Re: SEV guest regression in 4.18

From: Paolo Bonzini
Date: Fri Aug 24 2018 - 11:50:24 EST

On 24/08/2018 17:41, Brijesh Singh wrote:
>>> Wouldn't that result in exposing/leaking whatever code/data happened
>>> to reside on the same 2M page (or corrupting it if the entire page
>>> isn't decrypted)? Or are you suggesting that we'd also leave the
>>> encrypted mapping intact?
>> Yes, exactly the latter, because...
> Hardware does not enforce coherency between the encrypted and
> unencrypted mapping for the same physical page. So, creating a
> two mapping of same physical address will lead a possible data
> corruption.
> Note, SME creates two mapping of the same physical address to perform
> in-place encryption of kernel and initrd images; this is a special case
> and APM documents steps on how to do this.

Ah, so that's what I was thinking about. But a single cache line would
never be used both encrypted and unencrypted, would it?