Thread (123 messages) 123 messages, 8 authors, 2021-09-15

Re: [PATCH Part1 v5 30/38] x86/compressed/64: store Confidential Computing blob address in bootparams

From: Borislav Petkov <bp@alien8.de>
Date: 2021-08-27 14:14:45
Also in: kvm, linux-coco, linux-mm, lkml, platform-driver-x86 

On Fri, Aug 20, 2021 at 10:19:25AM -0500, Brijesh Singh wrote:
From: Michael Roth <redacted>

When the Confidential Computing blob is located by the boot/compressed
kernel, store a pointer to it in bootparams->cc_blob_address to avoid
the need for the run-time kernel to rescan the EFI config table to find
it again.

Since this function is also shared by the run-time kernel, this patch
Here's "this patch" again... but you know what to do.
quoted hunk ↗ jump to hunk
also adds the logic to make use of bootparams->cc_blob_address when it
has been initialized.

Signed-off-by: Michael Roth <redacted>
Signed-off-by: Brijesh Singh <redacted>
---
 arch/x86/kernel/sev-shared.c | 40 ++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
index 651980ddbd65..6f70ba293c5e 100644
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@ -868,7 +868,6 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb,
 	return ES_OK;
 }
 
-#ifdef BOOT_COMPRESSED
 static struct setup_data *get_cc_setup_data(struct boot_params *bp)
 {
 	struct setup_data *hdr = (struct setup_data *)bp->hdr.setup_data;
@@ -888,6 +887,16 @@ static struct setup_data *get_cc_setup_data(struct boot_params *bp)
  *   1) Search for CC blob in the following order/precedence:
  *      - via linux boot protocol / setup_data entry
  *      - via EFI configuration table
+ *   2) If found, initialize boot_params->cc_blob_address to point to the
+ *      blob so that uncompressed kernel can easily access it during very
+ *      early boot without the need to re-parse EFI config table
+ *   3) Return a pointer to the CC blob, NULL otherwise.
+ *
+ * For run-time/uncompressed kernel:
+ *
+ *   1) Search for CC blob in the following order/precedence:
+ *      - via linux boot protocol / setup_data entry
Why would you do this again if the boot/compressed kernel has already
searched for it?

+ *      - via boot_params->cc_blob_address
Yes, that is the only thing you need to do in the runtime kernel - see
if cc_blob_address is not 0. And all the work has been done by the
decompressor kernel already.
quoted hunk ↗ jump to hunk
  *   2) Return a pointer to the CC blob, NULL otherwise.
  */
 static struct cc_blob_sev_info *sev_snp_probe_cc_blob(struct boot_params *bp)
@@ -897,9 +906,11 @@ static struct cc_blob_sev_info *sev_snp_probe_cc_blob(struct boot_params *bp)
 		struct setup_data header;
 		u32 cc_blob_address;
 	} *sd;
+#ifdef __BOOT_COMPRESSED
 	unsigned long conf_table_pa;
 	unsigned int conf_table_len;
 	bool efi_64;
+#endif
That function turns into an unreadable mess with that #ifdef
__BOOT_COMPRESSED slapped everywhere.

It seems the cleanest thing to do is to do what we do with
acpi_rsdp_addr: do all the parsing in boot/compressed/ and pass it on
through boot_params. Kernel proper simply reads the pointer.

Which means, you can stick all that cc_blob figuring out functionality
in arch/x86/boot/compressed/sev.c instead.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help