From patchwork Mon Aug 22 23:24:59 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9294727 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 68ACE607D0 for ; Mon, 22 Aug 2016 23:41:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5A24428B1C for ; Mon, 22 Aug 2016 23:41:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4E82128B22; Mon, 22 Aug 2016 23:41:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3B8628B1C for ; Mon, 22 Aug 2016 23:41:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757180AbcHVXlF (ORCPT ); Mon, 22 Aug 2016 19:41:05 -0400 Received: from mail-by2nam01on0067.outbound.protection.outlook.com ([104.47.34.67]:40788 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755634AbcHVXlB (ORCPT ); Mon, 22 Aug 2016 19:41:01 -0400 X-Greylist: delayed 1015 seconds by postgrey-1.27 at vger.kernel.org; Mon, 22 Aug 2016 19:41:01 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pHe/ROjs6DGrlwb+A/EUn9i+YGpXr9gOd6kWdGGdN00=; b=fTp7dwk84BzU1hKXGMxiJCYs7baOAciL7Hvt17FE3XPythMPj0K3v5W07TsP4fHAQOaNFa2qrOGFiT9gIPzoFc+yttJRQmYMf/lNltwk94mmoe/ICpTqe0C0wmmHh254NNKUnfgYFXdcVYddaeoFJgKfxI8B+oYK7NNokiRxzGM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BLUPR12MB0660.namprd12.prod.outlook.com (10.163.217.30) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.587.9; Mon, 22 Aug 2016 23:25:03 +0000 Subject: [RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is enabled From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:24:59 -0400 Message-ID: <147190829935.9523.3097284272847092359.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: YQXPR01CA0069.CANPRD01.PROD.OUTLOOK.COM (10.165.103.37) To BLUPR12MB0660.namprd12.prod.outlook.com (10.163.217.30) X-MS-Office365-Filtering-Correlation-Id: c955b79a-4666-4178-6962-08d3cae38e15 X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 2:+ci59fJrj8N/LlY+w74NoYU+SAR9r6gGVSm+FmEdSORLErnOEOHr8g9ooY+Mt+SpnsrKcPR68M/FAKPbjh4vBq61TfEW/49/QZV24TOkcLD2Djw51xd/Cc8uJ6QlXdpVuBj8z3bvPgVyLAPjSaa1pi4E82J+NbrGeKKQe79YoEEC2VA5GHbK481O2i658Zb0; 3:+Xt6UcS0yXjBVN0HOI0CEJD3mQo2hCUrmi5hvjn5zBaLS6dZwzASJB8oUwVlxE4W0X7t+6ra8wzJYYjhdwc4vGgk+BZA6xVY55xp+/lJn5tlZzh0pPNMSre/MY8oBqMs X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR12MB0660; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 25:dh/S0Lzs49ewN9DZojIOwFlu5f5cAzlDQ6vo6320vlZ+WIqi0KHAif6TIR/Nh4ncjJWli/CpAYcJDS07LA4SH2kuXG9YjyBs/ikyIwaRxs8WwIBm5pz9LfyHGc8v4g7kbsNGup2I4Llpjvf6cCITeBG/vkeOFvFF/+ShT0C5Hojw1n23R1eeLdUoBIa7zLTzuLb2XtpvtFpQ/h+t2xyDJ2IUDIOW6sJVen9JcBUV4aDg5kqNOZXZJVmCgKXf9ABPiKVf61aUJFvS8+EKLO9KArliTBDOd5K/ubMJ/wXTLkkvcQgWPWmneQKN1Ek2fm/hrUu8YIJ2zn0HY9PD1RPmhF+uJq0tCf5iJ0j4zD9gIV2DVP+HBkiNl2NR2mdPtEiOlIeYObxL5IBU03i7jiSnTHcYa6knyGzB+Cs2pKCnyvvxgl3396DOzDkAwqKD3xRs+HscIsguICR4hLQ4jRqKv09wp4PmN7dfeJYuiG4BTtFI0AaFMuf0JNgfEb4he8tyWFlqkKZz5i8tpKc8iHM9Xmk+DiWYGucOI7Bwo7weL3nXjFJuYFxZSIf4Y+wJ7tPKdO5gHjO91ClGdJvPe/ERvjwe+WdO+R6JHg1QFOpO2csotbuFJQ+MFUx4mNNu5BoH8SNrJvL4HmKJAxUbuiGwDmnShalrQykRE16qgb3Yby+Y5wSqY6cWk3MINVvnnMCp6nhdC+RkUMhyWqGexuXBFQ==; 31:eMeq0f21vFuF5UyfKAPCBd2EPXd9VYSaixh3VF/Z5KiSQmCUyUHtWqI/T5QLSUHDECf5RZNlBLp0Dz8/ZVKndmZlLSCpzQoMlCaC1ojuvQBXJXmdcJoGSSJKJibFtYM+v7vTSdNsbXW7W+AsljjuRVH+BDv9IssvDZVBYs0taY5ai4HbZC31Wo+poXmcmjvoorkIlAwdlw1EI sIa98xqwoGRoofce2RHiQVGqyORwE8= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 20:cX9bhcnQ9cLhAMhgMLog2pj1YTMvr0DIY6UbRAD20wNBf3LPf9gyUTjIMY+AEpD+EHo5X6H3VX6pA5vehfOzmr5KXS2QRO1dtWb8nSDVMkbs9GnFlUY57TmNnVeap1QBhiYFB42BhDLTmcsMr5ho36qoqsP2f/69/L0GPwTFni8CXNqiVlCRZ74wL2+odibHhKhfLlCGLE37WqbCH461HJ1f3F0XOds1Xam34sLyn1QvGFTfkFAdlGRTOEnQyKJAWUyd4P8SE871xXwX+eM5XMbp4BeXS+m3k68Nn5ePc97bevy/Fj8BdhN46ulZhMn9ghMrYraCMcczd1RCWnPPrJOsSi7s0W67KvqHvbwAeQmEfA69knxA6Xk4e1mm72cwIlbQtP+ahfA5G/UhC3MZcbsrD8+duFQmPweAkme88hX2pGN25MzFlelh0EtVdQusSGxXVjcME/LEdHCYsCbCNG3tx2SGHG2KTnKP4VSBVG4DH2qR235dJGT7pJfpRDK4; 4:y8Nf8ijtNEhGHokgJmkPOtwiT23ZDM1x/TCVVs4Fl88KvGCzyS2yKlI+TPkBHyB+7aa9rYCtQ9CJQGfUD9FD8oUvZPkz3VbI0sAI2eWJ6Rtyre+FXYqUDdSABYc/HPSCWrosYNPOMwfzX+MWIqVUSBF2aduX1nPmt76f87ds5nx9g58hSp5Qlxdmd8NwqjKZ6y8W2HF5gv8hQFYG6sFDIB6re3SoTj2qQRBv0lnckfsAelvVoMC61/g9zBGInI4zjZKjS/Qjs0Pg0YQgxyAceGQ9PoBM0ED0m3sUEb7P8JM+iX4BnX6sdNOBTlOBuyHeRwMhlXzOA71uTAh9mmm4q1CNdRIT7xsa0DBL3pIFjVqkuF9vj6sol1l7Jdp9aeS1nbqAReNHViJVtYOVrF1J3juumXAabgPPxXt7HO JovcrSreRlJG8pAsULBCAKCHGF X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BLUPR12MB0660; BCL:0; PCL:0; RULEID:; SRVR:BLUPR12MB0660; X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(199003)(189002)(7406005)(7416002)(42186005)(47776003)(106356001)(19580395003)(97736004)(5001770100001)(23676002)(92566002)(4001350100001)(2950100001)(77096005)(8676002)(33646002)(81156014)(81166006)(2201001)(68736007)(586003)(83506001)(19580405001)(229853001)(86362001)(189998001)(50466002)(107886002)(2906002)(66066001)(9686002)(6116002)(54356999)(7736002)(105586002)(76176999)(3846002)(101416001)(230700001)(305945005)(33716001)(50986999)(5660300001)(103116003)(7846002)(921003)(83996005)(2101003)(217873001)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR12MB0660; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjYwOzIzOkFKMGR5aEZ1RnFUSVhYWkZOM1BiMjNpMjFi?= =?utf-8?B?K2twS3pCTG5TMGdZUDhPZVhjS1RNdy9NYyswa2w5Y3ozK0o4ZVpqQlZ4dGwz?= =?utf-8?B?c0FpdlhMNmNVc1JZeVcwZXlCcTVJbTdnV3FUd01INVQrQ1ZYYVpYWVA5NElM?= =?utf-8?B?V0g1clpqRUNNTzNFNUE4c0o2N2hlZ1FpaFVpZ0E2UHlMKytxaWc3VERRejA4?= =?utf-8?B?MEErSWI3OTVZTzNvVi9lcWVWSUcyb0JiZVBkMmJRWGtaM1lXSmIvZ1pSWEtJ?= =?utf-8?B?eHNHNmJNdEptWVJSTUZ5UER6ZVBrL2tIMk1nZktaOVFpQVZacnljZjhiNjNF?= =?utf-8?B?NUl5L09USEtLdnhZaklJN1o5NmFlZS9PVjM4Tk0zR3pId1BTK2dzeW9FaXh6?= =?utf-8?B?UllKM0JSRlJFYkNOb0RMajQxdDFwVml4YU9PTi9pTkJvUVI2dG81KzV1dy92?= =?utf-8?B?RUJPenBGVndCdHljSGxaaW5LVU5CMEJVNDJCbnB1emMyK1pYd0hUbVU5QXBa?= =?utf-8?B?WExLZE9UR3pJbXdLUkcweXVJWTNzbEdqZThGS2o4WmMxZldGM0dsM0xobWl4?= =?utf-8?B?N0kxZVZ6QU05a1dISUZYUFRtek92SldyZnVLWGI1RkpWS2ExSlVGdkpiNXNO?= =?utf-8?B?UzVSYkYzbWdiMXdiRVR5UGVsUlJDS1VIdldwQkVMN0ZpZ00xY2ZFMXFQdXMw?= =?utf-8?B?bFpOckNOUlRJMkJQTStPc01Wb2Ixc2Zud0Y4bUlDYkpPc2cxY0VQd3ZGck56?= =?utf-8?B?NHRkNVViWW0rQURmSGxEcVU1NDJ4NXZkR1gzMGJRS0haMUYrdVBjQXlONUVt?= =?utf-8?B?M3U4NnptVyt5SmlwREdGcnlIakJXZ2RHSnF5M3JPd3ZQN042UlZMeTA5RGtC?= =?utf-8?B?VDk3eTcvMjlxby9JQ3g0TWJxSU9BMm45NXpVOTBTeEpmQkhRTXB2V1VrY1I5?= =?utf-8?B?VTk1TXRSOG16ZUVIeURCVnZDNVpnVnkxcVgreU9GTEdpc0VpMUZSU1g2cXZB?= =?utf-8?B?dkNPWWxJazFwZnRaRFRjMWQ5UDJTVW14QXNKNk1ZQVVXQVBKNUdHbXQycFR3?= =?utf-8?B?MDVlUkNjNldvUlRkbmJsZDE3M0ROb2VIWG8zVDN2TDZRYk0zdmxxeHluTXpa?= =?utf-8?B?c0l5MkFUY1ZrUFlxZkNMSWJVQ1JoV3pFVkVFVG9wQ3pxZ2ZlNkVrUWc3RS8x?= =?utf-8?B?SG9VV1RUekFQUStYS2Y2b1VHZHlnaFNMM3lLNVI3eDVqUWVvbGFibG55Ukox?= =?utf-8?B?U0l5Z1NGRHNoVGRwTUlwOVhuV3dSYzE5THVGbllMTk9VMlF4a04wWTBObzBu?= =?utf-8?B?K0hYZVZZVWJNOEhVUmxJbUJEZ1RRN0Ntc2RrWEFlV1VGQ05sbjNRT0QrODFT?= =?utf-8?B?RDFhZ3BlS1VpaUswdTc5MUk0Z3d1V2puK0hPaHdQUHJ3NmYxdEFaa3VjSjBx?= =?utf-8?B?ZGdsQUtPYkc5YmpWYkJxYjJkUG9NQ211a0VtUmVBRXhjZElsSisvaHBpSkRj?= =?utf-8?B?aHNmeElFS05CL1YxOUxMWDZRQ1RENTNIZytvSjcyZjc1cjBHaEdWNFFmcU9p?= =?utf-8?B?R05DWUd5RGxNN085ZkpoM3ZtZGNHWjJENFJEdXNnekRyWFhMcFZwZnYva1Jr?= =?utf-8?B?TWxhUHZWL2ZQZUlHanF0ckFmaTNES05TQ0JCS2NJenBKaVBOdHhMdHEzVHN6?= =?utf-8?B?ZXp3bGdtUUlRSzF5ODU1a2lteWJmYVdXNjFuNHFNb3pFQUhrMlljRmtNV0Za?= =?utf-8?B?VEE4aGF5eldMMVY3NUNSMDhuNTFPTm9KdUxRaFk0d2F3K2xTTDRCZTEwRkF1?= =?utf-8?Q?aw93g0RYWUMN0?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 6:gDRTByDdEZ3bvTDkMsOPvU4Am1fSw0HW4mzfskDuxEuUbx3iLwu1RtBwwLOT85RL+oP4CVe3dcq7+za7YgWXcxG3stju+AZb9zn/qaDT/wG7M1+eFna1IqH3jTzweCXsAxhm0EkYxBFxYn+JDeLZAy1mJe08mibnROhx7qaMw7xsZv49HhReRCJa/InIaK1n62R5C9vKsKhhQ5j3nbo9L+slhOOFpupBryxSfnPmwteIICbFaI+FNo4/kdH6daSJYfSP1CUxmiR9PcPzwK1XdoNRpqLjZDjj9y00b+eOhAVny3d3d+tOwkfgM54ZETsOb8w1dz+XTpH2DROk046YXA==; 5:XhGAkXwMpAyVQ1809+idMhJf+F4FYRobMEsOtEStQ7kobSChtkzcP+XzDc7MlBEzaf4Y2472FhjNsJXTBMNwJZkrZ7YKoC7SC1o6HF2UBaIObhvhbE5Sh1ohSbSf23nRkN6maBota3m6lLJ/8cI2jw==; 24:IrF/fLDUXkZmeGKyAyj2kaz4lb8wK24U607lgiUdAgM9BFLffB0gJPKOP0vp4JrN+TwxsRMxemEYQNQ3SfmkteLMxa4KXlA8mjwWbaqzEcE=; 7:+EGapBw92akRV8xX8lHzKvky2J1qIwO6RJOPrumLy3gvrkzg2DWd1TLND73KVRNKXpsLRP7+x4zLA3tJZa66xC7g5kmYaj9v2BklVh9NDUxNX4WP0M4JFaOuicxrcGA7MK26wMuXWs0BcgoSnDQFtJDaOMryvTPJ/ZA0P36EvDVJpaSiA+/obLY+BkjhnCJ1vLItrpn+rqEeG/BUDjGLzZ6k4Ftl3O9rlA4UeznMba/Sn9rA/eD0ggA4zTiS933f SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0660; 20:aiVuQ/KIMycP5SPjadsI0kFBb/dR0wR2a2RRqoRRXFKzj7ef5fI+DeEedkJwXXySHt90UijzHZKN5m1LLKcuddqdKxs3wpYxE2lNXoUDYKprtYEtDbdQQjNtXX8d45dY1siWQMolvPoj9aGBV9c7JODzjRBtvTK/KOSfknWgcijwOL6jZk2/PWuB+r+x25iSpnKlEkvPLaB6xpnxVNMmZzKqpYnm/izxNLfGncM7z7qiiPShHOw/07Zm2LRN5vYc X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:25:03.8139 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0660 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky When running under SEV, some memory areas that were originally not encrypted under SME are already encrypted. In these situations do not attempt to encrypt them. Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c | 4 ++-- arch/x86/kernel/setup.c | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 358d7bc..4a15def 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -114,7 +114,7 @@ static void __init create_unencrypted_mapping(void *address, unsigned long size) unsigned long physaddr = (unsigned long)address - __PAGE_OFFSET; pmdval_t pmd_flags, pmd; - if (!sme_me_mask) + if (!sme_me_mask || sev_active) return; /* Clear the encryption mask from the early_pmd_flags */ @@ -165,7 +165,7 @@ static void __init __clear_mapping(unsigned long address) static void __init clear_mapping(void *address, unsigned long size) { - if (!sme_me_mask) + if (!sme_me_mask || sev_active) return; do { diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index cec8a63..9c10383 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -380,10 +380,11 @@ static void __init reserve_initrd(void) /* * This memory is marked encrypted by the kernel but the ramdisk - * was loaded in the clear by the bootloader, so make sure that - * the ramdisk image is encrypted. + * was loaded in the clear by the bootloader (unless SEV is active), + * so make sure that the ramdisk image is encrypted. */ - sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image); + if (!sev_active) + sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image); initrd_start = 0;