Re: [PATCH] x86/tdx: Fix crash on kexec with CONFIG_EISA
From: Kirill A. Shutemov
Date: Tue Sep 10 2024 - 08:58:29 EST
On Fri, Aug 30, 2024 at 03:47:50PM -0500, Kalra, Ashish wrote:
> Hello Kirill,
>
> On 8/29/2024 7:53 AM, Kirill A. Shutemov wrote:
> > On Wed, Aug 28, 2024 at 02:43:23PM -0500, Kalra, Ashish wrote:
> >> Hello Kirill,
> >>
> >> On 8/28/2024 1:21 AM, Kirill A. Shutemov wrote:
> >>>>>> memremap()
> >>>>>> arch_memremap_wb()
> >>>>>> ioremap_cache()
> >>>>>> __ioremap_caller(.encrytped = false)
> >>>>>>
> >>>>>> I think arch_memremap_wb() should be mapped ioremap_encrypted() in x86
> >>>>>> case. See the patch below.
> >>>>>>
> >>>>>> It seems to be working fine on TDX, but I am not sure about SEV.
> >>>>>>
> >>>>>> Tom, any comments?
> >>>>> I haven't dug through the code that thoroughly, but I don't think making
> >>>>> arch_memremap_wb() be ioremap_encrypted() will work for SME, where some
> >>>>> data, e.g. setup data, is unencrypted and needs to be mapped shared.
> >>>>>
> >>>>> Let me add @Ashish to the thread and have him investigate this since he
> >>>>> has been working on the kexec support under SNP. Can someone provide the
> >>>>> specific kernel options that need to be in place?
> >>>> As Tom asked for, please provide the specific kernel options to test
> >>>> with this configuration.
> >>> It is not about testing a specific configuration. The question is if it
> >>> safe for memremap() to map all WB memory as encrypted by default.
> >>>
> >>> Looks like it is safe for TDX, but I am not sure about SME/SEV.
> >> For SEV it may make sense, but for SME we don't want memremap() to map
> >> all WB memory as encrypted by default.
> > Could you elaborate why?
> >
> > I mean if it is specific memory ranges that can be identified as such we
> > could make exception for them.
> Looks like that the exception is already made for some of these memory ranges with MEMREMAP_DEC flag set along with MEMREMAP_WB.
> >>> Maybe we want a specific flag to make memremap() map WB memory as
> >>> decrypted/shared. Make everything encrypted by default seems like a sane
> >>> default.
> >> What are MEMREMAP_ENC, MEMREMAP_DEC flags being used for currently ?
> > Good question.
> >
> > I see zero use of MEMREMAP_ENC in the kernel. And MEMREMAP_DEC only used
> > for setup data which I believe AMD thing.
> >
> > If it is the only memory that must be decrypted, I guess we can make it
> > work with encrypted by default.
>
> Yes, and this looks pretty much covered with:
>
> arch_memremap_can_ram_remap(..)
>
> -> if (CC_ATTR_HOST_MEM_REMAP)
>
> --> memremap_is_setup_data()
>
> ---> memremap(.., MEMREMAP_WB | MEMREMAP_DEC);
>
> It does look like that it can work with encrypted by default and any memory ranges which need special handling and need to be setup as decrypted can use MEMREMAP_WB | MEMREMAP_DEC flag.
>
Could you actually test the patch that makes memremap() map WB memory as
encrypted by default:
https://lore.kernel.org/all/g3tswlyhrnuzfqf2upq6h23manyrzhnxttnay66nycy2moi4es@5n4oblzpzcjc/
?
If it works, I will submit a proper patch.
--
Kiryl Shutsemau / Kirill A. Shutemov