Re: SEV guest regression in 4.18

From: Brijesh Singh
Date: Fri Aug 24 2018 - 14:49:05 EST

On 08/24/2018 11:24 AM, Sean Christopherson wrote:
On Fri, Aug 24, 2018 at 10:41:27AM -0500, Brijesh Singh wrote:

On 08/23/2018 11:16 AM, Paolo Bonzini wrote:
On 23/08/2018 17:29, Sean Christopherson wrote:
On Thu, Aug 23, 2018 at 01:26:55PM +0200, Paolo Bonzini wrote:
On 22/08/2018 22:11, Brijesh Singh wrote:

Yes, this is one of approach I have in mind. It will avoid splitting
the larger pages; I am thinking that early in boot code we can lookup
for this special section and decrypt it in-place and probably maps with
C=0. Only downside, it will increase data section footprint a bit
because we need to align this section to PM_SIZE.

If you can ensure it doesn't span a PMD, maybe it does not need to be
aligned; you could establish a C=0 mapping of the whole 2M around it.

Wouldn't that result in exposing/leaking whatever code/data happened
to reside on the same 2M page (or corrupting it if the entire page
isn't decrypted)? Or are you suggesting that we'd also leave the
encrypted mapping intact?

Yes, exactly the latter, because...

Hardware does not enforce coherency between the encrypted and
unencrypted mapping for the same physical page. So, creating a
two mapping of same physical address will lead a possible data

But couldn't we avoid corruption by ensuring data accessed via the
unencrypted mapping is cache line aligned and sized? The CPU could
speculatively bring the encrypted version into the cache but it
should never get into a modified state (barring a software bug, but
that would be a problem regardless of encryption).

Yes, if we can ensure that accessed are cache line aligned and sized
then we should be fine.