On 07/09/2018 19:57, Brijesh Singh wrote: > Commit: 368a540e0232 (x86/kvmclock: Remove memblock dependency) > caused SEV guest regression. When SEV is active, we map the shared > variables (wall_clock and hv_clock_boot) with C=0 to ensure that both > the guest and the hypervisor are able to access the data. To map the > variables we use kernel_physical_mapping_init() to split the large pages, > but splitting large pages requires allocating a new PMD, which fails now > that kvmclock initialization is called early during boot. > > Recently we added a special .data..decrypted section to hold the shared > variables. This section is mapped with C=0 early during boot. Use > __decrypted attribute to put the wall_clock and hv_clock_boot in > .data..decrypted section so that they are mapped with C=0. > > Signed-off-by: Brijesh Singh <[email protected]> > Reviewed-by: Tom Lendacky <[email protected]> > Fixes: 368a540e0232 ("x86/kvmclock: Remove memblock dependency") > Cc: Tom Lendacky <[email protected]> > Cc: [email protected] > Cc: Thomas Gleixner <[email protected]> > Cc: Borislav Petkov <[email protected]> > Cc: "H. Peter Anvin" <[email protected]> > Cc: [email protected] > Cc: Paolo Bonzini <[email protected]> > Cc: Sean Christopherson <[email protected]> > Cc: [email protected] > Cc: "Radim Krčmář" <[email protected]> > --- > arch/x86/kernel/kvmclock.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c > index 1e67646..376fd3a 100644 > --- a/arch/x86/kernel/kvmclock.c > +++ b/arch/x86/kernel/kvmclock.c > @@ -61,8 +61,8 @@ early_param("no-kvmclock-vsyscall", > parse_no_kvmclock_vsyscall); > (PAGE_SIZE / sizeof(struct pvclock_vsyscall_time_info)) > > static struct pvclock_vsyscall_time_info > - hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __aligned(PAGE_SIZE); > -static struct pvclock_wall_clock wall_clock; > + hv_clock_boot[HVC_BOOT_ARRAY_SIZE] __decrypted > __aligned(PAGE_SIZE); > +static struct pvclock_wall_clock wall_clock __decrypted; > static DEFINE_PER_CPU(struct pvclock_vsyscall_time_info *, hv_clock_per_cpu); > > static inline struct pvclock_vcpu_time_info *this_cpu_pvti(void) >
Acked-by: Paolo Bonzini <[email protected]> (Though perhaps __noencrypt or __unencrypted would be a bit more accurate; likewise for the freeing function added in patch 5). Paolo
