Message ID | 20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: > When Secure Memory Encryption is enabled, the trampoline area must not > be encrypted. A CPU running in real mode will not be able to decrypt > memory that has been encrypted because it will not be able to use addresses > with the memory encryption mask. > > A recent change that added a new system_state value exposed a warning > issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. > At the stage where the trampoline area is decrypted, the system_state is > now SYSTEM_SCHEDULING. The check was changed to issue a warning if the > system_state is greater than or equal to SYSTEM_RUNNING. This piece along with the hunk touching system_state absolutely needs to be a separate patch as it is unrelated.
On 6/14/2017 11:24 AM, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: >> When Secure Memory Encryption is enabled, the trampoline area must not >> be encrypted. A CPU running in real mode will not be able to decrypt >> memory that has been encrypted because it will not be able to use addresses >> with the memory encryption mask. >> >> A recent change that added a new system_state value exposed a warning >> issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. >> At the stage where the trampoline area is decrypted, the system_state is >> now SYSTEM_SCHEDULING. The check was changed to issue a warning if the >> system_state is greater than or equal to SYSTEM_RUNNING. > > This piece along with the hunk touching system_state absolutely needs to > be a separate patch as it is unrelated. Yup, will do. Thanks, Tom >
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index a163a90..195ba29 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -6,6 +6,7 @@ #include <asm/pgtable.h> #include <asm/realmode.h> #include <asm/tlbflush.h> +#include <asm/mem_encrypt.h> struct real_mode_header *real_mode_header; u32 *trampoline_cr4_features; @@ -130,6 +131,16 @@ static void __init set_real_mode_permissions(void) unsigned long text_start = (unsigned long) __va(real_mode_header->text_start); + /* + * If SME is active, the trampoline area will need to be in + * decrypted memory in order to bring up other processors + * successfully. + */ + if (sme_active()) { + sme_early_decrypt(__pa(base), size); + set_memory_decrypted((unsigned long)base, size >> PAGE_SHIFT); + } + set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); set_memory_x((unsigned long) text_start, text_size >> PAGE_SHIFT); diff --git a/mm/early_ioremap.c b/mm/early_ioremap.c index b1dd4a9..01d13ae 100644 --- a/mm/early_ioremap.c +++ b/mm/early_ioremap.c @@ -110,7 +110,7 @@ static int __init check_early_ioremap_leak(void) enum fixed_addresses idx; int i, slot; - WARN_ON(system_state != SYSTEM_BOOTING); + WARN_ON(system_state >= SYSTEM_RUNNING); slot = -1; for (i = 0; i < FIX_BTMAPS_SLOTS; i++) {
When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. A recent change that added a new system_state value exposed a warning issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. At the stage where the trampoline area is decrypted, the system_state is now SYSTEM_SCHEDULING. The check was changed to issue a warning if the system_state is greater than or equal to SYSTEM_RUNNING. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> --- arch/x86/realmode/init.c | 11 +++++++++++ mm/early_ioremap.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-)