RE: [PATCH 1/2] irqchip/gic-v3-its: Share ITS tables with a non-trusted hypervisor

From: Thomas Gleixner
Date: Wed Oct 02 2024 - 09:44:57 EST


On Mon, Sep 09 2024 at 03:47, Michael Kelley wrote:
>> + ret = set_memory_decrypted((unsigned long)page_address(page),
>> + 1 << order);
>> + if (WARN_ON(ret))
>
> On the x86 side, the WARN is done in the implementation of
> set_memory_decrypted()/encrypted() so that each call site doesn't
> need to do the WARN. Each call site must only leak the memory
> if the return value indicates other than success. There are call sites
> in architecture neutral code (such as for swiotlb and DMA direct)
> that expect the WARN is in set_memory_decrypted()/encrypted().
> To recap a previous discussion, we want the WARN for notification,
> but also so the most security-conscious users can set
> kernel.panic_on_warn=1 to stop further processing if there are
> problems in the decryption/encryption operation.

What's the resolution of this?

Thanks,

tglx