From patchwork Fri Feb 21 14:28:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "tip-bot2 for Kirill A. Shutemov" X-Patchwork-Id: 13985602 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE2FAC021B3 for ; Fri, 21 Feb 2025 14:28:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2A149280004; Fri, 21 Feb 2025 09:28:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 24FBD280001; Fri, 21 Feb 2025 09:28:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F185280004; Fri, 21 Feb 2025 09:28:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E3D72280001 for ; Fri, 21 Feb 2025 09:28:42 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 7462AA0F91 for ; Fri, 21 Feb 2025 14:28:42 +0000 (UTC) X-FDA: 83144182884.18.581C206 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by imf04.hostedemail.com (Postfix) with ESMTP id 6919A40014 for ; Fri, 21 Feb 2025 14:28:40 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=ZPw1AudZ; dkim=pass header.d=linutronix.de header.s=2020e header.b=Fy2IsmCf; spf=pass (imf04.hostedemail.com: domain of tip-bot2@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=tip-bot2@linutronix.de; dmarc=pass (policy=none) header.from=linutronix.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740148120; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vH5iRePqFWY0jBXyv+qXJE548ytAEcprlSzOEoz/Ymg=; b=y+7A8EymBaIAEst3b0BlXPVSSQrsgMOA9UhRfQBqTDwAWidM7tOy/xEk6wvR9q/GNYiXJo pUwCMvpUfhfK1bXi3OpkOUYC3o8Ele0I6rUot31Ilj1wisVXTJzIYsQ+FqgW1j+0/9d3hl bOAPlSBI0MTAxODvueADes3CwUmz8Gs= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=linutronix.de header.s=2020 header.b=ZPw1AudZ; dkim=pass header.d=linutronix.de header.s=2020e header.b=Fy2IsmCf; spf=pass (imf04.hostedemail.com: domain of tip-bot2@linutronix.de designates 193.142.43.55 as permitted sender) smtp.mailfrom=tip-bot2@linutronix.de; dmarc=pass (policy=none) header.from=linutronix.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740148120; a=rsa-sha256; cv=none; b=g+NZCGwmdlHCeBieL3Y3UYFN7aZ+MlW4sYLh6+T3lFKYwFivOmSZN33CduUa3qYO8y7xs0 +/iu8enNZjAZNTgQcxJ72vWdB/u+YObyR95SENJDlx+GQqfeGDGRfRvhQuGGuWHNxYnfTn iErzm0tQ+5m5RVgrOOLcGJLkWXi8b2w= Date: Fri, 21 Feb 2025 14:28:37 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1740148118; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vH5iRePqFWY0jBXyv+qXJE548ytAEcprlSzOEoz/Ymg=; b=ZPw1AudZBLH1C1YQ5RhWoBMsQM+4c6uVBuhRKkOtpnA6u1qPCoNaV2yK0hYZPy10e9j9zx OSehMPNqIT1SW8aQqYNA852QWy3gTxgGixn+lKaBr0D3qBApF5O5wEdKmswv4z9M9j3t7A ee8TMd+pbOkIV0HZGrKjURIZCLh+362IeF+hXxpfpPA17M0Bs+Q5N3kZ+sHEQqMrFSpGYC G3TnUQb5a6W/3A7468gYxs2ijD2I2dOr9Ksvvba6JMUYBzcfP/dsask/wjmk4LG1JeFcKG Pm8rRzlruW40sjNoklCIDPpFGi1Y+2sKHPR6EdIcW4YVbo7IiIFzUF/U/VaLqg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1740148118; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vH5iRePqFWY0jBXyv+qXJE548ytAEcprlSzOEoz/Ymg=; b=Fy2IsmCf3Xmmhi7VEdPRm4KwjTsob6VCA8lBc6HDLBy4IF0pSHrYx2AHrBhr4+a1T+0FoS cXhUFIrMtzxOQ+AQ== From: "tip-bot2 for Kirill A. Shutemov" Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/mm] x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default Cc: "Kirill A. Shutemov" , Ingo Molnar , Andrew Morton , Dave Hansen , Linus Torvalds , Peter Zijlstra , linux-mm@kvack.org, x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20250217163822.343400-3-kirill.shutemov@linux.intel.com> References: <20250217163822.343400-3-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Message-ID: <174014811760.10177.17006490943766230625.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 6919A40014 X-Stat-Signature: f85hdrxwn9bbszucodugweja9tfob73f X-HE-Bulk: true X-HE-Tag: 1740148120-893197 X-HE-Meta: U2FsdGVkX1/7NS46o6eD0D1hhQyKkmYGB5McezYeMhXgPQgjws1Hpkg9cU3Y/ulwrP2X+qjYKz7uOUkrxcvzJi+Yx1TjWIZLHIAQGrp80GgUsbJ7HF1YwYmIl0mxzDzfczSqy2mXN/cbYf+TUvKHhqHEVCgbED5ICNTyVpsY3enBk4glxIcsng4qXuHGnuianSSFF9gTcBAYJlIA4K8GnxhdPg/WlFivlfCxR6HRv4ggR4WkrTakUfc4yZpmoBbq9X7jxlSVCcqUw/pfH5lE5d7m8K+F/8/yzBOm27CfubIvdyU9N1u0QMVT6Tjtr4bF6YsgHVR92Gus1PCBNdBJyaxIf7EdzEswGIpAUEWOUI7iNSOtphGEaWQiECklV46BoQr4qM3VlVaEpK7GCoqtnop+yk3o6cxBpgso9Xi3FzBaHAn8JtERGwj0JrcPkGer696UwguS5XBFeIFl7tcDzqcwRc9mN5vCNRB6GzvAdluwCZC6IBuZ5cLEV2m0l4DDhorC+DouzvMFVH2NhOLVXPiAmpqaQ0xyuIi5Bkci0JMYDFPsV7b6Oy0qvW502O/d7Ijgu2a5YxCHsZvaEJNLuEkMZ99SZRzOdJ9E5L44601YgC2yM/LV9m2DKK2VCHb/bb5OBgyY3sGkfsZ2Mp6iCirpHsBZ6HkluObEabBMQlzqGNKUHrJqruG0/NisvXsF/DedCgMHD/vUyIrSPwWvRZuChYKfQGyf1HUHY+q0A7fF6oW7llgbq1rPboDronSUrEJlHP4Q/H9JLFOnPC++RlGHBCuSQLrKqDp8pRWMUmBxFe97WPrDKUAL19se/94XJMNLSDxgKhW7PfOjiDro9Q7hAUL7Cddw5v5BaL8fri11kKN4gXGpPTsi6FwjQ8F1fcH442NR/w4qGNq20Ztk3yvRUowoXiSDnbI8zWToLK7yR9gDa2tK8p4T7efRvEeSyLic8xYMs9BAhUhIssu t3hSgm8f uWk6I6cOvITDE5Lvvzm6EhuFE1CSCOp/e/RvSICYjuJ5PW0avi5hrRT2waQIgHBgJ6V9rmYxRN1lJ2pRBbsHWCUMscItMUAGD5KNtxM4aQXKLZVN2QFi7d3Ga8cKFOTmoagZoIaXcjIv+ycX6chG9ONbbsOMXRrju/w7pnTRIlLJsGWoPzbO/DuRteG3iy5k633JL0/ol6G/muFqTt/WKkLsNNPnAGknT5LsK0wnLlW69U9Ll1vRxfPobzYiQuKM5oNlrGC3Gckpn2eyG2PClkUuBKomweSnSg3B50+jiFV+xHVZy1V5eINnDNnc5yAkOExYgdfY8O85etwz13dtoOgE/haRMG80+Gxn36iUJgKaR12PKPt+Y+ZuwiixNb7m+RBL3LXg1K8SO5AIvIHBtE5m/0+URcNLKMGYImduqskho/0p10KW4F8RBm/FmT2Si3/LO7I9aVr/w1tQSmf+nZGRLl5LNryBxk++9iHM30Rl/ilg3faM8tK5v9vXsscCEefeejN9M4dM7u3tX4ekfq+c0nmgYi8TeF6Yqtt3gehcq0F7z4nSV/7uMrK8zxviVydeKfI31rjddhMP+5ywEBjPjmsa3/AG7IbAV+lTp2EWEjBgNhtOOSsRyQ/MeyxkOmHE9PKOEuAShxFEsGNG+q1jvmQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The following commit has been merged into the x86/mm branch of tip: Commit-ID: 81256a50aa0fddefbf4849db8cad9f70c5167c04 Gitweb: https://git.kernel.org/tip/81256a50aa0fddefbf4849db8cad9f70c5167c04 Author: Kirill A. Shutemov AuthorDate: Mon, 17 Feb 2025 18:38:21 +02:00 Committer: Ingo Molnar CommitterDate: Fri, 21 Feb 2025 15:05:45 +01:00 x86/mm: Make memremap(MEMREMAP_WB) map memory as encrypted by default Currently memremap(MEMREMAP_WB) can produce decrypted/shared mapping: memremap(MEMREMAP_WB) arch_memremap_wb() ioremap_cache() __ioremap_caller(.encrytped = false) In such cases, the IORES_MAP_ENCRYPTED flag on the memory will determine if the resulting mapping is encrypted or decrypted. Creating a decrypted mapping without explicit request from the caller is risky: - It can inadvertently expose the guest's data and compromise the guest. - Accessing private memory via shared/decrypted mapping on TDX will either trigger implicit conversion to shared or #VE (depending on VMM implementation). Implicit conversion is destructive: subsequent access to the same memory via private mapping will trigger a hard-to-debug #VE crash. The kernel already provides a way to request decrypted mapping explicitly via the MEMREMAP_DEC flag. Modify memremap(MEMREMAP_WB) to produce encrypted/private mapping by default unless MEMREMAP_DEC is specified or if the kernel runs on a machine with SME enabled. It fixes the crash due to #VE on kexec in TDX guests if CONFIG_EISA is enabled. Signed-off-by: Kirill A. Shutemov Signed-off-by: Ingo Molnar Cc: Andrew Morton Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: linux-mm@kvack.org Link: https://lore.kernel.org/r/20250217163822.343400-3-kirill.shutemov@linux.intel.com --- arch/x86/include/asm/io.h | 3 +++ arch/x86/mm/ioremap.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h index ed580c7..1a0dc2b 100644 --- a/arch/x86/include/asm/io.h +++ b/arch/x86/include/asm/io.h @@ -175,6 +175,9 @@ extern void __iomem *ioremap_prot(resource_size_t offset, unsigned long size, un extern void __iomem *ioremap_encrypted(resource_size_t phys_addr, unsigned long size); #define ioremap_encrypted ioremap_encrypted +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags); +#define arch_memremap_wb arch_memremap_wb + /** * ioremap - map bus memory into CPU space * @offset: bus address of the memory diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index 38ff779..42c90b4 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -503,6 +503,14 @@ void iounmap(volatile void __iomem *addr) } EXPORT_SYMBOL(iounmap); +void *arch_memremap_wb(phys_addr_t phys_addr, size_t size, unsigned long flags) +{ + if ((flags & MEMREMAP_DEC) || cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) + return (void __force *)ioremap_cache(phys_addr, size); + + return (void __force *)ioremap_encrypted(phys_addr, size); +} + /* * Convert a physical pointer to a virtual kernel pointer for /dev/mem * access