On Thu, Jul 19, 2018 at 07:02:34AM -0700, Dave Hansen wrote: > On 07/19/2018 12:32 AM, Kirill A. Shutemov wrote: > > On Wed, Jul 18, 2018 at 10:38:27AM -0700, Dave Hansen wrote: > >> On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote: > >>> Pages encrypted with different encryption keys are not allowed to be > >>> merged by KSM. Otherwise it would cross security boundary. > >> Let's say I'm using plain AES (not AES-XTS). I use the same key in two > >> keyid slots. I map a page with the first keyid and another with the > >> other keyid. > >> > >> Won't they have the same cipertext? Why shouldn't we KSM them? > > We compare plain text, not ciphertext. And for good reason. > > What's the reason? Probably good to talk about it for those playing > along at home. I'll update commit message. > > Comparing ciphertext would only make KSM successful for AES-ECB that > > doesn't dependent on physical address of the page. > > > > MKTME only supports AES-XTS (no plans to support AES-ECB). It effectively > > disables KSM if we go with comparing ciphertext. > > But what's the security boundary that is violated? You are talking > about some practical concerns (KSM scanning inefficiency) which is a far > cry from being any kind of security issue. As with zero page, my initial reasoning was that mixing pages from different secrutiy domains is bad idea. -- Kirill A. Shutemov
