Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-24 Thread Greg KH
On Thu, Sep 24, 2020 at 07:00:11PM -0700, Cfir Cohen wrote: > The LAUNCH_SECRET command performs encryption of the > launch secret memory contents. Mark pinned pages as > dirty, before unpinning them. > This matches the logic in sev_launch_update_data(). > > Fixes: 9c5e0afaf157 ("KVM: SVM: Add

[PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-24 Thread Cfir Cohen
The LAUNCH_SECRET command performs encryption of the launch secret memory contents. Mark pinned pages as dirty, before unpinning them. This matches the logic in sev_launch_update_data(). Fixes: 9c5e0afaf157 ("KVM: SVM: Add support for SEV LAUNCH_SECRET command") Signed-off-by: Cfir Cohen ---

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-23 Thread Paolo Bonzini
On 23/09/20 19:26, Sean Christopherson wrote: > /* >* Flush before LAUNCH_UPDATE encrypts pages in place, in case the cache >* contains the data that was written unencrypted. >*/ > sev_clflush_pages(inpages, npages); > > there's nothing in the comment or code

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-23 Thread Sean Christopherson
On Wed, Sep 23, 2020 at 07:16:08PM +0200, Paolo Bonzini wrote: > On 23/09/20 19:04, Sean Christopherson wrote: > >> Two of the three instances are a bit different though. What about this > >> which at least shortens the comment to 2 fewer lines: > > Any objection to changing those to "Flush (on

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-23 Thread Paolo Bonzini
On 23/09/20 19:04, Sean Christopherson wrote: >> Two of the three instances are a bit different though. What about this >> which at least shortens the comment to 2 fewer lines: > Any objection to changing those to "Flush (on non-coherent CPUs)"? I agree > it would be helpful to call out the

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-09-23 Thread Paolo Bonzini
On 19/09/20 06:55, Sean Christopherson wrote: > Side topic, while I love the comment (I do, honestly) regarding in-place > encryption, this is the fourth? instance of the same 4-line comment (6 lines > if you count the /* and */. Maybe it's time to do something like > > /* LAUNCH_SECRET

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-08-07 Thread Krish Sadhukhan
On 8/6/20 6:23 PM, Cfir Cohen wrote: The LAUNCH_SECRET command performs encryption of the launch secret memory contents. Mark pinned pages as dirty, before unpinning them. This matches the logic in sev_launch_update(). sev_launch_update_data() instead of sev_launch_update() ? Signed-off-by:

Re: [PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-08-07 Thread David Rientjes
On Thu, 6 Aug 2020, Cfir Cohen wrote: > The LAUNCH_SECRET command performs encryption of the > launch secret memory contents. Mark pinned pages as > dirty, before unpinning them. > This matches the logic in sev_launch_update(). > > Signed-off-by: Cfir Cohen Acked-by: David Rientjes

[PATCH] KVM: SVM: Mark SEV launch secret pages as dirty.

2020-08-06 Thread Cfir Cohen
The LAUNCH_SECRET command performs encryption of the launch secret memory contents. Mark pinned pages as dirty, before unpinning them. This matches the logic in sev_launch_update(). Signed-off-by: Cfir Cohen --- arch/x86/kvm/svm/sev.c | 15 ++- 1 file changed, 14 insertions(+), 1