• Ashish Kalra's avatar
    x86/sev: Add callback to apply RMP table fixups for kexec · 400fea4b
    Ashish Kalra authored
    Handle cases where the RMP table placement in the BIOS is not 2M aligned
    and the kexec-ed kernel could try to allocate from within that chunk
    which then causes a fatal RMP fault.
    
    The kexec failure is illustrated below:
    
      SEV-SNP: RMP table physical range [0x0000007ffe800000 - 0x000000807f0fffff]
      BIOS-provided physical RAM map:
      BIOS-e820: [mem 0x0000000000000000-0x000000000008efff] usable
      BIOS-e820: [mem 0x000000000008f000-0x000000000008ffff] ACPI NVS
      ...
      BIOS-e820: [mem 0x0000004080000000-0x0000007ffe7fffff] usable
      BIOS-e820: [mem 0x0000007ffe800000-0x000000807f0fffff] reserved
      BIOS-e820: [mem 0x000000807f100000-0x000000807f1fefff] usable
    
    As seen here in the e820 memory map, the end range of the RMP table is not
    aligned to 2MB and not reserved but it is usable as RAM.
    
    Subsequently, kexec -s (KEXEC_FILE_LOAD syscall) loads it's purgatory
    code and boot_param, command line and other setup data into this RAM
    region as seen in the kexec logs below, which leads to fatal RMP fault
    during kexec boot.
    
      Loaded purgatory at 0x807f1fa000
      Loaded boot_param, command line and misc at 0x807f1f8000 bufsz=0x1350 memsz=0x2000
      Loaded 64bit kernel at 0x7ffae00000 bufsz=0xd06200 memsz=0x3894000
      Loaded initrd at 0x7ff6c89000 bufsz=0x4176014 memsz=0x4176014
      E820 memmap:
      0000000000000000-000000000008efff (1)
      000000000008f000-000000000008ffff (4)
      0000000000090000-000000000009ffff (1)
      ...
      0000004080000000-0000007ffe7fffff (1)
      0000007ffe800000-000000807f0fffff (2)
      000000807f100000-000000807f1fefff (1)
      000000807f1ff000-000000807fffffff (2)
      nr_segments = 4
      segment[0]: buf=0x00000000e626d1a2 bufsz=0x4000 mem=0x807f1fa000 memsz=0x5000
      segment[1]: buf=0x0000000029c67bd6 bufsz=0x1350 mem=0x807f1f8000 memsz=0x2000
      segment[2]: buf=0x0000000045c60183 bufsz=0xd06200 mem=0x7ffae00000 memsz=0x3894000
      segment[3]: buf=0x000000006e54f08d bufsz=0x4176014 mem=0x7ff6c89000 memsz=0x4177000
      kexec_file_load: type:0, start:0x807f1fa150 head:0x1184d0002 flags:0x0
    
    Check if RMP table start and end physical range in the e820 tables are
    not aligned to 2MB and in that case map this range to reserved in all
    the three e820 tables.
    
      [ bp: Massage. ]
    
    Fixes: c3b86e61 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature")
    Signed-off-by: default avatarAshish Kalra <ashish.kalra@amd.com>
    Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
    Link: https://lore.kernel.org/r/df6e995ff88565262c2c7c69964883ff8aa6fc30.1714090302.git.ashish.kalra@amd.com
    400fea4b
mem_encrypt.c 3.53 KB