On Thu, Dec 29, 2022 at 01:17:48PM +0100, Borislav Petkov wrote: > On Thu, Dec 01, 2022 at 07:30:22PM -0800, Michael Kelley wrote: > > Current code in sme_postprocess_startup() decrypts the bss_decrypted > > section when sme_me_mask is non-zero. But code in > > mem_encrypt_free_decrypted_mem() re-encrypts the unused portion based > > on CC_ATTR_MEM_ENCRYPT. In a Hyper-V guest VM using vTOM, these > > conditions are not equivalent as sme_me_mask is always zero when > > using vTOM. Consequently, mem_encrypt_free_decrypted_mem() attempts > > to re-encrypt memory that was never decrypted. > > > > Fix this in mem_encrypt_free_decrypted_mem() by conditioning the > > re-encryption on the same test for non-zero sme_me_mask. Hyper-V > > guests using vTOM don't need the bss_decrypted section to be > > decrypted, so skipping the decryption/re-encryption doesn't cause > > a problem. > > Lemme simplify the formulations a bit: > > "sme_postprocess_startup() decrypts the bss_decrypted ection when me_mask > sme_is non-zero. s/ection/section/ (In case you copy/paste this text without noticing the typo)
