we
elaborate here pls?
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
More information about the linux-riscv
mailing list