From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934435AbdKGOsg (ORCPT ); Tue, 7 Nov 2017 09:48:36 -0500 Received: from terminus.zytor.com ([65.50.211.136]:52839 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933903AbdKGOse (ORCPT ); Tue, 7 Nov 2017 09:48:34 -0500 Date: Tue, 7 Nov 2017 06:45:16 -0800 From: tip-bot for Tom Lendacky Message-ID: Cc: matt@codeblueprint.co.uk, thomas.lendacky@amd.com, ard.biesheuvel@linaro.org, tglx@linutronix.de, luto@kernel.org, mingo@kernel.org, hpa@zytor.com, brijesh.singh@amd.com, bp@alien8.de, bp@suse.de, linux-kernel@vger.kernel.org Reply-To: brijesh.singh@amd.com, bp@alien8.de, linux-kernel@vger.kernel.org, bp@suse.de, mingo@kernel.org, hpa@zytor.com, luto@kernel.org, matt@codeblueprint.co.uk, thomas.lendacky@amd.com, ard.biesheuvel@linaro.org, tglx@linutronix.de In-Reply-To: <20171020143059.3291-8-brijesh.singh@amd.com> References: <20171020143059.3291-8-brijesh.singh@amd.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/asm] x86/efi: Access EFI data as encrypted when SEV is active Git-Commit-ID: 1379edd5967346a1fa79b8dc3e9ca261576c6bc9 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 1379edd5967346a1fa79b8dc3e9ca261576c6bc9 Gitweb: https://git.kernel.org/tip/1379edd5967346a1fa79b8dc3e9ca261576c6bc9 Author: Tom Lendacky AuthorDate: Fri, 20 Oct 2017 09:30:49 -0500 Committer: Thomas Gleixner CommitDate: Tue, 7 Nov 2017 15:35:56 +0100 x86/efi: Access EFI data as encrypted when SEV is active EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Tested-by: Borislav Petkov Cc: linux-efi@vger.kernel.org Cc: kvm@vger.kernel.org Cc: Ard Biesheuvel Cc: Matt Fleming Cc: Borislav Petkov Cc: Andy Lutomirski Link: https://lkml.kernel.org/r/20171020143059.3291-8-brijesh.singh@amd.com --- arch/x86/platform/efi/efi_64.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 20fb315..9e4ee5b 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -370,7 +371,11 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) * as trim_bios_range() will reserve the first page and isolate it away * from memory allocators anyway. */ - if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, _PAGE_RW)) { + pf = _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + + if (kernel_map_pages_in_pgd(pgd, 0x0, 0x0, 1, pf)) { pr_err("Failed to create 1:1 mapping for the first page!\n"); return 1; } @@ -413,6 +418,9 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va) if (!(md->attribute & EFI_MEMORY_WB)) flags |= _PAGE_PCD; + if (sev_active()) + flags |= _PAGE_ENC; + pfn = md->phys_addr >> PAGE_SHIFT; if (kernel_map_pages_in_pgd(pgd, pfn, va, md->num_pages, flags)) pr_warn("Error mapping PA 0x%llx -> VA 0x%llx!\n", @@ -539,6 +547,9 @@ static int __init efi_update_mem_attr(struct mm_struct *mm, efi_memory_desc_t *m if (!(md->attribute & EFI_MEMORY_RO)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + return efi_update_mappings(md, pf); } @@ -590,6 +601,9 @@ void __init efi_runtime_update_mappings(void) (md->type != EFI_RUNTIME_SERVICES_CODE)) pf |= _PAGE_RW; + if (sev_active()) + pf |= _PAGE_ENC; + efi_update_mappings(md, pf); } }