[PATCH] x86/ioremap: Map EFI runtime services data as encrypted for SEV

[Tom Lendacky]

The dmidecode program fails to properly decode the SMBIOS data supplied
by OVMF/UEFI when running on an SEV guest. The SMBIOS area, under SEV, is
encrypted and resides in reserved memory that is marked as EFI runtime
services data. As a result, when memremap() is attempted for the SMBIOS
data, it can't be mapped as regular RAM (through try_ram_remap()) and,
since the address isn't part of the iomem resources list, it isn't mapped
encrypted through the fallback ioremap().

Update __ioremap_check_mem() to set the IORES_MAP_ENCRYPTED flag if SEV is
active and the memory being mapped is part of EFI runtime services data.
This allows any runtime services data, which has been created encrypted,
to be mapped encrypted.

Cc: Bruce Rogers <brogers@xxxxxxxx>
Cc: Joerg Roedel <jroedel@xxxxxxx>
Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
 arch/x86/mm/ioremap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 44e4beb4239f..382b6ca66820 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -135,6 +135,13 @@ static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
 	memset(desc, 0, sizeof(struct ioremap_desc));
 
 	walk_mem_res(start, end, desc, __ioremap_collect_map_flags);
+
+	/*
+	 * The EFI runtime services data area is not covered by walk_mem_res(),
+	 * but must be mapped encrypted when SEV is active.
+	 */
+	if (sev_active() && efi_mem_type(addr) == EFI_RUNTIME_SERVICES_DATA)
+		desc->flags |= IORES_MAP_ENCRYPTED;
 }
 
 /*
-- 
2.17.1