Re: [PATCH v5 09/32] x86/mm: Provide general kernel support for memory encryption

[Tom Lendacky]

On 4/21/2017 4:52 PM, Dave Hansen wrote:
> On 04/18/2017 02:17 PM, Tom Lendacky wrote:
> > @@ -55,7 +57,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr,
> >  	__phys_addr_symbol(__phys_reloc_hide((unsigned long)(x)))
> >
> >  #ifndef __va
> > -#define __va(x)			((void *)((unsigned long)(x)+PAGE_OFFSET))
> > +#define __va(x)			((void *)(__sme_clr(x) + PAGE_OFFSET))
> >  #endif
>
> It seems wrong to be modifying __va().  It currently takes a physical
> address, and this modifies it to take a physical address plus the SME bits.

This actually modifies it to be sure the encryption bit is not part of
the physical address.

> How does that end up ever happening?  If we are pulling physical
> addresses out of the page tables, we use p??_phys().  I'd expect *those*
> to be masking off the SME bits.
>
> Is it these cases?
>
> 	pgd_t *base = __va(read_cr3());
>
> For those, it seems like we really want to create two modes of reading
> cr3.  One that truly reads CR3 and another that reads the pgd's physical
> address out of CR3.  Then you only do the SME masking on the one
> fetching a physical address, and the SME bits never leak into __va().

I'll investigate this and see if I can remove the mod to __va().

Thanks,
Tom

>