Re: [PATCH 2/3 v3] x86/kexec: Set the C-bit in the identity map page table when SEV is active

lijiang <lijiang@xxxxxxxxxx> · Thu, 16 May 2019 09:12:26 +0800

在 2019年05月15日 21:30, Borislav Petkov 写道:
> On Tue, Apr 30, 2019 at 03:44:20PM +0800, Lianbo Jiang wrote:
>> When SEV is active, the second kernel image is loaded into the
>> encrypted memory. Lets make sure that when kexec builds the
>> identity mapping page table it adds the memory encryption mask(C-bit).
>>
>> Co-developed-by: Brijesh Singh <brijesh.singh@xxxxxxx>
>> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
>> Signed-off-by: Lianbo Jiang <lijiang@xxxxxxxxxx>
>> ---
>>  arch/x86/kernel/machine_kexec_64.c | 12 +++++++++++-
>>  1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
>> index f60611531d17..11fe352f7344 100644
>> --- a/arch/x86/kernel/machine_kexec_64.c
>> +++ b/arch/x86/kernel/machine_kexec_64.c
>> @@ -56,6 +56,7 @@ static int init_transition_pgtable(struct kimage *image, pgd_t *pgd)
>>  	pte_t *pte;
>>  	unsigned long vaddr, paddr;
>>  	int result = -ENOMEM;
>> +	pgprot_t prot = PAGE_KERNEL_EXEC_NOENC;
>>  
>>  	vaddr = (unsigned long)relocate_kernel;
>>  	paddr = __pa(page_address(image->control_code_page)+PAGE_SIZE);
>> @@ -92,7 +93,11 @@ static int init_transition_pgtable(struct kimage *image, pgd_t *pgd)
>>  		set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
>>  	}
>>  	pte = pte_offset_kernel(pmd, vaddr);
>> -	set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, PAGE_KERNEL_EXEC_NOENC));
>> +
>> +	if (sev_active())
>> +		prot = PAGE_KERNEL_EXEC;
>> +
>> +	set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, prot));
>>  	return 0;
>>  err:
>>  	return result;
>> @@ -129,6 +134,11 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
>>  	level4p = (pgd_t *)__va(start_pgtable);
>>  	clear_page(level4p);
>>  
>> +	if (sev_active()) {
>> +		info.page_flag |= _PAGE_ENC;
>> +		info.kernpg_flag = _KERNPG_TABLE;
> 
> kernpg_flag above is initialized to _KERNPG_TABLE_NOENC so you can do here
> 
> 		info.kernpg_flag |= _PAGE_ENC;
> 
> too, to make it even more clear what this does, right?
> 
OK, i will modify it according to your suggestion and post again.

Thanks.
Lianbo

> IOW:
> 
> diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
> index 783ce5184405..16c37fe489bc 100644
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -135,8 +135,8 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
>         clear_page(level4p);
>  
>         if (sev_active()) {
> -               info.page_flag |= _PAGE_ENC;
> -               info.kernpg_flag = _KERNPG_TABLE;
> +               info.page_flag   |= _PAGE_ENC;
> +               info.kernpg_flag |= _PAGE_ENC;
>         }
>  
>         if (direct_gbpages)
> 
> 

_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec