Re: [PATCH v2 1/3] x86/mm: Restructure sme_encrypt_kernel()
From: Borislav Petkov
Date: Wed Aug 29 2018 - 09:13:13 EST
On Tue, Aug 28, 2018 at 05:12:55PM -0500, Brijesh Singh wrote:
> Re-arrange the sme_encrypt_kernel() by moving the workarea map/unmap
> logic in a separate static function. There are no logical changes in this
> patch. The restructuring will allow us to expand the sme_encrypt_kernel
> in future.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
This patch is going to be a prerequisite for the actual fix so you
probably should write here:
Cc: stable@xxxxxxxxxxxxxxx # prerequisite for <patch name>
or better yet do a separate backport/submission to stable@ once those
have been upstreamed.
...
> +void __init sme_encrypt_kernel(struct boot_params *bp)
> +{
> + struct sme_populate_pgd_data ppd;
> + struct sme_workarea_data wa;
> +
> + if (!sme_active())
> + return;
> +
> + build_workarea_map(bp, &wa, &ppd);
> +
> + /* When SEV is active, encrypt kernel and initrd */
> + sme_encrypt_execute(wa.kernel_start,
> + wa.kernel_start + wa.decrypted_base,
> + wa.kernel_len, wa.workarea_start,
> + (unsigned long)ppd.pgd);
> +
> + if (wa.initrd_len)
> + sme_encrypt_execute(wa.initrd_start,
> + wa.initrd_start + wa.decrypted_base,
> + wa.initrd_len, wa.workarea_start,
> + (unsigned long)ppd.pgd);
> +
> + remove_workarea_map(&wa, &ppd);
teardown_workarea_map() is a better naming counterpart to
build_workarea_map().
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix ImendÃrffer, Jane Smithard, Graham Norton, HRB 21284 (AG NÃrnberg)
--