Re: [RFC Part1 PATCH 11/13] x86/kernel: validate rom memory before accessing when SEV-SNP is active
On 4/9/21 11:53 AM, Borislav Petkov wrote: > On Wed, Mar 24, 2021 at 11:44:22AM -0500, Brijesh Singh wrote: >> +/* >> + * The ROM memory is not part of the E820 system RAM and is not >> prevalidated by the BIOS. >> + * The kernel page table maps the ROM region as encrypted memory, the >> SEV-SNP requires >> + * the all the encrypted memory must be validated before the access. >> + */ >> +if (sev_snp_active()) { >> +unsigned long n, paddr; >> + >> +n = ((system_rom_resource.end + 1) - video_rom_resource.start) >> >> PAGE_SHIFT; >> +paddr = video_rom_resource.start; >> +early_snp_set_memory_private((unsigned long)__va(paddr), paddr, >> n); >> +} > I don't like this sprinkling of SNP-special stuff that needs to be done, > around the tree. Instead, pls define a function called > > snp_prep_memory(unsigned long pa, unsigned int num_pages, enum > operation); > > or so which does all the manipulation needed and the callsites only > simply unconditionally call that function so that all detail is > extracted and optimized away when not config-enabled. Sure, I will do this in the next rev. > > Thx. >
Re: [RFC Part1 PATCH 11/13] x86/kernel: validate rom memory before accessing when SEV-SNP is active
On Wed, Mar 24, 2021 at 11:44:22AM -0500, Brijesh Singh wrote: > + /* > + * The ROM memory is not part of the E820 system RAM and is not > prevalidated by the BIOS. > + * The kernel page table maps the ROM region as encrypted memory, the > SEV-SNP requires > + * the all the encrypted memory must be validated before the access. > + */ > + if (sev_snp_active()) { > + unsigned long n, paddr; > + > + n = ((system_rom_resource.end + 1) - video_rom_resource.start) > >> PAGE_SHIFT; > + paddr = video_rom_resource.start; > + early_snp_set_memory_private((unsigned long)__va(paddr), paddr, > n); > + } I don't like this sprinkling of SNP-special stuff that needs to be done, around the tree. Instead, pls define a function called snp_prep_memory(unsigned long pa, unsigned int num_pages, enum operation); or so which does all the manipulation needed and the callsites only simply unconditionally call that function so that all detail is extracted and optimized away when not config-enabled. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette