www.infradead.org Git - linux.git/commit

author	Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
	Fri, 14 Jun 2024 09:58:56 +0000 (12:58 +0300)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Mon, 17 Jun 2024 15:46:05 +0000 (17:46 +0200)
commit	859e63b789d6b17b3c64e51a0aabdc58752a0254
tree	b58c951feacd6b8110f34db71051d1cd53609391	tree
parent	22daa42294b419a0d8060a3870285e7a72aa63e4	commit \| diff

x86/tdx: Convert shared memory back to private on kexec

TDX guests allocate shared buffers to perform I/O. It is done by allocating
pages normally from the buddy allocator and converting them to shared with
set_memory_decrypted().

The second, kexec-ed kernel has no idea what memory is converted this way. It
only sees E820_TYPE_RAM.

Accessing shared memory via private mapping is fatal. It leads to unrecoverable
TD exit.

On kexec, walk direct mapping and convert all shared memory back to private. It
makes all RAM private again and second kernel may use it normally.

The conversion occurs in two steps: stopping new conversions and unsharing all
memory. In the case of normal kexec, the stopping of conversions takes place
while scheduling is still functioning. This allows for waiting until any ongoing
conversions are finished. The second step is carried out when all CPUs except one
are inactive and interrupts are disabled. This prevents any conflicts with code
that may access shared memory.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Tested-by: Tao Liu <ltao@redhat.com>
Link: https://lore.kernel.org/r/20240614095904.1345461-12-kirill.shutemov@linux.intel.com

arch/x86/coco/tdx/tdx.c		diff \| blob \| history
arch/x86/include/asm/pgtable.h		diff \| blob \| history
arch/x86/include/asm/set_memory.h		diff \| blob \| history
arch/x86/mm/pat/set_memory.c		diff \| blob \| history