virtio_pmem use devm_memremap_pages() to map the device memory.
By default this memory is mapped as encrypted with SEV. Guest
reboot changes the current encryption key and guest no longer
properly decrypts the FSDAX device meta data.
Mark the corresponding device memory region for FSDAX devices
(mapped with memremap_pages) as decrypted to retain the persistent
memory property.
Signed-off-by: Pankaj Gupta <[email protected]>
---
mm/memremap.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/memremap.c b/mm/memremap.c
index 421bec3a29ee..08cbf54fe037 100644
--- a/mm/memremap.c
+++ b/mm/memremap.c
@@ -335,6 +335,7 @@ void *memremap_pages(struct dev_pagemap *pgmap, int nid)
WARN(1, "File system DAX not supported\n");
return ERR_PTR(-EINVAL);
}
+ params.pgprot = pgprot_decrypted(params.pgprot);
break;
case MEMORY_DEVICE_GENERIC:
break;
--
2.34.1
+Cc Andrew [forgot to add earlier]
> virtio_pmem use devm_memremap_pages() to map the device memory.
> By default this memory is mapped as encrypted with SEV. Guest
> reboot changes the current encryption key and guest no longer
> properly decrypts the FSDAX device meta data.
>
> Mark the corresponding device memory region for FSDAX devices
> (mapped with memremap_pages) as decrypted to retain the persistent
> memory property.
>
> Signed-off-by: Pankaj Gupta <[email protected]>
> ---
> mm/memremap.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/mm/memremap.c b/mm/memremap.c
> index 421bec3a29ee..08cbf54fe037 100644
> --- a/mm/memremap.c
> +++ b/mm/memremap.c
> @@ -335,6 +335,7 @@ void *memremap_pages(struct dev_pagemap *pgmap, int nid)
> WARN(1, "File system DAX not supported\n");
> return ERR_PTR(-EINVAL);
> }
> + params.pgprot = pgprot_decrypted(params.pgprot);
> break;
> case MEMORY_DEVICE_GENERIC:
> break;
On Wed, 2 Nov 2022 11:07:28 -0500 Pankaj Gupta <[email protected]> wrote:
> virtio_pmem use devm_memremap_pages() to map the device memory.
> By default this memory is mapped as encrypted with SEV. Guest
> reboot changes the current encryption key and guest no longer
> properly decrypts the FSDAX device meta data.
>
> Mark the corresponding device memory region for FSDAX devices
> (mapped with memremap_pages) as decrypted to retain the persistent
> memory property.
>
> ...
>
> --- a/mm/memremap.c
> +++ b/mm/memremap.c
> @@ -335,6 +335,7 @@ void *memremap_pages(struct dev_pagemap *pgmap, int nid)
> WARN(1, "File system DAX not supported\n");
> return ERR_PTR(-EINVAL);
> }
> + params.pgprot = pgprot_decrypted(params.pgprot);
> break;
> case MEMORY_DEVICE_GENERIC:
> break;
Should this be backported into earlier kernels?
Is b7b3c01b19159 a suitable Fixes: target?
Hi Andrew,
>> virtio_pmem use devm_memremap_pages() to map the device memory.
>> By default this memory is mapped as encrypted with SEV. Guest
>> reboot changes the current encryption key and guest no longer
>> properly decrypts the FSDAX device meta data.
>>
>> Mark the corresponding device memory region for FSDAX devices
>> (mapped with memremap_pages) as decrypted to retain the persistent
>> memory property.
>>
>> ...
>>
>> --- a/mm/memremap.c
>> +++ b/mm/memremap.c
>> @@ -335,6 +335,7 @@ void *memremap_pages(struct dev_pagemap *pgmap, int nid)
>> WARN(1, "File system DAX not supported\n");
>> return ERR_PTR(-EINVAL);
>> }
>> + params.pgprot = pgprot_decrypted(params.pgprot);
>> break;
>> case MEMORY_DEVICE_GENERIC:
>> break;
>
> Should this be backported into earlier kernels?
Yes, kernel >= 5.10 for clean back-port as it contains the below commit.
>
> Is b7b3c01b19159 a suitable Fixes: target?
Not very sure. But seems like the right commit for fixes tag as the
target code is moved in this commit with multiple range support addition.
Should I send a v2 with fixes & stable kernel fixes tag?
Thanks,
Pankaj
On Thu, 3 Nov 2022 08:55:40 +0100 "Gupta, Pankaj" <[email protected]> wrote:
> > Should this be backported into earlier kernels?
>
> Yes, kernel >= 5.10 for clean back-port as it contains the below commit.
>
> >
> > Is b7b3c01b19159 a suitable Fixes: target?
>
> Not very sure. But seems like the right commit for fixes tag as the
> target code is moved in this commit with multiple range support addition.
>
> Should I send a v2 with fixes & stable kernel fixes tag?
That's OK thanks - I made those changes to my copy.