Commit e943f2c7 authored by Xin Jiang's avatar Xin Jiang Committed by hanliyang
Browse files

x86/boot/compressed/64: Add CSV3 update page attr(private/shared) 

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IAYGKY


CVE: NA

---------------------------

The function is needed to set encrypted page as private or set
decrypted page as shared at the stage where identity page table
is created. By default, all memory is set as private. CSV3 guest's
NPT is managed by the secure processor. The secure processor must
perform the correct action for private/shared memory.

The secure processor manages the guest's secure isolated memory
which cannot be accessed by other guest or host. As CSV3 feaure,
CSV3 guest's encrypted memory maps to secure isolated memory and
decrypted memory which is shared with host maps to normal memory.

At the stage of kernel decompressing, only GHCB page is set as
shared.

Signed-off-by: default avatarXin Jiang <jiangxin@hygon.cn>
Signed-off-by: default avatarhanliyang <hanliyang@hygon.cn>
parent d2600299

arch/x86/boot/compressed/csv.c

+16 −0
Original line number Diff line number Diff line
@@ -23,6 +23,22 @@ 
static unsigned int csv3_enabled __section(".data");

static unsigned int csv3_secure_call_init;



void csv_update_page_attr(unsigned long address, pteval_t set, pteval_t clr)

{

	if (!csv3_enabled)

		return;



	if ((set | clr) & _PAGE_ENC) {

		if (set & _PAGE_ENC)

			csv3_early_secure_call_ident_map(__pa(address), 1,

							 CSV3_SECURE_CMD_ENC);



		if (clr & _PAGE_ENC)

			csv3_early_secure_call_ident_map(__pa(address), 1,

							 CSV3_SECURE_CMD_DEC);

	}

}



/* Invoke it before jump to real kernel in case secure call pages are not mapped

 * in the identity page table.

 *

arch/x86/boot/compressed/csv.h

+5 −0
Original line number Diff line number Diff line
@@ -15,11 +15,16 @@ 
void csv_set_status(void);

void csv_init_secure_call_pages(void *boot_params);



void csv_update_page_attr(unsigned long address, pteval_t set, pteval_t clr);



#else



static inline void csv_set_status(void) { }

static inline void csv_init_secure_call_pages(void *boot_params) { }



static inline void csv_update_page_attr(unsigned long address,

					pteval_t set, pteval_t clr) { }



#endif



#endif	/* BOOT_COMPRESSED_CSV_H */

arch/x86/boot/compressed/ident_map_64.c

+3 −0
Original line number Diff line number Diff line
@@ -298,6 +298,9 @@ static int set_clr_page_flags(struct x86_mapping_info *info, 
	if ((set | clr) & _PAGE_ENC) {

		clflush_page(address);



		/* On CSV3, notify secure processor to manage page attr changes */

		csv_update_page_attr(address, set, clr);



		/*

		 * If the encryption attribute is being cleared, change the page state

		 * to shared in the RMP table.