Hello Boris, On 5/31/2024 10:14 AM, Borislav Petkov wrote:
static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) { - if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) - return __set_memory_enc_pgtable(addr, numpages, enc); + int ret = 0;- return 0;+ if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) { + if (!down_read_trylock(&mem_enc_lock)) + return -EBUSY; + + ret = __set_memory_enc_pgtable(addr, numpages, enc); + + up_read(&mem_enc_lock); + }So CC_ATTR_MEM_ENCRYPT is set for SEV* guests too. You need to change that code here to take the lock only on TDX, where you want it, not on the others.
SNP guest kexec patches are based on top of this patch-series and SNP guests also need this exclusive mem_enc_lock protection, so CC_ATTR_MEM_ENCRYPT makes sense to be used here.
Thanks, Ashish
