| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <147190829935.9523.3097284272847092359.stgit@brijesh-build-machine>
Date: Mon, 22 Aug 2016 19:24:59 -0400
From: Brijesh Singh <brijesh.singh@....com>
To: <simon.guinot@...uanux.org>, <linux-efi@...r.kernel.org>,
<brijesh.singh@....com>, <kvm@...r.kernel.org>,
<rkrcmar@...hat.com>, <matt@...eblueprint.co.uk>,
<linus.walleij@...aro.org>, <linux-mm@...ck.org>,
<paul.gortmaker@...driver.com>, <hpa@...or.com>,
<dan.j.williams@...el.com>, <aarcange@...hat.com>,
<sfr@...b.auug.org.au>, <andriy.shevchenko@...ux.intel.com>,
<herbert@...dor.apana.org.au>, <bhe@...hat.com>,
<xemul@...allels.com>, <joro@...tes.org>, <x86@...nel.org>,
<mingo@...hat.com>, <msalter@...hat.com>,
<ross.zwisler@...ux.intel.com>, <bp@...e.de>, <dyoung@...hat.com>,
<thomas.lendacky@....com>, <jroedel@...e.de>,
<keescook@...omium.org>, <toshi.kani@....com>,
<mathieu.desnoyers@...icios.com>, <devel@...uxdriverproject.org>,
<tglx@...utronix.de>, <mchehab@...nel.org>,
<iamjoonsoo.kim@....com>, <labbott@...oraproject.org>,
<tony.luck@...el.com>, <alexandre.bounine@....com>,
<kuleshovmail@...il.com>, <linux-kernel@...r.kernel.org>,
<mcgrof@...nel.org>, <linux-crypto@...r.kernel.org>,
<pbonzini@...hat.com>, <akpm@...ux-foundation.org>,
<davem@...emloft.net>
Subject: [RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is
enabled
From: Tom Lendacky <thomas.lendacky@....com>
When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.
Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
---
arch/x86/kernel/head64.c | 4 ++--
arch/x86/kernel/setup.c | 7 ++++---
2 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index 358d7bc..4a15def 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -114,7 +114,7 @@ static void __init create_unencrypted_mapping(void *address, unsigned long size)
unsigned long physaddr = (unsigned long)address - __PAGE_OFFSET;
pmdval_t pmd_flags, pmd;
- if (!sme_me_mask)
+ if (!sme_me_mask || sev_active)
return;
/* Clear the encryption mask from the early_pmd_flags */
@@ -165,7 +165,7 @@ static void __init __clear_mapping(unsigned long address)
static void __init clear_mapping(void *address, unsigned long size)
{
- if (!sme_me_mask)
+ if (!sme_me_mask || sev_active)
return;
do {
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index cec8a63..9c10383 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -380,10 +380,11 @@ static void __init reserve_initrd(void)
/*
* This memory is marked encrypted by the kernel but the ramdisk
- * was loaded in the clear by the bootloader, so make sure that
- * the ramdisk image is encrypted.
+ * was loaded in the clear by the bootloader (unless SEV is active),
+ * so make sure that the ramdisk image is encrypted.
*/
- sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image);
+ if (!sev_active)
+ sme_early_mem_enc(ramdisk_image, ramdisk_end - ramdisk_image);
initrd_start = 0;
Powered by blists - more mailing lists