From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pa0-f69.google.com (mail-pa0-f69.google.com [209.85.220.69]) by kanga.kvack.org (Postfix) with ESMTP id 2A5606B0266 for ; Mon, 22 Aug 2016 19:26:00 -0400 (EDT) Received: by mail-pa0-f69.google.com with SMTP id le9so233643323pab.0 for ; Mon, 22 Aug 2016 16:26:00 -0700 (PDT) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0054.outbound.protection.outlook.com. [104.47.40.54]) by mx.google.com with ESMTPS id i8si509451pat.21.2016.08.22.16.25.59 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Aug 2016 16:25:59 -0700 (PDT) Subject: [RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active From: Brijesh Singh Date: Mon, 22 Aug 2016 19:25:51 -0400 Message-ID: <147190835102.9523.9786544054464015663.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linus.walleij@linaro.org, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounine@idt.com, kuleshovmail@gmail.com, linux-kernel@vger.kernel.org, mcgrof@kernel.org, linux-crypto@vger.kernel.org, pbonzini@redhat.com, akpm@linux-foundation.org, davem@davemloft.net From: Tom Lendacky When Secure Encrypted Virtualization is active instruction fetches are always interpreted as being from encrypted memory so the trampoline area must remain encrypted when SEV is active. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index c3edb49..f3207e5 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -138,10 +138,13 @@ static void __init set_real_mode_permissions(void) /* * If memory encryption is active, the trampoline area will need to * be in non-encrypted memory in order to bring up other processors - * successfully. + * successfully. This only applies to SME, SEV requires the trampoline + * to be encrypted. */ - sme_early_mem_dec(__pa(base), size); - sme_set_mem_dec(base, size); + if (!sev_active) { + sme_early_mem_dec(__pa(base), size); + sme_set_mem_dec(base, size); + } set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org