From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 18112C61D90
	for <linux-mm@archiver.kernel.org>; Tue, 21 Nov 2023 21:20:55 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8A5AB6B04A3; Tue, 21 Nov 2023 16:20:46 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 856AD6B04A5; Tue, 21 Nov 2023 16:20:46 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6A9EE6B04A6; Tue, 21 Nov 2023 16:20:46 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 550616B04A3
	for <linux-mm@kvack.org>; Tue, 21 Nov 2023 16:20:46 -0500 (EST)
Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 3ED101A034C
	for <linux-mm@kvack.org>; Tue, 21 Nov 2023 21:20:46 +0000 (UTC)
X-FDA: 81483230892.02.78DC8F0
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181])
	by imf24.hostedemail.com (Postfix) with ESMTP id 513BD18000F
	for <linux-mm@kvack.org>; Tue, 21 Nov 2023 21:20:44 +0000 (UTC)
Authentication-Results: imf24.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=XWbXGxv7;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf24.hostedemail.com: domain of mhkelley58@gmail.com designates 209.85.214.181 as permitted sender) smtp.mailfrom=mhkelley58@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1700601644;
	h=from:from:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=;
	b=lxAq8TsHOQ+Phhc1yS0sr/gKNzRoY04Q6G839cHQWFuB3KwLD9evxiZXEAOvTXpS83OnBz
	xikro0qklWtcQR2Wf73ZAkkv7BRo0oR2nejZfbFwHEUSH+g6Nya3qMJNpvjfIOUDUU7Tv1
	Al9fdhza+VZUMFUq7CTNvvUJfirMysA=
ARC-Authentication-Results: i=1;
	imf24.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=XWbXGxv7;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf24.hostedemail.com: domain of mhkelley58@gmail.com designates 209.85.214.181 as permitted sender) smtp.mailfrom=mhkelley58@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1700601644; a=rsa-sha256;
	cv=none;
	b=F2ZNg1dwNhNB9mhVifg+JpExfBj55exOWkbBQZSj5l39CqlOqij2nLdTVDb7bMompppBP2
	bW3gy/+SFM1kz8cGK46YUc9eyhNlsPJ2F/NSPzSvJFXbJLaIbLKDtcvITD/HndI0deNJzc
	BeQKC1XIAaf5D5gL/hJpk1o71fYTGmM=
Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1cf5901b4c8so26823765ad.1
        for <linux-mm@kvack.org>; Tue, 21 Nov 2023 13:20:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1700601643; x=1701206443; darn=kvack.org;
        h=content-transfer-encoding:mime-version:reply-to:references
         :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=;
        b=XWbXGxv7i8kRz9b9oV1SfxofWzv1mAudPJt4d34wL4TDcia/+CaYgGE9Ev4J43IyHi
         QfsiPukbzeTDXrpPlhoPmuHAnUPDmp0LEVPGMFJFLdjA9tfTv0V0oUi56NlaDG82eyX5
         n53bWZ6kBho0Q+TudwDn3bQ7Ui2p90J79Cpxp0QITSgGuxxyzBsh8kMc7Fft8MiA+evO
         irFUne3+9A+szPCXy9eaT83wI15/gR9Yp1RFpaKQOvcfrr+SM+HWCGi0Hx5BFMt/x3cI
         E+yJvE4982qHxUq5Q7lVP3vfZZ2CO3gfSJk2lk2fwpMqxM+juf4qIbLi1Oeh/KqwadlF
         ZTVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1700601643; x=1701206443;
        h=content-transfer-encoding:mime-version:reply-to:references
         :in-reply-to:message-id:date:subject:to:from:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=r8UP31zz2tzNyQ1XI1JgNxsSlBbVYVcKRejtDKCckFA=;
        b=MAfaVTslUt1t5JlW6wNdIs47ulM8Zo8SVjyQxJeQfcYXFJXIGjA4hEHIbYvCkeQRj5
         K3q7QhW4pogaMeYDPr/B2sW09J+FdWVVWoi1cy/jiQiRtrffdEYZOnwBrzC0+C9efXPx
         TrKmXYJc9jc7F8/klGEyEd0FJDEzADr57rajN15SpMV1kxGBmgEb825XXN87c+KObsUq
         zPosy6YqTwn3HAXbb6ttOymPj5ZqSJQRUhq7EtZk8yJsNo1uMBDc/wUNh9Mv0Gc0biFu
         698Gn9R/HTilbjcJKJgwt25S72zEJcwv0bDznzPNODvuWy/Nr8J7boo8u9xqINngSmDD
         zSRA==
X-Gm-Message-State: AOJu0YzOmKRQjmLJbca4wCkdAxW9OOUfE1aKvKL+6EDQL9NKH9cmIey5
	E9e0oLS+aLFKA9Y4VRCoQtI=
X-Google-Smtp-Source: AGHT+IGw2VRIF1KG5D53DbB1/O4g2GnYpBfD7Y44LMA28ENuVB/Zgq+24fLWa4HnCMkuyOoJyBsYkg==
X-Received: by 2002:a17:903:1107:b0:1cf:73ff:b196 with SMTP id n7-20020a170903110700b001cf73ffb196mr470013plh.8.1700601643193;
        Tue, 21 Nov 2023 13:20:43 -0800 (PST)
Received: from localhost.localdomain (c-73-254-87-52.hsd1.wa.comcast.net. [73.254.87.52])
        by smtp.gmail.com with ESMTPSA id j2-20020a170902758200b001bf52834696sm8281924pll.207.2023.11.21.13.20.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 Nov 2023 13:20:42 -0800 (PST)
From: mhkelley58@gmail.com
X-Google-Original-From: mhklinux@outlook.com
To: tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	dave.hansen@linux.intel.com,
	x86@kernel.org,
	hpa@zytor.com,
	kirill.shutemov@linux.intel.com,
	kys@microsoft.com,
	haiyangz@microsoft.com,
	wei.liu@kernel.org,
	decui@microsoft.com,
	luto@kernel.org,
	peterz@infradead.org,
	akpm@linux-foundation.org,
	urezki@gmail.com,
	hch@infradead.org,
	lstoakes@gmail.com,
	thomas.lendacky@amd.com,
	ardb@kernel.org,
	jroedel@suse.de,
	seanjc@google.com,
	rick.p.edgecombe@intel.com,
	sathyanarayanan.kuppuswamy@linux.intel.com,
	linux-kernel@vger.kernel.org,
	linux-coco@lists.linux.dev,
	linux-hyperv@vger.kernel.org,
	linux-mm@kvack.org
Subject: [PATCH v2 8/8] x86/mm: Add comments about errors in set_memory_decrypted()/encrypted()
Date: Tue, 21 Nov 2023 13:20:16 -0800
Message-Id: <20231121212016.1154303-9-mhklinux@outlook.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231121212016.1154303-1-mhklinux@outlook.com>
References: <20231121212016.1154303-1-mhklinux@outlook.com>
Reply-To: mhklinux@outlook.com
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 513BD18000F
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: ia44jxecwcohwdiow66jp7n69sj4spa1
X-HE-Tag: 1700601644-984316
X-HE-Meta: U2FsdGVkX199FrJV/NOGytxJPWd1oeNW1sbKZXukfSk4fhrMqyOIwyjG5R1p+uh2KbIuy2ydzeJ61zAx7HTZG6WzIulTH1thaAjK0fV5cFZXzqC3dJttCp4SFZSvp8eeEdC0c4ZNlVliTrIr+/EeUSz6lH0/DzX2oXOBO+0rIvWhCiJiugskwSnGadPzlhtT87+5lSJxX0oHKuUGC9Y/acx1Y9CLbVyLQIqX6Izwi0PDSEuRQvFizV4jx2FLUwIDcgjyt+zgSzNoZRjr/kPqh41GTtZPQwBpCmOwywUHJMDHqLAhVsROahsbhBTGS1Op1DwVftJKWU+YbNDE8ML3+2EDTwOWhBt4NP/krsxSe7dLZfWqO6zRFEB0HWJ6CvDYfxHuddvfIitlykYaki3foF4wHplWx0BumMN3sBvnQyWDbn18qKzjNWffu7HGxLSFcD9H5ArItLTdKu6H4HkOlkuSdEsaq8VB5r+AJ0Q6YwOWAhaLlZUTlqLJsf8UTw/s4qF3FTEY7DbzAMBeM8h9fPHMIRF0orlcNj2jAs3n7FfJSq4CRQE0QNQ6jqXVgg4AjkGdjcsMgIbwYTQQ+z9iPx8um6bdfY58YOpAMCA+WOGfrRhMZmc444lz8ZN8GsZEjcjPAFC0O+TzLmPA+6vZA4FuXUektJhnI/ItdgIIN3afgOAtYGRIEkBrHQOmhE2AMxmjQO2U49ZuRUZ/faWLFwvM+n1s9g071RkCdE5OvLo4Xb8pqQJIRRKSt4s/RebTnX+5E0IIzgWCmp4+sMxpqJSdp67dAmmDu9annMHXZpatooBshEQWCVMkV5rQeCB6iKxGJCw1EtihjWOJiT+IwG99iz1LNkwmXBLtPqnbc+zI1gjS1q7w8HmS46yYzlsT09YgYhOcxDVn0oBr660j3o7/69+YAeRX26yxxeW4NHb/3VPSMgZOCWs1so8giQ5Lspc7oE4QFtz8AAML/HA
 jSCf4QlA
 zU09WxXtNt3YSJg3oFJlROuGNRW1p3CubVPDSdxGBD4MktuHpCBURJ+ZEv3moymdbFba7jycoUviB62BNJhZ2gt7DTe61/YmsLiEJS3q+d3jjCs+NS9VxZH/7QQ7kODMtJK5mXGfJxJzZJuAyzrPvemuoLjrbMcj9N1C7kH0QJL1vTZrQnFlA1S2hoLd/LWw5a9vOb2TPPtUYU204TRV4FqU7SrEyPHhgc+CdvJUl9Sn5SFX0nB/toX3MzKmZ+Mka9CwKRiqHilkbwHA+hBJnCgBYKp7rU10aQUDTV0qDBctHIN6krMN57hpb7rojOuuBPTQrEK9l1x6ZtEnYojS9/GDWzdkujsMh4EWCliAoCE7JGy3KBXvykuULSW/pYU/efzEDetF5dufMHDpT5vm0fvdhmFUTp485LipLZ22E3jbU/0zXhNI8reWmdA8oo4rjnAGjRHK8TFn0dr1CW03pb4/Y5Hpll2OCjiRu/liBmgnWZQ9HkLT8/jGHNJH/zuBuxUCcs40Lmc814/Io12/LWxTWcEzlbg4B700zOsFVLAeXqV93kORjY0koVwXV8YtVKmp8R6lz22wF2FoPzadS79zQxxLalT0yXfS2R3nl0NtBXJOAz8z0NzlPjSotB6ogFK5pgJQA/4jJwnuL1EM09GDiuw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

From: Michael Kelley <mhklinux@outlook.com>

The functions set_memory_decrypted()/encrypted() may leave the input
memory range in an inconsistent state if an error occurs.  Add comments
describing the situation and what callers must be aware of.  Also add
comments in __set_memory_enc_dec() with more details on the issues and
why further investment in error handling is not likely to be useful.

No functional change.

Suggested-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Michael Kelley <mhklinux@outlook.com>
---
 arch/x86/mm/pat/set_memory.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 7365c86a7ff0..f519e5ca543b 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2133,6 +2133,24 @@ int set_memory_global(unsigned long addr, int numpages)
 /*
  * __set_memory_enc_dec() is used for the hypervisors that get
  * informed about "encryption" status via page tables.
+ *
+ * If an error occurs in making the transition between encrypted and
+ * decrypted, the transitioned memory is left in an indeterminate state.
+ * The encryption status in the guest page tables may not match the
+ * hypervisor's view of the encryption status, making the memory unusable.
+ * If the memory consists of multiple pages, different pages may be in
+ * different indeterminate states.
+ *
+ * It is difficult to recover from errors such that we can ensure
+ * consistency between the page tables and hypervisor view of the encryption
+ * state. It may not be possible to back out of changes, particularly if the
+ * failure occurs in communicating with the hypervisor. Given this limitation,
+ * further work on the error handling is not likely to meaningfully improve
+ * the reliablity or usability of the system.
+ *
+ * Any errors are likely to soon render the VM inoperable, but we return
+ * an error rather than panic'ing so that the caller can decide how best
+ * to shutdown cleanly.
  */
 static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
 {
@@ -2203,6 +2221,14 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
 	return set_memory_p(&addr, numpages);
 }
 
+/*
+ * If set_memory_encrypted()/decrypted() returns an error, the input memory
+ * range is left in an indeterminate state.  The encryption status of pages
+ * may be inconsistent, so the memory is unusable.  The caller should not try
+ * to do further operations on the memory, or return it to the free list.
+ * The memory must be leaked, and the caller should take steps to shutdown
+ * the system as cleanly as possible as something is seriously wrong.
+ */
 int set_memory_encrypted(unsigned long addr, int numpages)
 {
 	return __set_memory_enc_dec(addr, numpages, true);
-- 
2.25.1