The encryption attribute for the bss.decrypted region is cleared in the initial page table build. This is because the section contains the data that need to be shared between the guest and the hypervisor.
When SEV-SNP is active, just clearing the encryption attribute in the page table is not enough. We also need to make the page shared in the RMP table. Cc: Thomas Gleixner <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: Borislav Petkov <[email protected]> Cc: Joerg Roedel <[email protected]> Cc: "H. Peter Anvin" <[email protected]> Cc: Tony Luck <[email protected]> Cc: Dave Hansen <[email protected]> Cc: "Peter Zijlstra (Intel)" <[email protected]> Cc: Paolo Bonzini <[email protected]> Cc: Tom Lendacky <[email protected]> Cc: David Rientjes <[email protected]> Cc: Sean Christopherson <[email protected]> Cc: [email protected] Cc: [email protected] Signed-off-by: Brijesh Singh <[email protected]> --- arch/x86/kernel/head64.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 5e9beb77cafd..1bf005d38ebc 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -40,6 +40,7 @@ #include <asm/extable.h> #include <asm/trapnr.h> #include <asm/sev-es.h> +#include <asm/sev-snp.h> /* * Manage page tables very early on. @@ -288,6 +289,19 @@ unsigned long __head __startup_64(unsigned long physaddr, if (mem_encrypt_active()) { vaddr = (unsigned long)__start_bss_decrypted; vaddr_end = (unsigned long)__end_bss_decrypted; + + /* + * The bss.decrypted region is mapped decrypted in the initial page table. + * If SEV-SNP is active then transition the page to shared in the RMP table + * so that it is consistent with the page table attribute change below. + */ + if (sev_snp_active()) { + unsigned long npages; + + npages = PAGE_ALIGN(vaddr_end - vaddr) >> PAGE_SHIFT; + early_snp_set_memory_shared(__pa(vaddr), __pa(vaddr), npages); + } + for (; vaddr < vaddr_end; vaddr += PMD_SIZE) { i = pmd_index(vaddr); pmd[i] -= sme_get_me_mask(); -- 2.17.1
