From: Joerg Roedel <jroedel@suse.de>
To: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Bruce Rogers <brogers@suse.com>
Subject: Re: [PATCH] x86/ioremap: Map EFI runtime services data as encrypted for SEV
Date: Tue, 10 Mar 2020 14:03:21 +0100 [thread overview]
Message-ID: <20200310130321.GH7028@suse.de> (raw)
In-Reply-To: <20200310124003.GE29372@zn.tnic>
On Tue, Mar 10, 2020 at 01:40:03PM +0100, Borislav Petkov wrote:
> On Tue, Feb 25, 2020 at 09:42:07AM -0600, Tom Lendacky wrote:
> > @@ -135,6 +135,13 @@ static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
> > memset(desc, 0, sizeof(struct ioremap_desc));
> >
> > walk_mem_res(start, end, desc, __ioremap_collect_map_flags);
> > +
> > + /*
> > + * The EFI runtime services data area is not covered by walk_mem_res(),
> > + * but must be mapped encrypted when SEV is active.
> > + */
> > + if (sev_active() && efi_mem_type(addr) == EFI_RUNTIME_SERVICES_DATA)
> > + desc->flags |= IORES_MAP_ENCRYPTED;
> > }
>
> Why isn't this done in __ioremap_check_encrypted() which is exactly for
> SEV stuff like that?
See the comment added in the patch, walk_mem_res() does not iterate over
the resource which contains EFI_RUNTIME_SERVICES_DATA, so
__ioremap_check_encrypted() will not be called on that resource.
walk_system_ram_range() might do the job, but calling it only for
EFI_RUNTIME_SERVICES_DATA has some overhead.
Regards,
Joerg
next prev parent reply other threads:[~2020-03-10 13:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 15:42 [PATCH] x86/ioremap: Map EFI runtime services data as encrypted for SEV Tom Lendacky
2020-03-10 10:25 ` Joerg Roedel
2020-03-10 12:40 ` Borislav Petkov
2020-03-10 13:03 ` Joerg Roedel [this message]
2020-03-10 16:37 ` Borislav Petkov
2020-03-10 17:47 ` Borislav Petkov
2020-03-11 9:04 ` Joerg Roedel
2020-03-11 14:56 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310130321.GH7028@suse.de \
--to=jroedel@suse.de \
--cc=bp@alien8.de \
--cc=brogers@suse.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox