Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2604532lqp;
        Mon, 25 Mar 2024 04:16:44 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUiSLpz7NyR5i2YoMG537tdgiJi/FeqBzO82zIYUEOz++AYKZ8+54tN09+qObCXNerX3cCrcvGWeI2tm8tyUUmsGfnqKYMhX8SEVhyQPw==
X-Google-Smtp-Source: AGHT+IHF4n9y0wMrebJwn3kV4v6yFDtHRXXjq1ViPFAvFgaymY6D0VJlHIMU9pRm/zKBzt7W+6eB
X-Received: by 2002:a05:6a20:a11d:b0:1a3:c8c4:9c83 with SMTP id q29-20020a056a20a11d00b001a3c8c49c83mr2733572pzk.37.1711365403841;
        Mon, 25 Mar 2024 04:16:43 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1711365403; cv=pass;
        d=google.com; s=arc-20160816;
        b=kj8TPsSVTnGgq6UuenG2TDX2HmCYsPES+a79KZVv7fLng/XHTpPT4ojLOubPtJFtPd
         IB8YwQk/ttYRxW9SUz5pu19+oYUN6rpITrycXy5NmKTwng5O9IvY+59GF/xrFWspodgC
         ++UQY2NqnC7qKJ7U3Wn57Rq/iyVodjQXK7XItkoCxbF9J+uiNH/KbcizNaZmyuykNypA
         t+/ZnqDVEIcMXoutETGir75aAyyUq761tbn2JAnizNuOY0zu5Iah9MDKvDtlIIYsIPI9
         +/oMN7RQhMwbbmm65hU+bjIxOKJGuCEZvHETiFkmNvRaUeBMqcC2gOLyPp/mdrlKIiTw
         a6GA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=IYcqajbM29XMqZpL0FzqB0bCMzAlPcMWbOVgjHEQ6bg=;
        fh=2cgy0DrLY9cO3enh2txMTpS9d1VeK4LhMMk2HoOVEps=;
        b=guakaoWTx8YYlW/s2+WUVq7hMrPWwQO94FBko1z+rB3Zr+32efAUQp0VdfA8KAWDXk
         p7ZEtP94zb6XSR/nPkYpcDxg8u8NrPkVvedC1HITwHAW6LWE3nD/5jK/U+chyEffbcA4
         6p+76ibAjyF7YLZjOt7MrW2n4A5O0ARfePXbmEyIWSrA3qNVbKMHOZJ3Fvc/FGQ4yr7e
         D9L/T1gmoM4B1SuI8IGDaEXtr8yycjwySPw4cGSXPZshUuHoqHstvdpdjaxhVKqyknAv
         D86j5LFLugvpmfoE6hCW7Pt3of+STFBDq1T6+RlSYkYt+C+HsClppEiSDPenJ5iXEhkj
         wiFg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjLyp6aA;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id d13-20020a170902654d00b001e0be222e6dsi1691732pln.189.2024.03.25.04.16.42
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 Mar 2024 04:16:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=cjLyp6aA;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115829-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 1DFEDB3E639
	for <linux.lists.archive@gmail.com>; Mon, 25 Mar 2024 09:29:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2072D378C48;
	Mon, 25 Mar 2024 03:01:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cjLyp6aA"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 994E7145348;
	Sun, 24 Mar 2024 23:13:25 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1711322005; cv=none; b=eZGAQiYtH1wsT7qbo1CxiCAz6k9gxlqCWAo9205tTtH73ho03Fez6Neqna54oAAj/5L8aHiQoO1ge/24RvJ4+FWddL6RwbkruMqgrKEXUDzv39FSbm0cHl9hVX5Gv7DtkC1Xllbp62G/J28NEg9sLthVleXVAM/8wsK0TZgAbVg=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1711322005; c=relaxed/simple;
	bh=2sp9ApPNB1kvNVmUlb6c0/k+nkdH4tr6ck10HNGkcfU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=SJIj0gu6JV5Tfouone1oEXltlBWDZ2WuWXSo/uHXjkmEtl8REfSsg3BKiS3HS26tjEBb3qXEu77eR2MhjJ4lCWfgQFILst7VFtQiq/yZrREwezYLNpIksNSUV39XVPioif6n4HgCwPRW/T+AW6wHx+xGS1yDShrXLFF2Gdn345A=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cjLyp6aA; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BE74FC433F1;
	Sun, 24 Mar 2024 23:13:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1711322005;
	bh=2sp9ApPNB1kvNVmUlb6c0/k+nkdH4tr6ck10HNGkcfU=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=cjLyp6aAd8e2LEV37haPSw/r9S0AhIMUBQ28sdV1eCa40ka2/vco/xeO3AQI7SPT7
	 O6JyiPHJix6apqfteTuxVuG5MDW4tax+EAOvoF9m85edEnIo7vmMsQkF+IkbkFzxBv
	 g2PQ9W8Dx2wIme8HhYW/Z+Utg2sxA+bBeLkLmy7BaptB5oBhcA7knz+ZMJPk2TU31t
	 BFqw1V4KKfcZQ73ljRGGZAOB2fSpip/Wi1U5PHDFXO0Y1b6od+hpB5ElScTV+9lJ3j
	 nMB1PDIhPBMyT0+NWT8acixQYL2j3Vwje/YoPGtey/BvpLvOrSLNE6tHc9QwF2wkzw
	 FRIQcEArp+CZQ==
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org,
	stable@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
	Borislav Petkov <bp@alien8.de>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 077/451] x86/sme: Fix memory encryption setting if enabled by default and not overridden
Date: Sun, 24 Mar 2024 19:05:53 -0400
Message-ID: <20240324231207.1351418-78-sashal@kernel.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20240324231207.1351418-1-sashal@kernel.org>
References: <20240324231207.1351418-1-sashal@kernel.org>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit

From: Ard Biesheuvel <ardb@kernel.org>

[ Upstream commit e814b59e6c2b11f5a3d007b2e61f7d550c354c3a ]

Commit

  cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")

'fixed' an issue in sme_enable() detected by static analysis, and broke
the common case in the process.

cmdline_find_option() will return < 0 on an error, or when the command
line argument does not appear at all. In this particular case, the
latter is not an error condition, and so the early exit is wrong.

Instead, without mem_encrypt= on the command line, the compile time
default should be honoured, which could be to enable memory encryption,
and this is currently broken.

Fix it by setting sme_me_mask to a preliminary value based on the
compile time default, and only omitting the command line argument test
when cmdline_find_option() returns an error.

  [ bp: Drop active_by_default while at it. ]

Fixes: cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20240126163918.2908990-2-ardb+git@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/mm/mem_encrypt_identity.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index d94ebd8acdfde..a11a6ebbf5ecf 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -507,7 +507,6 @@ void __init sme_enable(struct boot_params *bp)
 	const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
 	unsigned int eax, ebx, ecx, edx;
 	unsigned long feature_mask;
-	bool active_by_default;
 	unsigned long me_mask;
 	char buffer[16];
 	bool snp;
@@ -593,22 +592,19 @@ void __init sme_enable(struct boot_params *bp)
 	     : "p" (sme_cmdline_off));
 
 	if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT))
-		active_by_default = true;
-	else
-		active_by_default = false;
+		sme_me_mask = me_mask;
 
 	cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
 				     ((u64)bp->ext_cmd_line_ptr << 32));
 
 	if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
-		return;
+		goto out;
 
 	if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
 		sme_me_mask = me_mask;
 	else if (!strncmp(buffer, cmdline_off, sizeof(buffer)))
 		sme_me_mask = 0;
-	else
-		sme_me_mask = active_by_default ? me_mask : 0;
+
 out:
 	if (sme_me_mask) {
 		physical_mask &= ~sme_me_mask;
-- 
2.43.0