Patch "x86/sme: Fix memory encryption setting if enabled by default and not overridden" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    x86/sme: Fix memory encryption setting if enabled by default and not overridden

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-sme-fix-memory-encryption-setting-if-enabled-by-.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d4c40f63e2831f6f12a8ad19a87630896756c3b0
Author: Ard Biesheuvel <ardb@xxxxxxxxxx>
Date:   Fri Jan 26 17:39:19 2024 +0100

    x86/sme: Fix memory encryption setting if enabled by default and not overridden
    
    [ Upstream commit e814b59e6c2b11f5a3d007b2e61f7d550c354c3a ]
    
    Commit
    
      cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")
    
    'fixed' an issue in sme_enable() detected by static analysis, and broke
    the common case in the process.
    
    cmdline_find_option() will return < 0 on an error, or when the command
    line argument does not appear at all. In this particular case, the
    latter is not an error condition, and so the early exit is wrong.
    
    Instead, without mem_encrypt= on the command line, the compile time
    default should be honoured, which could be to enable memory encryption,
    and this is currently broken.
    
    Fix it by setting sme_me_mask to a preliminary value based on the
    compile time default, and only omitting the command line argument test
    when cmdline_find_option() returns an error.
    
      [ bp: Drop active_by_default while at it. ]
    
    Fixes: cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")
    Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
    Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
    Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
    Link: https://lore.kernel.org/r/20240126163918.2908990-2-ardb+git@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index d73aeb16417fc..7f72472a34d6d 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -507,7 +507,6 @@ void __init sme_enable(struct boot_params *bp)
 	const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
 	unsigned int eax, ebx, ecx, edx;
 	unsigned long feature_mask;
-	bool active_by_default;
 	unsigned long me_mask;
 	char buffer[16];
 	bool snp;
@@ -593,22 +592,19 @@ void __init sme_enable(struct boot_params *bp)
 	     : "p" (sme_cmdline_off));
 
 	if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT))
-		active_by_default = true;
-	else
-		active_by_default = false;
+		sme_me_mask = me_mask;
 
 	cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
 				     ((u64)bp->ext_cmd_line_ptr << 32));
 
 	if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
-		return;
+		goto out;
 
 	if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
 		sme_me_mask = me_mask;
 	else if (!strncmp(buffer, cmdline_off, sizeof(buffer)))
 		sme_me_mask = 0;
-	else
-		sme_me_mask = active_by_default ? me_mask : 0;
+
 out:
 	if (sme_me_mask) {
 		physical_mask &= ~sme_me_mask;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux