Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <12e91cad-340c-cf90-ab10-16b099bb254f@oracle.com>
Date:   Fri, 5 May 2023 14:59:24 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Subject: Re: [PATCH v6 08/14] x86: Secure Launch kernel late boot stub
Content-Language: en-US
To:     Simon Horman <horms@kernel.org>
Cc:     linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
        kexec@lists.infradead.org, linux-efi@vger.kernel.org,
        dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com,
        bp@alien8.de, hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org,
        James.Bottomley@hansenpartnership.com, luto@amacapital.net,
        nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
        trenchboot-devel@googlegroups.com
References: <20230504145023.835096-1-ross.philipson@oracle.com>
 <20230504145023.835096-9-ross.philipson@oracle.com>
 <ZFVCZ1EDxQgdyocc@kernel.org>
From:   Ross Philipson <ross.philipson@oracle.com>
In-Reply-To: <ZFVCZ1EDxQgdyocc@kernel.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SVUvcjZnVkxhZ05qR3NUckJjbXBPRmV2WkZRWjU4Mjc5WlZoTWZFVjA1dEhX?=
 =?utf-8?B?OVlYTGVCbVdMWnovUEVyZ3J5ZzR2TW9ScHBQVTgrc2x5WmFFOERRMy9jaHVr?=
 =?utf-8?B?WEI5UHl1RnhURXdQQWsvWTladjFsVWRXUHNkKytjZmtIbG4rb0NybEtpN2l0?=
 =?utf-8?B?V1hubDVkMTB2K2JiSjJ0VUlVSWpwTTVEWlc2V01mMmNRcDdDeWY0Vzd1bDl3?=
 =?utf-8?B?RC96ckR2d3p4OTludzhtS0FIREFKdmhNM1RFY1JTK2FTTXk5TGlUSU44SGtZ?=
 =?utf-8?B?TklmN2NHdWFWS296VllqTU5GY251aGVaYWNaY1VWOE8vam5IRXpaemwwM3VK?=
 =?utf-8?B?VVFPWVNzbE5IM044aWM2N1JxYXdZNGRRdWtmNXNzYk1BOVREbEFpUEs5dG1X?=
 =?utf-8?B?Um15cFdRS3BISnVSQktnTmhOcW5PQm01Z2ZhVEpUUkVrdTc0eVBrNysxNHJa?=
 =?utf-8?B?UWl0TU5BTFJPU2NDZGltV2tlbTVicHBJYzFUWjdBTUtRTHR4QTBjZEVaVnZt?=
 =?utf-8?B?Mm1md3VQbHoxVU9BeXUzUmVDSjJ6YWtUSU5sQ0c2Qi9KUW1naUN5TzhtU3A4?=
 =?utf-8?B?OFJGRkJJMlFrNnlkVnZmeEsrNGgyRTBaeEt6dFZXUVRUYUszL0xiaEpLbGlW?=
 =?utf-8?B?NW1pSnE5cEk3MU5ydU5tcmhBaUxPeEFzVnlVdEkxREYyTUxjeFRDUitkSDRv?=
 =?utf-8?B?K3BEQ1lidThDWExzd0VWeUo1blRtVjBYbUVMR3B5WnlSYmxiNE8rM05pZUx2?=
 =?utf-8?B?RU5hNHFabGhuRXEzTmNQdzBhai96U2ErdHU4angxSmpGTWl3RmJTanFsY2xO?=
 =?utf-8?B?b2JxT1E1OHl1REFwcjZ4SGF4N2lRUjl5TnR2UVVqTU5aTThCS25CVzl6QjBP?=
 =?utf-8?B?eEZLRG95Y004Y0FoQlpEOEJZWGhFcXExWXpYa252YWJyaWdSYnlvV2wzTFY1?=
 =?utf-8?B?WVVockFLWXRjM1A4WUdackQwL0FlbkNHcEFJU0FZSDJPNmdVeHg3clQrc0l5?=
 =?utf-8?B?UGJsVVZ0TzFiTGtJWUU0dnZiUXB3YWpNTXJVNnVSTE9PRU1DalNJWlVjYTEy?=
 =?utf-8?B?dGlMbnQvTU8vK21XUnBGSTN2aFkwTzg4cS94Qm5IbE1LSG8rc0pUc2xuZHhM?=
 =?utf-8?B?Zk1TMmp6ZW5hU3RhL3FodEFZd3NDTGg4ME9IbFdZWThzdlNsWTAxSkRvOGll?=
 =?utf-8?B?ay9NTnFyTzdlV2MvY0NGVnlmM015elhOMk9mMEpzWi8wSzZodmlBeEQxZ2dW?=
 =?utf-8?B?eFFqTThEVVFJbXZuT0VwaU1XRmUzbmZPbmJ5eEhoZnBRcm85T1JxNzEzSVU4?=
 =?utf-8?B?R3JHTTIzcmNyUDN6QmZsRW5DZy9VWW1iSHdVa3pIOEJCZSt2WlZaWXZGMG1Y?=
 =?utf-8?B?eWpEQkxhVmZxWTlZWTc0SWx6bC9sYVNmTlNKdTRSalRnV2lsRllGZjFYT0ZO?=
 =?utf-8?B?R1FUcEZxRlhmYld4b3Q5allxU3I0dVlFb2FZdDlEcGd2alcySmg0V1hkZ0px?=
 =?utf-8?B?V2FaVEFRMkhlMmI2UGhqL3FkbldEc3MwQVpMZ2RDRndKUTNLd1hINGtRbjJx?=
 =?utf-8?B?NS9TT1NpV1RsRm9NVGhCRkRLVFZkbTExdjFmSlBqdG44akF6Wm53TDRvcVF4?=
 =?utf-8?B?VVE3aldJSWVYRmNlOWpkWFptMmRLNVE2M2gwVTVjcnA3d1hjN01rdXBlMkhN?=
 =?utf-8?B?TklXUnR4eDVxZ21oZ1hSYWdZNVYzV1VoYTdQYVE4RmREcmZodnZkakhUNHZ3?=
 =?utf-8?B?Z2dwbzVsWUVWbUJsY0FBT2srOTNBWEpzTHB0UGoyU1dYWmNkZGVkaS9DbGtB?=
 =?utf-8?B?dkxpL3hjUVVnbkhwL2phWm1PSkIwZ05qWGpVcmsxSy9sckZ4TnorTVFvWHls?=
 =?utf-8?B?K05uMmxlWktZTUtUQmw0NmtjMFVxYWlmeDZDUk54SWo0WFdQaW03MWJjV2p5?=
 =?utf-8?B?d09ZbG9PSUN3MVVGcm1RME1RYVljdy9qWU5QcnFVOGJyWWJxZ3FpSWVmNVlM?=
 =?utf-8?B?TzAybER5TG4yQTFZa2V2ZzZRY0FRZGVKbk9QSUY4OThaRUg2aGlNVVNyQld5?=
 =?utf-8?B?VnFGNG1xbUkvbVk5N2ZGbmVONHFTM213M0s4NzVEVXRVdVVoNjBkY2lPd2g0?=
 =?utf-8?B?TkdLNGlGbnhhQ2Qxako2KzkxV0NBS2taZWk4NUMvUzFUa1pmbDdTUGlZalhl?=
 =?utf-8?Q?UbiPCEvKjVkyXW/KY6vcL6U=3D?=
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: =?utf-8?B?ZGprb1ZxMzBUcW9NbS9ZbUcxQTVtL3pGSzdjQjFQdXJ4cmY5TG4wSEkxNFBW?=
 =?utf-8?B?S2dZczJIS0NtZU5Ud2dzemVjTHVBSTNIdmJnVFc4cEFXM0VFUURpa29EWXZY?=
 =?utf-8?B?cGUxSktNNE9md2RmcWNSemplM0pPSzZRN0F0NVJkTEpHTDA2SDFtSFZ4Z3BU?=
 =?utf-8?B?SGVJcHVzYnFzZVZZSmRjMGVxUkF2Z0RWbzBmSkVYMk5XUUdmSTVibEt2SmJa?=
 =?utf-8?B?MWxGMXQxTFc5Q2EvNHRjc3dLb2FjYjgvTnIxbmNycVVkSnd5L3VDaXZJRHVF?=
 =?utf-8?B?dXduV2JxTzB3VGZzTi8rVlRNM24zM3Q1MDFDQjNmVFpMK3pDTTg5Mlo5WlVk?=
 =?utf-8?B?L1RWSTNEeUNTRDg1b1FCZ3VLcVlZL3pBdU5pM2RCdURCcEJwazhsK1paTUNJ?=
 =?utf-8?B?TGszVndPZ0tGM05XWVp3Uzh6b1NkaFllM2d5VHdPOWhmMTZnQWtaTTk2YjF0?=
 =?utf-8?B?SmRBSzN2MGFyTWlvaCt3VlhlOURVZG5mRWEvb2Z3Zk9zTEU4SVFKZG1nN2t1?=
 =?utf-8?B?UlNCdWlFM2hzTWZrQXhkWUhBbDZBbzg0VzUwbklWMGJnQkxaWHhweXFtVVNy?=
 =?utf-8?B?bHV0bDF0dmFrYUU1MFExSFMwMVpjSWhiVzVINVQvNVFCUWlleHpSM08rQkph?=
 =?utf-8?B?WElGdk13aS81bUJVWmlscE5ZVDdyaDFjMnhFajhseWVpU0dRQjBWNVVocGxE?=
 =?utf-8?B?a3kvUlRJc0NQay8rWDcrSmtUS25ieHZmWkEwU1dMZjZSR3dRVExiUElsTE5l?=
 =?utf-8?B?Y0k5RklwbjVuRGpOOE95ZEJkYjJkckh0dXhRNEpnQ0lNMUJ4YzBEWFEzdVhy?=
 =?utf-8?B?dVNWTGgvb1d4bzNpemk5SlBwN2c4T2tIYUIzcU5BeVVnMExSUzBKNkdEVUhr?=
 =?utf-8?B?YlZNVTA2K0x4TVF3TWJpRzJJdGQxL0l3SEdabTVMcExWNzI1QTVXdnh1WDBw?=
 =?utf-8?B?ejlBN2tNMlhkRldOUXB5aWhpcGQ2VWhpanZsM3RENEFIR0F0Y3JrSFBFUnRu?=
 =?utf-8?B?YStqVW5UT0tRbUpkczl6UEdZYnRRYU1kQ0F5S3V3MmVuOHRZWHBXcjVlOXdp?=
 =?utf-8?B?dW1ZMy8rbm4wR0UwR05TQmZaLys3MDUrTklpUE01SXVOaE5NS1A0U01ZYkx5?=
 =?utf-8?B?NE80VGlmeDR0c1JTSE1BWmsxRCtPUmlZMTcwRXdFT1lJdkZMTmcyVDRNNnFR?=
 =?utf-8?B?N3hXU0ExNlpkVGNvdXJFcVA0anp0VGV1cXNScnlraEVyMEFOdzF3VlhuS25Z?=
 =?utf-8?B?TWEvM3k5UkNBVTBITVdJWkJ6NXNEam5ISU14V2VBS2FWNG04RzZVcFBnZENx?=
 =?utf-8?B?cEhuSG1mS0RpODFEK2lnR1R1UmNBTy92UHZSTTJSQWc4eXNQR09BNFdPUTJE?=
 =?utf-8?B?SVlIRTgvcjh3amJDMFJzVDlxWUZZZDdWdGNJUjJUY1RuRXdMaFNuaUNrakdL?=
 =?utf-8?B?Q3N4UTdITFNZamRPWk0yeU9hcVRBbWVrWjBJUFFIak8zMGZMTjdtWXdtdS9z?=
 =?utf-8?B?MXJKZkxXbDl0NjZ0Ump5SytYWDJ2SFZpTmNIRWFLWFp2TFpSWTFqaWdyYWpK?=
 =?utf-8?B?MGRaeVBLQkNscDJjemkyRVE5R3RHbCtlRXNZOFZ2T3BXUC9RV0ZOeHk4UjY2?=
 =?utf-8?B?T1FCRVM2dWxXNW1ndFRDV2NJc1VScWFsdkJOMy9tc3JyR1NUZjVXSmVuWkRX?=
 =?utf-8?B?VHZEc3RtaElRSkF6SUVJKzdSVlg0UE0yNS9udURlOGYvMTJmOHRPNFNqbVp3?=
 =?utf-8?Q?QnabJinHvUE42HsZAs=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bcf74abc-6207-4cac-c8f3-08db4d9ada22
X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB3793.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2023 18:59:28.5183
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: e1+lRPm9qGjLkF/roGwrBb5REdCK5JC2i7zx6y3oqob0FVU3jCx2/93E3NxlrnZdhcuYYFaoBrGy+d0vYHnYplZVoP3o0zxGXDl7ATXQhuo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR10MB6528
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
 definitions=2023-05-05_25,2023-05-05_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 spamscore=0
 mlxlogscore=999 bulkscore=0 suspectscore=0 mlxscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000
 definitions=main-2305050156
X-Proofpoint-GUID: HcDV2fjBMqNXuqLCEyHslCsOUo_qow11
X-Proofpoint-ORIG-GUID: HcDV2fjBMqNXuqLCEyHslCsOUo_qow11
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On 5/5/23 13:52, Simon Horman wrote:
> On Thu, May 04, 2023 at 02:50:17PM +0000, Ross Philipson wrote:
>> The routine slaunch_setup is called out of the x86 specific setup_arch
>> routine during early kernel boot. After determining what platform is
>> present, various operations specific to that platform occur. This
>> includes finalizing setting for the platform late launch and verifying
>> that memory protections are in place.
>>
>> For TXT, this code also reserves the original compressed kernel setup
>> area where the APs were left looping so that this memory cannot be used.
>>
>> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> 
> Hi Ross,
> 
> a few nits from my side.

Yup we will fix all of those.

Thanks
Ross

> 
>> +/*
>> + * The TXT heap is too big to map all at once with early_ioremap
>> + * so it is done a table at a time.
>> + */
>> +static void __init *txt_early_get_heap_table(void __iomem *txt, u32 type,
>> +					     u32 bytes)
>> +{
>> +	u64 base, size, offset = 0;
>> +	void *heap;
>> +	int i;
>> +
>> +	if (type > TXT_SINIT_TABLE_MAX)
>> +		slaunch_txt_reset(txt,
>> +			"Error invalid table type for early heap walk\n",
>> +			SL_ERROR_HEAP_WALK);
> 
> nit: the indentation should align to the opening '('.
> 
> 		slaunch_txt_reset(txt,
> 				  "Error invalid table type for early heap walk\n",
> 				  SL_ERROR_HEAP_WALK);
> 
> Likewise in a few other places in this patch.
> 
> ...
> 
>> +static void __init slaunch_txt_reserve_range(u64 base, u64 size)
>> +{
>> +	int type;
>> +
>> +	type = e820__get_entry_type(base, base + size - 1);
>> +	if (type == E820_TYPE_RAM) {
>> +		pr_info("memblock reserve base: %llx size: %llx\n", base, size);
>> +		memblock_reserve(base, size);
>> +	}
>> +}
>> +
>> +/*
>> + * For Intel, certain regions of memory must be marked as reserved by putting
>> + * them on the memblock reserved list if they are not already e820 reserved.
>> + * This includes:
>> + *  - The TXT HEAP
>> + *  - The ACM area
>> + *  - The TXT private register bank
>> + *  - The MDR list sent to the MLE by the ACM (see TXT specification)
>> + *  (Normally the above are properly reserved by firmware but if it was not
>> + *  done, reserve them now)
>> + *  - The AP wake block
>> + *  - TPM log external to the TXT heap
>> + *
>> + * Also if the low PMR doesn't cover all memory < 4G, any RAM regions above
>> + * the low PMR must be reservered too.
> 
> nit: s/reservered/reserved/
> 
>> + */
>> +static void __init slaunch_txt_reserve(void __iomem *txt)
>> +{
>> +	struct txt_sinit_memory_descriptor_record *mdr;
>> +	struct txt_sinit_mle_data *sinit_mle_data;
>> +	u64 base, size, heap_base, heap_size;
>> +	u32 mdrnum, mdroffset, mdrslen;
>> +	u32 field_offset, i;
>> +	void *mdrs;
>> +
>> +	base = TXT_PRIV_CONFIG_REGS_BASE;
>> +	size = TXT_PUB_CONFIG_REGS_BASE - TXT_PRIV_CONFIG_REGS_BASE;
>> +	slaunch_txt_reserve_range(base, size);
>> +
>> +	memcpy_fromio(&heap_base, txt + TXT_CR_HEAP_BASE, sizeof(heap_base));
>> +	memcpy_fromio(&heap_size, txt + TXT_CR_HEAP_SIZE, sizeof(heap_size));
>> +	slaunch_txt_reserve_range(heap_base, heap_size);
>> +
>> +	memcpy_fromio(&base, txt + TXT_CR_SINIT_BASE, sizeof(base));
>> +	memcpy_fromio(&size, txt + TXT_CR_SINIT_SIZE, sizeof(size));
>> +	slaunch_txt_reserve_range(base, size);
>> +
>> +	field_offset = offsetof(struct txt_sinit_mle_data,
>> +				sinit_vtd_dmar_table_size);
>> +	sinit_mle_data = txt_early_get_heap_table(txt, TXT_SINIT_MLE_DATA_TABLE,
>> +						  field_offset);
>> +
>> +	mdrnum = sinit_mle_data->num_of_sinit_mdrs;
>> +	mdroffset = sinit_mle_data->sinit_mdrs_table_offset;
>> +
>> +	txt_early_put_heap_table(sinit_mle_data, field_offset);
>> +
>> +	if (!mdrnum)
>> +		goto nomdr;
>> +
>> +	mdrslen = mdrnum * sizeof(struct txt_sinit_memory_descriptor_record);
>> +
>> +	mdrs = txt_early_get_heap_table(txt, TXT_SINIT_MLE_DATA_TABLE,
>> +					mdroffset + mdrslen - 8);
>> +
>> +	mdr = mdrs + mdroffset - 8;
>> +
>> +	for (i = 0; i < mdrnum; i++, mdr++) {
>> +		/* Spec says some entries can have length 0, ignore them */
>> +		if (mdr->type > 0 && mdr->length > 0)
>> +			slaunch_txt_reserve_range(mdr->address, mdr->length);
>> +	}
>> +
>> +	txt_early_put_heap_table(mdrs, mdroffset + mdrslen - 8);
>> +
>> +nomdr:
>> +	slaunch_txt_reserve_range(ap_wake_info.ap_wake_block,
>> +				  ap_wake_info.ap_wake_block_size);
>> +
>> +	/*
>> +	 * Earlier checks ensured that the event log was properly situated
>> +	 * either inside the TXT heap or outside. This is a check to see if the
>> +	 * event log needs to be reserved. If it is in the TXT heap, it is
>> +	 * already reserved.
>> +	 */
>> +	if (evtlog_addr < heap_base || evtlog_addr > (heap_base + heap_size))
>> +		slaunch_txt_reserve_range(evtlog_addr, evtlog_size);
>> +
>> +	for (i = 0; i < e820_table->nr_entries; i++) {
>> +		base = e820_table->entries[i].addr;
>> +		size = e820_table->entries[i].size;
>> +		if ((base >= vtd_pmr_lo_size) && (base < 0x100000000ULL))
> 
> nit: unnecessary parentheses
> 
>> +			slaunch_txt_reserve_range(base, size);
>> +		else if ((base < vtd_pmr_lo_size) &&
>> +			 (base + size > vtd_pmr_lo_size))
>> +			slaunch_txt_reserve_range(vtd_pmr_lo_size,
>> +						  base + size - vtd_pmr_lo_size);
>> +	}
>> +}
>> +
>> +/*
>> + * TXT stashes a safe copy of the DMAR ACPI table to prevent tampering.
>> + * It is stored in the TXT heap. Fetch it from there and make it available
>> + * to the IOMMU driver.
>> + */
>> +static void __init slaunch_copy_dmar_table(void __iomem *txt)
>> +{
>> +	struct txt_sinit_mle_data *sinit_mle_data;
>> +	u32 field_offset, dmar_size, dmar_offset;
>> +	void *dmar;
>> +
>> +	memset(&txt_dmar, 0, PAGE_SIZE);
>> +
>> +	field_offset = offsetof(struct txt_sinit_mle_data,
>> +				processor_scrtm_status);
>> +	sinit_mle_data = txt_early_get_heap_table(txt, TXT_SINIT_MLE_DATA_TABLE,
>> +						  field_offset);
>> +
>> +	dmar_size = sinit_mle_data->sinit_vtd_dmar_table_size;
>> +	dmar_offset = sinit_mle_data->sinit_vtd_dmar_table_offset;
>> +
>> +	txt_early_put_heap_table(sinit_mle_data, field_offset);
>> +
>> +	if (!dmar_size || !dmar_offset)
>> +		slaunch_txt_reset(txt,
>> +				  "Error invalid DMAR table values\n",
>> +				  SL_ERROR_HEAP_INVALID_DMAR);
>> +
>> +	if (unlikely(dmar_size > PAGE_SIZE))
>> +		slaunch_txt_reset(txt,
>> +				  "Error DMAR too big to store\n",
>> +				  SL_ERROR_HEAP_DMAR_SIZE);
>> +
>> +
> 
> nit: one blank line is enough
> 
>> +	dmar = txt_early_get_heap_table(txt, TXT_SINIT_MLE_DATA_TABLE,
>> +					dmar_offset + dmar_size - 8);
>> +	if (!dmar)
>> +		slaunch_txt_reset(txt,
>> +				  "Error early_ioremap of DMAR\n",
>> +				  SL_ERROR_HEAP_DMAR_MAP);
>> +
>> +	memcpy(&txt_dmar[0], dmar + dmar_offset - 8, dmar_size);
>> +
>> +	txt_early_put_heap_table(dmar, dmar_offset + dmar_size - 8);
>> +}
> 
> ...
> 
>> +/*
>> + * Intel TXT specific late stub setup and validation.
>> + */
>> +void __init slaunch_setup_txt(void)
>> +{
>> +	u64 one = TXT_REGVALUE_ONE, val;
>> +	void __iomem *txt;
>> +
>> +	if (!boot_cpu_has(X86_FEATURE_SMX))
>> +		return;
>> +
>> +	/*
>> +	 * If booted through secure launch entry point, the loadflags
>> +	 * option will be set.
>> +	 */
>> +	if (!(boot_params.hdr.loadflags & SLAUNCH_FLAG))
>> +		return;
>> +
>> +	/*
>> +	 * See if SENTER was done by reading the status register in the
>> +	 * public space. If the public register space cannot be read, TXT may
>> +	 * be disabled.
>> +	 */
>> +	txt = early_ioremap(TXT_PUB_CONFIG_REGS_BASE,
>> +			    TXT_NR_CONFIG_PAGES * PAGE_SIZE);
>> +	if (!txt)
>> +		return;
>> +
>> +	memcpy_fromio(&val, txt + TXT_CR_STS, sizeof(val));
>> +	early_iounmap(txt, TXT_NR_CONFIG_PAGES * PAGE_SIZE);
>> +
>> +	/* SENTER should have been done */
>> +	if (!(val & TXT_SENTER_DONE_STS))
>> +		panic("Error TXT.STS SENTER_DONE not set\n");
>> +
>> +	/* SEXIT should have been cleared */
>> +	if (val & TXT_SEXIT_DONE_STS)
>> +		panic("Error TXT.STS SEXIT_DONE set\n");
>> +
>> +	/* Now we want to use the private register space */
>> +	txt = early_ioremap(TXT_PRIV_CONFIG_REGS_BASE,
>> +			    TXT_NR_CONFIG_PAGES * PAGE_SIZE);
>> +	if (!txt) {
>> +		/* This is really bad, no where to go from here */
>> +		panic("Error early_ioremap of TXT priv registers\n");
>> +	}
>> +
>> +	/*
>> +	 * Try to read the Intel VID from the TXT private registers to see if
>> +	 * TXT measured launch happened properly and the private space is
>> +	 * available.
>> +	 */
>> +	memcpy_fromio(&val, txt + TXT_CR_DIDVID, sizeof(val));
>> +	if ((val & 0xffff) != 0x8086) {
>> +		/*
>> +		 * Can't do a proper TXT reset since it appears something is
>> +		 * wrong even though SENTER happened and it should be in SMX
>> +		 * mode.
>> +		 */
>> +		panic("Invalid TXT vendor ID, not in SMX mode\n");
>> +	}
>> +
>> +	/* Set flags so subsequent code knows the status of the launch */
>> +	sl_flags |= (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT);
> 
> nit: spaces around '|'
> 
> ...
>