From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752784AbdJTOb3 (ORCPT ); Fri, 20 Oct 2017 10:31:29 -0400 Received: from mail-dm3nam03on0088.outbound.protection.outlook.com ([104.47.41.88]:47104 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751978AbdJTObW (ORCPT ); Fri, 20 Oct 2017 10:31:22 -0400 From: Brijesh Singh To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Borislav Petkov , Tom Lendacky , Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Andy Lutomirski Subject: [Part1 PATCH v7 03/17] x86/mm: Don't attempt to encrypt initrd under SEV Date: Fri, 20 Oct 2017 09:30:45 -0500 Message-Id: <20171020143059.3291-4-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020143059.3291-1-brijesh.singh@amd.com> References: <20171020143059.3291-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0029.namprd14.prod.outlook.com (10.171.172.143) To SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: eb7b7550-4ab5-4a4f-9d1c-08d517c73974 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229);SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;3:E8l9MSI1GNEP7tNaBRaE1q5xKH17xLR51TR0ZSsjIK+OGLb0UqigdMCU/FmBBeIYScJnF5xibybwYmSDmNUfLNAJTg8TMA+k1bo0yEOHiJa+MfqzMdS04+aggtSMKFdloDaB3RjHT/Zm2f+ByD4iYVTlYD2xT04/yemRFPDyrdI9w/pFAUaehNuPIZnHYRrRUD3aogPQHQcaaSyqaGJ50CNM6TAvmXfjz3qn7W1l6P60Y0pUIDm2w9DeFXhE0bk8;25:08ZCxZMjFujd0TqhH0JcnTAZrLv+lgLBQk3LSQWeqBXgfoafn1fA5pnR57sKalTYr+QsXn20MgLXWcXScrmaKY5LZ92Fh8FIgRUxdXCKQ3FnAubBgpMSJbOalMT4nLpXWyRUCTLwcAytpnVVWA0SiSBdKwaLe1yeYlAU7bK4FedKN/DJM7j7pzC9tv40xy0VvAgKWEgcC/ihJRgT+WLCJxQSJREQGgeZj/c2IeO4BSJOYs5fB2r4uyitbT8bJt94OU+tX6eNmuvJJf/65CFlQmF/Fr2TbUB/dVtcaFf+0c3eFcJgI/WIVJ8G1FNY8q0rNvLqatqeDcJRNsB99nTAKw==;31:x1qW7ek7uil71GPrRceCXDAd2HlWTUQn6ue1V71CQ+ejF7XsS3FgIi66Crn8JN0D2dwWlEotpkxUDhR9hrDEURYXLHKNLKrUsKUL2w2h2QDFA13QJXBrRQXcSJIcbXBybL4eesq8fO813mp0uaGwYz3B7BhMwqPXRYTa1eiIJB/P9zyjZM16aUa6pN7neyefvoSTkW9PLVN8xvgmCZfyecJHRO7nDVxfVnTk1GF8pvY= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:hEOcHk1sc+NvqrN8ooYx8NsV2t+nrOa8BpqKmqa1eoSUrZzmfMVKINF/Wom790+Nlhiiytui2OKhJkdhH4sECk/uS8ltDg19d+JyGISdRvj0Bgl5iCHZPHGfmHxWU2tAId6+nbjQESrLevjfgs0cNsQb4AFyPdxlsf54EkHpas15dfUzv5CpqvneoULjkMJpWncl7enEo3W+getMRPUCMoHVLgiAv6pjlFhaUIkQ3Mh9ymBocgy0Tn39NPyPmCQ7iZbIpceyfZzTV2DU1z7KIZqCkm6vfv0gOzo/ghkHzGoZembbDaKhj66nB4Qfdm5lFkFW2qGyaEbzeLvrkYghGaIwNlPu30BNo4YahohlOSF2L1HKoKIbLfzui+UTmsuLJiQry4l6Fdx3ZUrLhHXSJ5BLRAy3uhTyst/UXAq6zDF7l+JkAHWIUCLKbDxVhltsZ5XUIzwk1eQwe7c5ukxSJGdpYZ0rWUKMMFT5C/mia780sSSXjQgJIZ1Tu3y3ebBS;4:W9LrCKVActn6XRh1RMMusAb86N0XhIBJ4Be+5OMCCuLbgR8pE2lJbtEht/AgAMjWuFOacFW1/eOZ08IRTHwlnbkB4G1kPteFfFIzF7QfyC3rr/tUTFJBhQWeOEsMqhsDQdNYfiWwB+dsDxdFspRlrnungoKW4YcPJpyOIdtGqSIltDNDvRkUabPPOTWBsxokguzL0Go7JaIJM6jMTVwY2/CPjpIjB87IW04OaE1vLf1kxa2VwyYz/L6j6b5DPQw0WuOsMDXfogYqpYSxXWMvvc0SO0m3DmUuKwBVuHE03pG6AvrrDbvsS4H1n+sdrAstam5vo9N+HG/h4h6uux8hdg== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(3231020)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123562025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SN1PR12MB0160;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1PR12MB0160; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(199003)(189002)(54906003)(1076002)(6666003)(189998001)(68736007)(8676002)(305945005)(50226002)(7736002)(101416001)(76176999)(8936002)(97736004)(25786009)(81166006)(81156014)(16526018)(6486002)(478600001)(48376002)(2906002)(50466002)(4326008)(47776003)(66066001)(5660300001)(2950100002)(53936002)(106356001)(3846002)(50986999)(16586007)(53416004)(6116002)(5003940100001)(36756003)(33646002)(86362001)(105586002)(316002);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0160;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1;SN1PR12MB0160;23:D+OmMHO/Jbcw3bwxAYOWCNP61iMMb+0CJSVvVR4+4?= =?us-ascii?Q?hGppyzqO3kwNcR4u7xC3+SD1cnroebchmAF8OJxV0s1rNAZH1yzrsuLdYEkH?= =?us-ascii?Q?vylZ52ntq9D3c8LGIBo1UYx/h3ej1csAt8+nTMSEudfFI9UXIyveGx69hfLu?= =?us-ascii?Q?GpholwOM8FJvmFFE+zm1k/pK9HwLpZ7HoRSbnZvaOP6TKaMWn/eQLCBV1X8B?= =?us-ascii?Q?9tEs3QklUkvPKhrTVdPd73g8zpluMlax7hiHCDJ9ThE4YPV784JaeJK0hyPB?= =?us-ascii?Q?rzrN8A9ssugVz6tmxMVejjC0nagYouUTUoF3/f6a4iIv8SvMG6yV5cY+uZVS?= =?us-ascii?Q?OTMI8CXMfdE36mxhZhpxbQ+bkWDGlvvn4SdJGBdhthaNuXIcGIPXLS7WYrmB?= =?us-ascii?Q?5NG6TkyjoUZCmvfE/MeeTcJ/EtFpQIuMzxmO/mImRgnbaA7sG4SshqJGsNpC?= =?us-ascii?Q?GkTJfoLF87ici+6VQKNy5ScSmqNlDLXhCUd90aEwhCRKPAY5Zus3JYGWj8hQ?= =?us-ascii?Q?MUTqmsmpR/LV8OJSstCsTEXM+USmHqNX7rdFw3KHP2fkUGB5+9eDnH/5t5Ua?= =?us-ascii?Q?Xjq/yNIeBdDSH8C7GOpuOzuG7s9KwvxElPv8uGgBDnkO3qWElDtHkL6fg3Ea?= =?us-ascii?Q?m4pXFH/1tK1sLndgRLNGcyqgtN6HVW7i8TZuH9LnvWLZD30C6QG8Fl4x8Jb+?= =?us-ascii?Q?cZHAAXKTy5KnX7qsfBAUa3Tf0GARtf2jkbc1A4s5kG+IFzh6qjiU1XQE0vnL?= =?us-ascii?Q?XBiS3Q889HUGzTdu8J988V/c5SuMxWY7ZsoSSZXK1326OF5H2WzvFl0JqkFY?= =?us-ascii?Q?Us0rNZaHt7fDApTPb8DaNYc8ZvKm3xBc/uCsZ9/aUzv3012tDLpL1mw0hKiD?= =?us-ascii?Q?3N29QG8EeC3KILe/1IcZUVWvPPgAqvq44Imy1qXl+JHOz3sp0m5ewqJUQlOu?= =?us-ascii?Q?fntfPqQiTBr64ePY35lyDc7/4r3vvL3vsVv22iZqD6xbZ/bFgG+IxDbFiOH9?= =?us-ascii?Q?ZRigaZhs+PF2fY3V4nj/nGV1ShbLzitJWAhKqdDmRhrHdlK4Hfg5OmQQBorq?= =?us-ascii?Q?R08Hns7HpPjdjDnEyuleNX0hLPjnF1ExSnOZyva4n2SbpbKUA=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;6:E3iP5XSf9sSk6lYg32MSOBQTATGyRRqu1W7M4NwFBfJ+mxBkCz5FNpZjCiv05gi/eivFb8drNAbHtACHDzddGrepQk1snqHVDlMdhNbUidwG365cvnNmZfa5p1uvlVYZSGervHCDmAClDsWJsRwaMadcISmGQREBiH8M1NTBvCYspz9PUNBh3wewiJ0ZOWgu/8g4YAwf3FnRf0ixymdtnYr6RyMscAtpHUQmBxHgYCalGZLZ0Ry+UzuUQYh4vKoQV6U+uKqjOv3cgBPJsbrrNgYokSR+wydYqzM9NuubNRpIGeZVO7bnmE/CSLavYRoqo8okF1FvKAYmLy1GatbbWw==;5:qlxV5rAmUdzgcy7UiraG1C1Iq5vixByvDlR3sqWwJKrXx8T8FuKixIE9WZYhxLQyzl4lGJ2dmRFbql54WtUHBwEb0EVjCE0jtnWON0TdkMAMJWXPHxM8y10KXI4IC11lS1pYKFb0zP6O3AaPysBxNg==;24:laoeIR9PuuAutqu5OP6wNOtIlwq5OatNtCWJy0Cq0x8nfujzasjUDHHeLVe9kvkCQ2AFerxpFQjmkelkKI384bGABnqqX3YVbzXxu6T4rZE=;7:9xA9TFJyoSqijX/XMePncJ8XyZ557ux6+HmUH+8/gsEORzIdgqJm3M9ml77GwE/T8CmUulP8fint6PtqHTpWRut+plGdiri7+WLOk8VJPTdmyJdWwzpihF0tWugQw/8C3rZ3UxwMFfDIhrN1Dqdnqr/hrfw7n+R6QDgjKS8rbV44rDAquZWBSffEDyWekOQSJSWIP2UcP/bg1mjyDDHLOCDZqF/6M7tV8uIUPIPAiRM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:X/tDvNnzEj4zlMqy6lz0QruIpwBANm5RCkEnarmXWFrVsmrzh/ZU4TkmjgwP5SphPegA4HR1AdUg9nRvcD2QwlcjEGz/h6qAoz0DPlUzfo4+5vvgGP3bVxeJIJXcHjYx4sYcP9O+S0QQb/uVljkjWUW+TmzUJYWdajEQyOAfbTz5Z6xOrykaWQwyVYVpe1S4AUjAjAMu1F7j6NcrEckZ3D5Hcj/rH7AkiXSW5MTjPtyz6NZ3Da8Pdnp0yCmjVjy+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 14:31:16.3761 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: eb7b7550-4ab5-4a4f-9d1c-08d517c73974 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky When SEV is active the initrd/initramfs will already have already been placed in memory encrypted so do not try to encrypt it. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov Tested-by: Borislav Petkov Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Andy Lutomirski Cc: linux-kernel@vger.kernel.org Cc: x86@kernel.org --- arch/x86/kernel/setup.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 17dea09f06a3..bb5c3b4ea00f 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -368,9 +368,11 @@ static void __init reserve_initrd(void) * If SME is active, this memory will be marked encrypted by the * kernel when it is accessed (including relocation). However, the * ramdisk image was loaded decrypted by the bootloader, so make - * sure that it is encrypted before accessing it. + * sure that it is encrypted before accessing it. For SEV the + * ramdisk will already be encrypted, so only do this for SME. */ - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); + if (sme_active()) + sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); initrd_start = 0; -- 2.9.5