On Tue, Aug 22, 2017 at 06:52:48PM +0200, Borislav Petkov wrote:
> As always, the devil is in the detail.
Ok, actually we can make this much simpler by using a static key. A
conceptual patch below - I only need to fix that crazy include hell I'm
stepping into with this.
In any case, we were talking about having a static branch already so
this fits the whole strategy.
---
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d174b1c4a99e..e45369158632 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -45,6 +45,8 @@ EXPORT_SYMBOL_GPL(sme_me_mask);
unsigned int sev_enabled __section(.data) = 0;
EXPORT_SYMBOL_GPL(sev_enabled);
+DEFINE_STATIC_KEY_FALSE(__sev);
+
/* Buffer used for early in-place encryption by BSP, no locking needed */
static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE);
@@ -790,6 +792,7 @@ void __init __nostackprotector sme_enable(struct boot_params *bp)
/* SEV state cannot be controlled by a command line option */
sme_me_mask = me_mask;
sev_enabled = 1;
+ static_branch_enable(&__sev);
return;
}
diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h
index ea0831a8dbe2..f3ab965a3d6a 100644
--- a/include/linux/mem_encrypt.h
+++ b/include/linux/mem_encrypt.h
@@ -13,6 +13,8 @@
#ifndef __MEM_ENCRYPT_H__
#define __MEM_ENCRYPT_H__
+#include <linux/jump_label.h>
+
#ifndef __ASSEMBLY__
#ifdef CONFIG_ARCH_HAS_MEM_ENCRYPT
@@ -26,6 +28,8 @@
#endif /* CONFIG_ARCH_HAS_MEM_ENCRYPT */
+extern struct static_key_false __sev;
+
static inline bool sme_active(void)
{
return (sme_me_mask && !sev_enabled);
@@ -33,7 +37,7 @@ static inline bool sme_active(void)
static inline bool sev_active(void)
{
- return (sme_me_mask && sev_enabled);
+ return static_branch_unlikely(&__sev);
}
static inline unsigned long sme_get_me_mask(void)
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
