Re: [PATCH v5 32/32] x86/mm: Add support to make use of Secure Memory Encryption

From: Tom Lendacky
Date: Wed May 31 2017 - 09:38:07 EST


On 5/31/2017 3:49 AM, Borislav Petkov wrote:
On Tue, May 30, 2017 at 10:37:03AM -0500, Tom Lendacky wrote:
I can define the command line option and the "on" and "off" values as
character buffers in the function and initialize them on a per character
basis (using a static string causes the same issues as referencing a
string constant), i.e.:

char cmdline_arg[] = {'m', 'e', 'm', '_', 'e', 'n', 'c', 'r', 'y', 'p', 't', '\0'};
char cmdline_off[] = {'o', 'f', 'f', '\0'};
char cmdline_on[] = {'o', 'n', '\0'};

It doesn't look the greatest, but it works and removes the need for the
rip-relative addressing.

Well, I'm not thrilled about this one either. It's like being between a
rock and a hard place. :-\

On the one hand, we need the encryption mask before we do the fixups and
OTOH we need to do the fixups in order to access the strings properly.
Yuck.

Well, the only thing I can think of right now is maybe define
"mem_encrypt=" at the end of head_64.S and pass it in from asm to
sme_enable() and then do the "on"/"off" comparsion with local char
buffers. That could make it less ugly...

I like keeping the command line option and the values together. It may
not look the greatest but I like it more than defining the command line
option in head_64.S and passing it in as an argument.

OTOH, I don't think the rip-relative addressing was that bad, I can
always go back to that...

Thanks,
Tom