From: Ard Biesheuvel Date: Thu, 8 Jan 2026 09:25:29 +0000 (+0000) Subject: x86/sev: Don't emit BSS_DECRYPTED section unless it is in use X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c89d3ad3095808ac130c535ad7ed3d1344d5986;p=thirdparty%2Fkernel%2Flinux.git x86/sev: Don't emit BSS_DECRYPTED section unless it is in use The BSS_DECRYPTED section that gets emitted into .bss will be empty if CONFIG_AMD_MEM_ENCRYPT is not defined. However, due to the fact that it is injected into .bss rather than emitted as a separate section, the 2 MiB alignment that it specifies is still taken into account unconditionally, pushing .bss out to the next 2 MiB boundary, leaving a gap that is never freed. So only emit a non-empty BSS_DECRYPTED section if it is going to be used. In that case, it would still be nice to free the padding, but that is left for later. Signed-off-by: Ard Biesheuvel Signed-off-by: Borislav Petkov (AMD) Link: https://patch.msgid.link/20260108092526.28586-23-ardb@kernel.org --- diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index d7af4a64c211b..3a24a3fc55f5b 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -67,7 +67,18 @@ const_cpu_current_top_of_stack = cpu_current_top_of_stack; #define ALIGN_ENTRY_TEXT_BEGIN . = ALIGN(PMD_SIZE); #define ALIGN_ENTRY_TEXT_END . = ALIGN(PMD_SIZE); +#else + +#define X86_ALIGN_RODATA_BEGIN +#define X86_ALIGN_RODATA_END \ + . = ALIGN(PAGE_SIZE); \ + __end_rodata_aligned = .; +#define ALIGN_ENTRY_TEXT_BEGIN +#define ALIGN_ENTRY_TEXT_END +#endif + +#ifdef CONFIG_AMD_MEM_ENCRYPT /* * This section contains data which will be mapped as decrypted. Memory * encryption operates on a page basis. Make this section PMD-aligned @@ -88,17 +99,9 @@ const_cpu_current_top_of_stack = cpu_current_top_of_stack; __pi___end_bss_decrypted = .; \ #else - -#define X86_ALIGN_RODATA_BEGIN -#define X86_ALIGN_RODATA_END \ - . = ALIGN(PAGE_SIZE); \ - __end_rodata_aligned = .; - -#define ALIGN_ENTRY_TEXT_BEGIN -#define ALIGN_ENTRY_TEXT_END #define BSS_DECRYPTED - #endif + #if defined(CONFIG_X86_64) && defined(CONFIG_KEXEC_CORE) #define KEXEC_RELOCATE_KERNEL \ . = ALIGN(0x100); \