mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-13 14:24:11 +08:00
cd0d9d92c8
The early SME/SEV code parses the command line very early, in order to decide whether or not memory encryption should be enabled, which needs to occur even before the initial page tables are created. This is problematic for a number of reasons: - this early code runs from the 1:1 mapping provided by the decompressor or firmware, which uses a different translation than the one assumed by the linker, and so the code needs to be built in a special way; - parsing external input while the entire kernel image is still mapped writable is a bad idea in general, and really does not belong in security minded code; - the current code ignores the built-in command line entirely (although this appears to be the case for the entire decompressor) Given that the decompressor/EFI stub is an intrinsic part of the x86 bootable kernel image, move the command line parsing there and out of the core kernel. This removes the need to build lib/cmdline.o in a special way, or to use RIP-relative LEA instructions in inline asm blocks. This involves a new xloadflag in the setup header to indicate that mem_encrypt=on appeared on the kernel command line. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Tested-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://lore.kernel.org/r/20240227151907.387873-17-ardb+git@google.com |
||
|---|---|---|
| .. | ||
| arm_ffa | ||
| arm_scmi | ||
| broadcom | ||
| cirrus | ||
| efi | ||
| imx | ||
| meson | ||
| microchip | ||
| psci | ||
| qcom | ||
| smccc | ||
| tegra | ||
| xilinx | ||
| arm_scpi.c | ||
| arm_sdei.c | ||
| dmi_scan.c | ||
| dmi-id.c | ||
| dmi-sysfs.c | ||
| edd.c | ||
| iscsi_ibft_find.c | ||
| iscsi_ibft.c | ||
| Kconfig | ||
| Makefile | ||
| memmap.c | ||
| mtk-adsp-ipc.c | ||
| qemu_fw_cfg.c | ||
| raspberrypi.c | ||
| stratix10-rsu.c | ||
| stratix10-svc.c | ||
| sysfb_simplefb.c | ||
| sysfb.c | ||
| ti_sci.c | ||
| ti_sci.h | ||
| trusted_foundations.c | ||
| turris-mox-rwtm.c | ||