Re: [PATCH v5 29/32] x86/mm: Add support to encrypt the kernel in-place

From: Tom Lendacky
Date: Tue May 30 2017 - 12:39:36 EST


On 5/26/2017 11:25 AM, Borislav Petkov wrote:
On Thu, May 25, 2017 at 05:24:27PM -0500, Tom Lendacky wrote:
I guess I could do that, but this will probably only end up clearing a
single PGD entry anyway since it's highly doubtful the address range
would cross a 512GB boundary.

Or you can compute how many 512G-covering, i.e., PGD entries there are
and clear just the right amnount. :^)

I can change the name. As for the use of ENTRY... without the
ENTRY/ENDPROC combination I was receiving a warning about a return
instruction outside of a callable function. It looks like I can just
define the "sme_enc_routine:" label with the ENDPROC and the warning
goes away and the global is avoided. It doesn't like the local labels
(.L...) so I'll use the new name.

Is that warning from objtool or where does it come from?

Yes, it's from objtool:

arch/x86/mm/mem_encrypt_boot.o: warning: objtool: .text+0xd2: return instruction outside of a callable function


How do I trigger it locally

I think having CONFIG_STACK_VALIDATION=y will trigger it.


The hardware will try to optimize rep movsb into large chunks assuming
things are aligned, sizes are large enough, etc. so we don't have to
explicitly specify and setup for a rep movsq.

I thought the hw does that for movsq too?

It does.

Thanks,
Tom