Commit 5ed0a99b authored by Borislav Petkov's avatar Borislav Petkov
Browse files

x86/head64: Carve out the guest encryption postprocessing into a helper 



Carve it out so that it is abstracted out of the main boot path. All
other encrypted guest-relevant processing should be placed in there.

No functional changes.

Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20211110220731.2396491-7-brijesh.singh@amd.com
parent dbc4c70e

arch/x86/kernel/head64.c

+31 −29
Original line number Diff line number Diff line
@@ -126,6 +126,36 @@ static bool __head check_la57_support(unsigned long physaddr) 
}

#endif



static unsigned long sme_postprocess_startup(struct boot_params *bp, pmdval_t *pmd)

{

	unsigned long vaddr, vaddr_end;

	int i;



	/* Encrypt the kernel and related (if SME is active) */

	sme_encrypt_kernel(bp);



	/*

	 * Clear the memory encryption mask from the .bss..decrypted section.

	 * The bss section will be memset to zero later in the initialization so

	 * there is no need to zero it after changing the memory encryption

	 * attribute.

	 */

	if (sme_get_me_mask()) {

		vaddr = (unsigned long)__start_bss_decrypted;

		vaddr_end = (unsigned long)__end_bss_decrypted;

		for (; vaddr < vaddr_end; vaddr += PMD_SIZE) {

			i = pmd_index(vaddr);

			pmd[i] -= sme_get_me_mask();

		}

	}



	/*

	 * Return the SME encryption mask (if SME is active) to be used as a

	 * modifier for the initial pgdir entry programmed into CR3.

	 */

	return sme_get_me_mask();

}



/* Code in __startup_64() can be relocated during execution, but the compiler

 * doesn't have to generate PC-relative relocations when accessing globals from

 * that function. Clang actually does not generate them, which leads to
@@ -135,7 +165,6 @@ static bool __head check_la57_support(unsigned long physaddr) 
unsigned long __head __startup_64(unsigned long physaddr,

				  struct boot_params *bp)

{

	unsigned long vaddr, vaddr_end;

	unsigned long load_delta, *p;

	unsigned long pgtable_flags;

	pgdval_t *pgd;
@@ -276,34 +305,7 @@ unsigned long __head __startup_64(unsigned long physaddr, 
	 */

	*fixup_long(&phys_base, physaddr) += load_delta - sme_get_me_mask();



	/* Encrypt the kernel and related (if SME is active) */

	sme_encrypt_kernel(bp);



	/*

	 * Clear the memory encryption mask from the .bss..decrypted section.

	 * The bss section will be memset to zero later in the initialization so

	 * there is no need to zero it after changing the memory encryption

	 * attribute.

	 *

	 * This is early code, use an open coded check for SME instead of

	 * using cc_platform_has(). This eliminates worries about removing

	 * instrumentation or checking boot_cpu_data in the cc_platform_has()

	 * function.

	 */

	if (sme_get_me_mask()) {

		vaddr = (unsigned long)__start_bss_decrypted;

		vaddr_end = (unsigned long)__end_bss_decrypted;

		for (; vaddr < vaddr_end; vaddr += PMD_SIZE) {

			i = pmd_index(vaddr);

			pmd[i] -= sme_get_me_mask();

		}

	}



	/*

	 * Return the SME encryption mask (if SME is active) to be used as a

	 * modifier for the initial pgdir entry programmed into CR3.

	 */

	return sme_get_me_mask();

	return sme_postprocess_startup(bp, pmd);

}



unsigned long __startup_secondary_64(void)