On Sat, Sep 16, 2017 at 07:34:15AM -0500, Brijesh Singh wrote:
> Some KVM-specific custom MSRs share the guest physical address with the
> hypervisor in early boot. When SEV is active, the shared physical address
> must be mapped with memory encryption attribute cleared so that both
> hypervisor and guest can access the data.
>
> Add APIs to change the memory encryption attribute in early boot code.
>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
> arch/x86/include/asm/mem_encrypt.h | 17 ++++++
> arch/x86/mm/mem_encrypt.c | 121 +++++++++++++++++++++++++++++++++++++
> 2 files changed, 138 insertions(+)
>
> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
> index 2b024741bce9..21b9d8fc8293 100644
> --- a/arch/x86/include/asm/mem_encrypt.h
> +++ b/arch/x86/include/asm/mem_encrypt.h
> @@ -42,6 +42,11 @@ void __init sme_early_init(void);
> void __init sme_encrypt_kernel(void);
> void __init sme_enable(struct boot_params *bp);
>
> +int __init early_set_memory_decrypted(resource_size_t paddr,
> + unsigned long size);
> +int __init early_set_memory_encrypted(resource_size_t paddr,
> + unsigned long size);
> +
Let those stick out on a single line.
> /* Architecture __weak replacement functions */
> void __init mem_encrypt_init(void);
>
> @@ -70,6 +75,18 @@ static inline void __init sme_enable(struct boot_params *bp) { }
> static inline bool sme_active(void) { return false; }
> static inline bool sev_active(void) { return false; }
>
> +static inline int __init early_set_memory_decrypted(resource_size_t paddr,
> + unsigned long size)
> +{
> + return 0;
> +}
> +
> +static inline int __init early_set_memory_encrypted(resource_size_t paddr,
> + unsigned long size)
> +{
> + return 0;
> +}
Yeah, let's save some screen real-estate like this:
static inline int __init
early_set_memory_decrypted(resource_size_t paddr, unsigned long size) { return 0; }
static inline int __init
early_set_memory_encrypted(resource_size_t paddr, unsigned long size) { return 0; }
With that fixed:
Reviewed-by: Borislav Petkov <bp@xxxxxxx>
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
