[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <fcd5efe9-3e26-3aff-9173-9f8c3f3183f1@amd.com>
Date: Thu, 6 Sep 2018 13:37:50 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: Sean Christopherson <sean.j.christopherson@...el.com>,
Borislav Petkov <bp@...e.de>
Cc: brijesh.singh@....com, x86@...nel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>
Subject: Re: [PATCH v5 5/5] x86/kvm: Avoid dynamic allocation of pvclock data
when SEV is active
On 09/06/2018 09:18 AM, Sean Christopherson wrote:
....
>>>
>>> So are we going to be defining a decrypted section for every piece of
>>> machinery now?
>>>
>>> That's a bit too much in my book.
>>>
>>> Why can't you simply free everything in .data..decrypted on !SVE guests?
>>
>> That would prevent adding __decrypted to existing declarations, e.g.
>> hv_clock_boot, which would be ugly in its own right. A more generic
>> solution would be to add something like __decrypted_exclusive to mark
>> data that is used if and only if SEV is active, and then free the
>> SEV-only data when SEV is disabled.
>
> Oh, and we'd need to make sure __decrypted_exclusive is freed when
> !CONFIG_AMD_MEM_ENCRYPT, and preferably !sev_active() since the big
> array is used only if SEV is active. This patch unconditionally
> defines hv_clock_dec but only frees it if CONFIG_AMD_MEM_ENCRYPT=y &&
> !mem_encrypt_active().
>
Again we have to consider the bare metal scenario while doing this. The
aux array you proposed will be added in decrypted section only when
CONFIG_AMD_MEM_ENCRYPT=y. If CONFIG_AMD_MEM_ENCRYPT=n then nothng
gets put in .data.decrypted section. At the runtime, if memory
encryption is active then .data.decrypted_hvclock will contains useful
data.
The __decrypted attribute in "" when CONFIG_AMD_MEM_ENCRYPT=n.
-Brijesh
Powered by blists - more mailing lists