Received: by 10.213.65.68 with SMTP id h4csp1540844imn; Thu, 29 Mar 2018 06:39:06 -0700 (PDT) X-Google-Smtp-Source: AIpwx492kNSVSPcexJi+dwgewt4oBixol49tem3YXnK7kz/eD6t4snfXXeJGhSMkJoN3jnfclLl9 X-Received: by 2002:a17:902:7e42:: with SMTP id a2-v6mr8427565pln.13.1522330746241; Thu, 29 Mar 2018 06:39:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522330746; cv=none; d=google.com; s=arc-20160816; b=nEN+asMDTYYLcq8qipPspKxXnZcSJVhjaJ6W/7+unknyCgvYDKBqHIMjleUATnyXrc InPH7d2Zl8ViC86frlWhPZHOaF66OAZiPPm/XnI9Zd6VmiZt/EjfdA+7ayzUsWUcDMPR kxZN2qmit0Y10mFSdWPLiVc5rLz7WNsnkh9zh8q6A0R/4My/cLUABd8U8aKfcTnrBbc9 wwiA9L03NbF7bSIgJbty0WKa6WIzyhVcySuS83ZnnDtfjMzytoUlNdDb3PTLvUR8qNrS P7fqN4CW6nXtZ/GQtq1V306pZ3vjRMhnbXcmk8d88YM8EFdGpAf0QjLz2w4kRDkQlVc8 epKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=C+iKPwJud6/VfQwYcG8E7IxmocyVD9JR0bnY9Yhw+a8=; b=W+z3BcuC0VhVaaDM9MqpOmMjRWaO+Cl0lxgQe+nKogTdqQqbjMv/DQUoKEVadWN9Fi vx42PjsbtWOUwco8qFoicT8n9J5gKLTIxNOSBbFiyqev96GrRC2ELfNNRVPDBFcPuTmb sDxccBAWMFlHAzZH8euUPYAcZyR5KB3GS6m5HysFzbZpum+OSDZzkzQ2hdxrCxxdnm6H zX3i0kaQIDIoxN3CuN+ngxGycRW1sYG4tqFRy09AhCqdG3/5iZWzQ3MMWeP8142R8ylz K00DZ1O6yQMbIIkmYD1tWsg97ympJEUZd7g28LUSWrE6fgfUQkHWrPybSVxzeNilPWOv Nz7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w23-v6si3828046plk.649.2018.03.29.06.38.51; Thu, 29 Mar 2018 06:39:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752725AbeC2NhE (ORCPT + 99 others); Thu, 29 Mar 2018 09:37:04 -0400 Received: from mx2.suse.de ([195.135.220.15]:47368 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752040AbeC2NhD (ORCPT ); Thu, 29 Mar 2018 09:37:03 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 48186AD69; Thu, 29 Mar 2018 13:37:02 +0000 (UTC) Date: Thu, 29 Mar 2018 15:37:00 +0200 From: Michal Hocko To: "Kirill A. Shutemov" Cc: "Kirill A. Shutemov" , Ingo Molnar , x86@kernel.org, Thomas Gleixner , "H. Peter Anvin" , Tom Lendacky , Dave Hansen , Kai Huang , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCHv2 06/14] mm/page_alloc: Propagate encryption KeyID through page allocator Message-ID: <20180329133700.GG31039@dhcp22.suse.cz> References: <20180328165540.648-1-kirill.shutemov@linux.intel.com> <20180328165540.648-7-kirill.shutemov@linux.intel.com> <20180329112034.GE31039@dhcp22.suse.cz> <20180329123712.zlo6qmstj3zm5v27@node.shutemov.name> <20180329125227.GF31039@dhcp22.suse.cz> <20180329131308.cq64n3dvnre2wcz5@node.shutemov.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180329131308.cq64n3dvnre2wcz5@node.shutemov.name> User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 29-03-18 16:13:08, Kirill A. Shutemov wrote: > On Thu, Mar 29, 2018 at 02:52:27PM +0200, Michal Hocko wrote: > > On Thu 29-03-18 15:37:12, Kirill A. Shutemov wrote: > > > On Thu, Mar 29, 2018 at 01:20:34PM +0200, Michal Hocko wrote: > > > > On Wed 28-03-18 19:55:32, Kirill A. Shutemov wrote: > > > > > Modify several page allocation routines to pass down encryption KeyID to > > > > > be used for the allocated page. > > > > > > > > > > There are two basic use cases: > > > > > > > > > > - alloc_page_vma() use VMA's KeyID to allocate the page. > > > > > > > > > > - Page migration and NUMA balancing path use KeyID of original page as > > > > > KeyID for newly allocated page. > > > > > > > > I am sorry but I am out of time to look closer but this just raised my > > > > eyebrows. This looks like a no-go. The basic allocator has no business > > > > in fancy stuff like a encryption key. If you need something like that > > > > then just build a special allocator API on top. This looks like a no-go > > > > to me. > > > > > > The goal is to make memory encryption first class citizen in memory > > > management and not to invent parallel subsysustem (as we did with hugetlb). > > > > How do you get a page_keyid for random kernel allocation? > > Initial feature enabling only targets userspace anonymous memory, but we > can definately use the same technology in the future for kernel hardening > if we would choose so. So what kind of key are you going to use for those allocations. Moreover why cannot you simply wrap those few places which are actually using the encryption now? > For anonymous memory, we can get KeyID from VMA or from other page > (migration case). > > > > Making memory encryption integral part of Linux VM would involve handing > > > encrypted page everywhere we expect anonymous page to appear. > > > > How many architectures will implement this feature? > > I can't read the future. Fair enough, only few of us can, but you are proposing a generic code changes based on a single architecture design so we should better make sure other architectures can work with that approach without a major refactoring. -- Michal Hocko SUSE Labs