From: "Michael Kelley (LINUX)" <mikelley@microsoft.com>
To: Borislav Petkov <bp@alien8.de>
Cc: "hpa@zytor.com" <hpa@zytor.com>,
KY Srinivasan <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
Dexuan Cui <decui@microsoft.com>,
"luto@kernel.org" <luto@kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"davem@davemloft.net" <davem@davemloft.net>,
"edumazet@google.com" <edumazet@google.com>,
"kuba@kernel.org" <kuba@kernel.org>,
"pabeni@redhat.com" <pabeni@redhat.com>,
"lpieralisi@kernel.org" <lpieralisi@kernel.org>,
"robh@kernel.org" <robh@kernel.org>,
"kw@linux.com" <kw@linux.com>,
"bhelgaas@google.com" <bhelgaas@google.com>,
"arnd@arndb.de" <arnd@arndb.de>,
"hch@infradead.org" <hch@infradead.org>,
"m.szyprowski@samsung.com" <m.szyprowski@samsung.com>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"ak@linux.intel.com" <ak@linux.intel.com>,
"isaku.yamahata@intel.com" <isaku.yamahata@intel.com>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"jane.chu@oracle.com" <jane.chu@oracle.com>,
"seanjc@google.com" <seanjc@google.com>,
"tony.luck@intel.com" <tony.luck@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>
Subject: RE: [Patch v4 04/13] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently
Date: Thu, 29 Dec 2022 16:25:16 +0000 [thread overview]
Message-ID: <BYAPR21MB16884038F7EE406322181C58D7F39@BYAPR21MB1688.namprd21.prod.outlook.com> (raw)
In-Reply-To: <Y62FbJ1rZ6TVUgml@zn.tnic>
From: Borislav Petkov <bp@alien8.de> Sent: Thursday, December 29, 2022 4:18 AM
>
> On Thu, Dec 01, 2022 at 07:30:22PM -0800, Michael Kelley wrote:
> > Current code in sme_postprocess_startup() decrypts the bss_decrypted
> > section when sme_me_mask is non-zero. But code in
> > mem_encrypt_free_decrypted_mem() re-encrypts the unused portion based
> > on CC_ATTR_MEM_ENCRYPT. In a Hyper-V guest VM using vTOM, these
> > conditions are not equivalent as sme_me_mask is always zero when
> > using vTOM. Consequently, mem_encrypt_free_decrypted_mem() attempts
> > to re-encrypt memory that was never decrypted.
> >
> > Fix this in mem_encrypt_free_decrypted_mem() by conditioning the
> > re-encryption on the same test for non-zero sme_me_mask. Hyper-V
> > guests using vTOM don't need the bss_decrypted section to be
> > decrypted, so skipping the decryption/re-encryption doesn't cause
> > a problem.
>
> Lemme simplify the formulations a bit:
>
> "sme_postprocess_startup() decrypts the bss_decrypted ection when me_mask
> sme_is non-zero.
>
> mem_encrypt_free_decrypted_mem() re-encrypts the unused portion based on
> CC_ATTR_MEM_ENCRYPT.
>
> In a Hyper-V guest VM using vTOM, these conditions are not equivalent
> as sme_me_mask is always zero when using vTOM. Consequently,
> mem_encrypt_free_decrypted_mem() attempts to re-encrypt memory that was
> never decrypted.
>
> So check sme_me_mask in mem_encrypt_free_decrypted_mem() too.
>
> Hyper-V guests using vTOM don't need the bss_decrypted section to be
> decrypted, so skipping the decryption/re-encryption doesn't cause a
> problem."
Work for me. I'll pick up the new wording in v5.
>
> > Fixes: e9d1d2bb75b2 ("treewide: Replace the use of mem_encrypt_active() with
> cc_platform_has()")
>
> So when you say Fixes - this is an issue only for vTOM-using VMs and
> before yours, there were none. And yours needs more enablement than just
> this patch.
>
> So does this one really need to be backported to stable@?
>
> I'm asking because there's AI which will pick it up based on this Fixes
> tag up but that AI is still not that smart to replace us all. :-)
>
I'm ambivalent on the backport to stable. One might argue that older
kernel versions are conceptually wrong in using different conditions for
the decryption and re-encryption. But as you said, they aren't broken
from a practical standpoint because sme_me_mask and
CC_ATTR_MEM_ENCRYPT are equivalent prior to my patch set. However,
the email thread with Sathyanarayanan Kuppuswamy, Tom Lendacky,
and Dexuan Cui concluded that a Fixes: tag is appropriate. See
https://lore.kernel.org/lkml/fbf2cdcc-4ff7-b466-a6af-7a147f3bc94d@amd.com/
and
https://lore.kernel.org/lkml/BYAPR21MB1688A31ED795ED1B5ACB6D26D7099@BYAPR21MB1688.namprd21.prod.outlook.com/
Michael
next prev parent reply other threads:[~2022-12-29 16:26 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 3:30 [Patch v4 00/13] Add PCI pass-thru support to Hyper-V Confidential VMs Michael Kelley
2022-12-02 3:30 ` [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute Michael Kelley
2022-12-06 19:22 ` Borislav Petkov
2022-12-06 19:54 ` Michael Kelley (LINUX)
2022-12-29 11:39 ` Borislav Petkov
2022-12-29 16:02 ` Michael Kelley (LINUX)
2022-12-06 19:27 ` Sathyanarayanan Kuppuswamy
2022-12-02 3:30 ` [Patch v4 02/13] x86/hyperv: Reorder code in prep for subsequent patch Michael Kelley
2022-12-02 3:30 ` [Patch v4 03/13] Drivers: hv: Explicitly request decrypted in vmap_pfn() calls Michael Kelley
2022-12-29 12:05 ` Borislav Petkov
2022-12-02 3:30 ` [Patch v4 04/13] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently Michael Kelley
2022-12-29 12:17 ` Borislav Petkov
2022-12-29 16:25 ` Michael Kelley (LINUX) [this message]
2023-01-09 19:10 ` Borislav Petkov
2023-01-09 19:14 ` Michael Kelley (LINUX)
2022-12-29 16:54 ` Bjorn Helgaas
2022-12-29 17:12 ` Borislav Petkov
2022-12-02 3:30 ` [Patch v4 05/13] init: Call mem_encrypt_init() after Hyper-V hypercall init is done Michael Kelley
2022-12-06 19:37 ` Sathyanarayanan Kuppuswamy
2022-12-06 20:13 ` Michael Kelley (LINUX)
2022-12-06 20:30 ` Sathyanarayanan Kuppuswamy
2022-12-02 3:30 ` [Patch v4 06/13] x86/hyperv: Change vTOM handling to use standard coco mechanisms Michael Kelley
2023-01-09 16:38 ` Borislav Petkov
2023-01-09 17:37 ` Michael Kelley (LINUX)
2023-01-09 18:07 ` Borislav Petkov
2022-12-02 3:30 ` [Patch v4 07/13] swiotlb: Remove bounce buffer remapping for Hyper-V Michael Kelley
2023-01-09 18:05 ` Borislav Petkov
2022-12-02 3:30 ` [Patch v4 08/13] Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages Michael Kelley
2022-12-02 3:30 ` [Patch v4 09/13] Drivers: hv: vmbus: Remove second way of mapping ring buffers Michael Kelley
2022-12-02 3:30 ` [Patch v4 10/13] hv_netvsc: Remove second mapping of send and recv buffers Michael Kelley
2022-12-02 3:30 ` [Patch v4 11/13] Drivers: hv: Don't remap addresses that are above shared_gpa_boundary Michael Kelley
2022-12-02 3:30 ` [Patch v4 12/13] PCI: hv: Add hypercalls to read/write MMIO space Michael Kelley
2022-12-02 3:30 ` [Patch v4 13/13] PCI: hv: Enable PCI pass-thru devices in Confidential VMs Michael Kelley
2023-01-09 18:47 ` [Patch v4 00/13] Add PCI pass-thru support to Hyper-V " Borislav Petkov
2023-01-09 19:35 ` Michael Kelley (LINUX)
2023-01-12 14:03 ` Wei Liu
2023-01-19 17:58 ` Dexuan Cui
2023-01-20 11:58 ` Borislav Petkov
2023-01-20 12:42 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BYAPR21MB16884038F7EE406322181C58D7F39@BYAPR21MB1688.namprd21.prod.outlook.com \
--to=mikelley@microsoft.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=ak@linux.intel.com \
--cc=arnd@arndb.de \
--cc=bhelgaas@google.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=edumazet@google.com \
--cc=haiyangz@microsoft.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=isaku.yamahata@intel.com \
--cc=jane.chu@oracle.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=kw@linux.com \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lpieralisi@kernel.org \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=peterz@infradead.org \
--cc=robh@kernel.org \
--cc=robin.murphy@arm.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.