From: Tom Lendacky <thomas.lendacky@amd.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Albert Ou <aou@eecs.berkeley.edu>,
Alexei Starovoitov <ast@kernel.org>,
Andrea Parri <parri.andrea@gmail.com>,
Arnd Bergmann <arnd@arndb.de>,
Daniel Borkmann <daniel@iogearbox.net>,
Eric Chan <ericchancf@google.com>, Jason Gunthorpe <jgg@ziepe.ca>,
Kai Huang <kai.huang@intel.com>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Kent Overstreet <kent.overstreet@linux.dev>,
Palmer Dabbelt <palmer@rivosinc.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Russell King <linux@armlinux.org.uk>,
Samuel Holland <samuel.holland@sifive.com>,
Suren Baghdasaryan <surenb@google.com>,
Yuntao Wang <ytcoode@gmail.com>,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org,
stable@vger.kernel.org, Ashish Kalra <ashish.kalra@amd.com>,
"Maciej W. Rozycki" <macro@orcam.me.uk>
Subject: Re: [PATCHv3 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default
Date: Tue, 14 Jan 2025 08:33:39 -0600 [thread overview]
Message-ID: <9981e3f5-1414-dd82-c6ad-379289575b07@amd.com> (raw)
In-Reply-To: <vuj7mlvkvazuz5noupusqt2bk42vjkr5lkgivnrub2nby4ma6y@7ezpclbirwcs>
On 1/14/25 01:27, Kirill A. Shutemov wrote:
> On Mon, Jan 13, 2025 at 02:47:56PM -0600, Tom Lendacky wrote:
>> On 1/13/25 07:14, Kirill A. Shutemov wrote:
>>> Currently memremap(MEMREMAP_WB) can produce decrypted/shared mapping:
>>>
>>> memremap(MEMREMAP_WB)
>>> arch_memremap_wb()
>>> ioremap_cache()
>>> __ioremap_caller(.encrytped = false)
>>>
>>> In such cases, the IORES_MAP_ENCRYPTED flag on the memory will determine
>>> if the resulting mapping is encrypted or decrypted.
>>>
>>> Creating a decrypted mapping without explicit request from the caller is
>>> risky:
>>>
>>> - It can inadvertently expose the guest's data and compromise the
>>> guest.
>>>
>>> - Accessing private memory via shared/decrypted mapping on TDX will
>>> either trigger implicit conversion to shared or #VE (depending on
>>> VMM implementation).
>>>
>>> Implicit conversion is destructive: subsequent access to the same
>>> memory via private mapping will trigger a hard-to-debug #VE crash.
>>>
>>> The kernel already provides a way to request decrypted mapping
>>> explicitly via the MEMREMAP_DEC flag.
>>>
>>> Modify memremap(MEMREMAP_WB) to produce encrypted/private mapping by
>>> default unless MEMREMAP_DEC is specified.
>>>
>>> Fix the crash due to #VE on kexec in TDX guests if CONFIG_EISA is enabled.
>>
>> This patch causes my bare-metal system to crash during boot when using
>> mem_encrypt=on:
>>
>> [ 2.392934] efi: memattr: Entry type should be RuntimeServiceCode/Data
>> [ 2.393731] efi: memattr: ! 0x214c42f01f1162a-0xee70ac7bd1a9c629 [type=2028324321|attr=0x6590648fa4209879]
>
> Could you try if this helps?
>
> diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c
> index c38b1a335590..b5051dcb7c1d 100644
> --- a/drivers/firmware/efi/memattr.c
> +++ b/drivers/firmware/efi/memattr.c
> @@ -160,7 +160,7 @@ int __init efi_memattr_apply_permissions(struct mm_struct *mm,
> if (WARN_ON(!efi_enabled(EFI_MEMMAP)))
> return 0;
>
> - tbl = memremap(efi_mem_attr_table, tbl_size, MEMREMAP_WB);
> + tbl = memremap(efi_mem_attr_table, tbl_size, MEMREMAP_WB | MEMREMAP_DEC);
Well that would work for SME where EFI tables/data are not encrypted,
but will break for SEV where EFI tables/data are encrypted.
Thanks,
Tom
> if (!tbl) {
> pr_err("Failed to map EFI Memory Attributes table @ 0x%lx\n",
> efi_mem_attr_table);
next prev parent reply other threads:[~2025-01-14 14:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250113131459.2008123-1-kirill.shutemov@linux.intel.com>
[not found] ` <20250113131459.2008123-3-kirill.shutemov@linux.intel.com>
2025-01-13 20:47 ` [PATCHv3 2/2] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default Tom Lendacky
2025-01-13 20:55 ` Borislav Petkov
2025-01-14 7:27 ` Kirill A. Shutemov
2025-01-14 14:33 ` Tom Lendacky [this message]
2025-01-14 14:44 ` Kirill A. Shutemov
2025-01-14 15:06 ` Tom Lendacky
[not found] <ff8daeb1-4839-b070-dd94-a7692ac94008@amd.com>
2025-01-15 10:23 ` Kirill A. Shutemov
2025-01-15 10:34 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9981e3f5-1414-dd82-c6ad-379289575b07@amd.com \
--to=thomas.lendacky@amd.com \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=ashish.kalra@amd.com \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=ericchancf@google.com \
--cc=hpa@zytor.com \
--cc=jgg@ziepe.ca \
--cc=kai.huang@intel.com \
--cc=kent.overstreet@linux.dev \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=luto@kernel.org \
--cc=macro@orcam.me.uk \
--cc=mingo@redhat.com \
--cc=palmer@rivosinc.com \
--cc=parri.andrea@gmail.com \
--cc=paul.walmsley@sifive.com \
--cc=samuel.holland@sifive.com \
--cc=stable@vger.kernel.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=wangkefeng.wang@huawei.com \
--cc=x86@kernel.org \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox