Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp3811580pxu;
        Tue, 20 Oct 2020 00:41:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxVFL0iNKm+1ov4D114rmFiTqaeWa3VkyI/LUAzRtNO4lW9RGU95zWruehtPhxAHN3yDMeB
X-Received: by 2002:a05:6402:142a:: with SMTP id c10mr1463743edx.261.1603179707872;
        Tue, 20 Oct 2020 00:41:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1603179707; cv=none;
        d=google.com; s=arc-20160816;
        b=GPInmn6mla9+5xG4gp7QraMdvPPLY4vyHfjcs1nWjCj5obHSfNHyHdwaifQf18uPew
         fLejDzVsjutxSgiUeWTO28rWbKlSzBlpQeng1oC/OxFaWp0TkTtT63iWyP2t9Drwz0Bx
         Pzdkvz8+e7ndia6wPfIZiLYXKT8vgT4oAWdIe/BXs4fWK+RkGl60A8zEsLEB+tLREoM6
         iyFLVAKKgSWeAup3rlFJOEvGUU7M4UIfXsgptQ3cXc4NGw3mSshpjt9Cil+MmG3Q0v9b
         fSu1Hr7Yph+w9xqtgCoAnM1buL+aZyG88q87Acwk/Pph2zfkf/hlmE07iXBPu3UplPQI
         pnXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=rPNida5x793HRA1POzrKhWtMVjU5UBl1tpjhHzgzQWk=;
        b=uyNliTvUYL4JfBXESxMJdoPsEkV3h1UCNe1jd3/8hydek7DWAUAAYuX7WeaEtCoojd
         8rNf5qS3iPIqd7J2mJX3VsufbwdGXdt3KLslBnkQSwJdWNtAfFtjeaURAKjX1D5Mg9vx
         zwkJ+fnk0j9BHNx8vhCw+Q1hGYCRkPZ+00tEEtqUDCLX/j3DX1Y4rHXoMl7EtU76RS4U
         GLaPqszR4UYoRmGDTlq23WHjSn9HlLxNFPV5oSHvcgelVO+96k5hzBLcfDxlf5F//c8x
         eqBDviFpX9l3ErnTkaDASGD0zZT/uDh1yoUqF81LfNZFD+3tVHNJ2fGPiEys4HOo3XAZ
         VOog==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w20si764175ejc.568.2020.10.20.00.41.26;
        Tue, 20 Oct 2020 00:41:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727226AbgJSUds (ORCPT <rfc822;sduhuangshuai@gmail.com>
        + 99 others); Mon, 19 Oct 2020 16:33:48 -0400
Received: from 8bytes.org ([81.169.241.247]:34022 "EHLO theia.8bytes.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726118AbgJSUds (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Oct 2020 16:33:48 -0400
Received: by theia.8bytes.org (Postfix, from userid 1000)
        id 4770E52D; Mon, 19 Oct 2020 22:33:47 +0200 (CEST)
Date:   Mon, 19 Oct 2020 22:33:45 +0200
From:   Joerg Roedel <joro@8bytes.org>
To:     Arvind Sankar <nivedita@alum.mit.edu>
Cc:     x86@kernel.org, Joerg Roedel <jroedel@suse.de>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Kees Cook <keescook@chromium.org>,
        Martin Radev <martin.b.radev@gmail.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/5] x86/boot/compressed/64: Check SEV encryption in
 64-bit boot-path
Message-ID: <20201019203345.GF3635@8bytes.org>
References: <20201019151121.826-1-joro@8bytes.org>
 <20201019151121.826-4-joro@8bytes.org>
 <20201019170008.GA2701355@rani.riverdale.lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20201019170008.GA2701355@rani.riverdale.lan>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Arvind,

On Mon, Oct 19, 2020 at 01:00:08PM -0400, Arvind Sankar wrote:
> On Mon, Oct 19, 2020 at 05:11:19PM +0200, Joerg Roedel wrote:
> > +
> > +	/* Store value to memory and keep it in %r10 */
> > +	movq	%r10, sev_check_data(%rip)
> > +
> 
> Does there need to be a cache flush/invalidation between this and the
> read below to avoid just reading back from cache, or will the hardware
> take care of that?

No, a cache flush is not needed. When the C bit position is correct,
then the data will be mapped encrypted with the old and the new
page-table. If the C bit position is wrong, the access goes to a
different physical address.

> > +	/* Backup current %cr3 value to restore it later */
> > +	movq	%cr3, %r11
> > +
> > +	/* Switch to new %cr3 - This might unmap the stack */
> > +	movq	%rdi, %cr3
> 
> Does there need to be a TLB flush after this? When executed from the
> main kernel's head code, CR4.PGE is enabled, and if the original page
> mapping had the global bit set (the decompressor stub sets that in the
> identity mapping), won't the read below still use the original encrypted
> mapping if we don't explicitly flush it?

The check only really matters for the boot CPU, not for the secondary
CPUs. IIRC at this point in boot CR4.PGE is still off.

Regards,

	Joerg