[tip:x86/kdump] x86/kexec: Do not map kexec area as decrypted when SEV is active

From: tip-bot for Lianbo Jiang
Date: Thu Jun 20 2019 - 06:07:37 EST


Commit-ID: 1a79c1b8a04153c4c387518967ce851f89e22733
Gitweb: https://git.kernel.org/tip/1a79c1b8a04153c4c387518967ce851f89e22733
Author: Lianbo Jiang <lijiang@xxxxxxxxxx>
AuthorDate: Tue, 30 Apr 2019 15:44:19 +0800
Committer: Borislav Petkov <bp@xxxxxxx>
CommitDate: Thu, 20 Jun 2019 10:06:46 +0200

x86/kexec: Do not map kexec area as decrypted when SEV is active

When a virtual machine panics, its memory needs to be dumped for
analysis. With memory encryption in the picture, special care must be
taken when loading a kexec/kdump kernel in a SEV guest.

A SEV guest starts and runs fully encrypted. In order to load a kexec
kernel and initrd, arch_kexec_post_{alloc,free}_pages() need to not map
areas as decrypted unconditionally but differentiate whether the kernel
is running as a SEV guest and if so, leave kexec area encrypted.

[ bp: Reduce commit message to the relevant information pertaining to
this commit only. ]

Co-developed-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Signed-off-by: Lianbo Jiang <lijiang@xxxxxxxxxx>
Signed-off-by: Borislav Petkov <bp@xxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: bhe@xxxxxxxxxx
Cc: Brijesh Singh <brijesh.singh@xxxxxxx>
Cc: dyoung@xxxxxxxxxx
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: kexec@xxxxxxxxxxxxxxxxxxx
Cc: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
Cc: x86-ml <x86@xxxxxxxxxx>
Link: https://lkml.kernel.org/r/20190430074421.7852-2-lijiang@xxxxxxxxxx
---
arch/x86/kernel/machine_kexec_64.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)

diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index ceba408ea982..3b38449028e0 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -559,8 +559,20 @@ void arch_kexec_unprotect_crashkres(void)
kexec_mark_crashkres(false);
}

+/*
+ * During a traditional boot under SME, SME will encrypt the kernel,
+ * so the SME kexec kernel also needs to be un-encrypted in order to
+ * replicate a normal SME boot.
+ *
+ * During a traditional boot under SEV, the kernel has already been
+ * loaded encrypted, so the SEV kexec kernel needs to be encrypted in
+ * order to replicate a normal SEV boot.
+ */
int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp)
{
+ if (sev_active())
+ return 0;
+
/*
* If SME is active we need to be sure that kexec pages are
* not encrypted because when we boot to the new kernel the
@@ -571,6 +583,9 @@ int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp)

void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages)
{
+ if (sev_active())
+ return;
+
/*
* If SME is active we need to reset the pages back to being
* an encrypted mapping before freeing them.