diff mbox

[RFC,v1,07/28] x86: Do not encrypt memory areas if SEV is enabled

Message ID 147190829935.9523.3097284272847092359.stgit@brijesh-build-machine (mailing list archive)
State New, archived
Headers show

Commit Message

Brijesh Singh Aug. 22, 2016, 11:24 p.m. UTC
From: Tom Lendacky <thomas.lendacky@amd.com>

When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kernel/head64.c |    4 ++--
 arch/x86/kernel/setup.c  |    7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 358d7bc..4a15def 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -114,7 +114,7 @@  static void __init create_unencrypted_mapping(void *address, unsigned long size)
 	unsigned long physaddr = (unsigned long)address - __PAGE_OFFSET;
 	pmdval_t pmd_flags, pmd;
 
-	if (!sme_me_mask)
+	if (!sme_me_mask || sev_active)
 		return;
 
 	/* Clear the encryption mask from the early_pmd_flags */
@@ -165,7 +165,7 @@  static void __init __clear_mapping(unsigned long address)
 
 static void __init clear_mapping(void *address, unsigned long size)
 {
-	if (!sme_me_mask)
+	if (!sme_me_mask || sev_active)
 		return;
 
 	do {
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index cec8a63..9c10383 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -380,10 +380,11 @@  static void __init reserve_initrd(void)
 
 	/*
 	 * This memory is marked encrypted by the kernel but the ramdisk
-	 * was loaded in the clear by the bootloader, so make sure that
-	 * the ramdisk image is encrypted.
+	 * was loaded in the clear by the bootloader (unless SEV is active),
+	 * so make sure that the ramdisk image is encrypted.
 	 */
-	sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image);
+	if (!sev_active)
+		sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image);
 
 	initrd_start = 0;