Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3184710ybi; Mon, 17 Jun 2019 18:36:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzOi8qSp8yrbq8Ph+c/AGNrgaF/vracMNf8iDETx5C/5RcbJdzgeel+i592Xvkvl99tpP2W X-Received: by 2002:a17:90a:b294:: with SMTP id c20mr2366691pjr.16.1560821778492; Mon, 17 Jun 2019 18:36:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560821778; cv=none; d=google.com; s=arc-20160816; b=xjroYDP4k1xIw061LAUqGV9xWOU6fvDoeAWclfSOfekZjSjHY0JDjcymESjb2ZMhqp NDShPKcpaP6/DuQfD7NCzcf/lYMyBKl8PjiRm+GIpFLDnww+g6cfdNeGy/6GtZJkBuN3 FioUdqpeHDyyLJyJJ1ZPG8Bur3Ra99c976ShHVVvL3Qc5V7NUEk4cxbcEkMyIZpXwUTZ 6FqpQQ+zENUtmyJenGzyXwnx+Cy1UlaC70hgdz2E+gg/CDcpGqtFLsp92s2gMk3/PkBr qLgtxInrSR9KXGWqwQlfXaKCFKRyau4TIle+2A+ICuzdMweQaBaPGVgrdqWENibFi+KE 0mGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=awDDTpbSY7XvAks0nmMpiOTb/op+gxmy9nqVdtAt1g8=; b=DdBOK4JqMmkt+O/YdYOYzsyZ2+geuRXQXvfbCJJX9QysQagsvpYS99sSmkT30R423o 6QkIjTTGH9doM/8ojamosw3wwd79B/gHlBth/twq/MNOvjDvo4BkMw+JJ7H9OgiefAlF Y+voM2kYS+S+1737eypMlyOn6KLPyrr2TUBiQVZwbutQeFGZYJVAh4g3K3ZVTBNlZi4R 7CTucb2u6lTAUrLTCL3cnCK0UnfZiNVwXnmeJSdoT98KG6vHeK8px8mPcKqgB7mL0kIW wwrXD8gtU4P0YCzx1UAmdBtg+v1j17Uht1isTk4L+kqyOHSnoBS2RYN4tGr9tTiUpqQS cKQg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z1si12818606pgg.441.2019.06.17.18.36.03; Mon, 17 Jun 2019 18:36:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726834AbfFRBfv (ORCPT + 99 others); Mon, 17 Jun 2019 21:35:51 -0400 Received: from mga14.intel.com ([192.55.52.115]:44033 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725829AbfFRBfv (ORCPT ); Mon, 17 Jun 2019 21:35:51 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jun 2019 18:35:50 -0700 X-ExtLoop1: 1 Received: from khuang2-desk.gar.corp.intel.com ([10.255.91.82]) by fmsmga004.fm.intel.com with ESMTP; 17 Jun 2019 18:35:47 -0700 Message-ID: <1560821746.5187.82.camel@linux.intel.com> Subject: Re: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME From: Kai Huang To: Andy Lutomirski Cc: Dave Hansen , "Kirill A. Shutemov" , Andrew Morton , X86 ML , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , David Howells , Kees Cook , Jacob Pan , Alison Schofield , Linux-MM , kvm list , keyrings@vger.kernel.org, LKML , Tom Lendacky Date: Tue, 18 Jun 2019 13:35:46 +1200 In-Reply-To: References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> <20190508144422.13171-46-kirill.shutemov@linux.intel.com> <3c658cce-7b7e-7d45-59a0-e17dae986713@intel.com> <5cbfa2da-ba2e-ed91-d0e8-add67753fc12@intel.com> <1560816342.5187.63.camel@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.6 (3.24.6-1.fc26) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > > > > > I'm having a hard time imagining that ever working -- wouldn't it blow > > > up if someone did: > > > > > > fd = open("/dev/anything987"); > > > ptr1 = mmap(fd); > > > ptr2 = mmap(fd); > > > sys_encrypt(ptr1); > > > > > > So I think it really has to be: > > > fd = open("/dev/anything987"); > > > ioctl(fd, ENCRYPT_ME); > > > mmap(fd); > > > > This requires "/dev/anything987" to support ENCRYPT_ME ioctl, right? > > > > So to support NVDIMM (DAX), we need to add ENCRYPT_ME ioctl to DAX? > > Yes and yes, or we do it with layers -- see below. > > I don't see how we can credibly avoid this. If we try to do MKTME > behind the DAX driver's back, aren't we going to end up with cache > coherence problems? I am not sure whether I understand correctly but how is cache coherence problem related to putting MKTME concept to different layers? To make MKTME work with DAX/NVDIMM, I think no matter which layer MKTME concept resides, eventually we need to put keyID into PTE which maps to NVDIMM, and kernel needs to manage cache coherence for NVDIMM just like for normal memory showed in this series? Thanks, -Kai