Re: [PATCH v2 2/2] x86/sev: Add callback to apply RMP table fixups for kexec.
From: Kalra, Ashish
Date: Fri Nov 15 2024 - 20:12:14 EST
On 11/15/2024 6:52 PM, Mike Rapoport wrote:
> Hi,
>
> (sorry for jumping really late, I've just found this accidentally)
>
> On Fri, Apr 26, 2024 at 09:56:25AM -0500, Kalra, Ashish wrote:
>> On 4/26/2024 7:58 AM, Borislav Petkov wrote:
>>
>>> On Wed, Apr 24, 2024 at 06:48:08PM -0500, Kalra, Ashish wrote:
>>>> This callback needs to be invoked as part of setup_arch() as it needs e820
>>>> table to be setup in e820__memory_setup() before the callback is invoked and
>>>> snp_init() is called from sme_enable() in kernel/head_64.S (startup_64),
>>>> which is much before start_kernel() -> setup_arch() is invoked.
>>> So?
>>>
>>> snp_init() still runs before e820__memory_setup(). So what's stopping
>>> you?
>>
>> As i have already explained above, snp_init() runs before
>> e820__memory_setup() so we can't invoke this callback in snp_init() as e820
>> tables have still not been setup. Again to summarize, the e820 tables are
>> setup in e820__memory_setup() which runs after snp_init().
>
> I agree that snp_fixup_e820_tables() should run after e820__memory_setup(),
> but I wonder if it's ok for it to run *after* e820__memblock_setup().
>
> At the very least making changes to e820 table after they were translated
> to memblock creates inconsistency between the e820 and core mm views of the
> memory.
>
> So I wonder what would happen if the memory from the problematic chunk was
> allocated by kernel rather than by kexec? Couldn't it cause RMP fault?
>
Yes, we discovered an issue with SNP guests when trying to use one of
these pages and there was a fix pushed and merged to ensure that RMP
table fixups are (also) reserved for memblock.
Here is a detailed description from the patch:
The RMP table fixups are done after the e820 ranges have been added to
memblock, allowing the fixup ranges to still be allocated and used by
the system. The problem is that this memory range is now marked reserved
in the e820 tables and during SNP initialization these reserved ranges
are made HV-Fixed. This means that the pages cannot be used by an SNP
guest, only by the hypervisor. However, the memory management subsystem
does not make this distinction and can allocate one of those pages to an
SNP guest. This will ultimately result in RMPUPDATE failures associated
with the guest, causing it to fail to start or terminate when accessing
the HV-Fixed page.
Link to the patch:
https://lore.kernel.org/lkml/20240815221630.131133-1-Ashish.Kalra@xxxxxxx/
Thanks,
Ashish
> -
> Sincerely yours,
> Mike.