Hi Sean,
On 08/22/2018 10:00 AM, Sean Christopherson wrote:
On Wed, Aug 22, 2018 at 10:14:17AM +0200, Borislav Petkov wrote:
Dropping Pavel as it bounces.
On Tue, Aug 21, 2018 at 11:07:38AM -0500, Brijesh Singh wrote:
The tsc_early_init() is called before setup_arch() -> init_mem_mapping.
Ok, I see it, thanks for explaining.
So back to your original ideas - I'm wondering whether we should define
a chunk of memory which the hypervisor and guest can share and thus
communicate over... Something ala SEV-ES also with strictly defined
layout and put all those variables there. And then the guest can map
decrypted.
What about creating a data section specifically for shared memory?
The section would be PMD aligned and sized so that it could be mapped
appropriately without having to fracture the page. Then define a
macro to easily declare data in the new section, a la __read_mostly.
Yes, this is one of approach I have in mind. It will avoid splitting
the larger pages; I am thinking that early in boot code we can lookup
for this special section and decrypt it in-place and probably maps with
C=0. Only downside, it will increase data section footprint a bit
because we need to align this section to PM_SIZE.
There might be something similar though, I dunno.
Maybe Paolo has a better idea...
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
