From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Michael Kelley <mikelley@microsoft.com>,
hpa@zytor.com, kys@microsoft.com, haiyangz@microsoft.com,
wei.liu@kernel.org, decui@microsoft.com, luto@kernel.org,
peterz@infradead.org, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, lpieralisi@kernel.org,
robh@kernel.org, kw@linux.com, bhelgaas@google.com,
arnd@arndb.de, hch@infradead.org, m.szyprowski@samsung.com,
robin.murphy@arm.com, thomas.lendacky@amd.com,
brijesh.singh@amd.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com,
Tianyu.Lan@microsoft.com, kirill.shutemov@linux.intel.com,
ak@linux.intel.com, isaku.yamahata@intel.com,
dan.j.williams@intel.com, jane.chu@oracle.com, seanjc@google.com,
tony.luck@intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org,
netdev@vger.kernel.org, linux-pci@vger.kernel.org,
linux-arch@vger.kernel.org, iommu@lists.linux.dev
Subject: Re: [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently
Date: Thu, 17 Nov 2022 13:47:35 -0800 [thread overview]
Message-ID: <01d7c7cc-bd4e-ee9b-f5b2-73ea367e602f@linux.intel.com> (raw)
In-Reply-To: <1668624097-14884-6-git-send-email-mikelley@microsoft.com>
On 11/16/22 10:41 AM, Michael Kelley wrote:
> Current code in sme_postprocess_startup() decrypts the bss_decrypted
> section when sme_me_mask is non-zero. But code in
> mem_encrypt_free_decrytped_mem() re-encrypts the unused portion based
> on CC_ATTR_MEM_ENCRYPT. In a Hyper-V guest VM using vTOM, these
> conditions are not equivalent as sme_me_mask is always zero when
> using vTOM. Consequently, mem_encrypt_free_decrypted_mem() attempts
> to re-encrypt memory that was never decrypted.
>
> Fix this in mem_encrypt_free_decrypted_mem() by conditioning the
> re-encryption on the same test for non-zero sme_me_mask. Hyper-V
> guests using vTOM don't need the bss_decrypted section to be
> decrypted, so skipping the decryption/re-encryption doesn't cause
> a problem.
>
Do you think it needs Fixes tag?
> Signed-off-by: Michael Kelley <mikelley@microsoft.com>
> ---
> arch/x86/mm/mem_encrypt_amd.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
> index 9c4d8db..5a51343 100644
> --- a/arch/x86/mm/mem_encrypt_amd.c
> +++ b/arch/x86/mm/mem_encrypt_amd.c
> @@ -513,10 +513,14 @@ void __init mem_encrypt_free_decrypted_mem(void)
> npages = (vaddr_end - vaddr) >> PAGE_SHIFT;
>
> /*
> - * The unused memory range was mapped decrypted, change the encryption
> - * attribute from decrypted to encrypted before freeing it.
> + * If the unused memory range was mapped decrypted, change the encryption
> + * attribute from decrypted to encrypted before freeing it. Base the
> + * re-encryption on the same condition used for the decryption in
> + * sme_postprocess_startup(). Higher level abstractions, such as
> + * CC_ATTR_MEM_ENCRYPT, aren't necessarily equivalent in a Hyper-V VM
> + * using vTOM, where sme_me_mask is always zero.
> */
> - if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) {
> + if (sme_get_me_mask()) {
> r = set_memory_encrypted(vaddr, npages);
> if (r) {
> pr_warn("failed to free unused decrypted pages\n");
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2022-11-17 21:47 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-16 18:41 [Patch v3 00/14] Add PCI pass-thru support to Hyper-V Confidential VMs Michael Kelley
2022-11-16 18:41 ` [Patch v3 01/14] x86/ioremap: Fix page aligned size calculation in __ioremap_caller() Michael Kelley
2022-11-21 13:32 ` Borislav Petkov
2022-11-21 16:40 ` Michael Kelley (LINUX)
2022-11-21 19:45 ` Borislav Petkov
2022-11-21 21:02 ` Michael Kelley (LINUX)
2022-11-21 18:14 ` Dave Hansen
2022-11-21 21:04 ` Michael Kelley (LINUX)
2022-11-21 21:08 ` Borislav Petkov
2022-11-22 11:38 ` [tip: x86/urgent] " tip-bot2 for Michael Kelley
2022-11-16 18:41 ` [Patch v3 02/14] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute Michael Kelley
2022-11-17 21:39 ` Sathyanarayanan Kuppuswamy
2022-11-21 13:50 ` Borislav Petkov
2022-11-21 16:43 ` Michael Kelley (LINUX)
2022-11-21 19:47 ` Borislav Petkov
2022-11-16 18:41 ` [Patch v3 03/14] x86/hyperv: Reorder code in prep for subsequent patch Michael Kelley
2022-11-16 18:41 ` [Patch v3 04/14] Drivers: hv: Explicitly request decrypted in vmap_pfn() calls Michael Kelley
2022-11-16 18:41 ` [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently Michael Kelley
2022-11-16 20:35 ` Tom Lendacky
2022-11-16 21:15 ` Tom Lendacky
2022-11-18 2:59 ` Michael Kelley (LINUX)
2022-11-17 21:47 ` Sathyanarayanan Kuppuswamy [this message]
2022-11-18 2:55 ` Michael Kelley (LINUX)
2022-11-21 14:39 ` Borislav Petkov
2022-11-21 22:06 ` Sathyanarayanan Kuppuswamy
2022-11-22 17:59 ` Michael Kelley (LINUX)
2022-11-28 10:50 ` Borislav Petkov
2022-11-28 2:52 ` Dexuan Cui
2022-11-28 14:15 ` Tom Lendacky
2022-11-28 18:06 ` Dexuan Cui
2022-11-21 14:40 ` Borislav Petkov
2022-11-16 18:41 ` [Patch v3 06/14] init: Call mem_encrypt_init() after Hyper-V hypercall init is done Michael Kelley
2022-11-16 21:14 ` Tom Lendacky
2022-11-21 14:46 ` Borislav Petkov
2022-11-16 18:41 ` [Patch v3 07/14] x86/hyperv: Change vTOM handling to use standard coco mechanisms Michael Kelley
2022-11-17 2:59 ` Tianyu Lan
2022-11-21 15:03 ` Borislav Petkov
2022-11-22 18:22 ` Michael Kelley (LINUX)
2022-11-22 18:30 ` Dave Hansen
2022-11-22 22:02 ` Michael Kelley (LINUX)
2022-11-22 22:18 ` Borislav Petkov
2022-11-23 0:59 ` Michael Kelley (LINUX)
2022-11-28 14:38 ` Michael Kelley (LINUX)
2022-11-28 16:33 ` Borislav Petkov
2022-11-28 16:59 ` Michael Kelley (LINUX)
2022-11-28 17:24 ` Borislav Petkov
2022-11-28 17:55 ` Michael Kelley (LINUX)
2022-11-28 19:56 ` Borislav Petkov
2022-11-29 1:15 ` Michael Kelley (LINUX)
2022-11-29 8:40 ` Borislav Petkov
2022-11-29 15:49 ` Michael Kelley (LINUX)
2022-11-29 17:47 ` Borislav Petkov
2022-11-30 16:11 ` Michael Kelley (LINUX)
2022-11-16 18:41 ` [Patch v3 08/14] swiotlb: Remove bounce buffer remapping for Hyper-V Michael Kelley
2022-11-16 18:41 ` [Patch v3 09/14] Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages Michael Kelley
2022-11-16 18:41 ` [Patch v3 10/14] Drivers: hv: vmbus: Remove second way of mapping ring buffers Michael Kelley
2022-11-16 18:41 ` [Patch v3 11/14] hv_netvsc: Remove second mapping of send and recv buffers Michael Kelley
2022-11-16 18:41 ` [Patch v3 12/14] Drivers: hv: Don't remap addresses that are above shared_gpa_boundary Michael Kelley
2022-11-16 18:41 ` [Patch v3 13/14] PCI: hv: Add hypercalls to read/write MMIO space Michael Kelley
2022-11-17 15:16 ` Wei Liu
2022-11-17 16:14 ` Michael Kelley (LINUX)
2022-11-17 17:01 ` Wei Liu
2022-11-17 16:32 ` Sean Christopherson
2022-11-17 17:00 ` Wei Liu
2022-11-17 18:33 ` Haiyang Zhang
2022-11-18 2:38 ` Michael Kelley (LINUX)
2022-11-16 18:41 ` [Patch v3 14/14] PCI: hv: Enable PCI pass-thru devices in Confidential VMs Michael Kelley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01d7c7cc-bd4e-ee9b-f5b2-73ea367e602f@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=ak@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=edumazet@google.com \
--cc=haiyangz@microsoft.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=isaku.yamahata@intel.com \
--cc=jane.chu@oracle.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kw@linux.com \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lpieralisi@kernel.org \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mikelley@microsoft.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=robh@kernel.org \
--cc=robin.murphy@arm.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.