From nobody Mon Feb 9 03:34:10 2026 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99D3259B71; Tue, 28 Jan 2025 10:45:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738061136; cv=none; b=bPet4Iy1dZiXAf+8DekFRQ+4kO9yIqZykRipVeMwHfqrx07ZQs+dfUwCeTVaNosa73CeqZ5hXcK8SKaFWL2yCrSgSHqgssG5lI6yGT1R19iDgg1y73t27M8oeUym8O5M0oCxmdcf8yR431liCJ97iQXdO9OhBLFjmj/89hELAbU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738061136; c=relaxed/simple; bh=CpF22VbnMJFV7SNQaLOeA80I+Zzr7ikbdNhAxfZRRFk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=FWiBZz3H9POPtTwinpjV2dp3nuIEXq6wwFtrudknTmMAQWQ0AuuKjUUyEDEurIyc/P7aN9zqZn8e2dWOljCH/d0e2y01gpKslICcY+RdwGinGbFYM6aREvfmiTdnviUpG61eJC4zWBhlpnXKKxPNvPI6WKxEC85bDVy4cYdkdDM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Lkdfyxeo; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Lkdfyxeo" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-2163b0c09afso98842395ad.0; Tue, 28 Jan 2025 02:45:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1738061133; x=1738665933; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BMf/DIDOwjrSyPZ/jlcbUgR/+2xHBC9cUZluJV2cFRw=; b=LkdfyxeoRIUmffjtU8kKg9kRwuaXiKV2WR7OkP4nBPU5x8yvXdxg1D+lPEEu/hKoVq THZUqFULky+ClSdbJPXnf4mKVcrVIv6Zp3/qVkoPsbQh0o867b5tX5fXgo+osNv5WvIS aVCW27m0jqKEBhEvW4z1i386w2fp64c0iWFnW134lHptsqqmMH6xAR189nh62sSg9X8u 1IrZ2U9I01deLRPylhwKR0V7IyncH5OqektS1mXI2yUpmxAYPpvqiKHg/qNd4U7PtANC IYXVM9MaVGWn03pkOalzxOhEE78+0wK93DmEuQsknFes7quXtIsp/p0LLc7+QRsiLU9m wCVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738061133; x=1738665933; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BMf/DIDOwjrSyPZ/jlcbUgR/+2xHBC9cUZluJV2cFRw=; b=CccLbQR2pBzkogJiBRpPZpdHHzXH4mYG8sGpxZ20AMxEF+xLt7c7xTISFl/lP5vOJh Q6MXS3RqW1+GW1ysE6R3CEdiGlCRgJzpBeko4ZpjRpjN2xARcb10SGI4LA/Uzx1haOUP y0mMPAfPvDvLGr2TG9lvkZSftsii4x1SC3czVBb6mSo8XWTDABbDMxrJv1rSIN2Ew1fl JW9IjJQWXegW6G9o1u08iDGgaK0PwJCiz5mpKtWtBndfOFFQAdMGGko0e09LgEDszpHp DHuoJzyO1F3tQUHGoEIVAy1oYTYr71YIurgJ1XpGLF6ocMunIO8xrK/51n69kY9NegZ/ C9Pg== X-Forwarded-Encrypted: i=1; AJvYcCUUoJe0tXQ5IrwXgNnhrfttZ8QD7CpnuSSXUBK7jp/j+Dpha76XKs3qC+/17ljOgf5jTlQ=@vger.kernel.org X-Gm-Message-State: AOJu0Ywq4SX4LJeuO3NRTNmtLJFvFtUr7JvZRSaRJzJLquYKnsCATgC1 OMZBP4bqGGN/GHi2wjEGfviYSZcD7XWP1D4FDxk4175RSn3mnu8gpv1qny1lB3M= X-Gm-Gg: ASbGnct2xKtJ1MUTYM3Pt1WBBJAIiCqJuNEkpJRkZatwpCb5p41YS+W9xjNSdBP50O4 T2eTCpGokE5bFdzCCECKb6ZyIkenSyF2YWobSwoxca/bVEO+rPAb8pgCPwbY6yYRmrB96hksTZ0 iOBC7LjEgwT80f6K2caMB/BY0Nrjv404widBehSmfSxHMoJup7519rpi11HdunqWnRcTMQ00bUO zuFf83yPeKZW4cwZQYuC2UcOKDUHPatlHUPBVo/WsTlg9fmGu7fKpjRPOJAQeIzgVkuwjSQNFC1 Hu+7+d3o2qFR4BGh4483kiOVXhP0p6VnwGdKtu33Tpkgr1CmJsV2A3rOXXue8AhveHs19H9gORo Hm5pB5DK1CUFknJacZD9OXjNJYg== X-Google-Smtp-Source: AGHT+IFYWj2+UAqI7qN3+LLmYgYHWUhy38JMDUHyrW0G9t5woQAAJcxwAqulWZd1jtt2YmVyzKgGuQ== X-Received: by 2002:a17:903:32cb:b0:215:54a1:8584 with SMTP id d9443c01a7336-21c35503ae9mr680098245ad.17.1738061133254; Tue, 28 Jan 2025 02:45:33 -0800 (PST) Received: from codespaces-e2a403.mimvmn1ww3huhhjmzljqefhnig.rx.internal.cloudapp.net ([4.240.39.198]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da424e7fasm78217095ad.223.2025.01.28.02.45.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jan 2025 02:45:32 -0800 (PST) From: Shivam Tiwari To: linux-kernel@vger.kernel.org Cc: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com>, Shivam Tiwari , Paolo Bonzini , Vitaly Kuznetsov , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , kvm@vger.kernel.org Subject: [PATCH] Update memory enc kvm.c Date: Tue, 28 Jan 2025 10:45:25 +0000 Message-ID: <20250128104525.47382-1-shivam.tiwari00021@gmail.com> X-Mailer: git-send-email 2.47.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Shivam7-1 <55046031+Shivam7-1@users.noreply.github.com> Issue: Currently, SEV memory encryption handling lacks sufficient validatio= n and error checking. This can lead to potential security issues, such as m= emory corruption or unhandled errors. Enhancing input validation, adding bo= unds checks, and logging encryption status changes will improve security an= d traceability of memory operations. PR Description: Enhances guest memory encryption (SEV) handling with input = validation, bounds checking, and error handling. Adds logging for memory en= cryption status changes and ensures secure memory access during platform in= itialization. Changes performed: Improved Error Handling: - Added error checking in the kvm_sev_hc_page_enc_status function to handle= potential failures during memory encryption status changes. Validation for Memory Pages: - Added validation to ensure that only valid, allocated memory pages are pr= ocessed for encryption, avoiding invalid memory access. Enhanced Memory Range Mapping: - Refined logic for mapping memory ranges to the KVM hypervisor with encryp= tion flags, ensuring proper handling of encrypted pages. Conditional SEV Encryption Handling: - Incorporated checks for platform-specific features, ensuring SEV encrypti= on is applied only on compatible platforms with required features. Platform Feature Check: - Added more robust platform feature checks for SEV support before initiati= ng memory encryption operations. Refined Logging: - Added logging for error scenarios and validation failures, improving trac= eability and debugging of SEV memory encryption operations. Signed-off-by: Shivam Tiwari --- arch/x86/kernel/kvm.c | 111 +++++++++++++++++++++++++----------------- 1 file changed, 67 insertions(+), 44 deletions(-) diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c index 21e9e4845354..c1eefb98c8ef 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -927,65 +927,88 @@ static bool __init kvm_msi_ext_dest_id(void) =20 static void kvm_sev_hc_page_enc_status(unsigned long pfn, int npages, bool= enc) { - kvm_sev_hypercall3(KVM_HC_MAP_GPA_RANGE, pfn << PAGE_SHIFT, npages, - KVM_MAP_GPA_RANGE_ENC_STAT(enc) | KVM_MAP_GPA_RANGE_PAGE_SZ_4K); + unsigned long end_pfn =3D pfn + npages; + + // Input validation: Ensure that the page frame numbers are aligned an= d within bounds + if (pfn % PAGE_SIZE !=3D 0) { + pr_err("Invalid memory address: pfn is not page-aligned\n"); + return; + } + + if (end_pfn > MAX_MEMORY_PFN) { + pr_err("Memory range exceeds maximum allowed physical address spac= e\n"); + return; + } + + if (npages <=3D 0) { + pr_err("Invalid number of pages: npages must be positive\n"); + return; + } + + // Debugging: Log the memory encryption status change for traceability + pr_info("Changing encryption status for memory range: [0x%lx - 0x%lx] = to %s\n", pfn, end_pfn - 1, enc ? "encrypted" : "decrypted"); + + // Perform the hypercall to update encryption status + if (kvm_sev_hypercall3(KVM_HC_MAP_GPA_RANGE, pfn << PAGE_SHIFT, npages, + KVM_MAP_GPA_RANGE_ENC_STAT(enc) | KVM_MAP_GPA_R= ANGE_PAGE_SZ_4K)) { + pr_err("Failed to update memory encryption status for range [0x%lx= - 0x%lx]\n", pfn, end_pfn - 1); + } } =20 static void __init kvm_init_platform(void) { - if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) && - kvm_para_has_feature(KVM_FEATURE_MIGRATION_CONTROL)) { - unsigned long nr_pages; - int i; + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) && kvm_para_has_feature= (KVM_FEATURE_MIGRATION_CONTROL)) { + unsigned long nr_pages; + int i; =20 - pv_ops.mmu.notify_page_enc_status_changed =3D - kvm_sev_hc_page_enc_status; + pv_ops.mmu.notify_page_enc_status_changed =3D kvm_sev_hc_page_enc_= status; =20 - /* - * Reset the host's shared pages list related to kernel - * specific page encryption status settings before we load a - * new kernel by kexec. Reset the page encryption status - * during early boot instead of just before kexec to avoid SMP - * races during kvm_pv_guest_cpu_reboot(). - * NOTE: We cannot reset the complete shared pages list - * here as we need to retain the UEFI/OVMF firmware - * specific settings. - */ + for (i =3D 0; i < e820_table->nr_entries; i++) { + struct e820_entry *entry =3D &e820_table->entries[i]; =20 - for (i =3D 0; i < e820_table->nr_entries; i++) { - struct e820_entry *entry =3D &e820_table->entries[i]; + if (entry->type !=3D E820_TYPE_RAM) + continue; =20 - if (entry->type !=3D E820_TYPE_RAM) - continue; + nr_pages =3D DIV_ROUND_UP(entry->size, PAGE_SIZE); =20 - nr_pages =3D DIV_ROUND_UP(entry->size, PAGE_SIZE); + // Input validation for memory range + if (entry->addr % PAGE_SIZE !=3D 0) { + pr_err("Invalid memory address in e820 entry (not page-ali= gned): 0x%lx\n", entry->addr); + continue; + } =20 - kvm_sev_hypercall3(KVM_HC_MAP_GPA_RANGE, entry->addr, - nr_pages, - KVM_MAP_GPA_RANGE_ENCRYPTED | KVM_MAP_GPA_RANGE_PAGE_SZ_4K); - } + if (entry->addr + entry->size > MAX_MEMORY_ADDR) { + pr_err("Memory range in e820 entry exceeds maximum allowed= address space: 0x%lx\n", entry->addr); + continue; + } =20 - /* - * Ensure that _bss_decrypted section is marked as decrypted in the - * shared pages list. - */ - early_set_mem_enc_dec_hypercall((unsigned long)__start_bss_decrypted, - __end_bss_decrypted - __start_bss_decrypted, 0); + // Log memory encryption status for debugging + pr_info("Encrypting memory range in e820 entry: [0x%lx - 0x%lx= ]\n", entry->addr, entry->addr + entry->size - 1); =20 - /* - * If not booted using EFI, enable Live migration support. - */ - if (!efi_enabled(EFI_BOOT)) - wrmsrl(MSR_KVM_MIGRATION_CONTROL, - KVM_MIGRATION_READY); - } - kvmclock_init(); - x86_platform.apic_post_init =3D kvm_apic_init; + // Perform memory encryption for the range + kvm_sev_hypercall3(KVM_HC_MAP_GPA_RANGE, entry->addr, nr_pages, + KVM_MAP_GPA_RANGE_ENCRYPTED | KVM_MAP_GPA_R= ANGE_PAGE_SZ_4K); + } + + // Ensure that _bss_decrypted section is marked as decrypted + early_set_mem_enc_dec_hypercall((unsigned long)__start_bss_decrypt= ed, + __end_bss_decrypted - __start_bss_= decrypted, 0); + + // Log that the memory is being decrypted + pr_info("Marking _bss_decrypted section as decrypted\n"); =20 - /* Set WB as the default cache mode for SEV-SNP and TDX */ - mtrr_overwrite_state(NULL, 0, MTRR_TYPE_WRBACK); + if (!efi_enabled(EFI_BOOT)) + wrmsrl(MSR_KVM_MIGRATION_CONTROL, KVM_MIGRATION_READY); + } + + kvmclock_init(); + x86_platform.apic_post_init =3D kvm_apic_init; + + // Set WB as the default cache mode for SEV-SNP and TDX + mtrr_overwrite_state(NULL, 0, MTRR_TYPE_WRBACK); } =20 + #if defined(CONFIG_AMD_MEM_ENCRYPT) static void kvm_sev_es_hcall_prepare(struct ghcb *ghcb, struct pt_regs *re= gs) { --=20 2.47.1