• Lianbo Jiang's avatar
    x86/kexec: Do not map kexec area as decrypted when SEV is active · 1a79c1b8
    Lianbo Jiang authored
    
    
    When a virtual machine panics, its memory needs to be dumped for
    analysis. With memory encryption in the picture, special care must be
    taken when loading a kexec/kdump kernel in a SEV guest.
    
    A SEV guest starts and runs fully encrypted. In order to load a kexec
    kernel and initrd, arch_kexec_post_{alloc,free}_pages() need to not map
    areas as decrypted unconditionally but differentiate whether the kernel
    is running as a SEV guest and if so, leave kexec area encrypted.
    
     [ bp: Reduce commit message to the relevant information pertaining to
       this commit only. ]
    Co-developed-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
    Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
    Signed-off-by: default avatarLianbo Jiang <lijiang@redhat.com>
    Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: bhe@redhat.com
    Cc: Brijesh Singh <brijesh.singh@amd.com>
    Cc: dyoung@redhat.com
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: kexec@lists.infradead.org
    Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Tom Lendacky <thomas.lendacky@amd.com>
    Cc: x86-ml <x86@kernel.org>
    Link: https://lkml.kernel.org/r/20190430074421.7852-2-lijiang@redhat.com
    1a79c1b8
machine_kexec_64.c 14.7 KB