Re: [PATCHv11 11/19] x86/tdx: Convert shared memory back to private on kexec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Boris,

On 5/31/2024 10:14 AM, Borislav Petkov wrote:

  static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
  {
-	if (cc_platform_has(CC_ATTR_MEM_ENCRYPT))
-		return __set_memory_enc_pgtable(addr, numpages, enc);
+	int ret = 0;
- return 0; 
+	if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) {
+		if (!down_read_trylock(&mem_enc_lock))
+			return -EBUSY;
+
+		ret = __set_memory_enc_pgtable(addr, numpages, enc);
+
+		up_read(&mem_enc_lock);
+	}

So CC_ATTR_MEM_ENCRYPT is set for SEV* guests too. You need to change
that code here to take the lock only on TDX, where you want it, not on
the others.
SNP guest kexec patches are based on top of this patch-series and SNP guests also need this exclusive mem_enc_lock protection, so CC_ATTR_MEM_ENCRYPT makes sense to be used here. 

Thanks, Ashish
[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]
  Powered by Linux