From patchwork Fri Jan 26 16:39:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 192687 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:1350:b0:103:8516:c03d with SMTP id f16csp3697dyg; Fri, 26 Jan 2024 08:47:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IGjRrDdB+GfuRYSYEN0FFSY62pEZKRFmPJXEcXAkAEYmwQLprNBORks3lhvYIVobKSKf60S X-Received: by 2002:a17:90b:19d4:b0:28e:82c0:db91 with SMTP id nm20-20020a17090b19d400b0028e82c0db91mr185129pjb.43.1706287624834; Fri, 26 Jan 2024 08:47:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706287624; cv=pass; d=google.com; s=arc-20160816; b=nnee2CVesDER0qepbXdiRr5BUCR4WNbKyiXzUhxhR69byJbiX+BGLauo7nP46e6Uce NNxQQa/XAP2DifbtfIlUPWnju84WLhidUQ86TBYoMBiiyLHctOPwmxF84JZ1MuAt5Dw2 wyovpXdbhLmy+JuSJiXNylsySkRfMzZ/dJxBPocHkoulQm77isLcafo+tGyl10bbYtTV tNoosmpzorNQvgw/soYE6ssgOb/ag779bHyFEVLacD0vWNxQrJGSBTg5MDJLfUJ4r6f+ TIONIkd2VqKV8vc3lszUFjaDfgpvv7Y41TCFCNuXy4UAVBtuU7Ots/AGjxDv4z7ILGW6 +okA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:dkim-signature; bh=xlBgugPCo2xMSajYDfdTWi2w+CeDhsQ4ciWdtvT0oGo=; fh=o5qWVygOwNP6v68AC+fevRwE/t3KR/dniE70roBmCe0=; b=vUtEhKN5za71sJweKiX5a/Jezf7Srt9ILuan29NSkRuwoibrjMFOg7MZZSxv+/YrRT q8BRJdkzPN68h7Jiqq66dxZH146A+p40yyelC/nHj1v0U2xXtWOyHJqDaMXrj4BiW8Tj 7wGhZjwD4JDZw/sdbRYBOL5cau5yrW1xjKqsosNFCWaDlkWKOHGy6TeOOqIa95OnIhdI ab+mv1j99EqLll5xHXtjluyqdNNJHZI4TIIiYeNeU9ZdE3obBp+liEWw8MHEkFl58Ny2 kVXo6QnD1i4Jx6TlcMo2BQOXCdurp3IHC3RGFMmdtP7NAg5EiUOs3GaFyodBpsbaebVn mkiA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="z/HaRRbu"; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-40354-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40354-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id g12-20020a17090ace8c00b0029265c01893si1418049pju.179.2024.01.26.08.47.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jan 2024 08:47:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-40354-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b="z/HaRRbu"; arc=pass (i=1 spf=pass spfdomain=flex--ardb.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-40354-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-40354-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7069028CA2F for ; Fri, 26 Jan 2024 16:39:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 004B21EB49; Fri, 26 Jan 2024 16:39:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="z/HaRRbu" Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 460631EA8A for ; Fri, 26 Jan 2024 16:39:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706287172; cv=none; b=txTZxPVgJZLpjDwk4Vb10YMJWda9RvPdLa9PHNuPWsGob/sKB/AEDP+ZYuo4VE9fqecUlAfEyW8TmU1rvoAgTFcDVe8DruO8aZ68cvQskxz7aEdc7mV+gGkRRM5S9BHlwSCoppAbipDWs9d2MtaIappN9xxL/UVBbQoxT3gvY6E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706287172; c=relaxed/simple; bh=EFByUhMn6o7EKK+3IwvtG+AnT/BrGHBsR+easKAMjCg=; h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type; b=amY3XHlxqpqmEWAgF3BTljfHdd3m9B4S2PQ1iiFclz34mvlixEHWEr44rSVMxKyGdmLNvFJr52kAVdtHOGmM4pwBfedsmRWGlzPbNC3WVGcEbI9ZAYdEI7ltSLGPaYksMNtXd+Qn2O68RICIkV/ZseK4+x3TuzR19sIqg6alVVw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=z/HaRRbu; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--ardb.bounces.google.com Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5ffee6e316bso18306087b3.0 for ; Fri, 26 Jan 2024 08:39:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706287169; x=1706891969; darn=vger.kernel.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=xlBgugPCo2xMSajYDfdTWi2w+CeDhsQ4ciWdtvT0oGo=; b=z/HaRRbuOSuWhhEq8DUTAuoMTtEsbV/qxaYuTUMdv2U4dkLcNoGSUOZBFRQkALmegD lcX69E1OBzFEjC7Lz7OiUMh10bHNrnWaOE/VkEVg9jKEIB73HUVBqC7MLSPnP24/30bD YqlolR753MdEr892HsERHYPSXkvcayF8Nwbb8pY+rTxDxtpf3W9SHo0UiSd3nP/nWLzF wWSMbusqotYBNHEDDue3GB2x/7xAQMNKZl+0cRYm+elCCtS0ItYSO0h2RIZexxaemKQu /VMiaQBxnCd6a2oUZD/47psKPoX2KBCVLIu+EkGyoKjt6j+nHSNGE46sut/lndv2HCMI E0GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706287169; x=1706891969; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=xlBgugPCo2xMSajYDfdTWi2w+CeDhsQ4ciWdtvT0oGo=; b=tkMExTTZFsH0ueo7kYzIKvVxIRSxvd97j1ljmGBVIzIVJLRQ8FQAi+S1ZopEA+gj2P VGCQuVtLXrUxE+gNTe9s54fUzPH/+PiLnG+6936BK4ftHYnNfWTVGbRBwXK1HGC7l70s 3yS0KHyr/RYaL5K+LvTiJeUU5e0XRS0lTqYB8btDsvw3FnsnmqrjbQFkd+dbP6o0HQyA JsqbD6g1Aiq4Z7wx3qBnkF3L4HxuYDt/qcp/gH+9gd3/69CLVFPBFWfUD5Z9rMTuvo/j 8PqPaULc+IOyz2rwCfhsrJRlFFMQCiZV3c29NZ+WMzVY92on8czAWjXzXFIPBiwvD/yS nepA== X-Gm-Message-State: AOJu0Ywaoe3LpLJl7QbPG5B3KWPeChi8RbwR8CQxH8WA15T5hs2Rlc0r Hu/RVk8g8pPFB7aZOArhO7jeHcVpzUxmQyCUap4sPakVFhCDlQO/U7EPx3kTJSgVwfN0dpg2Tpc AbiBoAjBhUQyAkDArjwi0vOEtGDpmMAJbDsu8XYiRd2JjwJJBQE6PvtCiVx8ibiSmkITXCo9AKl kr8QuCLMBnHawJiSNvL89+geYKfYCIlQ== X-Received: from palermo.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:118a]) (user=ardb job=sendgmr) by 2002:a81:794d:0:b0:5ff:8269:26 with SMTP id u74-20020a81794d000000b005ff82690026mr9234ywc.10.1706287169275; Fri, 26 Jan 2024 08:39:29 -0800 (PST) Date: Fri, 26 Jan 2024 17:39:19 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-Developer-Signature: v=1; a=openpgp-sha256; l=2049; i=ardb@kernel.org; h=from:subject; bh=WUJPBTvb1mHWIXBiHT1P0Ob/I8UvCbEpFlwskhtt8WU=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIXXzA/MGZR6dfy8uCy1aFy6e2FouXMhTerVceoPs51Otb x+nfIvpKGVhEONgkBVTZBGY/ffdztMTpWqdZ8nCzGFlAhnCwMUpABO594Phn+W+76uuXlgXblcp 1uQ8x7zC+fnDzOTdrWUePpPmbypj2cfIcOTL5oVHD8j5OKRul1tRzbdBVPFrjmoEQ86bXasFC75 vYgYA X-Mailer: git-send-email 2.43.0.429.g432eaa2c6b-goog Message-ID: <20240126163918.2908990-2-ardb+git@google.com> Subject: [PATCH] x86/sme: Fix memory encryption if enabled by default and not overridden From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, Ard Biesheuvel , Borislav Petkov , Tom Lendacky , Nikita Zhandarovich , Kevin Loughlin X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1789172252803254611 X-GMAIL-MSGID: 1789172252803254611 From: Ard Biesheuvel Commit cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()") 'fixed' an issue in sme_enable() detected by static analysis, and broke the common case in the process. cmdline_find_option() will return < 0 on an error, or when the command line argument does not appear at all. In this particular case, the latter is not an error condition, and so the early exit is wrong. Instead, without mem_encrypt= on the command line, the compile time default should be honoured, which could be to enable memory encryption, and this is currently broken. Fix it by setting sme_me_mask to a preliminary value based on the compile time default, and only omitting the command line argument test when cmdline_find_option() returns an error. Cc: Borislav Petkov (AMD) Cc: Tom Lendacky Cc: Nikita Zhandarovich Cc: Kevin Loughlin Fixes: cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()") Signed-off-by: Ard Biesheuvel Reviewed-by: Tom Lendacky --- arch/x86/mm/mem_encrypt_identity.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index d73aeb16417f..30df4f1725f4 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -600,15 +600,14 @@ void __init sme_enable(struct boot_params *bp) cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32)); + sme_me_mask = active_by_default ? me_mask : 0; if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0) - return; + goto out; if (!strncmp(buffer, cmdline_on, sizeof(buffer))) sme_me_mask = me_mask; else if (!strncmp(buffer, cmdline_off, sizeof(buffer))) sme_me_mask = 0; - else - sme_me_mask = active_by_default ? me_mask : 0; out: if (sme_me_mask) { physical_mask &= ~sme_me_mask;