Received: by 2002:a05:7412:40d:b0:e2:908c:2ebd with SMTP id 13csp681003rdf; Tue, 21 Nov 2023 13:24:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IHb6sYQyp93iOWWEt2rGVGzGIab6XUdkkSptmYSvQ2OHeKpFqprjT8FcPWXRWomWYEo3i00 X-Received: by 2002:a05:6a20:748e:b0:181:44c:d6a with SMTP id p14-20020a056a20748e00b00181044c0d6amr324733pzd.21.1700601854267; Tue, 21 Nov 2023 13:24:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700601854; cv=none; d=google.com; s=arc-20160816; b=HzbjPSFV7l/yJdSDpf9jLy4TRA2OMhFVpFawXavD4qKLJU4oAfL9dm2COqRxlnsxyb GriqAWmxV3BQh3zaQXtqoruqQEbWdJ7ioUF3n6C/VEPXfxNB61rEYRBQAqetLstLQnaa 5xWCGm/CrDtwnMpKAptmpT+HdnssnL6UOqlT96n7jtJfLFCLpnw/Iowjj9fd3j7xDOEH zs9OH+IuXnPDSKwEdEDNxmRbYtjWOgvfzAxvVL65gYEWyMKHxIqZBnWhItNJRfqw3aFE VZCnHy49hPAkJQyxSiFNPq27KYRUK7ZVPu0OmbUve8jH8M3/MxMIRLr4Q3tTdpJ3P9La 7iSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version:reply-to :references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=; fh=wyDrSELqbqvlKRSKXty1EQFi91fS5Tp5QenCgDsTQek=; b=D+bJufCDzpMrwTC6H42IQLyeyxKdw58+8EGYKQ3BRntdnIlPdztpCp2FrMS/+UlUes t5uv5VzfVphYfA7ECKuGo0F+shypVIIeyV7xo3Xrj+0In9/XpgOnN0hMXJfcCI70q2gm +kzfT6zZw2QzVRqKj7ZxBrU0GBgi0+Lo3KNet+EelS2jGI4xSvAy+OPxWAMeag9gCdxY VzuDDYKDX14ByG9ygSuhe5oLjWeMhFejYZASsmHCKmD/ORO/WBE2pXBsCTG7BUL9hvnm 1Mj2KU8PsQN9kATLcrFQTVJKPSsaSveV7Ac6LyL1EnVEmh6mS0Ew2S0elIdRN/+FHobM 5pRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EQvFRD4x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id p24-20020a63e658000000b005855f67e491si11367332pgj.696.2023.11.21.13.24.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:24:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EQvFRD4x; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 1F1AB805F09F; Tue, 21 Nov 2023 13:21:26 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234736AbjKUVVD (ORCPT + 99 others); Tue, 21 Nov 2023 16:21:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234587AbjKUVUu (ORCPT ); Tue, 21 Nov 2023 16:20:50 -0500 Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B81C7D76; Tue, 21 Nov 2023 13:20:43 -0800 (PST) Received: by mail-pl1-x62d.google.com with SMTP id d9443c01a7336-1cc5b705769so53531915ad.0; Tue, 21 Nov 2023 13:20:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700601643; x=1701206443; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=; b=EQvFRD4xS0Od02YOZ89FSXUma5aS1JF8NLEsj3EHY2PokkTlrckc/oaQGvN+T+GqIz oUbBAQmU9m9bdG5GULvBeGmc6ddF8O+8dhT9wiUOrikXEd6vGDCk5Z6qT+oXzonIeOBj sOmUMfxnplAyO80Wlrx/LVHjJBNH+ab2kZSmll2Qo3gIlRYBFdNnnbh1yfLiC2JxDgE5 dE7UpZ5X9IOf/ISlPzN8MthizhHvgM+MZMeAYGzmJ0eg/dDcgtwBh7hLmO4CHcW7Ads0 sSYWh9MgW/CnXlhPB03cNXdABx5fmbDglcPoD1p6zruaw3ieE38hwDQLGPopCnWxHose QMTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700601643; x=1701206443; h=content-transfer-encoding:mime-version:reply-to:references :in-reply-to:message-id:date:subject:to:from:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=; b=stjgxx6USQfk8Ap7GZ8JXFAId15KpZAxbEGFul8xgAbgGYyERhrq1DfeHB8smYJrKR s48wbyhlm2yr4tuOlAwVyX9l2A7Jj7DhKOYdKSpZSTb5HmjNyyyAfe/5ntNHhvNQtApA WRQRn4YysUeFuzhc9hCV3h1Az9H93LYAnsDkewEkglwdoTaBpCOdKG6wMAPhTR7nohhQ bw94a7c1ym2kI98sOw7q0oYFvFCIR1tWla4SzoaRN2j8Et2yQ+GjKWKCbIxrGWeEiI5v 3TcwmZf7tqtY3QRRqe3QLvEzgkL/OgSYjJXySmL6VsS9PBxlDBAbdXmLek+zaMUlpL4K Vfng== X-Gm-Message-State: AOJu0Yxvf3FnvzfvVXeqj6uecIVACvPFi75j4wNyPMFkU+yXHyqi7BKp a/QEEzMKydsIH6ohs4Z2zLc= X-Received: by 2002:a17:903:1107:b0:1cf:73ff:b196 with SMTP id n7-20020a170903110700b001cf73ffb196mr470013plh.8.1700601643193; Tue, 21 Nov 2023 13:20:43 -0800 (PST) Received: from localhost.localdomain (c-73-254-87-52.hsd1.wa.comcast.net. [73.254.87.52]) by smtp.gmail.com with ESMTPSA id j2-20020a170902758200b001bf52834696sm8281924pll.207.2023.11.21.13.20.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Nov 2023 13:20:42 -0800 (PST) From: mhkelley58@gmail.com X-Google-Original-From: mhklinux@outlook.com To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kirill.shutemov@linux.intel.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, luto@kernel.org, peterz@infradead.org, akpm@linux-foundation.org, urezki@gmail.com, hch@infradead.org, lstoakes@gmail.com, thomas.lendacky@amd.com, ardb@kernel.org, jroedel@suse.de, seanjc@google.com, rick.p.edgecombe@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, linux-hyperv@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH v2 8/8] x86/mm: Add comments about errors in set_memory_decrypted()/encrypted() Date: Tue, 21 Nov 2023 13:20:16 -0800 Message-Id: <20231121212016.1154303-9-mhklinux@outlook.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231121212016.1154303-1-mhklinux@outlook.com> References: <20231121212016.1154303-1-mhklinux@outlook.com> Reply-To: mhklinux@outlook.com MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,FREEMAIL_REPLYTO,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Tue, 21 Nov 2023 13:21:27 -0800 (PST) From: Michael Kelley The functions set_memory_decrypted()/encrypted() may leave the input memory range in an inconsistent state if an error occurs. Add comments describing the situation and what callers must be aware of. Also add comments in __set_memory_enc_dec() with more details on the issues and why further investment in error handling is not likely to be useful. No functional change. Suggested-by: Rick Edgecombe Signed-off-by: Michael Kelley --- arch/x86/mm/pat/set_memory.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 7365c86a7ff0..f519e5ca543b 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2133,6 +2133,24 @@ int set_memory_global(unsigned long addr, int numpages) /* * __set_memory_enc_dec() is used for the hypervisors that get * informed about "encryption" status via page tables. + * + * If an error occurs in making the transition between encrypted and + * decrypted, the transitioned memory is left in an indeterminate state. + * The encryption status in the guest page tables may not match the + * hypervisor's view of the encryption status, making the memory unusable. + * If the memory consists of multiple pages, different pages may be in + * different indeterminate states. + * + * It is difficult to recover from errors such that we can ensure + * consistency between the page tables and hypervisor view of the encryption + * state. It may not be possible to back out of changes, particularly if the + * failure occurs in communicating with the hypervisor. Given this limitation, + * further work on the error handling is not likely to meaningfully improve + * the reliablity or usability of the system. + * + * Any errors are likely to soon render the VM inoperable, but we return + * an error rather than panic'ing so that the caller can decide how best + * to shutdown cleanly. */ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) { @@ -2203,6 +2221,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc) return set_memory_p(&addr, numpages); } +/* + * If set_memory_encrypted()/decrypted() returns an error, the input memory + * range is left in an indeterminate state. The encryption status of pages + * may be inconsistent, so the memory is unusable. The caller should not try + * to do further operations on the memory, or return it to the free list. + * The memory must be leaked, and the caller should take steps to shutdown + * the system as cleanly as possible as something is seriously wrong. + */ int set_memory_encrypted(unsigned long addr, int numpages) { return __set_memory_enc_dec(addr, numpages, true); -- 2.25.1