Re: [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently

From: Borislav Petkov
Date: Mon Nov 28 2022 - 05:50:55 EST

Next message: John Keeping: "Re: [PATCH] ALSA: pcm: fix tracing reason in hw_ptr_error"
Previous message: Ricardo Ribalda: "[PATCH] ASoC: mediatek: mt8173: Enable IRQ when pdata is ready"
In reply to: Dexuan Cui: "RE: [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 22, 2022 at 05:59:04PM +0000, Michael Kelley (LINUX) wrote:
> Right. But here's my point: With current code and an image built with
> CONFIG_AMD_MEM_ENCRYPT=y and running as a TDX guest,
> sme_postprocess_startup() will not decrypt the bss_decrypted section.
> Then later mem_encrypt_free_decrypted_mem() will run, see that
> CC_ATTR_MEM_ENCRYPT is true, and try to re-encrypt the memory.
> In other words, a TDX guest would break in the same way as a Hyper-V
> vTOM guest would break. This patch fixes the problem for both cases.

I guess making the check more concrete by checking sme_me_mask directly
along with a comment makes sense.

We need to be very careful here not to fragment the code too much for
all the different guest types.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: John Keeping: "Re: [PATCH] ALSA: pcm: fix tracing reason in hw_ptr_error"
Previous message: Ricardo Ribalda: "[PATCH] ASoC: mediatek: mt8173: Enable IRQ when pdata is ready"
In reply to: Dexuan Cui: "RE: [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]