[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <uwr4a2pgvv45xfzvbceghdkm6kgb25y7c2wdkxquphmq2e7rxq@tr5dud4khhl5>
Date: Tue, 10 Sep 2024 15:58:16 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: "Kalra, Ashish" <ashish.kalra@....com>
Cc: Tom Lendacky <thomas.lendacky@....com>,
"Maciej W. Rozycki" <macro@...am.me.uk>, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
Kevin Loughlin <kevinloughlin@...gle.com>, linux-kernel@...r.kernel.org,
Rick Edgecombe <rick.p.edgecombe@...el.com>, Isaku Yamahata <isaku.yamahata@...el.com>
Subject: Re: [PATCH] x86/tdx: Fix crash on kexec with CONFIG_EISA
On Fri, Aug 30, 2024 at 03:47:50PM -0500, Kalra, Ashish wrote:
> Hello Kirill,
>
> On 8/29/2024 7:53 AM, Kirill A. Shutemov wrote:
> > On Wed, Aug 28, 2024 at 02:43:23PM -0500, Kalra, Ashish wrote:
> >> Hello Kirill,
> >>
> >> On 8/28/2024 1:21 AM, Kirill A. Shutemov wrote:
> >>>>>> memremap()
> >>>>>> arch_memremap_wb()
> >>>>>> ioremap_cache()
> >>>>>> __ioremap_caller(.encrytped = false)
> >>>>>>
> >>>>>> I think arch_memremap_wb() should be mapped ioremap_encrypted() in x86
> >>>>>> case. See the patch below.
> >>>>>>
> >>>>>> It seems to be working fine on TDX, but I am not sure about SEV.
> >>>>>>
> >>>>>> Tom, any comments?
> >>>>> I haven't dug through the code that thoroughly, but I don't think making
> >>>>> arch_memremap_wb() be ioremap_encrypted() will work for SME, where some
> >>>>> data, e.g. setup data, is unencrypted and needs to be mapped shared.
> >>>>>
> >>>>> Let me add @Ashish to the thread and have him investigate this since he
> >>>>> has been working on the kexec support under SNP. Can someone provide the
> >>>>> specific kernel options that need to be in place?
> >>>> As Tom asked for, please provide the specific kernel options to test
> >>>> with this configuration.
> >>> It is not about testing a specific configuration. The question is if it
> >>> safe for memremap() to map all WB memory as encrypted by default.
> >>>
> >>> Looks like it is safe for TDX, but I am not sure about SME/SEV.
> >> For SEV it may make sense, but for SME we don't want memremap() to map
> >> all WB memory as encrypted by default.
> > Could you elaborate why?
> >
> > I mean if it is specific memory ranges that can be identified as such we
> > could make exception for them.
> Looks like that the exception is already made for some of these memory ranges with MEMREMAP_DEC flag set along with MEMREMAP_WB.
> >>> Maybe we want a specific flag to make memremap() map WB memory as
> >>> decrypted/shared. Make everything encrypted by default seems like a sane
> >>> default.
> >> What are MEMREMAP_ENC, MEMREMAP_DEC flags being used for currently ?
> > Good question.
> >
> > I see zero use of MEMREMAP_ENC in the kernel. And MEMREMAP_DEC only used
> > for setup data which I believe AMD thing.
> >
> > If it is the only memory that must be decrypted, I guess we can make it
> > work with encrypted by default.
>
> Yes, and this looks pretty much covered with:
>
> arch_memremap_can_ram_remap(..)
>
> -> if (CC_ATTR_HOST_MEM_REMAP)
>
> --> memremap_is_setup_data()
>
> ---> memremap(.., MEMREMAP_WB | MEMREMAP_DEC);
>
> It does look like that it can work with encrypted by default and any memory ranges which need special handling and need to be setup as decrypted can use MEMREMAP_WB | MEMREMAP_DEC flag.
>
Could you actually test the patch that makes memremap() map WB memory as
encrypted by default:
https://lore.kernel.org/all/g3tswlyhrnuzfqf2upq6h23manyrzhnxttnay66nycy2moi4es@5n4oblzpzcjc/
?
If it works, I will submit a proper patch.
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists