| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Aug 2021 16:43:51 +0200
From: Borislav Petkov <bp@...en8.de>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andi Kleen <ak@...ux.intel.com>, tony.luck@...el.com,
marcorr@...gle.com, sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH Part1 v5 31/38] x86/compressed/64: add identity mapping
for Confidential Computing blob
On Fri, Aug 20, 2021 at 10:19:26AM -0500, Brijesh Singh wrote:
> diff --git a/arch/x86/boot/compressed/ident_map_64.c b/arch/x86/boot/compressed/ident_map_64.c
> index 3cf7a7575f5c..54374e0f0257 100644
> --- a/arch/x86/boot/compressed/ident_map_64.c
> +++ b/arch/x86/boot/compressed/ident_map_64.c
> @@ -37,6 +37,9 @@
> #include <asm/setup.h> /* For COMMAND_LINE_SIZE */
> #undef _SETUP
>
> +#define __BOOT_COMPRESSED
> +#include <asm/sev.h> /* For sev_snp_active() + ConfidentialComputing blob */
> +
When you move all the cc_blob parsing to the compressed kernel, all that
ugly ifdeffery won't be needed.
> extern unsigned long get_cmd_line_ptr(void);
>
> /* Used by PAGE_KERN* macros: */
> @@ -163,6 +166,21 @@ void initialize_identity_maps(void *rmode)
> cmdline = get_cmd_line_ptr();
> add_identity_map(cmdline, cmdline + COMMAND_LINE_SIZE);
Carve that ...
> + /*
> + * The ConfidentialComputing blob is used very early in uncompressed
> + * kernel to find CPUID memory to handle cpuid instructions. Make sure
> + * an identity-mapping exists so they can be accessed after switchover.
> + */
> + if (sev_snp_enabled()) {
> + struct cc_blob_sev_info *cc_info =
> + (void *)(unsigned long)boot_params->cc_blob_address;
> +
> + add_identity_map((unsigned long)cc_info,
> + (unsigned long)cc_info + sizeof(*cc_info));
> + add_identity_map((unsigned long)cc_info->cpuid_phys,
> + (unsigned long)cc_info->cpuid_phys + cc_info->cpuid_len);
> + }
> +
> /* Load the new page-table. */
> sev_verify_cbit(top_level_pgt);
... up to here into a separate function called sev_prep_identity_maps()
so that SEV-specific code flow is not in the generic code path.
> write_cr3(top_level_pgt);
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists