From patchwork Mon Aug 22 23:25:51 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9294791 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 10D6B607FF for ; Tue, 23 Aug 2016 00:00:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 02C3028A5B for ; Tue, 23 Aug 2016 00:00:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EB1DF28A9B; Tue, 23 Aug 2016 00:00:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 51CF928A5B for ; Tue, 23 Aug 2016 00:00:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757212AbcHVX74 (ORCPT ); Mon, 22 Aug 2016 19:59:56 -0400 Received: from mail-by2nam01on0044.outbound.protection.outlook.com ([104.47.34.44]:60832 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755358AbcHVX7w (ORCPT ); Mon, 22 Aug 2016 19:59:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=9xDiwDNXEr9XZpUrDBKdeNkIbYw/AB4pk2JXOVrctsw=; b=jbcbxkZZ/Ik8knH6ZOhp3foy6cSawX8tUgo5CckpF0/ftn8O+lq408qpLtpRxrTS+zciPnjr44MxF6bgr+zSBfldESV0fJ9mNVCoRpzsyBLRQeNCf7IdrIq/bmQ0SCyz9iqO4zRsvSVK7S+SzrpPpLsHM2L1H/ZCV41fgneBuXI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BLUPR12MB0657.namprd12.prod.outlook.com (10.163.217.27) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.587.9; Mon, 22 Aug 2016 23:25:53 +0000 Subject: [RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:25:51 -0400 Message-ID: <147190835102.9523.9786544054464015663.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR09CA0042.namprd09.prod.outlook.com (10.172.184.156) To BLUPR12MB0657.namprd12.prod.outlook.com (10.163.217.27) X-MS-Office365-Filtering-Correlation-Id: a2ec9c59-6235-4575-dccc-08d3cae3ab07 X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 2:TJNYlp5pxATK5wTIjfabGl0XejNrrruK11DBfkuTtQd+3QzHt/WJyOu1A9lm7gnxUtnfkLNhNKvWuWwbjEvhIHpqEaIHQApslkJU8caawX1R8u+/SnY6ak4+EQ11q14gPhWgR+tUVNr+ZaPtrGI9I4c3V2Am4XysWtgZDTfwGdIUHx/ZAKoCcNIK+27L/agN; 3:xlOgZv7PS0bW2LtE6y/670o3r/yVSBmCU8bg7Xczr/NVF/L6gmKGy9wbXxFsGw3py9qyI5lAcUkcGZt2PmyBpoLl8UIY4pOxb/xfVavpdVkUV+BIwTiiX0qcikQR0u7w X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR12MB0657; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 25:Fe9uGnuVbajpvGOV8j46uT8ZPMy27MSyjGZ3msmECZIrEi0izOPY+KNP5y9IRar6+mGUP1txKvUqqwUPnGTtmQALSz8YYTl5vSyI1ctNf5tPlFMi0UpSmTUQURAVVGjNX0OUKJwVjKYpxBGOlhJAqejik0GiPSus/x28voKrXbfsc90tnUxxEUD36eCbLIsjbCm91pNGAf1XdwNVkeK9YrxrnXIfZJMjhvNwy42Fo31Ehs437sFeAV+GD9oob19qUipQkZie6Fph1bKhSEjKFfqC0JmYay8YPpeJIKpQyhhGn7v/1ikHGKjN8BGYR4kLJq6TdfjFyZwn0FUV7HWdPPh50JsEuO+4D3nrlMyM1d9xX6iNqvpbYFRbaA+tefu9J+qiYJBhWO/85IMu7CRnwjSKY2HENOnG0/mMyZ1DFdLBuQDCTObKBN7XZ6XltCxlw8G0EcaVtD3kSZPZCxJeWaWHFEe27gYK7ZLV0SICwhRAoBe7uVqvdptyNPAYSkUqOQUavNpua9es2PHOUVjiZyOsVDEFRonUpxH4gX32EfmFUslkCNFPrtQ+XXpz6A30wQbgXvUMrmk+CpAh0PC5e9MB2kl9ysj42ZqR+kqW7eqFtRLoZGXnGXv8ewVWAJzGyhclqS3r75EX+1fXjP6RLCJBi13hdRHXSvWo7BQkt1P+0XTQ/X1OtGvCSbgS6KfEs9GZnEjcNdCBNZ0myUFUi45cHb1gzuXqxLJxTWRfUdMi58O3rFphPX5HdJKkXwYX X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 31:GUQT12DuYV95oVbD48oWoq0Ec8/L+ok+/39p8LGKRMrE6fDVPeR9vt8KDNwl0aFlowsk6lrqvDtYWCMACIFRpDLWSoJVp5Dg0K/h/7ufYLoax1qNMDjbXLQTMYMtsR1qs51wwQhput2vYPEL9Cly9VBfg56zPDmxafGsIkUbpE5pYM5XuClicKw0+5WP45O6xpHjdsi7NKKMz1Nq9euqU2oUHDKE3onbb7/uRnWlptc=; 20:IAsQxDtJkqrAPLuMRtHJ2AGeL31mJz38LmJGHfErSefy3xJN8HWSgpuKnB3xFbc6yOun3A0fPm8RNhfZKkJo3tp3RYIXGEFILU6Ipo9Cm+fo40q++ICqBoiF73t/LL1XdRYfuYjEOH5NBF5sCB9qyzRyFDTnQ0k83LEoU7dFXRPEyXYMZ6oG8tkIuGkaOXmfgTIksgac9XVLwXNdGWYSCGBYkP0zWbuswA5SoECwfkqAqsPYNlAjNHzd2Cg/iMgqsXi6d9Um7PExqSnQXWj4u6t8LMrd+RnMoH+s8jtC3OtYrhTRuIfP5GWreqyhgVU8ZwjsS3zOHL3mzKKZAI+KkNo8q+aAjmgg0ucn4NwCaJE7H7hj79aFF0zCO/KQNT05XSP/3+e+OnBS/hmZenvPb0zdvAH8BrL9Z9gpfBe226Igf7T/Ke0yM/Sz4uSiyph/xGUe3dZ76E8J+yYcm29SleXGGmKwIQniEsiXrGQxyafhnbeEtTHA302k32xk3VWq X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:BLUPR12MB0657; BCL:0; PCL:0; RULEID:; SRVR:BLUPR12MB0657; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 4:O/C5g01mdHcZm4YmxlP3ckaOdLk6tpCXYrFDepu0pAB9+AFLKWF1PoYulR17F84JxlRvNoZDhQPfuQ4YgUm1+TmXLYxVmCWuWPkxgdNUoGIX4AMvjenkJmPMhM9UQRjdf0Aegv2ZG3hFqzTF7wec7n9lQddVVj2G9lrNTFzoTz/hr48O0iKmUvnNWQplwh3/G7eC4JP23w10RPyhSx5kLKRw+L6zEGoTdZkuCCTQ+PYTdb0QJfrQqsJ3Khv92KECAeqejThTOiEATvOo3CHEVbd5ZnnMReGHEvOg+VTjjKv01e6VtelLJ85ftQCY1EMhmTcPXOb//LCAW2oH8wu5PiNwQvvi2kxFC5+vvnxnvZRBpnAQ4QWI0+p91axIyvTEWY9c4IfJHR3iExH/Lx/sy+OyM1pv1eId1ka5rAheRYFGNGu7ZZQwYnwL9tvN44gA X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(189002)(199003)(47776003)(86362001)(6116002)(92566002)(101416001)(586003)(3846002)(2950100001)(230700001)(77096005)(50466002)(106356001)(9686002)(81156014)(81166006)(66066001)(2906002)(189998001)(54356999)(42186005)(105586002)(76176999)(229853001)(83506001)(33646002)(50986999)(33716001)(68736007)(103116003)(7406005)(8676002)(7736002)(23676002)(107886002)(97736004)(305945005)(4001350100001)(5001770100001)(7416002)(7846002)(19580405001)(2201001)(19580395003)(5660300001)(921003)(217873001)(2101003)(83996005)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR12MB0657; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjU3OzIzOmhMaFpBSWhUTmdQRmd1eU5KU1NWV1M5Uzdj?= =?utf-8?B?b3E4bmVBYVVUN0V3cGl5MEpzWVlUZVVzMEhBNHQ0QXh0SWhKWmx4eXRKUC8w?= =?utf-8?B?eHpLckl5YWVmaWNnTVFnUnV0RGppNFFDelZmRytkT0ZPd3gyaTlmT3dwNUNz?= =?utf-8?B?ZVM4SXNJanYyMmJzV1Q2eWI3bGcrQWo3RDhMdkYwaG9hbjR0eWtiNyt2Ymlr?= =?utf-8?B?WmdXMXl1eDNwcWpkeFprNEJTaVgya1dXUmFpcGU4MThEcTVOK1FNRTE1bHFr?= =?utf-8?B?NUhodS9QZ09Yd0JnVFEzYXVxaHBqZTI2TllqNHBwMXBadE1OT21HRlRqWkZo?= =?utf-8?B?eXI0WEdyQk5mZmd4S0hTZ21LK2pDVHovSURxZk1COWFmVjN3S0hGMkpQaGEw?= =?utf-8?B?SjJjaDR2VmozejVrQ1BjR3R4TXBub2paRkdMU1JtancxbUNrNVlMMy93eWlx?= =?utf-8?B?WW9nbnpUcDF3ODRsQVFzR08zblZzQW1qdEJROFpDd1BRVTJHcFhUcVVUOWU5?= =?utf-8?B?ZEhmVm56QkxNYUpaOE1TK0VPWnQxM2c0SVBhdHNkdXByTitnOFB2NXRjUG8w?= =?utf-8?B?ZW5kN0V1TW9Xdi8vbnpYbHk4N0tEWjI2Q1J2YW1kdnB1RFVMZWhsMzNBcUlO?= =?utf-8?B?czlVZlBQVVNWc1BndFJtZjE0MjUwN29RTUp4MWs2MTcwY1NFQytSMDNBMHpk?= =?utf-8?B?cmlsS3pDWWxmM0Z0a1N4R0oweHZlRnBBb2RFWGlrcWF2aUVrNHdhUjlVRFFX?= =?utf-8?B?OStvdVBYKzJaZnBUNlBmYUl1R2lzOFBhb0Jyb0t2UE1TZ2hnL21Gdm55czdQ?= =?utf-8?B?eTBGbTdXT3h3S3hzVGhBR1Zxem5JNGRTM2VQdGdlL3MvRHF4VTdKV2VnTDBL?= =?utf-8?B?a3dZS2JkOFBKRllOaW9OTUd3RDU5d0Juc1BOVDdYY0hFeTVjTzBHUkkzRW9o?= =?utf-8?B?c05ZeXJXbUh4MXRNVTUwcXc0MS92ejZWcHgzdlV3NDFiazd6S3Rad1VEQjE1?= =?utf-8?B?OTJsVWNhUDFmcFlBY1dFaGVEZjRnbTNKVjJ1TnBCb28vZjh6TG14ZGFvMVdu?= =?utf-8?B?aUNpMUk2b2Y4NXVEeGpzeEQ4WHFEdTl4bit2dGhmNmdaNVZvS3duVGFYZFdj?= =?utf-8?B?ZU9Wak5MUVI5MnFlcXhiejcxNlhTNzIvdXVtWEFyOTFyZS9ZSDc1ZXFRSlg4?= =?utf-8?B?NHdMc1FsYTNpQ1lZQjQ1RlA1a3lVOVpreDFDcU5lM1IxaUFZZmZldkZiM3B6?= =?utf-8?B?RHljQm5yYk9LR3lSd09BcjFxOEswOUZpRXk3Y1FvMTFEL0ZFY3NkM25sVFQv?= =?utf-8?B?c2J2SkhEa0pyQlBWWlY3dTBEVUFEd0ZMb2pYSEg4Y3FLY0JIYjl6anR2a2Vl?= =?utf-8?B?T3Eram5GcUtmb2RnbFZGTldNWitXQnZJdzBrSmtJQStwbXdPWGJ6cTZ4dFNa?= =?utf-8?B?QWR6UlRhRUZGdURCK3JCUE1hcWFLWkJGbU9xM0d4N0R2emdHRTlFMmFBVlZW?= =?utf-8?B?YmFKcGQ5Y1o0SlNJQmtHeWpVLzhtWUgzQ0pramU4OXhVQXpFRDArS2Njayt6?= =?utf-8?B?L1dqRjJPcndaZlFGdy9LdVRYTUtoc1dHTXJtd3lEUW1PalBGTUdKNEdJclds?= =?utf-8?B?UnBOQVhCYzJ0MSt5OE9XWC84dWJKT0VEckc0ZEw5RE1YYmluVHBLOVZzcm5T?= =?utf-8?B?K2k0L2V5QktKNnVIeHdGckUrcHJYbXlISWNvRFF0cmpzYnI0RzJ6TVVpeFE2?= =?utf-8?B?eXJ1Zk1YLzlLRjc5b09lNlNPYlJWcnZsSHR6eGFCVHoyV2dBa2NzbHRXZVM3?= =?utf-8?Q?ulw1vB5SH1OKX?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 6:M3gmdvL1KQ5AOBtw8EmH9FZQ8XkQQg7MblClWwoFMrCm2gmn17WOMFNFhwYgVtJTHAYZu+aL7mCEJvVLXEcQLcSChBKlsONAoXu6GeGkyYq57zi5tN4v54idSXDiyxvS5I/QxbCBnVWfq8EwfEULFcFpE6PsGp3hUePEl4tFou7FdnY2CyOCp1Io8BxPnRIZhDXFg9Meyxy2nh6GUxOBjnZl34ThguZRLPeNnGqkVHapNA9POcVdeHhNVvPzVZlL9kXxgQ3jmxvT5rhxVKNV0qYbtGw2ch2/A1BC2PKNhIMZQeYSh/n/4+fLSEjrPS7RBY+hALp2G/UbQ53Zs/S8RA==; 5:Q04fv/Actbif3uzuypFVkOuzDjfivcdMt2SzI/GG2GT9S+5x/KeVT8W4qW7AAEWiZ1V7lrxBvj57aA7c1QEi5x9q6xHMUKCZ5OnuTD0vHl5pnICvcd7jsKEbbtvW19IT7n9QeN3rERoSTsxD7r4pPQ==; 24:W6xm/5gv6DISAi2tu4SVJsZlbuZB39O2MzLPUH9K+61+HlBiVUFco3a1jeXvLuZQPxTrm22U+vGq+6LF42aar/nB8IB0dkZ6NBO5mhK36KQ=; 7:4iW/ZDJCSCKDueGaAlhEu5uSn9fFCBb3SBo28plLcfuOCEADK7Z9eI/qmZWfvY6CC073/giPUg6ABNE3Uf6J9D9Uz8RVhhF93UeKzjalb74Ss23+PF0sz5Ntl6gAhchvViGhYKSs2E6hXAZeVrGSZ9Pa9cKdbZM3szZT2jqpz6yjn9a+gSdusBQ6TQOtP6vzNR3fKqf8pJxIZ8JlWlCQIgO8gmvPYIbpvKGJFRew2hCBPHbJuHdMNHnN0iNY6ZX9 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0657; 20:sxWmlHlZOyflXQK49aW/4CQfVJWBbZYbqnCdvpvtKpRn599pX8CGSd77g04iJpJEnL6ofIU0EE6G5lLeh+K6KdQ0nqO1g3pLsNlGEWGWax+jo7lpv3s6sD8w67PAwIdYcLmfDR6dC0mq/ZV2KpTFcAtorhIwzh7nHB+tTfpG+uB8FvpGl9EBqHVLvBacKdILHEJiKrqdbtWnx/L6pUTIpQZtYMgiw/emYjLSP/mk2FmcvyeGgrJXXxBKJWQJBL6U X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:25:53.6414 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0657 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky When Secure Encrypted Virtualization is active instruction fetches are always interpreted as being from encrypted memory so the trampoline area must remain encrypted when SEV is active. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index c3edb49..f3207e5 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -138,10 +138,13 @@ static void __init set_real_mode_permissions(void) /* * If memory encryption is active, the trampoline area will need to * be in non-encrypted memory in order to bring up other processors - * successfully. + * successfully. This only applies to SME, SEV requires the trampoline + * to be encrypted. */ - sme_early_mem_dec(__pa(base), size); - sme_set_mem_dec(base, size); + if (!sev_active) { + sme_early_mem_dec(__pa(base), size); + sme_set_mem_dec(base, size); + } set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT);