Re: [PATCH] x86/tdx: Preserve shared bit on mprotect()

From: kirill.shutemov@xxxxxxxxxxxxxxx
Date: Fri Apr 12 2024 - 17:23:45 EST


On Fri, Apr 12, 2024 at 08:48:56PM +0000, Edgecombe, Rick P wrote:
> On Fri, 2024-04-12 at 22:12 +0300, Kirill A. Shutemov wrote:
> > The TDX guest platform takes one bit from the physical address to
> > indicate if the page is shared (accessible by VMM). This bit is not part
> > of the physical_mask and is not preserved during mprotect(). As a
> > result, the 'shared' bit is lost during mprotect() on shared mappings.
> >
> > _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved
> > during modification. AMD includes 'sme_me_mask' in the define to
> > preserve the 'encrypt' bit.
> >
> > To cover both Intel and AMD cases, include 'cc_mask' in
> > _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'.
> >
> > Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> > Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to
> > support TDX guests")
> > Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> > Cc: Chris Oo <cho@xxxxxxxxxxxxx>
> > Cc: Dexuan Cui <decui@xxxxxxxxxxxxx>
>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
>
> So does this mean there is shared memory mapped to userspace? Or is this a
> theoretical correctness thing?

Drivers can do this. Things like VFIO, I guess.

I think I should have credited Chris for reporting and testing the problem:

Reported-and-tested-by: Chris Oo <cho@xxxxxxxxxxxxx>

--
Kiryl Shutsemau / Kirill A. Shutemov