[RFC Part1 PATCH v3 15/17] x86: Add support for changing memory encryption attribute in early boot
Borislav Petkov
bp at suse.de
Mon Aug 28 20:51:19 AEST 2017
On Mon, Jul 24, 2017 at 02:07:55PM -0500, Brijesh Singh wrote:
> Some KVM-specific custom MSRs shares the guest physical address with
s/shares/share/
> hypervisor.
"the hypervisor."
> When SEV is active, the shared physical address must be mapped
> with encryption attribute cleared so that both hypervsior and guest can
> access the data.
>
> Add APIs to change memory encryption attribute in early boot code.
>
> Signed-off-by: Brijesh Singh <brijesh.singh at amd.com>
> ---
> arch/x86/include/asm/mem_encrypt.h | 17 ++++++
> arch/x86/mm/mem_encrypt.c | 117 +++++++++++++++++++++++++++++++++++++
> 2 files changed, 134 insertions(+)
...
> +static int __init early_set_memory_enc_dec(resource_size_t paddr,
> + unsigned long size, bool enc)
> +{
> + unsigned long vaddr, vaddr_end, vaddr_next;
> + unsigned long psize, pmask;
> + int split_page_size_mask;
> + pte_t *kpte;
> + int level;
> +
> + vaddr = (unsigned long)__va(paddr);
> + vaddr_next = vaddr;
> + vaddr_end = vaddr + size;
> +
> + /*
> + * We are going to change the physical page attribute from C=1 to C=0
> + * or vice versa. Flush the caches to ensure that data is written into
> + * memory with correct C-bit before we change attribute.
> + */
> + clflush_cache_range(__va(paddr), size);
> +
> + for (; vaddr < vaddr_end; vaddr = vaddr_next) {
> + kpte = lookup_address(vaddr, &level);
> + if (!kpte || pte_none(*kpte))
> + return 1;
Return before flushing TLBs? Perhaps you mean
ret = 1;
goto out;
here and out does
__flush_tlb_all();
return ret;
?
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
More information about the Linuxppc-dev
mailing list