Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when... | linux-coco

[PATCH v1 00/26] Add AMD Secure Nested Paging (SEV-SNP) Initialization Support · Michael Roth <hidden> · 2023-12-30
[PATCH v1 06/26] x86/sev: Add RMP entry lookup helpers · Michael Roth <hidden> · 2023-12-30
[PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Borislav Petkov <bp@alien8.de> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · "Jarkko Sakkinen" <jarkko@kernel.org> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Borislav Petkov <bp@alien8.de> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Borislav Petkov <bp@alien8.de> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Tom Lendacky <thomas.lendacky@amd.com> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Borislav Petkov <bp@alien8.de> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Tom Lendacky <thomas.lendacky@amd.com> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Borislav Petkov <bp@alien8.de> · 2024-01-10
Re: [PATCH v1 07/26] x86/fault: Add helper for dumping RMP entries · Tom Lendacky <thomas.lendacky@amd.com> · 2024-01-10
[PATCH v1 08/26] x86/traps: Define RMP violation #PF error code · Michael Roth <hidden> · 2023-12-30
[PATCH v1 09/26] x86/fault: Dump RMP table information when RMP page faults occur · Michael Roth <hidden> · 2023-12-30
[PATCH v1 10/26] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 10/26] x86/sev: Add helper functions for RMPUPDATE and PSMASH instruction · Borislav Petkov <bp@alien8.de> · 2024-01-12
[PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Dave Hansen <hidden> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Vlastimil Babka <hidden> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Vlastimil Babka <hidden> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Mike Rapoport <rppt@kernel.org> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Tom Lendacky <thomas.lendacky@amd.com> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Dave Hansen <hidden> · 2024-01-12
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Vlastimil Babka <hidden> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Michael Roth <hidden> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Michael Roth <hidden> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Mike Rapoport <rppt@kernel.org> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Michael Roth <hidden> · 2024-01-26
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Dave Hansen <hidden> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Michael Roth <hidden> · 2024-01-26
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Dave Hansen <hidden> · 2024-01-16
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-17
Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table · Borislav Petkov <bp@alien8.de> · 2024-01-15
[PATCH v1 12/26] crypto: ccp: Define the SEV-SNP commands · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 12/26] crypto: ccp: Define the SEV-SNP commands · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 12/26] crypto: ccp: Define the SEV-SNP commands · Michael Roth <hidden> · 2024-01-26
[PATCH v1 13/26] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 13/26] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 13/26] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP · Borislav Petkov <bp@alien8.de> · 2024-01-15
Re: [PATCH v1 13/26] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP · Michael Roth <hidden> · 2024-01-26
[PATCH v1 14/26] crypto: ccp: Provide API to issue SEV and SNP commands · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 14/26] crypto: ccp: Provide API to issue SEV and SNP commands · Borislav Petkov <bp@alien8.de> · 2024-01-17
[PATCH v1 15/26] x86/sev: Introduce snp leaked pages list · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 15/26] x86/sev: Introduce snp leaked pages list · Vlastimil Babka <hidden> · 2024-01-08
Re: [PATCH v1 15/26] x86/sev: Introduce snp leaked pages list · "Kalra, Ashish" <ashish.kalra@amd.com> · 2024-01-09
Re: [PATCH v1 15/26] x86/sev: Introduce snp leaked pages list · Vlastimil Babka <hidden> · 2024-01-10
[PATCH v1 16/26] crypto: ccp: Handle the legacy TMR allocation when SNP is enabled · Michael Roth <hidden> · 2023-12-30
[PATCH v1 17/26] crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 17/26] crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled · Borislav Petkov <bp@alien8.de> · 2024-01-18
[PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled · Borislav Petkov <bp@alien8.de> · 2024-01-19
Re: [PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled · Tom Lendacky <thomas.lendacky@amd.com> · 2024-01-19
Re: [PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled · Borislav Petkov <bp@alien8.de> · 2024-01-19
Re: [PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled · Michael Roth <hidden> · 2024-01-26
[PATCH v1 19/26] iommu/amd: Clean up RMP entries for IOMMU pages during SNP shutdown · Michael Roth <hidden> · 2023-12-30
[PATCH v1 20/26] crypto: ccp: Add debug support for decrypting pages · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 20/26] crypto: ccp: Add debug support for decrypting pages · Sean Christopherson <seanjc@google.com> · 2024-01-10
Re: [PATCH v1 20/26] crypto: ccp: Add debug support for decrypting pages · Michael Roth <hidden> · 2024-01-11
[PATCH v1 21/26] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 21/26] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump · Borislav Petkov <bp@alien8.de> · 2024-01-21
Re: [PATCH v1 21/26] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump · "Kalra, Ashish" <ashish.kalra@amd.com> · 2024-01-26
Re: [PATCH v1 21/26] crypto: ccp: Add panic notifier for SEV/SNP firmware shutdown on kdump · Michael Roth <hidden> · 2024-01-26
[PATCH v1 22/26] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 22/26] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe · Borislav Petkov <bp@alien8.de> · 2024-01-21
Re: [PATCH v1 22/26] KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe · Michael Roth <hidden> · 2024-01-26
[PATCH v1 23/26] x86/cpufeatures: Enable/unmask SEV-SNP CPU feature · Michael Roth <hidden> · 2023-12-30
[PATCH v1 24/26] crypto: ccp: Add the SNP_PLATFORM_STATUS command · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 24/26] crypto: ccp: Add the SNP_PLATFORM_STATUS command · Borislav Petkov <bp@alien8.de> · 2024-01-21
Re: [PATCH v1 24/26] crypto: ccp: Add the SNP_PLATFORM_STATUS command · Michael Roth <hidden> · 2024-01-26
[PATCH v1 25/26] crypto: ccp: Add the SNP_COMMIT command · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 25/26] crypto: ccp: Add the SNP_COMMIT command · Borislav Petkov <bp@alien8.de> · 2024-01-21
[PATCH v1 26/26] crypto: ccp: Add the SNP_SET_CONFIG command · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 26/26] crypto: ccp: Add the SNP_SET_CONFIG command · Borislav Petkov <bp@alien8.de> · 2024-01-21
Re: [PATCH v1 26/26] crypto: ccp: Add the SNP_SET_CONFIG command · Michael Roth <hidden> · 2024-01-26
[PATCH v1 01/26] x86/cpufeatures: Add SEV-SNP CPU feature · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 01/26] x86/cpufeatures: Add SEV-SNP CPU feature · Borislav Petkov <bp@alien8.de> · 2023-12-31
Re: [PATCH v1 01/26] x86/cpufeatures: Add SEV-SNP CPU feature · Michael Roth <hidden> · 2023-12-31
[PATCH v1 02/26] x86/speculation: Do not enable Automatic IBRS if SEV SNP is enabled · Michael Roth <hidden> · 2023-12-30
[PATCH v1 03/26] iommu/amd: Don't rely on external callers to enable IOMMU SNP support · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 03/26] iommu/amd: Don't rely on external callers to enable IOMMU SNP support · Borislav Petkov <bp@alien8.de> · 2024-01-04
Re: [PATCH v1 03/26] iommu/amd: Don't rely on external callers to enable IOMMU SNP support · Joerg Roedel <hidden> · 2024-01-04
[PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Michael Roth <hidden> · 2023-12-30
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Jeremi Piotrowski <hidden> · 2024-01-04
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-05
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-05
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Jeremi Piotrowski <hidden> · 2024-01-08
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-08
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Jeremi Piotrowski <hidden> · 2024-01-09
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-09
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-09
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Jeremi Piotrowski <hidden> · 2024-02-14
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-04
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-04
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-05
Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2024-01-05
[PATCH v1 05/26] x86/mtrr: Don't print errors if MtrrFixDramModEn is set when SNP enabled · Michael Roth <hidden> · 2023-12-30

Re: [PATCH v1 11/26] x86/sev: Invalidate pages from the direct map when adding them to the RMP table

From: Borislav Petkov <bp@alien8.de>
Date: 2024-01-15 09:02:21
Also in: kvm, linux-crypto, linux-mm, lkml
Subsystem: the rest, x86 architecture (32-bit and 64-bit) · Maintainers: Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen

On Sat, Dec 30, 2023 at 10:19:39AM -0600, Michael Roth wrote:

+	/*
+	 * If the kernel uses a 2MB directmap mapping to write to an address,
+	 * and that 2MB range happens to contain a 4KB page that set to private
+	 * in the RMP table, an RMP #PF will trigger and cause a host crash.

Also:

diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
index 7d294d1a620b..2ad83e7fb2da 100644
--- a/arch/x86/virt/svm/sev.c
+++ b/arch/x86/virt/svm/sev.c

@@ -415,8 +415,9 @@ static int rmpupdate(u64 pfn, struct rmp_state *state)
 
 	/*
 	 * If the kernel uses a 2MB directmap mapping to write to an address,
-	 * and that 2MB range happens to contain a 4KB page that set to private
-	 * in the RMP table, an RMP #PF will trigger and cause a host crash.
+	 * and that 2MB range happens to contain a 4KB page that has been set
+	 * to private in the RMP table, an RMP #PF will trigger and cause a
+	 * host crash.
 	 *
 	 * Prevent this by removing pages from the directmap prior to setting
 	 * them as private in the RMP table.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help