On Thu, Sep 06, 2018 at 01:37:50PM -0500, Brijesh Singh wrote: > > > On 09/06/2018 09:18 AM, Sean Christopherson wrote: > .... > > >>> > >>>So are we going to be defining a decrypted section for every piece of > >>>machinery now? > >>> > >>>That's a bit too much in my book. > >>> > >>>Why can't you simply free everything in .data..decrypted on !SVE guests? > >> > >>That would prevent adding __decrypted to existing declarations, e.g. > >>hv_clock_boot, which would be ugly in its own right. A more generic > >>solution would be to add something like __decrypted_exclusive to mark > >>data that is used if and only if SEV is active, and then free the > >>SEV-only data when SEV is disabled. > > > >Oh, and we'd need to make sure __decrypted_exclusive is freed when > >!CONFIG_AMD_MEM_ENCRYPT, and preferably !sev_active() since the big > >array is used only if SEV is active. This patch unconditionally > >defines hv_clock_dec but only frees it if CONFIG_AMD_MEM_ENCRYPT=y && > >!mem_encrypt_active(). > > > > Again we have to consider the bare metal scenario while doing this. The > aux array you proposed will be added in decrypted section only when > CONFIG_AMD_MEM_ENCRYPT=y. If CONFIG_AMD_MEM_ENCRYPT=n then nothng > gets put in .data.decrypted section. At the runtime, if memory > encryption is active then .data.decrypted_hvclock will contains useful > data. > > The __decrypted attribute in "" when CONFIG_AMD_MEM_ENCRYPT=n. Right, but won't the data get dumped into the regular .bss in that case, i.e. needs to be freed?
