Commit-ID: 1a79c1b8a04153c4c387518967ce851f89e22733
Gitweb: https://git.kernel.org/tip/1a79c1b8a04153c4c387518967ce851f89e22733
Author: Lianbo Jiang <liji...@redhat.com>
AuthorDate: Tue, 30 Apr 2019 15:44:19 +0800
Committer: Borislav Petkov <b...@suse.de>
CommitDate: Thu, 20 Jun 2019 10:06:46 +0200
x86/kexec: Do not map kexec area as decrypted when SEV is active
When a virtual machine panics, its memory needs to be dumped for
analysis. With memory encryption in the picture, special care must be
taken when loading a kexec/kdump kernel in a SEV guest.
A SEV guest starts and runs fully encrypted. In order to load a kexec
kernel and initrd, arch_kexec_post_{alloc,free}_pages() need to not map
areas as decrypted unconditionally but differentiate whether the kernel
is running as a SEV guest and if so, leave kexec area encrypted.
[ bp: Reduce commit message to the relevant information pertaining to
this commit only. ]
Co-developed-by: Brijesh Singh <brijesh.si...@amd.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
Signed-off-by: Lianbo Jiang <liji...@redhat.com>
Signed-off-by: Borislav Petkov <b...@suse.de>
Cc: Andrew Morton <a...@linux-foundation.org>
Cc: b...@redhat.com
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: dyo...@redhat.com
Cc: "H. Peter Anvin" <h...@zytor.com>
Cc: Ingo Molnar <mi...@redhat.com>
Cc: ke...@lists.infradead.org
Cc: "Kirill A. Shutemov" <kirill.shute...@linux.intel.com>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: x86-ml <x...@kernel.org>
Link: https://lkml.kernel.org/r/20190430074421.7852-2-liji...@redhat.com
---
arch/x86/kernel/machine_kexec_64.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/kernel/machine_kexec_64.c
b/arch/x86/kernel/machine_kexec_64.c
index ceba408ea982..3b38449028e0 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -559,8 +559,20 @@ void arch_kexec_unprotect_crashkres(void)
kexec_mark_crashkres(false);
}
+/*
+ * During a traditional boot under SME, SME will encrypt the kernel,
+ * so the SME kexec kernel also needs to be un-encrypted in order to
+ * replicate a normal SME boot.
+ *
+ * During a traditional boot under SEV, the kernel has already been
+ * loaded encrypted, so the SEV kexec kernel needs to be encrypted in
+ * order to replicate a normal SEV boot.
+ */
int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp)
{
+ if (sev_active())
+ return 0;
+
/*
* If SME is active we need to be sure that kexec pages are
* not encrypted because when we boot to the new kernel the
@@ -571,6 +583,9 @@ int arch_kexec_post_alloc_pages(void *vaddr, unsigned int
pages, gfp_t gfp)
void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages)
{
+ if (sev_active())
+ return;
+
/*
* If SME is active we need to reset the pages back to being
* an encrypted mapping before freeing them.
