Re: [PATCH RFC v8 15/56] x86/sev: Invalidate pages from the direct map when adding them to the RMP table

From: Dave Hansen
Date: Wed Mar 01 2023 - 11:16:14 EST

Next message: Matthew Wilcox: "Re: [PATCH v3 22/34] superh: Implement the new page table range API"
Previous message: Lucas Tanure: "Re: [PATCH v3] ASoC: cs35l41: Steam Deck Shared boost properties quirk"
In reply to: Tom Dohrmann: "Re: [PATCH RFC v8 15/56] x86/sev: Invalidate pages from the direct map when adding them to the RMP table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/20/23 10:38, Michael Roth wrote:
> From: Brijesh Singh <brijesh.singh@xxxxxxx>
>
> The integrity guarantee of SEV-SNP is enforced through the RMP table.
> The RMP is used with standard x86 and IOMMU page tables to enforce
> memory restrictions and page access rights. The RMP check is enforced as
> soon as SEV-SNP is enabled globally in the system. When hardware
> encounters an RMP-check failure, it raises a page-fault exception.
>
> The rmp_make_private() and rmp_make_shared() helpers are used to add
> or remove the pages from the RMP table. Improve the rmp_make_private()
> to invalidate state so that pages cannot be used in the direct-map after
> they are added the RMP table, and restored to their default valid
> permission after the pages are removed from the RMP table.

This is a purely "what" changelog. It doesn't explain the "why" at all.

Could you please elaborate on why this unmapping operation is necessary?

Next message: Matthew Wilcox: "Re: [PATCH v3 22/34] superh: Implement the new page table range API"
Previous message: Lucas Tanure: "Re: [PATCH v3] ASoC: cs35l41: Steam Deck Shared boost properties quirk"
In reply to: Tom Dohrmann: "Re: [PATCH RFC v8 15/56] x86/sev: Invalidate pages from the direct map when adding them to the RMP table"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]