Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-06 Thread Kirill A. Shutemov
On Wed, Jun 05, 2024 at 06:24:19PM +0200, Borislav Petkov wrote: > On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote: > > If a page can be accessed via private mapping is determined by the > > presence in Secure EPT. This state persist across kexec. > > I just love it how I tickle

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-05 Thread Borislav Petkov
On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote: > If a page can be accessed via private mapping is determined by the > presence in Secure EPT. This state persist across kexec. I just love it how I tickle out details each time I touch this comment because we three can't write a

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-05 Thread Kirill A. Shutemov
On Tue, Jun 04, 2024 at 08:05:54PM +0200, Borislav Petkov wrote: > On Tue, Jun 04, 2024 at 07:14:00PM +0300, Kirill A. Shutemov wrote: > > /* > > * If tdx_enc_status_changed() fails, it leaves memory > > * in an unknown state. If the mem

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-04 Thread Borislav Petkov
On Tue, Jun 04, 2024 at 07:14:00PM +0300, Kirill A. Shutemov wrote: > /* >* If tdx_enc_status_changed() fails, it leaves memory >* in an unknown state. If the memory remains shared, >* it can result in an

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-04 Thread Kirill A. Shutemov
On Tue, Jun 04, 2024 at 08:47:22AM -0700, Dave Hansen wrote: > On 6/4/24 08:32, Kirill A. Shutemov wrote: > > What about the comment below? > > > > /* > > * One possible reason for the failure is if kexec raced > > * with memory convers

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-04 Thread Dave Hansen
On 6/4/24 08:32, Kirill A. Shutemov wrote: > What about the comment below? > > /* >* One possible reason for the failure is if kexec raced >* with memory conversion. In this case shared bit in >* page tab

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-04 Thread Kirill A. Shutemov
On Mon, Jun 03, 2024 at 10:37:54AM +0200, Borislav Petkov wrote: > On Sun, Jun 02, 2024 at 05:23:03PM +0300, Kirill A. Shutemov wrote: > > + /* > > +* The only thing one can do at this point on failure > > +* is panic. It is reasonable to pr

Re: [PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-03 Thread Borislav Petkov
On Sun, Jun 02, 2024 at 05:23:03PM +0300, Kirill A. Shutemov wrote: > + /* > + * The only thing one can do at this point on failure > + * is panic. It is reasonable to proceed. It makes even less sense now: panic() means "all stops and

[PATCHv11.1 11/19] x86/tdx: Convert shared memory back to private on kexec

2024-06-02 Thread Kirill A. Shutemov
TDX guests allocate shared buffers to perform I/O. It is done by allocating pages normally from the buddy allocator and converting them to shared with set_memory_decrypted(). The second, kexec-ed kernel has no idea what memory is converted this way. It only sees E820_TYPE_RAM. Accessing shared me