[PATCH v6 04/13] x86/mm: Handle decryption/re-encryption of bss_decrypted... | netdev

[PATCH v6 00/13] Add PCI pass-thru support to Hyper-V Confidential VMs · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 01/13] x86/ioremap: Add hypervisor callback for private MMIO mapping in coco VM · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 02/13] x86/hyperv: Reorder code to facilitate future work · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 03/13] Drivers: hv: Explicitly request decrypted in vmap_pfn() calls · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 04/13] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 05/13] init: Call mem_encrypt_init() after Hyper-V hypercall init is done · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley <hidden> · 2023-03-09
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Borislav Petkov <bp@alien8.de> · 2023-03-20
RE: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley (LINUX) <hidden> · 2023-03-20
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Borislav Petkov <bp@alien8.de> · 2023-03-20
RE: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley (LINUX) <hidden> · 2023-03-20
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Borislav Petkov <bp@alien8.de> · 2023-03-23
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Borislav Petkov <bp@alien8.de> · 2023-03-24
RE: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Dexuan Cui <decui@microsoft.com> · 2023-03-24
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com> · 2023-03-24
Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Borislav Petkov <bp@alien8.de> · 2023-03-24
RE: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley (LINUX) <hidden> · 2023-03-24
RE: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms · Michael Kelley (LINUX) <hidden> · 2023-03-25
[PATCH v6 07/13] swiotlb: Remove bounce buffer remapping for Hyper-V · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 09/13] Drivers: hv: vmbus: Remove second way of mapping ring buffers · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 13/13] PCI: hv: Enable PCI pass-thru devices in Confidential VMs · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 08/13] Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 11/13] Drivers: hv: Don't remap addresses that are above shared_gpa_boundary · Michael Kelley <hidden> · 2023-03-09
[PATCH v6 12/13] PCI: hv: Add hypercalls to read/write MMIO space · Michael Kelley <hidden> · 2023-03-09
Re: [PATCH v6 12/13] PCI: hv: Add hypercalls to read/write MMIO space · Lorenzo Pieralisi <lpieralisi@kernel.org> · 2023-03-24
RE: [PATCH v6 12/13] PCI: hv: Add hypercalls to read/write MMIO space · Michael Kelley (LINUX) <hidden> · 2023-03-24
Re: [PATCH v6 12/13] PCI: hv: Add hypercalls to read/write MMIO space · Lorenzo Pieralisi <lpieralisi@kernel.org> · 2023-03-24
[PATCH v6 10/13] hv_netvsc: Remove second mapping of send and recv buffers · Michael Kelley <hidden> · 2023-03-09
Re: [PATCH v6 00/13] Add PCI pass-thru support to Hyper-V Confidential VMs · Borislav Petkov <bp@alien8.de> · 2023-03-20

STALE1187d LANDED: 3 (3M)

Revisions (4)

2022-10-20 v1 [diff vs current]
2023-01-12 v5 [diff vs current]
2023-03-09 v6 current
2023-03-26 v7 [diff vs current]

[PATCH v6 04/13] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently

From: Michael Kelley <hidden>
Date: 2023-03-09 02:42:00
Also in: linux-arch, linux-hyperv, linux-iommu, linux-pci, lkml
Subsystem: the rest, x86 architecture (32-bit and 64-bit), x86 mm · Maintainers: Linus Torvalds, Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, Andy Lutomirski, Peter Zijlstra

sme_postprocess_startup() decrypts the bss_decrypted section when
sme_me_mask is non-zero.

mem_encrypt_free_decrypted_mem() re-encrypts the unused portion based
on CC_ATTR_MEM_ENCRYPT.

In a Hyper-V guest VM using vTOM, these conditions are not equivalent
as sme_me_mask is always zero when using vTOM. Consequently,
mem_encrypt_free_decrypted_mem() attempts to re-encrypt memory that was
never decrypted.

So check sme_me_mask in mem_encrypt_free_decrypted_mem() too.

Hyper-V guests using vTOM don't need the bss_decrypted section to be
decrypted, so skipping the decryption/re-encryption doesn't cause a
problem.

Signed-off-by: Michael Kelley <redacted>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/mm/mem_encrypt_amd.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 9c4d8db..e0b51c0 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c

@@ -513,10 +513,14 @@ void __init mem_encrypt_free_decrypted_mem(void)
 	npages = (vaddr_end - vaddr) >> PAGE_SHIFT;
 
 	/*
-	 * The unused memory range was mapped decrypted, change the encryption
-	 * attribute from decrypted to encrypted before freeing it.
+	 * If the unused memory range was mapped decrypted, change the encryption
+	 * attribute from decrypted to encrypted before freeing it. Base the
+	 * re-encryption on the same condition used for the decryption in
+	 * sme_postprocess_startup(). Higher level abstractions, such as
+	 * CC_ATTR_MEM_ENCRYPT, aren't necessarily equivalent in a Hyper-V VM
+	 * using vTOM, where sme_me_mask is always zero.
 	 */
-	if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) {
+	if (sme_me_mask) {
 		r = set_memory_encrypted(vaddr, npages);
 		if (r) {
 			pr_warn("failed to free unused decrypted pages\n");

-- 
1.8.3.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help