x86/efi: Access EFI MMIO data as unencrypted when SEV is active

SEV guest fails to update the UEFI runtime variables stored in the
flash.

The following commit:

  1379edd59673 ("x86/efi: Access EFI data as encrypted when SEV is active")

unconditionally maps all the UEFI runtime data as 'encrypted' (C=1).

When SEV is active the UEFI runtime data marked as EFI_MEMORY_MAPPED_IO
should be mapped as 'unencrypted' so that both guest and hypervisor can
access the data.

Signed-off-by: Brijesh Singh <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Reviewed-by: Tom Lendacky <[email protected]>
Cc: <[email protected]> # 4.15.x
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Fixes: 1379edd59673 ("x86/efi: Access EFI data as encrypted ...")
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>

diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 77873ce700ae7d703a3385719282dbd31a092ed9..5f2eb32316073f15307aa28ac8b37a17230ea751 100644 (file)
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -417,7 +417,7 @@ static void __init __map_region(efi_memory_desc_t *md, u64 va)
        if (!(md->attribute & EFI_MEMORY_WB))
                flags |= _PAGE_PCD;
 
-       if (sev_active())
+       if (sev_active() && md->type != EFI_MEMORY_MAPPED_IO)
                flags |= _PAGE_ENC;
 
        pfn = md->phys_addr >> PAGE_SHIFT;