From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932764AbcHVX6d (ORCPT ); Mon, 22 Aug 2016 19:58:33 -0400 Received: from mail-cys01nam02on0065.outbound.protection.outlook.com ([104.47.37.65]:41796 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756228AbcHVX6Y (ORCPT ); Mon, 22 Aug 2016 19:58:24 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Subject: [RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:25:14 -0400 Message-ID: <147190831414.9523.1885664762210149209.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY1PR14CA0005.namprd14.prod.outlook.com (10.163.13.143) To SN1PR12MB0669.namprd12.prod.outlook.com (10.163.208.27) X-MS-Office365-Filtering-Correlation-Id: c359a8a1-5646-4f4d-868b-08d3cae39583 X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;2:irYDPQm/TXyRQLwfUNZw+ULlm4Yc8HlTthi0MdAug8Rmj5M0ohY8PBZP7AowltcBeWkFv+pskZZPO/k7gd3XJ4n2Ly6WEa7yE67NjLz8a8wGBgFOuVk8u2zVV36OpHyulVHJhHkSfkn3bkKyk/9v3l/VDIVEiipvVLmecheAAZug0IWNIrCtbnCNLlq/gEP8;3:ynz3swba5xbnxHt36nmaQWzb2WbCMbvQPLbjTntRfJMhxxUvz0oRUuuDJsm8cCSFFEM9Sn+q75b/73PnUFVHNK3JJdpozNCj5U/6oHgGVPOHagVf2Rje9sH0/yPCHEm9 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR12MB0669; X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;25:kBG8vRbrtoEygvuuL/Jl3mihCLPNTim52i0gUwwD9CYqNYcrvr4f3JL07lt+/cg+P+lHbMwhGt28o7tjrngjRR2pB8CJfeUTcOoY+IDRPUjw15491uIWtTAMPuSpHJ090wQ5tu7SzOj8qkhJ52xHfh1DX/rfwR+8x0NF81pMFKYaN+OxhRwjywYoSAjfa7UJOjHWyNnoGPlvv0tOsN97p8MY7xnjIOZMQcaXKIEYkONvgfCZw4h7t/gsUKbH3krEJEhKiLEAlSHBQ7HHn3aYSieLKVfR0qphuc34j+eWGZzYFT8073MsUDd2JrD/LtQ35TKcufR7wO0a/2N0zGgCbqUGKXWShD6S/RSp75LSJKo1qmPjFOF8VYWTp9M6FlXfTpvDLSzcML7zjB5BQFyWGKjEap9jnWnVM6tSpKLfyt2DX+K5KoCUgoOAaP0TJz+/ryWle043cp5QcNHai8cczbVs5w54H8tGMBntRUL72imhf1mwE1ij+XmvNO94eTL/NoQ2by/Japk9gHQQ30YDWnHcE59U7HzX1ld+6BAs4qcEx5OyeVoG4OlVqVyWb8LWiXTY7XmbmEBhmWsT0v7AwbmV+9AIvvdWXg104mz1HlMt3N9vM/TEMakQmpxI0XMCXTHUpqfPhTfc6AER2ZQtgp2BJBZWD1ErIIApr9vERHDWVlPo1THdgl6Wahj3U4ZmXSyV5LE2N96tFMn/mrnEoIzrHT0DFzG9SfdANJpnooiKf719pfGR+4ymdigIE0AS X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;31:YvUDszq+Nedlo6RnBvQ7Y2CLget9k+sy9M0Z41x6UYlKBN+gdB51T2Br5tRPFdwzd00IdR1ZyCBy0DtEmMJINcEgcQUhtDUkHdKccEVkJsZBp88PTJ/H+xaDOOhcmWciFnUSfP3xP4X7bU5dayv1DxObJzzjafgwLtXMfFo6QMi9us1vXWT8Jf/bjXcI3DLCcb/DuPlylZPiXfbfG8J/P9dyGZRgTp7ZGKNDdnYGdrc=;20:6+GMOqm3o61uEsBKJD/DylaboyHahHUGF9T5I8iQ5E/3BmQ8aTbvF/PB3spCoczNYrFrekjotHpXReSAz237xnzA1diUWMt4KsYy1ugNOycGMhoTkbwEAR1pzVMzFyfOHHrgxIKLl5s3ffqsOMDNtM+eBXGh8YPmyJNZquVI1r3+1aUtWC48c016qLZ4V353CgkP65sBSZivmZmKvrQYxyKLO5Cxdj+x/EHwUzdumZMtx/1/45gWGWDf7U1ymytlJ6LV7MO05X0QK5qIUCHRjnBUZsSsK5t44JJnq2QMMHHc80oiNBS2H96qYLiHriDv9Y6O0npvcYy3Z8Dn7+E96fioL+3bjtk8QuRuMe8yZMgo7+/IyvhjTPJfziOXLixShoWYvwwo/y4vlIQOKVyG/4KA2YfKLqsMvUCXMrrA84Iggm03sTkYhptAiGPEgdhINTtbhE+Bn1KzHhlzxsQpq+YKbQcPUyLxmUgtxgALfHqtGuvIUgTFLoajAPs/nSLe X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026);SRVR:SN1PR12MB0669;BCL:0;PCL:0;RULEID:;SRVR:SN1PR12MB0669; X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;4:oKACQCpZo01kfIeUnlLjSuMs7RhlAKFMHUZnZHLCaVKi+Lf2YiZDhrSfCZK71Jdx86PaccHHKMA8YjfHlHp3jpo3mA+3c7om3fgYWEIi4d3jiusGHaMjZ6xqD3AmMYH92tk71lW3wPBa0NSN2CPppldrbu9qK+tkuX6yqGymKDovJjL9bmwuW9GRK96lzhtHl4MtW5o19ruSyvolyI//be1PoqgCin6Z38ogqmBWaEuxUXXgaB8QH7GpRpv8ZkOhCWPc0Yvh50TaCqAkfaGaS2moTcINbEvPlCv1h71StLLWnDFd8hPEHfVosEv+ydFXHTu1Zn7wzzB+W/fchZ1uQvvMXJAX4CEUQyodZ5h3+IpcWGSRSqlN2bffEXRSuBYwjL3a9tN28d662N7pWk9h60q+0wIck3VoCFb2gJ2FUuCX2Ff/a6rhDvB/Hq6D+nfa X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(199003)(189002)(586003)(68736007)(50986999)(76176999)(23676002)(189998001)(47776003)(54356999)(107886002)(50466002)(6116002)(3846002)(229853001)(97736004)(5001770100001)(7406005)(7416002)(19580395003)(4001350100001)(77096005)(103116003)(2950100001)(101416001)(9686002)(83506001)(305945005)(105586002)(7736002)(2906002)(7846002)(19580405001)(92566002)(66066001)(33716001)(2201001)(86362001)(33646002)(81166006)(81156014)(8676002)(230700001)(5660300001)(42186005)(106356001)(921003)(217873001)(1121003)(2101003)(83996005);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0669;H:[127.0.1.1];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwNjY5OzIzOjA4c1VIdHI0aFNUdHBTem5BM3VPTVZxMmZz?= =?utf-8?B?aHNjVm1XcjdyOFZONkxWa1NuM0w0VDJydnZQQnN0QUxLdVQ3OWd5alFMRDNa?= =?utf-8?B?YUJmdUJQMjNpTUo3VnRXNUVxQm9uNXJXakc1Wi9idVdBS2NvVktFc2k5T1BD?= =?utf-8?B?TlFDLzJRRGxvSFNzRnl6aDVUNTlna3dkMUwzMC9HVzI0blR2ZVlkSVRzTHIz?= =?utf-8?B?MVI4aUpQay9FZGNHL081QzA0aUpuYzBNczQvVWZBQUNMQXNqWDVERzQzUTFx?= =?utf-8?B?TFM2eWp0TVBTeHlTZkJES1ppMGt2dW4xU3pvRmhmRXRPT2svNCt0dktGMkJX?= =?utf-8?B?aDFBOEZBZWpiaGdieXJ1QkhEeTFQaWFBMjFyRkRPazVtMHkzd2VZUTJNNmZt?= =?utf-8?B?MTRiRldoRjF4UjRZZXpSWFRNYWNVK3Q4NysxcjdZa0JDWUJXNENkWU94bi82?= =?utf-8?B?WWM0cDBxSUpMTXAvZVhHOWV4THNNaDNkRlo0ZytyVDZYMkNnd3VFNnozWDho?= =?utf-8?B?VXBYbTZBVEpFWHphREtpYjJGN0Y0SFdwdFZKa29kNkFMV3RZdGs2UVk2ZFZj?= =?utf-8?B?NW82dlNOV1IrWTlZN2VLOE13bjhQbjJlRkpLQjNZeWRZZDRuVzhZZUNDaDdJ?= =?utf-8?B?ME14YkJuanRyZGpPd0lFWTRQN1hRMUx4S0h2bmo1aWorTk9EZG1mem95bnhZ?= =?utf-8?B?TDk1Nkp2TWhCaHhwR1BZN1Z4NVFSaGFDVlNQcU1UZ01vWXpPcWpDWEtpeUVs?= =?utf-8?B?Y096VU9JOEJVN3NFbXlVZ3FOL1U1RmZ0Q3IvYkUxU0ZybDYrdzVYZFV1ei82?= =?utf-8?B?Y2hBL29hSCtOMVcwVTdETkF4bXFYVS9OdHBySGdPQTM0RlEwTWlON0hwNzBI?= =?utf-8?B?dWpjL0p3K2dRRWFiRWU3UHB6RHV0cVdrMW5PcW1pRjBUYURmL2tpcmxaQTY0?= =?utf-8?B?STJVaklEOFU3L0NSaHZVYUFaLzJ1QWFsbCtpU1NoVU1WWlRFaS82bHhCZkVR?= =?utf-8?B?eTlvSVdGNnVmMEVTL1NNTzhxL3FoUVBPVlV0RUMvU1MyMUhtOFMwbDNBWjg2?= =?utf-8?B?bS94REpZZW1TOVV0TGVrNGJDaSttQnpvekw1VnMzRUpYSzFpU1FTdXgzRDZG?= =?utf-8?B?eENaMG9HeUpScGxkVkR6c1hpcFBMNm44blZ4QWNodnNYRHlwOUx0TnpwdklI?= =?utf-8?B?clI1bTUyMlprSkZSVXBJekYraDJnNk5kSm1CNE5hNGpmd2RLU3pjSWFBRDJu?= =?utf-8?B?WCtNZ1E0NDBOWXZBaTk3VE9JYjFFRDloVW1ka25jd1hXaTB1MkNDaXdZWFBL?= =?utf-8?B?cTJPRVh1QnVIT0J5dlpnU1AzU3RXMlZ5WUwxR3daU2EramQrS001NngySkJz?= =?utf-8?B?ZGx3ZVZZUmVDckZSeEJDem1SK0p1UmZrUlRCNFQwVEdnR0c0T1RHQ1ZDYmYz?= =?utf-8?B?Y2RSUTh6OGU5TzQzRzBmWkV6dDdhbk40endZU3VlSGEwSGRBSkp1Vm01Nksz?= =?utf-8?B?MVFyaTA3QTE0Zkt1em9lNWJiQUFnT2N6a012ZTNGUkQ0aGl1bzRqQUpDNEhh?= =?utf-8?B?WmlmeEx6RWJiMlk2WkhzZVNjYmlxeVE3LzdhK1hVWVdIVGFJT0lsU0U5M3Vm?= =?utf-8?B?U1RxMW5BMnRtMVM0N2V2K01Kai9qRDU1ejRWRTlyM0N3azlvckRqN2kxWkdx?= =?utf-8?B?N0JSbjZMT0oyWVVjeHlFN1dVS0s3VmVQOVlBQWNvZTRIWTBJQ2NSWnhhVWV4?= =?utf-8?B?bW9Tb20rdXc2UEhFL3JRdzQ3L1ZzLzVBS0pDekIwTFNkdUl2cG9aTGs5cXFW?= =?utf-8?Q?u2Iawr4tpDqBi?= X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;6:BrpGA+o/PYVA8C9mr699mqHJn41ivvN2E89p6V39yMA5fFv/0Mt+yA2smJ306z1Zy6/5agvtxn056DD+bAHYJ3F4tbJiNnkmac0L44AuIlT6tikH3grwAUedoH8kVzUdvk7enJGzuywBP7ynSY3EBO2DQjhOxtDbmpUOkT/8yQwsrrXoxCqoVLuJEhaRTAstX1mVxDLRlclHREPSArkHgGI88ZqmAuTohn7rlCf5aTGNTvGU6SyHyQPEh0FKGkD1NICzkf9cbeLuvV7R/q+EggwfE/gHns2o5D6VNOtj1+RWNAK9z6uUN2PAh7kMPXnuJkaZviMSRy/dM7Hikfom3A==;5:l2Fwv8Yv9Itqf7ii42O6l20PhOGG7LqaUlEnNhcxhSYtCpvAdjyFNbbMJ5lTITEjgDZmElZxAI9oqeIgrUgZwb0v9W9YfW13NSFhUCDGy0lnFsm2DC3l17XgJH/45UcCoIXx6y48EhcW9TqJCU4YAQ==;24:WyDZK8txF379N6SVPiefoBVdKzhckYQNbPa1JIb0IZg9MGq5185YMHM3/xNbFp6h5cf83nHhHMhMEvZ0n1gPaTlp6H0S1fZ7BKcrVR2d66U=;7:u3C0lbMT4b1f2kg6RR55rG/fzpvTGf6TRYXKcTggYcbsvW4F7cNN5qItmB3ZSB7VUx1H8EllhP8Qz8MmACh+znKUqgwqiQNcbK7B7CFWHeYi6AREUjoBd7RS1AxgEvrB7K9JzuiMjeSwRyevnE1w+sQnK/lMU6xFPlRb5SsXBHG3cm3WDYt5mlsFWVLSHW9PJ0zeQ0pXqI8pG1h5qu6B7dO1OpR/uQZHOag3yueS/EE08lnv2lBaS9cW0mfamag0 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0669;20:X8a5tT9wpmJzR+AxyQX8ewTmzg50dhpkhD+jVg1lkuRJbN57uYHUPDB/nph0iKoL04HNbOrhN6neMzpUjGBiN/EQ98dcjzOPZG73JCJkMaMEMkXNcbCnyxQf0wY9iZH3j7KYn90lI3QrSEYdW2/irfMv/sxYTbEjIP9LoddkIZTOUI2vMgiYnmQ6QxAPRhx19w349uz/v7nBPwqR4gEnvBcgEg1OoHuTHlJTIeIbMtWKoam+PxGQ1rYVD5mOT91B X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:25:17.9513 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0669 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index e3bdc5a..2ea6deb 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -429,10 +429,11 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr, pgprot_t prot) { /* - * If memory encryption is enabled and BOOT_DATA is being mapped - * then remove the encryption bit. + * If memory encryption is enabled, we are not running with + * SEV active and BOOT_DATA is being mapped then remove the + * encryption bit */ - if (_PAGE_ENC && (owner == BOOT_DATA)) + if (_PAGE_ENC && !sev_active && (owner == BOOT_DATA)) prot = __pgprot(pgprot_val(prot) & ~_PAGE_ENC); return prot; From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active Date: Mon, 22 Aug 2016 19:25:14 -0400 Message-ID: <147190831414.9523.1885664762210149209.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linus.walleij@linaro.org, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounin List-Id: linux-efi@vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index e3bdc5a..2ea6deb 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -429,10 +429,11 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr, pgprot_t prot) { /* - * If memory encryption is enabled and BOOT_DATA is being mapped - * then remove the encryption bit. + * If memory encryption is enabled, we are not running with + * SEV active and BOOT_DATA is being mapped then remove the + * encryption bit */ - if (_PAGE_ENC && (owner == BOOT_DATA)) + if (_PAGE_ENC && !sev_active && (owner == BOOT_DATA)) prot = __pgprot(pgprot_val(prot) & ~_PAGE_ENC); return prot; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active Date: Mon, 22 Aug 2016 19:25:14 -0400 Message-ID: <147190831414.9523.1885664762210149209.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org List-Id: kvm.vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index e3bdc5a..2ea6deb 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -429,10 +429,11 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr, pgprot_t prot) { /* - * If memory encryption is enabled and BOOT_DATA is being mapped - * then remove the encryption bit. + * If memory encryption is enabled, we are not running with + * SEV active and BOOT_DATA is being mapped then remove the + * encryption bit */ - if (_PAGE_ENC && (owner == BOOT_DATA)) + if (_PAGE_ENC && !sev_active && (owner == BOOT_DATA)) prot = __pgprot(pgprot_val(prot) & ~_PAGE_ENC); return prot; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f70.google.com (mail-oi0-f70.google.com [209.85.218.70]) by kanga.kvack.org (Postfix) with ESMTP id 6BFB16B0267 for ; Mon, 22 Aug 2016 19:25:22 -0400 (EDT) Received: by mail-oi0-f70.google.com with SMTP id c189so37959673oia.1 for ; Mon, 22 Aug 2016 16:25:22 -0700 (PDT) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0069.outbound.protection.outlook.com. [104.47.41.69]) by mx.google.com with ESMTPS id n2si156867otn.138.2016.08.22.16.25.21 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Aug 2016 16:25:21 -0700 (PDT) Subject: [RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active From: Brijesh Singh Date: Mon, 22 Aug 2016 19:25:14 -0400 Message-ID: <147190831414.9523.1885664762210149209.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linus.walleij@linaro.org, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounine@idt.com, kuleshovmail@gmail.com, linux-kernel@vger.kernel.org, mcgrof@kernel.org, linux-crypto@vger.kernel.org, pbonzini@redhat.com, akpm@linux-foundation.org, davem@davemloft.net From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index e3bdc5a..2ea6deb 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -429,10 +429,11 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr, pgprot_t prot) { /* - * If memory encryption is enabled and BOOT_DATA is being mapped - * then remove the encryption bit. + * If memory encryption is enabled, we are not running with + * SEV active and BOOT_DATA is being mapped then remove the + * encryption bit */ - if (_PAGE_ENC && (owner == BOOT_DATA)) + if (_PAGE_ENC && !sev_active && (owner == BOOT_DATA)) prot = __pgprot(pgprot_val(prot) & ~_PAGE_ENC); return prot; -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org