From nobody Wed Dec 17 02:55:18 2025
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08D8B1A2FB7;
	Tue, 18 Jun 2024 14:01:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1718719315; cv=none;
 b=jZXA5HXXokHHkRbBAYpEguoOnq7nSOQJ7n2tlVrV+qksC0zrJLWgHE4hCogNeVxY8zV3bOyJ7kMeU6J92p3gNlQAt23ous/mqWwbOh10CJ82k+LkvrWpY3gTGinDPVVoc/jXRLmMiWpq1bfFHj4OEi7iMKktuYGZziC24GdV/VA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1718719315; c=relaxed/simple;
	bh=QGcJKHQcyTYRXbgqex3tHhESBxVvi8OuEEckUhSj0x4=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=Cah2Gw/4Wey5cmyH9iqDixgVXkqBGoOYpTFVqh94VzifxnoYLLPwEPqWY/3UnUf4vM+W31t05M2dmtSaef5010ezxb3KqLUJzCF4unEs3RWOhwjLFeuZ+TUSEvrSz4bxUpW2nDnIqZ0x2NH0H6MuiCU5W4ChPS2IGLB17H0/FSQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=kEbqdH4Z;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=aQK+xIlr; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="kEbqdH4Z";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="aQK+xIlr"
Date: Tue, 18 Jun 2024 14:01:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1718719302;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=DDJ+h/G2+BzGRk/rUhOSnXz18gBGH03FloNFoS4Xz9o=;
	b=kEbqdH4ZgxSSQYIlcF6DE+7iRTmhUeg/vZpyNKkD2P8W/DmVsbT98tfBO1uv96n47GEjFF
	KMucbkJFuXok38QK33trGs6N69ufCJ+w8rBeBnDXtKpZF/rp+O/mlsxjmHUN2HU2IppSZO
	3f0qp60URXSan8kVPi+aIAjMxYdPOOqOIGd0UENkRkPqem0mIHUoym/iTc2aF9Wi2mJHyh
	NAugSic+G7rGAkwF2F0ZqJNWAKmbQzbmkYTZosXHHzn9tK8WxhX9Rrfnn8dpzJskS5PCq1
	KrM48zXGTF2ohJW2ABX4FFwK+kPchWSznNk3YAyIBdVge44goOTwqPTx2Jk/RQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1718719302;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=DDJ+h/G2+BzGRk/rUhOSnXz18gBGH03FloNFoS4Xz9o=;
	b=aQK+xIlrTaFECMhLLVTI4juFwwa4LotzIkBw7ez1oCHJKdGIGnQXJ7wqJJ4Z7RmrFXfren
	IK/eOa1Ps2nbS2Cg==
From: "tip-bot2 for Kirill A. Shutemov" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: [tip: x86/cc] x86/mm: Make x86_platform.guest.enc_status_change_*()
 return an error
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
 "Borislav Petkov (AMD)" <bp@alien8.de>, Dave Hansen <dave.hansen@intel.com>,
 Kai Huang <kai.huang@intel.com>, Michael Kelley <mhklinux@outlook.com>,
 Tao Liu <ltao@redhat.com>, x86@kernel.org, linux-kernel@vger.kernel.org
In-Reply-To: <20240614095904.1345461-8-kirill.shutemov@linux.intel.com>
References: <20240614095904.1345461-8-kirill.shutemov@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <171871930194.10875.1061002896990117770.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@linutronix.de> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/cc branch of tip:

Commit-ID:     99c5c4c60e0db1d2ff58b8a61c93b6851146469f
Gitweb:        https://git.kernel.org/tip/99c5c4c60e0db1d2ff58b8a61c93b6851=
146469f
Author:        Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
AuthorDate:    Fri, 14 Jun 2024 12:58:52 +03:00
Committer:     Borislav Petkov (AMD) <bp@alien8.de>
CommitterDate: Mon, 17 Jun 2024 17:45:53 +02:00

x86/mm: Make x86_platform.guest.enc_status_change_*() return an error

TDX is going to have more than one reason to fail enc_status_change_prepare=
().

Change the callback to return errno instead of assuming -EIO. Change
enc_status_change_finish() too to keep the interface symmetric.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Dave Hansen <dave.hansen@intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Tested-by: Tao Liu <ltao@redhat.com>
Link: https://lore.kernel.org/r/20240614095904.1345461-8-kirill.shutemov@li=
nux.intel.com
---
 arch/x86/coco/tdx/tdx.c         | 20 +++++++++++---------
 arch/x86/hyperv/ivm.c           | 22 ++++++++++------------
 arch/x86/include/asm/x86_init.h |  4 ++--
 arch/x86/kernel/x86_init.c      |  4 ++--
 arch/x86/mm/mem_encrypt_amd.c   |  8 ++++----
 arch/x86/mm/pat/set_memory.c    | 12 +++++++-----
 6 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index c1cb903..26fa47d 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -798,28 +798,30 @@ static bool tdx_enc_status_changed(unsigned long vadd=
r, int numpages, bool enc)
 	return true;
 }
=20
-static bool tdx_enc_status_change_prepare(unsigned long vaddr, int numpage=
s,
-					  bool enc)
+static int tdx_enc_status_change_prepare(unsigned long vaddr, int numpages,
+					 bool enc)
 {
 	/*
 	 * Only handle shared->private conversion here.
 	 * See the comment in tdx_early_init().
 	 */
-	if (enc)
-		return tdx_enc_status_changed(vaddr, numpages, enc);
-	return true;
+	if (enc && !tdx_enc_status_changed(vaddr, numpages, enc))
+		return -EIO;
+
+	return 0;
 }
=20
-static bool tdx_enc_status_change_finish(unsigned long vaddr, int numpages,
+static int tdx_enc_status_change_finish(unsigned long vaddr, int numpages,
 					 bool enc)
 {
 	/*
 	 * Only handle private->shared conversion here.
 	 * See the comment in tdx_early_init().
 	 */
-	if (!enc)
-		return tdx_enc_status_changed(vaddr, numpages, enc);
-	return true;
+	if (!enc && !tdx_enc_status_changed(vaddr, numpages, enc))
+		return -EIO;
+
+	return 0;
 }
=20
 void __init tdx_early_init(void)
diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c
index 768d73d..b4a851d 100644
--- a/arch/x86/hyperv/ivm.c
+++ b/arch/x86/hyperv/ivm.c
@@ -523,9 +523,9 @@ static int hv_mark_gpa_visibility(u16 count, const u64 =
pfn[],
  * transition is complete, hv_vtom_set_host_visibility() marks the pages
  * as "present" again.
  */
-static bool hv_vtom_clear_present(unsigned long kbuffer, int pagecount, bo=
ol enc)
+static int hv_vtom_clear_present(unsigned long kbuffer, int pagecount, boo=
l enc)
 {
-	return !set_memory_np(kbuffer, pagecount);
+	return set_memory_np(kbuffer, pagecount);
 }
=20
 /*
@@ -536,20 +536,19 @@ static bool hv_vtom_clear_present(unsigned long kbuff=
er, int pagecount, bool enc
  * with host. This function works as wrap of hv_mark_gpa_visibility()
  * with memory base and size.
  */
-static bool hv_vtom_set_host_visibility(unsigned long kbuffer, int pagecou=
nt, bool enc)
+static int hv_vtom_set_host_visibility(unsigned long kbuffer, int pagecoun=
t, bool enc)
 {
 	enum hv_mem_host_visibility visibility =3D enc ?
 			VMBUS_PAGE_NOT_VISIBLE : VMBUS_PAGE_VISIBLE_READ_WRITE;
 	u64 *pfn_array;
 	phys_addr_t paddr;
+	int i, pfn, err;
 	void *vaddr;
 	int ret =3D 0;
-	bool result =3D true;
-	int i, pfn;
=20
 	pfn_array =3D kmalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL);
 	if (!pfn_array) {
-		result =3D false;
+		ret =3D -ENOMEM;
 		goto err_set_memory_p;
 	}
=20
@@ -568,10 +567,8 @@ static bool hv_vtom_set_host_visibility(unsigned long =
kbuffer, int pagecount, bo
 		if (pfn =3D=3D HV_MAX_MODIFY_GPA_REP_COUNT || i =3D=3D pagecount - 1) {
 			ret =3D hv_mark_gpa_visibility(pfn, pfn_array,
 						     visibility);
-			if (ret) {
-				result =3D false;
+			if (ret)
 				goto err_free_pfn_array;
-			}
 			pfn =3D 0;
 		}
 	}
@@ -586,10 +583,11 @@ err_set_memory_p:
 	 * order to avoid leaving the memory range in a "broken" state. Setting
 	 * the PRESENT bits shouldn't fail, but return an error if it does.
 	 */
-	if (set_memory_p(kbuffer, pagecount))
-		result =3D false;
+	err =3D set_memory_p(kbuffer, pagecount);
+	if (err && !ret)
+		ret =3D err;
=20
-	return result;
+	return ret;
 }
=20
 static bool hv_vtom_tlb_flush_required(bool private)
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_ini=
t.h
index 6149eab..28ac3cb 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -151,8 +151,8 @@ struct x86_init_acpi {
  * @enc_cache_flush_required	Returns true if a cache flush is needed befor=
e changing page encryption status
  */
 struct x86_guest {
-	bool (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool e=
nc);
-	bool (*enc_status_change_finish)(unsigned long vaddr, int npages, bool en=
c);
+	int (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool en=
c);
+	int (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc=
);
 	bool (*enc_tlb_flush_required)(bool enc);
 	bool (*enc_cache_flush_required)(void);
 };
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index d5dc5a9..a7143bb 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -134,8 +134,8 @@ struct x86_cpuinit_ops x86_cpuinit =3D {
=20
 static void default_nmi_init(void) { };
=20
-static bool enc_status_change_prepare_noop(unsigned long vaddr, int npages=
, bool enc) { return true; }
-static bool enc_status_change_finish_noop(unsigned long vaddr, int npages,=
 bool enc) { return true; }
+static int enc_status_change_prepare_noop(unsigned long vaddr, int npages,=
 bool enc) { return 0; }
+static int enc_status_change_finish_noop(unsigned long vaddr, int npages, =
bool enc) { return 0; }
 static bool enc_tlb_flush_required_noop(bool enc) { return false; }
 static bool enc_cache_flush_required_noop(void) { return false; }
 static bool is_private_mmio_noop(u64 addr) {return false; }
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 422602f..e7b6751 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -283,7 +283,7 @@ static void enc_dec_hypercall(unsigned long vaddr, unsi=
gned long size, bool enc)
 #endif
 }
=20
-static bool amd_enc_status_change_prepare(unsigned long vaddr, int npages,=
 bool enc)
+static int amd_enc_status_change_prepare(unsigned long vaddr, int npages, =
bool enc)
 {
 	/*
 	 * To maintain the security guarantees of SEV-SNP guests, make sure
@@ -292,11 +292,11 @@ static bool amd_enc_status_change_prepare(unsigned lo=
ng vaddr, int npages, bool=20
 	if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP) && !enc)
 		snp_set_memory_shared(vaddr, npages);
=20
-	return true;
+	return 0;
 }
=20
 /* Return true unconditionally: return value doesn't matter for the SEV si=
de */
-static bool amd_enc_status_change_finish(unsigned long vaddr, int npages, =
bool enc)
+static int amd_enc_status_change_finish(unsigned long vaddr, int npages, b=
ool enc)
 {
 	/*
 	 * After memory is mapped encrypted in the page table, validate it
@@ -308,7 +308,7 @@ static bool amd_enc_status_change_finish(unsigned long =
vaddr, int npages, bool e
 	if (!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
 		enc_dec_hypercall(vaddr, npages << PAGE_SHIFT, enc);
=20
-	return true;
+	return 0;
 }
=20
 static void __init __set_clr_pte_enc(pte_t *kpte, int level, bool enc)
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 19fdfbb..498812f 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2196,7 +2196,8 @@ static int __set_memory_enc_pgtable(unsigned long add=
r, int numpages, bool enc)
 		cpa_flush(&cpa, x86_platform.guest.enc_cache_flush_required());
=20
 	/* Notify hypervisor that we are about to set/clr encryption attribute. */
-	if (!x86_platform.guest.enc_status_change_prepare(addr, numpages, enc))
+	ret =3D x86_platform.guest.enc_status_change_prepare(addr, numpages, enc);
+	if (ret)
 		goto vmm_fail;
=20
 	ret =3D __change_page_attr_set_clr(&cpa, 1);
@@ -2214,16 +2215,17 @@ static int __set_memory_enc_pgtable(unsigned long a=
ddr, int numpages, bool enc)
 		return ret;
=20
 	/* Notify hypervisor that we have successfully set/clr encryption attribu=
te. */
-	if (!x86_platform.guest.enc_status_change_finish(addr, numpages, enc))
+	ret =3D x86_platform.guest.enc_status_change_finish(addr, numpages, enc);
+	if (ret)
 		goto vmm_fail;
=20
 	return 0;
=20
 vmm_fail:
-	WARN_ONCE(1, "CPA VMM failure to convert memory (addr=3D%p, numpages=3D%d=
) to %s.\n",
-		  (void *)addr, numpages, enc ? "private" : "shared");
+	WARN_ONCE(1, "CPA VMM failure to convert memory (addr=3D%p, numpages=3D%d=
) to %s: %d\n",
+		  (void *)addr, numpages, enc ? "private" : "shared", ret);
=20
-	return -EIO;
+	return ret;
 }
=20
 static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)