git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ard Biesheuvel <ardb@kernel.org>
	Fri, 26 Jan 2024 16:39:19 +0000 (17:39 +0100)
committer	Sasha Levin <sashal@kernel.org>
	Tue, 26 Mar 2024 22:19:19 +0000 (18:19 -0400)
commit	835ae8a07a2a3da13ca3c60a5c873fac0362e89e
tree	a9c37d80b33202a8b438a183f2e8a3c780ac0635	tree
parent	1723d72da7adbdfe7c48e942f0c073e4d7c9590d	commit \| diff

x86/sme: Fix memory encryption setting if enabled by default and not overridden

[ Upstream commit e814b59e6c2b11f5a3d007b2e61f7d550c354c3a ]

Commit

cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")

'fixed' an issue in sme_enable() detected by static analysis, and broke
the common case in the process.

cmdline_find_option() will return < 0 on an error, or when the command
line argument does not appear at all. In this particular case, the
latter is not an error condition, and so the early exit is wrong.

Instead, without mem_encrypt= on the command line, the compile time
default should be honoured, which could be to enable memory encryption,
and this is currently broken.

Fix it by setting sme_me_mask to a preliminary value based on the
compile time default, and only omitting the command line argument test
when cmdline_find_option() returns an error.

[ bp: Drop active_by_default while at it. ]

Fixes: cbebd68f59f0 ("x86/mm: Fix use of uninitialized buffer in sme_enable()")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20240126163918.2908990-2-ardb+git@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>