On 09/14/2016 09:51 AM, Borislav Petkov wrote: > On Wed, Sep 14, 2016 at 09:29:41AM -0500, Tom Lendacky wrote: >> This is still required because just using the __va() would still cause >> the mapping created to have the encryption bit set. The ioremap call >> will result in the mapping not having the encryption bit set. > > I meant this: https://lkml.kernel.org/r/20160902181447.GA25328@xxxxxxxxxxx > > Wouldn't simply clearing the SME mask work? > > #define __va(x) ((void *)(((unsigned long)(x)+PAGE_OFFSET) & ~sme_me_mask)) > > Or are you saying, one needs the whole noodling through ioremap_cache() > because the data is already encrypted and accessing it with sme_me_mask > cleared would simply give you the encrypted garbage? The problem is that this physical address does not contain the encryption bit, and even if it did, it wouldn't matter. The __va() define creates a virtual address that will be mapped as encrypted given the current approach (which is how I found this). It's only ioremap() that would create a mapping without the encryption attribute and since this is unencrypted data it needs to be access accordingly. Thanks, Tom > -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html