Re: [Patch v3 05/14] x86/mm: Handle decryption/re-encryption of bss_decrypted consistently
From: Borislav Petkov
Date: Mon Nov 28 2022 - 05:50:55 EST
On Tue, Nov 22, 2022 at 05:59:04PM +0000, Michael Kelley (LINUX) wrote:
> Right. But here's my point: With current code and an image built with
> CONFIG_AMD_MEM_ENCRYPT=y and running as a TDX guest,
> sme_postprocess_startup() will not decrypt the bss_decrypted section.
> Then later mem_encrypt_free_decrypted_mem() will run, see that
> CC_ATTR_MEM_ENCRYPT is true, and try to re-encrypt the memory.
> In other words, a TDX guest would break in the same way as a Hyper-V
> vTOM guest would break. This patch fixes the problem for both cases.
I guess making the check more concrete by checking sme_me_mask directly
along with a comment makes sense.
We need to be very careful here not to fragment the code too much for
all the different guest types.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette