Hi Boris, On 09/19/2017 05:39 AM, Borislav Petkov wrote: ...
@@ -815,6 +825,7 @@ . = ALIGN(cacheline); \ *(.data..percpu) \ *(.data..percpu..shared_aligned) \ + PERCPU_UNENCRYPTED_SECTION \ VMLINUX_SYMBOL(__per_cpu_end) = .;So looking at this more: I'm wondering if we can simply reuse the PER_CPU_SHARED_ALIGNED_SECTION definition which is for shared per-CPU sections. Instead of introducing a special section which is going to be used only by SEV, practically. Because "shared" also kinda implies that it is shared by multiple agents and those agents can just as well be guest and hypervisor. And then that patch is gone too. Hmmm...?
"..shared_aligned" section does not start and end with page-size alignment. Since the C-bit works on PAGE_SIZE alignment hence the "..unencrypted" section starts and ends with page-size alignment. The closest I can find is "..page_aligned" but again it does not end with page-size alignment. Additionally, since we clear the C-bit from unencrypted section hence we should avoid overloading the existing section -- we don't want to expose more than we wish.
