x86/tdx: Make pages shared in ioremap()
In TDX guests, guest memory is protected from host access. If a guest performs I/O, it needs to explicitly share the I/O memory with the host. Make all ioremap()ed pages that are not backed by normal memory (IORES_DESC_NONE or IORES_DESC_RESERVED) mapped as shared. The permissions in PAGE_KERNEL_IO already work for "decrypted" memory on AMD SEV/SME systems. That means that they have no need to make a pgprot_decrypted() call. TDX guests, on the other hand, _need_ change to PAGE_KERNEL_IO for "decrypted" mappings. Add a pgprot_decrypted() for TDX. Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Andi Kleen <ak@linux.intel.com> Reviewed-by: Tony Luck <tony.luck@intel.com> Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20220405232939.73860-26-kirill.shutemov@linux.intel.com
This commit is contained in:
Родитель
bae1a962ac
Коммит
9aa6ea6985
|
@ -242,10 +242,15 @@ __ioremap_caller(resource_size_t phys_addr, unsigned long size,
|
|||
* If the page being mapped is in memory and SEV is active then
|
||||
* make sure the memory encryption attribute is enabled in the
|
||||
* resulting mapping.
|
||||
* In TDX guests, memory is marked private by default. If encryption
|
||||
* is not requested (using encrypted), explicitly set decrypt
|
||||
* attribute in all IOREMAPPED memory.
|
||||
*/
|
||||
prot = PAGE_KERNEL_IO;
|
||||
if ((io_desc.flags & IORES_MAP_ENCRYPTED) || encrypted)
|
||||
prot = pgprot_encrypted(prot);
|
||||
else
|
||||
prot = pgprot_decrypted(prot);
|
||||
|
||||
switch (pcm) {
|
||||
case _PAGE_CACHE_MODE_UC:
|
||||
|
|
Загрузка…
Ссылка в новой задаче