From: Joerg Roedel <jroedel@suse.de>
To: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Bruce Rogers <brogers@suse.com>
Subject: Re: [PATCH] x86/ioremap: Map EFI runtime services data as encrypted for SEV
Date: Tue, 10 Mar 2020 14:03:21 +0100 [thread overview]
Message-ID: <20200310130321.GH7028@suse.de> (raw)
In-Reply-To: <20200310124003.GE29372@zn.tnic>
On Tue, Mar 10, 2020 at 01:40:03PM +0100, Borislav Petkov wrote:
> On Tue, Feb 25, 2020 at 09:42:07AM -0600, Tom Lendacky wrote:
> > @@ -135,6 +135,13 @@ static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
> > memset(desc, 0, sizeof(struct ioremap_desc));
> >
> > walk_mem_res(start, end, desc, __ioremap_collect_map_flags);
> > +
> > + /*
> > + * The EFI runtime services data area is not covered by walk_mem_res(),
> > + * but must be mapped encrypted when SEV is active.
> > + */
> > + if (sev_active() && efi_mem_type(addr) == EFI_RUNTIME_SERVICES_DATA)
> > + desc->flags |= IORES_MAP_ENCRYPTED;
> > }
>
> Why isn't this done in __ioremap_check_encrypted() which is exactly for
> SEV stuff like that?
See the comment added in the patch, walk_mem_res() does not iterate over
the resource which contains EFI_RUNTIME_SERVICES_DATA, so
__ioremap_check_encrypted() will not be called on that resource.
walk_system_ram_range() might do the job, but calling it only for
EFI_RUNTIME_SERVICES_DATA has some overhead.
Regards,
Joerg
next prev parent reply other threads:[~2020-03-10 13:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 15:42 [PATCH] x86/ioremap: Map EFI runtime services data as encrypted for SEV Tom Lendacky
2020-03-10 10:25 ` Joerg Roedel
2020-03-10 12:40 ` Borislav Petkov
2020-03-10 13:03 ` Joerg Roedel [this message]
2020-03-10 16:37 ` Borislav Petkov
2020-03-10 17:47 ` Borislav Petkov
2020-03-11 9:04 ` Joerg Roedel
2020-03-11 14:56 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310130321.GH7028@suse.de \
--to=jroedel@suse.de \
--cc=bp@alien8.de \
--cc=brogers@suse.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.