Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac26963a authored by Brijesh Singh's avatar Brijesh Singh Committed by Thomas Gleixner
Browse files

percpu: Introduce DEFINE_PER_CPU_DECRYPTED 



KVM guest defines three per-CPU variables (steal-time, apf_reason, and
kvm_pic_eoi) which are shared between a guest and a hypervisor.

When SEV is active, memory is encrypted with a guest-specific key, and if
the guest OS wants to share the memory region with the hypervisor then it
must clear the C-bit (i.e set decrypted) before sharing it.

DEFINE_PER_CPU_DECRYPTED can be used to define the per-CPU variables
which will be shared between a guest and a hypervisor.

Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Tested-by: default avatarBorislav Petkov <bp@suse.de>
Acked-by: default avatarTejun Heo <tj@kernel.org>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
Cc: linux-arch@vger.kernel.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: kvm@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Christoph Lameter <cl@linux.com>
Link: https://lkml.kernel.org/r/20171020143059.3291-16-brijesh.singh@amd.com
parent dfaaec90

include/asm-generic/vmlinux.lds.h

+19 −0
Original line number Diff line number Diff line
@@ -777,6 +777,24 @@ 
#define INIT_RAM_FS

#endif



/*

 * Memory encryption operates on a page basis. Since we need to clear

 * the memory encryption mask for this section, it needs to be aligned

 * on a page boundary and be a page-size multiple in length.

 *

 * Note: We use a separate section so that only this section gets

 * decrypted to avoid exposing more than we wish.

 */

#ifdef CONFIG_AMD_MEM_ENCRYPT

#define PERCPU_DECRYPTED_SECTION					\

	. = ALIGN(PAGE_SIZE);						\

	*(.data..percpu..decrypted)					\

	. = ALIGN(PAGE_SIZE);

#else

#define PERCPU_DECRYPTED_SECTION

#endif





/*

 * Default discarded sections.

 *
@@ -815,6 +833,7 @@ 
	. = ALIGN(cacheline);						\

	*(.data..percpu)						\

	*(.data..percpu..shared_aligned)				\

	PERCPU_DECRYPTED_SECTION					\

	VMLINUX_SYMBOL(__per_cpu_end) = .;



/**

include/linux/percpu-defs.h

+15 −0
Original line number Diff line number Diff line
@@ -172,6 +172,21 @@ 
#define DEFINE_PER_CPU_READ_MOSTLY(type, name)				\

	DEFINE_PER_CPU_SECTION(type, name, "..read_mostly")



/*

 * Declaration/definition used for per-CPU variables that should be accessed

 * as decrypted when memory encryption is enabled in the guest.

 */

#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT)



#define DECLARE_PER_CPU_DECRYPTED(type, name)				\

	DECLARE_PER_CPU_SECTION(type, name, "..decrypted")



#define DEFINE_PER_CPU_DECRYPTED(type, name)				\

	DEFINE_PER_CPU_SECTION(type, name, "..decrypted")

#else

#define DEFINE_PER_CPU_DECRYPTED(type, name)	DEFINE_PER_CPU(type, name)

#endif



/*

 * Intermodule exports for per-CPU variables.  sparse forgets about

 * address space across EXPORT_SYMBOL(), change EXPORT_SYMBOL() to