From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Paul Menzel <pmenzel@molgen.mpg.de>,
Borislav Petkov <bp@suse.de>,
Alex Deucher <alexander.deucher@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 4.19 26/50] x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
Date: Mon, 18 Oct 2021 15:24:33 +0200 [thread overview]
Message-ID: <20211018132327.405038283@linuxfoundation.org> (raw)
In-Reply-To: <20211018132326.529486647@linuxfoundation.org>
From: Borislav Petkov <bp@suse.de>
commit 711885906b5c2df90746a51f4cd674f1ab9fbb1d upstream.
This Kconfig option was added initially so that memory encryption is
enabled by default on machines which support it.
However, devices which have DMA masks that are less than the bit
position of the encryption bit, aka C-bit, require the use of an IOMMU
or the use of SWIOTLB.
If the IOMMU is disabled or in passthrough mode, the kernel would switch
to SWIOTLB bounce-buffering for those transfers.
In order to avoid that,
2cc13bb4f59f ("iommu: Disable passthrough mode when SME is active")
disables the default IOMMU passthrough mode so that devices for which the
default 256K DMA is insufficient, can use the IOMMU instead.
However 2, there are cases where the IOMMU is disabled in the BIOS, etc.
(think the usual hardware folk "oops, I dropped the ball there" cases) or a
driver doesn't properly use the DMA APIs or a device has a firmware or
hardware bug, e.g.:
ea68573d408f ("drm/amdgpu: Fail to load on RAVEN if SME is active")
However 3, in the above GPU use case, there are APIs like Vulkan and
some OpenGL/OpenCL extensions which are under the assumption that
user-allocated memory can be passed in to the kernel driver and both the
GPU and CPU can do coherent and concurrent access to the same memory.
That cannot work with SWIOTLB bounce buffers, of course.
So, in order for those devices to function, drop the "default y" for the
SME by default active option so that users who want to have SME enabled,
will need to either enable it in their config or use "mem_encrypt=on" on
the kernel command line.
[ tlendacky: Generalize commit message. ]
Fixes: 7744ccdbc16f ("x86/mm: Add Secure Memory Encryption (SME) support")
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@vger.kernel.org>
Link: https://lkml.kernel.org/r/8bbacd0e-4580-3194-19d2-a0ecad7df09c@molgen.mpg.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/Kconfig | 1 -
1 file changed, 1 deletion(-)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1496,7 +1496,6 @@ config AMD_MEM_ENCRYPT
config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
bool "Activate AMD Secure Memory Encryption (SME) by default"
- default y
depends on AMD_MEM_ENCRYPT
---help---
Say yes to have system memory encrypted by default if running on
next prev parent reply other threads:[~2021-10-18 13:32 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-18 13:24 [PATCH 4.19 00/50] 4.19.213-rc1 review Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 01/50] ALSA: seq: Fix a potential UAF by wrong private_free call order Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 02/50] ALSA: hda/realtek: Complete partial device name to avoid ambiguity Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 03/50] ALSA: hda/realtek: Add quirk for Clevo X170KM-G Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 04/50] ALSA: hda/realtek - ALC236 headset MIC recording issue Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 05/50] nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^ Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 06/50] s390: fix strrchr() implementation Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 07/50] btrfs: deal with errors when replaying dir entry during log replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 08/50] btrfs: deal with errors when adding inode reference " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 09/50] btrfs: check for error when looking up inode during dir entry replay Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 10/50] x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 11/50] mei: me: add Ice Lake-N device id Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 12/50] xhci: guard accesses to ep_state in xhci_endpoint_reset() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 13/50] xhci: Fix command ring pointer corruption while aborting a command Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 14/50] xhci: Enable trust tx length quirk for Fresco FL11 USB controller Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 15/50] cb710: avoid NULL pointer subtraction Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 16/50] efi/cper: use stack buffer for error record decoding Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 17/50] efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 18/50] usb: musb: dsps: Fix the probe error path Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 19/50] Input: xpad - add support for another USB ID of Nacon GC-100 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 20/50] USB: serial: qcserial: add EM9191 QDL support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 21/50] USB: serial: option: add Quectel EC200S-CN module support Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 22/50] USB: serial: option: add Telit LE910Cx composition 0x1204 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 23/50] USB: serial: option: add prod. id for Quectel EG91 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 24/50] virtio: write back F_VERSION_1 before validate Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 25/50] nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells Greg Kroah-Hartman
2021-10-18 13:24 ` Greg Kroah-Hartman [this message]
2021-10-18 13:24 ` [PATCH 4.19 27/50] iio: adc: aspeed: set driver data when adc probe Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 28/50] iio: adc128s052: Fix the error handling path of adc128_probe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 29/50] iio: light: opt3001: Fixed timeout error when 0 lux Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 30/50] iio: ssp_sensors: add more range checking in ssp_parse_dataframe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 31/50] iio: ssp_sensors: fix error code in ssp_print_mcu_debug() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 32/50] iio: dac: ti-dac5571: fix an error code in probe() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 33/50] sctp: account stream padding length for reconf chunk Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 34/50] net: arc: select CRC32 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 35/50] net: korina: " Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 36/50] net: encx24j600: check error in devm_regmap_init_encx24j600 Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 37/50] ethernet: s2io: fix setting mac address during resume Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 38/50] nfc: fix error handling of nfc_proto_register() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 39/50] NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 40/50] NFC: digital: fix possible memory leak in digital_in_send_sdd_req() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 41/50] pata_legacy: fix a couple uninitialized variable bugs Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 42/50] platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 43/50] drm/msm: Fix null pointer dereference on pointer edp Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 44/50] drm/msm/mdp5: fix cursor-related warnings Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 45/50] drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 46/50] drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 47/50] acpi/arm64: fix next_platform_timer() section mismatch error Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 48/50] mqprio: Correct stats in mqprio_dump_class_stats() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 49/50] qed: Fix missing error code in qed_slowpath_start() Greg Kroah-Hartman
2021-10-18 13:24 ` [PATCH 4.19 50/50] r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 Greg Kroah-Hartman
2021-10-18 14:17 ` [PATCH 4.19 00/50] 4.19.213-rc1 review Naresh Kamboju
2021-10-18 21:00 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211018132327.405038283@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.deucher@amd.com \
--cc=bp@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pmenzel@molgen.mpg.de \
--cc=stable@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).