x86/ioremap: Map EFI runtime services data as encrypted for SEV (985e537a) · Commits · 戴 / test

The dmidecode program fails to properly decode the SMBIOS data supplied by OVMF/UEFI when running in an SEV guest. The SMBIOS area, under SEV, is encrypted and resides in reserved memory that is marked as EFI runtime services data. As a result, when memremap() is attempted for the SMBIOS data, it can't be mapped as regular RAM (through try_ram_remap()) and, since the address isn't part of the iomem resources list, it isn't mapped encrypted through the fallback ioremap(). Add a new __ioremap_check_other() to deal with memory types like EFI_RUNTIME_SERVICES_DATA which are not covered by the resource ranges. This allows any runtime services data which has been created encrypted, to be mapped encrypted too. [ bp: Move functionality to a separate function. ] Signed-off-by:

Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by:

Borislav Petkov <bp@suse.de> Reviewed-by:

Joerg Roedel <jroedel@suse.de> Tested-by:

Joerg Roedel <jroedel@suse.de> Cc: <stable@vger.kernel.org> # 5.3 Link: https://lkml.kernel.org/r/2d9e16eb5b53dc82665c95c6764b7407719df7a0.1582645327.git.thomas.lendacky@amd.com

arch/x86/mm/ioremap.c

+18 −0

Original line number	Diff line number	Diff line
		@@ -106,6 +106,19 @@ static unsigned int __ioremap_check_encrypted(struct resource *res)
		return 0;
		}

		/*
		* The EFI runtime services data area is not covered by walk_mem_res(), but must
		* be mapped encrypted when SEV is active.
		*/
		static void __ioremap_check_other(resource_size_t addr, struct ioremap_desc *desc)
		{
		if (!sev_active())
		return;

		if (efi_mem_type(addr) == EFI_RUNTIME_SERVICES_DATA)
		desc->flags \|= IORES_MAP_ENCRYPTED;
		}

		static int __ioremap_collect_map_flags(struct resource res, void arg)
		{
		struct ioremap_desc *desc = arg;
		@@ -124,6 +137,9 @@ static int __ioremap_collect_map_flags(struct resource res, void arg)
		* To avoid multiple resource walks, this function walks resources marked as
		* IORESOURCE_MEM and IORESOURCE_BUSY and looking for system RAM and/or a
		* resource described not as IORES_DESC_NONE (e.g. IORES_DESC_ACPI_TABLES).
		*
		* After that, deal with misc other ranges in __ioremap_check_other() which do
		* not fall into the above category.
		*/
		static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
		struct ioremap_desc *desc)
		@@ -135,6 +151,8 @@ static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
		memset(desc, 0, sizeof(struct ioremap_desc));

		walk_mem_res(start, end, desc, __ioremap_collect_map_flags);

		__ioremap_check_other(addr, desc);
		}

		/*

Admin message