From: Ard Biesheuvel <ardb+git@google.com>
To: linux-kernel@vger.kernel.org
Cc: x86@kernel.org, Ard Biesheuvel <ardb@kernel.org>,
Borislav Petkov <bp@alien8.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
Nikita Zhandarovich <n.zhandarovich@fintech.ru>,
Kevin Loughlin <kevinloughlin@google.com>
Subject: [PATCH] x86/sme: Fix memory encryption if enabled by default and not overridden
Date: Fri, 26 Jan 2024 17:39:19 +0100 [thread overview]
Message-ID: <20240126163918.2908990-2-ardb+git@google.com> (raw)
From: Ard Biesheuvel <ardb@kernel.org>
Commit cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in
sme_enable()") 'fixed' an issue in sme_enable() detected by static
analysis, and broke the common case in the process.
cmdline_find_option() will return < 0 on an error, or when the command
line argument does not appear at all. In this particular case, the
latter is not an error condition, and so the early exit is wrong.
Instead, without mem_encrypt= on the command line, the compile time
default should be honoured, which could be to enable memory encryption,
and this is currently broken.
Fix it by setting sme_me_mask to a preliminary value based on the
compile time default, and only omitting the command line argument test
when cmdline_find_option() returns an error.
Cc: Borislav Petkov (AMD) <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Cc: Kevin Loughlin <kevinloughlin@google.com>
Fixes: cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/x86/mm/mem_encrypt_identity.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index d73aeb16417f..30df4f1725f4 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -600,15 +600,14 @@ void __init sme_enable(struct boot_params *bp)
cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
((u64)bp->ext_cmd_line_ptr << 32));
+ sme_me_mask = active_by_default ? me_mask : 0;
if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
- return;
+ goto out;
if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
sme_me_mask = me_mask;
else if (!strncmp(buffer, cmdline_off, sizeof(buffer)))
sme_me_mask = 0;
- else
- sme_me_mask = active_by_default ? me_mask : 0;
out:
if (sme_me_mask) {
physical_mask &= ~sme_me_mask;
--
2.43.0.429.g432eaa2c6b-goog
next reply other threads:[~2024-01-26 16:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 16:39 Ard Biesheuvel [this message]
2024-01-26 22:26 ` [PATCH] x86/sme: Fix memory encryption if enabled by default and not overridden Tom Lendacky
2024-01-27 10:52 ` Borislav Petkov
2024-01-29 11:06 ` Ard Biesheuvel
2024-01-27 11:26 ` [tip: x86/sev] x86/sme: Fix memory encryption setting " tip-bot2 for Ard Biesheuvel
2024-01-30 16:26 ` tip-bot2 for Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240126163918.2908990-2-ardb+git@google.com \
--to=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=kevinloughlin@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=n.zhandarovich@fintech.ru \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.