Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1399003imm; Thu, 19 Jul 2018 00:33:35 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc0g9ZrjK5pB9Xn/Z/qxS0JgYNxXl4X0CS7SXAvyiKfM797LSyj8ujAc+UcVhke7QARXyVy X-Received: by 2002:a62:1b07:: with SMTP id b7-v6mr8492950pfb.70.1531985615887; Thu, 19 Jul 2018 00:33:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531985615; cv=none; d=google.com; s=arc-20160816; b=mVgXDCRCIWXupDUclUciykH+ZjO7sWfqYb8FTsEJOemfQxQl3q9Y1Fk3QIFbWDYJNy 6UZKfHdOTN0xQlE9r32JcSoeDncVrWqLZlszl1hEJEXgIDX/Yfo4x9eKcLUHUD2ihBKL 1S6yP73LwQEM8wJzqr/iEGATec4PrFFXLcJSp7CS7nAy1MpDLpzFGzvNYCLGm9h7rOIv KvxQg9GzGWfqQQrXMrtLNNXCZiCvyPVkTdGG9plbuycdSEyxw47OS8+JHiGgzVHu+0/X kc5voA/V5LynQBiEKPUnm+jSL+/bY7pQEBi66Z+VKNHIRlYATHmycriDwW7U/0/0vcko ca4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=BQ74HL4Lsb0eMMamrrkn89mQplhoJB7F2brI0mnq/eY=; b=ebP+OGyu0k+VU60s/qg3wXUAqHdKGHGEQCuhCgVg1GGJNgHdU+J99vOox2huei3ZNv a2fZXfzxejGiYA5D/9F58baZrPzm3tDyk/8bKJXJPMiJ2LaM9t5KsD5ecVobC35Zo/Do pYri1Z30TQDBUmoMgyMlfGHeFZ7oIGBjpsIoDWA8Ff92/wV8YIgt8FB653Axtmei0ALA okDLRhk0DjxjsjmR6VjbDh5tbKlXm2MOaBB6njZEmspkWtk3JCIC2X3Fiiv8j2e6wg9/ O2FRZLlDX0U5jLoG6anHajZP7txYEUWgqlAulup09MoQdcTpb4ag8dKNMvcsiYgI3gJU KhfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=AHxtqqji; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m14-v6si5301337pgc.368.2018.07.19.00.33.20; Thu, 19 Jul 2018 00:33:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=AHxtqqji; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730469AbeGSIOd (ORCPT + 99 others); Thu, 19 Jul 2018 04:14:33 -0400 Received: from mail-pl0-f52.google.com ([209.85.160.52]:46154 "EHLO mail-pl0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727336AbeGSIOc (ORCPT ); Thu, 19 Jul 2018 04:14:32 -0400 Received: by mail-pl0-f52.google.com with SMTP id t17-v6so679974ply.13 for ; Thu, 19 Jul 2018 00:32:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=BQ74HL4Lsb0eMMamrrkn89mQplhoJB7F2brI0mnq/eY=; b=AHxtqqjiOY/JnLvZ1Aftd1lJ91BCaVNbRR+lLWnD2LKAjtBPEp0UFa2sUb2QGCNPeV z8rh7e8OhacnJWGETu25hdVMtgeQSTE1cKE0lDPOADVYIC1N9X6Sw4TxyKz64h8wX8Hf U5LSvfrUZJXlEL+j+Y91i3ulnK5TbLlpSmdG9xPFnopSntQnOhNF32wzeJArRBZwaUey z6OQ4zwPNl9SNxoiML5BLPeBepieTi/Hrmo8R9ms8B/wAW9SRnR0VwatZIHNUChsFMca M28OSJLfg/pXKugU84c+JtqxdzoPU9+T1YLvQukwfixZ3/IWhmxcXNti4prgaBMm/lxj Ppxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=BQ74HL4Lsb0eMMamrrkn89mQplhoJB7F2brI0mnq/eY=; b=KKUX6DkGzF/9Ff9fOnx2TKNMRIvaZh35qX9wOB1o4tLEkZENvF+oCI7scDhfKX+jxe 4YS/L1SF9M+WdC21x1P2+h3JHt1Wt9W3Gv7PQ0tiuQ5sfqNN+R5iajLQDVZh+HN2OSqy 2B54W9cM+qW7y2fWQNbcMHsEQD4dW4RXIagYAwV8Th9DpLUTDHBX+cu09YrkjszgHSMN JQpORau/Ofle9ExjkhUw9zh/N4d26uEDT5KBhYCNDLDQL1qWYHfwgpfAbFDpb8irL00P wHmIfS1LPS46VYnoYV1gVJv9atmwq6gKwCTiYN+s5lupRKe8VCHjPgdphuPt4RVJxvZn xkNw== X-Gm-Message-State: AOUpUlE3F62zBd8pz1sHfqYHHEhBCnL08NFJRxqzfxLO/A6JE/s9K8Xi 7k7+R+hGUuBBZYM1toIkvj7ALg== X-Received: by 2002:a17:902:5590:: with SMTP id g16-v6mr8788107pli.99.1531985566964; Thu, 19 Jul 2018 00:32:46 -0700 (PDT) Received: from kshutemo-mobl1.localdomain (fmdmzpr03-ext.fm.intel.com. [192.55.54.38]) by smtp.gmail.com with ESMTPSA id h10-v6sm14209184pfj.78.2018.07.19.00.32.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 19 Jul 2018 00:32:46 -0700 (PDT) Received: by kshutemo-mobl1.localdomain (Postfix, from userid 1000) id AEC45300251; Thu, 19 Jul 2018 10:32:40 +0300 (+03) Date: Thu, 19 Jul 2018 10:32:40 +0300 From: "Kirill A. Shutemov" To: Dave Hansen Cc: "Kirill A. Shutemov" , Ingo Molnar , x86@kernel.org, Thomas Gleixner , "H. Peter Anvin" , Tom Lendacky , Kai Huang , Jacob Pan , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCHv5 03/19] mm/ksm: Do not merge pages with different KeyIDs Message-ID: <20180719073240.autom4g4cdm3jgd6@kshutemo-mobl1> References: <20180717112029.42378-1-kirill.shutemov@linux.intel.com> <20180717112029.42378-4-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180622 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 18, 2018 at 10:38:27AM -0700, Dave Hansen wrote: > On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote: > > Pages encrypted with different encryption keys are not allowed to be > > merged by KSM. Otherwise it would cross security boundary. > > Let's say I'm using plain AES (not AES-XTS). I use the same key in two > keyid slots. I map a page with the first keyid and another with the > other keyid. > > Won't they have the same cipertext? Why shouldn't we KSM them? We compare plain text, not ciphertext. And for good reason. Comparing ciphertext would only make KSM successful for AES-ECB that doesn't dependent on physical address of the page. MKTME only supports AES-XTS (no plans to support AES-ECB). It effectively disables KSM if we go with comparing ciphertext. -- Kirill A. Shutemov