lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Dec 2022 01:12:48 +0300 From: "Kirill A. Shutemov" <kirill@...temov.name> To: Tom Lendacky <thomas.lendacky@....com> Cc: linux-kernel@...r.kernel.org, x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>, Michael Roth <michael.roth@....com>, Joerg Roedel <jroedel@...e.de>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org> Subject: Re: [PATCH v6 5/5] x86/sev: Add SNP-specific unaccepted memory support On Thu, Dec 08, 2022 at 09:29:13AM -0600, Tom Lendacky wrote: > Add SNP-specific hooks to the unaccepted memory support in the boot > path (__accept_memory()) and the core kernel (accept_memory()) in order > to support booting SNP guests when unaccepted memory is present. Without > this support, SNP guests will fail to boot and/or panic() when unaccepted > memory is present in the EFI memory map. > > The process of accepting memory under SNP involves invoking the hypervisor > to perform a page state change for the page to private memory and then > issuing a PVALIDATE instruction to accept the page. > > Since the boot path and the core kernel paths perform similar operations, > move the pvalidate_pages() and vmgexit_psc() functions into sev-shared.c > to avoid code duplication. > > Create the new header file arch/x86/boot/compressed/sev.h because adding > the function declaration to any of the existing SEV related header files > pulls in too many other header files, causing the build to fail. > > Signed-off-by: Tom Lendacky <thomas.lendacky@....com> > --- > arch/x86/Kconfig | 1 + > arch/x86/boot/compressed/mem.c | 3 + > arch/x86/boot/compressed/sev.c | 54 ++++++++++++++- > arch/x86/boot/compressed/sev.h | 23 +++++++ > arch/x86/include/asm/sev.h | 3 + > arch/x86/kernel/sev-shared.c | 103 +++++++++++++++++++++++++++++ > arch/x86/kernel/sev.c | 112 ++++---------------------------- > arch/x86/mm/unaccepted_memory.c | 4 ++ > 8 files changed, 204 insertions(+), 99 deletions(-) > create mode 100644 arch/x86/boot/compressed/sev.h > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index d88f61940aa7..0704d4795919 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1549,6 +1549,7 @@ config AMD_MEM_ENCRYPT > select INSTRUCTION_DECODER > select ARCH_HAS_CC_PLATFORM > select X86_MEM_ENCRYPT > + select UNACCEPTED_MEMORY > help > Say yes to enable support for the encryption of system memory. > This requires an AMD processor that supports Secure Memory I think it misses "depends on EFI_STUB". The code I've submitted contains "select EFI_STUB", but it causes build issues for some configurations. I've changed it to "depends on" in git. -- Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists