mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	 b3f0907c71
			
		
	
	
		b3f0907c71
		
	
	
	
	
		
			
			kvmclock defines few static variables which are shared with the hypervisor during the kvmclock initialization. When SEV is active, memory is encrypted with a guest-specific key, and if the guest OS wants to share the memory region with the hypervisor then it must clear the C-bit before sharing it. Currently, we use kernel_physical_mapping_init() to split large pages before clearing the C-bit on shared pages. But it fails when called from the kvmclock initialization (mainly because the memblock allocator is not ready that early during boot). Add a __bss_decrypted section attribute which can be used when defining such shared variable. The so-defined variables will be placed in the .bss..decrypted section. This section will be mapped with C=0 early during boot. The .bss..decrypted section has a big chunk of memory that may be unused when memory encryption is not active, free it when memory encryption is not active. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Sean Christopherson <sean.j.christopherson@intel.com> Cc: Radim Krčmář<rkrcmar@redhat.com> Cc: kvm@vger.kernel.org Link: https://lkml.kernel.org/r/1536932759-12905-2-git-send-email-brijesh.singh@amd.com
		
			
				
	
	
		
			101 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			101 lines
		
	
	
		
			3.0 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * AMD Memory Encryption Support
 | |
|  *
 | |
|  * Copyright (C) 2016 Advanced Micro Devices, Inc.
 | |
|  *
 | |
|  * Author: Tom Lendacky <thomas.lendacky@amd.com>
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU General Public License version 2 as
 | |
|  * published by the Free Software Foundation.
 | |
|  */
 | |
| 
 | |
| #ifndef __X86_MEM_ENCRYPT_H__
 | |
| #define __X86_MEM_ENCRYPT_H__
 | |
| 
 | |
| #ifndef __ASSEMBLY__
 | |
| 
 | |
| #include <linux/init.h>
 | |
| 
 | |
| #include <asm/bootparam.h>
 | |
| 
 | |
| #ifdef CONFIG_AMD_MEM_ENCRYPT
 | |
| 
 | |
| extern u64 sme_me_mask;
 | |
| extern bool sev_enabled;
 | |
| 
 | |
| void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr,
 | |
| 			 unsigned long decrypted_kernel_vaddr,
 | |
| 			 unsigned long kernel_len,
 | |
| 			 unsigned long encryption_wa,
 | |
| 			 unsigned long encryption_pgd);
 | |
| 
 | |
| void __init sme_early_encrypt(resource_size_t paddr,
 | |
| 			      unsigned long size);
 | |
| void __init sme_early_decrypt(resource_size_t paddr,
 | |
| 			      unsigned long size);
 | |
| 
 | |
| void __init sme_map_bootdata(char *real_mode_data);
 | |
| void __init sme_unmap_bootdata(char *real_mode_data);
 | |
| 
 | |
| void __init sme_early_init(void);
 | |
| 
 | |
| void __init sme_encrypt_kernel(struct boot_params *bp);
 | |
| void __init sme_enable(struct boot_params *bp);
 | |
| 
 | |
| int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size);
 | |
| int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size);
 | |
| 
 | |
| /* Architecture __weak replacement functions */
 | |
| void __init mem_encrypt_init(void);
 | |
| void __init mem_encrypt_free_decrypted_mem(void);
 | |
| 
 | |
| bool sme_active(void);
 | |
| bool sev_active(void);
 | |
| 
 | |
| #define __bss_decrypted __attribute__((__section__(".bss..decrypted")))
 | |
| 
 | |
| #else	/* !CONFIG_AMD_MEM_ENCRYPT */
 | |
| 
 | |
| #define sme_me_mask	0ULL
 | |
| 
 | |
| static inline void __init sme_early_encrypt(resource_size_t paddr,
 | |
| 					    unsigned long size) { }
 | |
| static inline void __init sme_early_decrypt(resource_size_t paddr,
 | |
| 					    unsigned long size) { }
 | |
| 
 | |
| static inline void __init sme_map_bootdata(char *real_mode_data) { }
 | |
| static inline void __init sme_unmap_bootdata(char *real_mode_data) { }
 | |
| 
 | |
| static inline void __init sme_early_init(void) { }
 | |
| 
 | |
| static inline void __init sme_encrypt_kernel(struct boot_params *bp) { }
 | |
| static inline void __init sme_enable(struct boot_params *bp) { }
 | |
| 
 | |
| static inline bool sme_active(void) { return false; }
 | |
| static inline bool sev_active(void) { return false; }
 | |
| 
 | |
| static inline int __init
 | |
| early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; }
 | |
| static inline int __init
 | |
| early_set_memory_encrypted(unsigned long vaddr, unsigned long size) { return 0; }
 | |
| 
 | |
| #define __bss_decrypted
 | |
| 
 | |
| #endif	/* CONFIG_AMD_MEM_ENCRYPT */
 | |
| 
 | |
| /*
 | |
|  * The __sme_pa() and __sme_pa_nodebug() macros are meant for use when
 | |
|  * writing to or comparing values from the cr3 register.  Having the
 | |
|  * encryption mask set in cr3 enables the PGD entry to be encrypted and
 | |
|  * avoid special case handling of PGD allocations.
 | |
|  */
 | |
| #define __sme_pa(x)		(__pa(x) | sme_me_mask)
 | |
| #define __sme_pa_nodebug(x)	(__pa_nodebug(x) | sme_me_mask)
 | |
| 
 | |
| extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypted_unused[];
 | |
| 
 | |
| #endif	/* __ASSEMBLY__ */
 | |
| 
 | |
| #endif	/* __X86_MEM_ENCRYPT_H__ */
 |