On Wed, Jul 18, 2018 at 10:36:24AM -0700, Dave Hansen wrote: > On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote: > > Zero page is not encrypted and putting it into encrypted VMA produces > > garbage. > > > > We can map zero page with KeyID-0 into an encrypted VMA, but this would > > be violation security boundary between encryption domains. > > Why? How is it a violation? > > It only matters if they write secrets. They can't write secrets to the > zero page. I believe usage of zero page is wrong here. It would indirectly reveal content of supposedly encrypted memory region. I can see argument why it should be okay and I don't have very strong opinion on this. If folks see it's okay to use zero page in encrypted VMAs I can certainly make it work. > Is this only because you accidentally inherited ->vm_page_prot on the > zero page PTE? Yes, in previous patchset I mapped zero page with wrong KeyID. This is one of possible fixes for this. -- Kirill A. Shutemov
