From patchwork Mon Aug 22 22:37:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9294517 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C250D607F0 for ; Mon, 22 Aug 2016 22:53:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD72428AD2 for ; Mon, 22 Aug 2016 22:53:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9DF4328AA3; Mon, 22 Aug 2016 22:53:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFFE728AA3 for ; Mon, 22 Aug 2016 22:52:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754576AbcHVWwj (ORCPT ); Mon, 22 Aug 2016 18:52:39 -0400 Received: from mail-by2nam03on0045.outbound.protection.outlook.com ([104.47.42.45]:6144 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752247AbcHVWwg (ORCPT ); Mon, 22 Aug 2016 18:52:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Vy8FQbXkib0ybXDDFDqndKh3ov0+k3WPSSXpI+/ZA9M=; b=BCXGALcbpI+yuC+V3KlS4fI4uO4d+tnHQ4eLmAz30NJHgk7Y5mhB9fBpM7IULlfBrgs70+jYWCKHnzoMP8Vymy+eZa48/8T91yIJWA8EZ8KysIzexKaJeEJQMeCKLFU/vmZfzHVS1P973k+Nv8uvyIBGg+h7RP7esnUWBefTDxo= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by CY4PR12MB1143.namprd12.prod.outlook.com (10.168.164.135) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.549.15; Mon, 22 Aug 2016 22:37:14 +0000 From: Tom Lendacky Subject: [RFC PATCH v2 09/20] x86: Add support for early encryption/decryption of memory To: , , , , , , , , CC: Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , "Konrad Rzeszutek Wilk" , Andrey Ryabinin , Ingo Molnar , Borislav Petkov , "Andy Lutomirski" , "H. Peter Anvin" , Paolo Bonzini , Alexander Potapenko , "Thomas Gleixner" , Dmitry Vyukov Date: Mon, 22 Aug 2016 17:37:10 -0500 Message-ID: <20160822223710.29880.23936.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BLUPR0301CA0010.namprd03.prod.outlook.com (10.162.113.148) To CY4PR12MB1143.namprd12.prod.outlook.com (10.168.164.135) X-MS-Office365-Filtering-Correlation-Id: 4eff4e7d-3d41-4ba0-2cbd-08d3cadcde98 X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1143; 2:9e5CXEhWqazjteEVzbP4y9B1uSXFx6WJKkdCWWMTNgNc3v/Nhc1EODgoGAoDPlXlM92PxF2HVm5zhDw/m7jUJUtqz1zsURgHmaZsFlAHbxfKqjA345c5o5Q+pzbXzuabnMNSEIJDriyUzf49Rg/fHQtEwq21GZGnpHAL+z1eGBZtpJuGWFzQjF4mRc1s1Hxh; 3:FwQSyO72JFkYb3HwDTs9UQKNrJv8NMrk0GpjjekOOFkZlOfkppnNCio0ZqyTV4mEMZ2wvI8jLbIg6VC/Lpij8mwxqnm0LGi7gx8mv2VBLx+Xkw45hbPr2fUnyJHk7Gqk X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1143; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1143; 25:WJCtx8F2CJUblXVqK4vWIjA8KrK/RSwLdzlrYzW6JFLP3xsbQTI2Nrsk5oeJRGXswCFNl//DV6eY3RS5W5p6EhB49L+bx1YQSrPQ+uiH2mbSZE2cznEdxCuDlYgpUf2yWWA43vFyvbofiWO6GbOpIFJfYjSbi2CauD5VS0uyXxuoGqgU9IvuwO9BjSegCj1dO4Zggl8jSycDpG7ICamnTRgkAnpHEeJcvAUZeRTXfOd0Acpd+Z/1XAOtl7L88aPN4BW7GY6JiSRPGrJzuqnmcjLcVidJQtqj/sf59mxJEIn6L3kAgLJ22nZGP/jhGoeviGLNpUzvUpN0ah7WuKyrS4fIaqP11xcaFl1jT1E1WvBk42u/f7k7qp8PbzxE5kEPtfQgCef+xlCkeHcKDIUKjx1MQR9akOAU6Gfh8mTzDT/nIAWQuIiXc83BQxLVve0Y6N2isP6UqGDeZ/ni71mvSpdG2blLLuGe+O/LU/UzITTHtqvj3OQo/peIWs2SWxHp+MoHTny6Sxtf02M+UKCsoG9m4Wsf8iPJfpw2Y0iSVlpPi+nnx8+B9+zYQqE/AnEHySJfHE/RHpSHHYwQ2GTPx25VDdmvnn3imkA196QF9qfthDCj9oJ1DXICoPPodZVCuNDDLKvrW/8ovuHEl3dFphoaDklPjgDjyVFBJ66E+uwlHfBm+Dfpgp6+O6D8S9iE; 31:K0RzYRQktSZepMZcfgFNkv73v6Y4beK+D7skZ4GgOLSy685hjd9vdZac3EYs4lQZcF6mTrC1CkdpNrkd0i1DhGkfRUrh0f1gnSj/HeFqTSwk35ZtrnV8HUG7LhvosmU+pN256m5Go0/V9jq3z3hqM3fAyS4kFpB1zMn3H9Rdw/pqDNmjhZ7VTzio0/PzPqHhLsYz9EVDqQk9vmmJWlpzXzlhgAx0wDGlwfWtA ywDvF4= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1143; 20:9FMc3c3hM9xCmyiQ60vc0kZvaCPx/i+8+HdCb/EEg/sbo/0gfVUcDSvHc/m1jImVScZ66YxXGxJmJ0iWy0IpQUOdsaEv089ZKe5O48J2f7frryXxrb155JKBkK99MvV0uK14a2o+HhqQn4qtDRuP+NzVETEs3GjfKG4FJvx+S6B8szxpR+iw23NTDbFCo4ykgHzvPC7pS4D6yx/SSERTw5zN6hH8+LMU78BmI15v9ERuMC6TDrROgUgiGfw9C55+mqJElOvfX502Rys6LirzRPQRMlVtWdxoyY2/xR3tBb6iEVsGWdlqTy3it8zFLOmW2hB6MCL1Q9/Xs1vTOyg96THISntH+vz5iXLYvwnU0z823WQ2eT+z4rRJHrpK1hu09Oc6JpNkO2FB5UdrO9eMQcrSAceU71xfj+JmaZf8bwQDnSjJyQfV2qrVkw4PF9SIbtJI1IBPJvWG34NXwUB7LzE4j2kuFnA+KJlAV0z5WUX1lPWHpeRcCQez8GlmA6DX; 4:jARPcA1aHWbKJ/G+/urDo4eyQFg2wHPRTTx3FNBgAb01z5H6GHQwE/6svmaf8xdAwRO/m5/aQhJKkmghMRUwFWdalcIKspXbeGjMosHwuEU4iWrmP/p98pZ/VGydHw+yp2zQ6D+FglKBvaoWniPRb4B/JBcSmJtnygEOPKIQaYVPu2+sAXbfykjQJuml2WERiG0So0nUcGVX2BXE+bEEL1gzJ8CDJFDwcmxJWUC5AeX8uU79pn/EJw5NlFwbuTMncBEh6+Mpm1ahrtMHUAcB/mhALztQ0QanEfZ/GvL95vqzcsXIq4i8I0GTz0BQmywlOeiDggm/de2kpQAJuRpivu5c/2Fs9VKE7Ge3JGpLdq8sm9j2MH/qG6xBkhDnH95WS89eO6fLhCYdDP2WX3u0WKNyc2EWG8enpXxFjG l+z4NxCFyJ9sl88LItZj0MdpJN X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:CY4PR12MB1143; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1143; X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(199003)(189002)(97736004)(230700001)(103116003)(229853001)(33646002)(189998001)(53416004)(105586002)(92566002)(66066001)(106356001)(47776003)(5660300001)(42186005)(4001350100001)(19580395003)(101416001)(6116002)(5001770100001)(1076002)(19580405001)(3846002)(69596002)(7736002)(305945005)(83506001)(7416002)(86362001)(2906002)(77096005)(54356999)(76176999)(23676002)(2950100001)(4326007)(50986999)(81156014)(2201001)(97746001)(9686002)(81166006)(50466002)(8676002)(68736007)(7846002)(586003)(71626007)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1143; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQzOzIzOkVoT1ZXZll0MXpoajFia3JqRjIra0MyblFw?= =?utf-8?B?UFVyaktWa2JKdE5XTFFmMFhoMVN1cjRROTUrOVNSbjRWdnBSY3J2dEZaTFNo?= =?utf-8?B?bHpjWkU1Sm8yZ25UTk5ORmFXM05lTDRoeW1lWWRwMGJBWktHOURFUFpPTFgv?= =?utf-8?B?SkRUc0JRcE16YUtZK1hzOVVZbFdkcTB4eVVseWRSMmgvK2dPOElrK0VWR3Nh?= =?utf-8?B?WmZNblVCM3dBVkduMzBGUVZYVFJWZUJSZm9WdllJWWlvR1UyVEhqdDFVMFhG?= =?utf-8?B?Y0J3WVNLc2kxN25MdzZHUGJHQ0kxTG1ORitQSXpEWnhLUlVIUnI3VncrQUM0?= =?utf-8?B?TXdGRm1mYXZxSkZNT1AzNjh1aHhEelBDZ0NVZm1BYU41U0pnSzBPWnI3cVBm?= =?utf-8?B?d3lNS3lCcjBSSTlmS0hobUs1bUpZaUlLNjRyQTh5U1Q1UjdUc0tzRXpINlNM?= =?utf-8?B?WktRR1NPbTNRSzlIM1Y1VXdLb2NjNzNYZ0dKeGd6clhpcVNpRmZCWTAwZkdy?= =?utf-8?B?MVl6dmVFT1dkMmJLblpBUnN0VzhiYVVZdHREeVB2bE9XNU1aWWY2cm14MXh4?= =?utf-8?B?Ky9iY1N0TUJLTjVGMWdKNWFaaUoreWlUV0wwbmxzV3N6OUdLc01rejQ0dmk2?= =?utf-8?B?a3BVVEppbG8wY3BXcU5VOUFkclBiL1Y2RlpWb2lqdmt2cmJjaDdCbEdQU2Zq?= =?utf-8?B?alFaelFUajczSFZLb1A5NXViYWoydkdJUDFZL054QTFoRkpoVDhDWkcrcEh0?= =?utf-8?B?SkZQTUlyNlpIRThjbVdJd2NxOTNpT1VIdGVMYjVjOVRLSnZ3ZVgxMWFQSlNQ?= =?utf-8?B?bUJGOWdVMVNXUnAwb29EVjRGdUlnN2hDTUo2cmhnUVphemFsRFFNYUU5eHB1?= =?utf-8?B?VGF3bERxeXkvUURSaWxZWSs5c1JlQktTOGlNQzZZcDNuNitXaUVvd3dpOThy?= =?utf-8?B?Z21rYUNRV2x1OTYvVTFiaFJFR1VRUG95OTV6end5M2lUb2ZxbkVNaXc0ME4v?= =?utf-8?B?c1U0SXpPZkF2Rit6T0lKTE1MQUxmT0Zyc1NYU0NGamdYS0Rnc25SUXh4KzVO?= =?utf-8?B?Y2gwQSt5M1U2M3o0TXFTZkRpaW1HaHovV3dveVVORG5KN0p2YTYvSzNTbjdL?= =?utf-8?B?eWczUHM1TlFHU3lsQ0Y2dWFLa1lUWnU4V3dDNlUybjJvejdieTJISG9kbjd4?= =?utf-8?B?OE8vbVJMRDUvdTlBRUpaK1ZyYTVoUnVMZFU5NkFVQ3J6dGQyUnlWNXRsajRV?= =?utf-8?B?MzI0bFU4NUV3NFVPVXZJeXN3dk00TFpXeEZYNzZDOXU0OTRlUnRkaDJGVUc0?= =?utf-8?B?U1RlaEVGdnJzelQ4YmFtVkdGZVFsKzRpZEZnSEptem1QcDZQdFRxM0lZaTRO?= =?utf-8?B?TkJZajRBKytzNmFCTXQwa2IvK2N2Mnh1MUhtTTBIWmpOb1lQN240NHR2bWhj?= =?utf-8?B?ZlJkdVl1eU1tNXV6am9mVVpYTjYyd0lTTjEycHVPa0R3bUtDZHJDUmFENElY?= =?utf-8?B?VXhkWFl0Nm5ZL2RLbjQ0UmovUW9OSmFkM1Fidlo4SFh2YVdGRzl6eGQ5UjJD?= =?utf-8?B?L3NFOU9OMTU4MkhKWS9MYndDRXJCeXRxUE9PdnBFblZTZkN4NGYvMnNXc1Vu?= =?utf-8?B?dW4zK29haGZMNzZYS2Z5RDcwMTJ1aGVDM3hQamJXWWxCSngrbXFmVkNNQVJo?= =?utf-8?B?c1lkUmN1LzU2aFZzaXZaU244cHFmVTJPalIxNzMzWmNnQXl2NktiZHdCNUZr?= =?utf-8?Q?hdQ/CBK5DtIJRW4oZmQREF5yYJyIPuTxSC1VM=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1143; 6:RSbREIQGQGyhbKWaLO59qn4QLKCPn0m1E30dxBopsWXiuDaQWnkmQQPXETReyGKxmBWFOGK8yE15Km9q8YB5mbfWHCuhqONH7zOzqtyghzG6d/RbZA3bBGv0Tegr5TG0G8vjbyF4wv/ySbpehHFrXh9TvBlUgXF1ZPhD4ab9W6p9RgW+jqVfO9JQU1rIV3Mk6EjdWaZYLDeIqX7UarAnAMKNaG+p2ZWtsgfJTcsO2PL5SIDRtFqUNgKn0W+/vQq2qT17oD/v7NV099Q/GFPb5RRCLVpmLqUUcBlXaem827ijtSUF+Rj5Hg2Xa5px1usArmapr58HW+Qs2oDJsQBfxw==; 5:shtG2NxE1MJ7hOqIDhFbd8NUsMxaP5Z5dJ2FQUFaKAz7P4xnjA7UculoywyOw3EpnJFHHB8mc/3r/d9fB2qVX6mxpAP0FOyHp7JtYiaKjNWBv0fmWlKJgRVaat0i1e5ddoALmHTUOBZ+mawmCdapNg==; 24:5xM/X72TcVgTczYmeKcK9uJwuOD9FUG3HYlj4LnwJve9yIIbfbJetPDrbClDePOtrDrQU/qcc27doLyan0Xams0sX4M53DbJWk/UeQrPEbM=; 7:uLeLXO/d42VU3djFa2fzjKT3r7K3gpCuMJtS84ZeYXljkM8ChLAUhlmEcswHoneus6LJsTF3Vg8TAilMeBLW8kdVmono7q/cyE2nWprnNLpieP+W6s7Ed94HOEfk6Lwmg6f5V1n5RdE1547d7w0nR87QPFwuCC38KGVJK0Qc5K5R3sIK0Ea9JUVQhjuTpHFMss3O7KD2JBOnRc4DXSIoNSoAkK1VtlSj+2ZlbMmDCmg4JdUuzvZ3GrC9sajLp6Au SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1143; 20:iHXZ/HNBC9KBaDS53e19Ab+YsoMv+35baYChgx4sHqxaFwLa1UI0kqawmzEUHouy8CiwHBRR+1tzz+dmdR/pfA/YwtrThBiqhoHZdJ9QqVRxlXp2AelRt1A7uXL9TLGS1Kdexagszau+puoWI/c1NV4PvQ57KSyPRQWW+fC6yUxwPh4C3Rf/SK4wQnTvl2su9WPuFneWosOyUqz3SgCJpcOLl+vDGg9w7kBiXUxTGVofKCumvmPSQ6H30F9/qMWG X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 22:37:14.1742 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1143 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This adds support to be able to either encrypt or decrypt data during the early stages of booting the kernel. This does not change the memory encryption attribute - it is used for ensuring that data present in either an encrypted or un-encrypted memory area is in the proper state (for example the initrd will have been loaded by the boot loader and will not be encrypted, but the memory that it resides in is marked as encrypted). Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 15 +++++ arch/x86/mm/mem_encrypt.c | 101 ++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 9f3e762..2785493 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -23,6 +23,11 @@ extern unsigned long sme_me_mask; u8 sme_get_me_loss(void); +void __init sme_early_mem_enc(resource_size_t paddr, + unsigned long size); +void __init sme_early_mem_dec(resource_size_t paddr, + unsigned long size); + void __init sme_early_init(void); #define __sme_pa(x) (__pa((x)) | sme_me_mask) @@ -39,6 +44,16 @@ static inline u8 sme_get_me_loss(void) return 0; } +static inline void __init sme_early_mem_enc(resource_size_t paddr, + unsigned long size) +{ +} + +static inline void __init sme_early_mem_dec(resource_size_t paddr, + unsigned long size) +{ +} + static inline void __init sme_early_init(void) { } diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 00eb705..f35a646 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -14,6 +14,107 @@ #include #include +#include +#include + +/* Buffer used for early in-place encryption by BSP, no locking needed */ +static char me_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); + +/* + * This routine does not change the underlying encryption setting of the + * page(s) that map this memory. It assumes that eventually the memory is + * meant to be accessed as encrypted but the contents are currently not + * encyrpted. + */ +void __init sme_early_mem_enc(resource_size_t paddr, unsigned long size) +{ + void *src, *dst; + size_t len; + + if (!sme_me_mask) + return; + + local_flush_tlb(); + wbinvd(); + + /* + * There are limited number of early mapping slots, so map (at most) + * one page at time. + */ + while (size) { + len = min_t(size_t, sizeof(me_early_buffer), size); + + /* Create a mapping for non-encrypted write-protected memory */ + src = early_memremap_dec_wp(paddr, len); + + /* Create a mapping for encrypted memory */ + dst = early_memremap_enc(paddr, len); + + /* + * If a mapping can't be obtained to perform the encryption, + * then encrypted access to that area will end up causing + * a crash. + */ + BUG_ON(!src || !dst); + + memcpy(me_early_buffer, src, len); + memcpy(dst, me_early_buffer, len); + + early_memunmap(dst, len); + early_memunmap(src, len); + + paddr += len; + size -= len; + } +} + +/* + * This routine does not change the underlying encryption setting of the + * page(s) that map this memory. It assumes that eventually the memory is + * meant to be accessed as not encrypted but the contents are currently + * encyrpted. + */ +void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) +{ + void *src, *dst; + size_t len; + + if (!sme_me_mask) + return; + + local_flush_tlb(); + wbinvd(); + + /* + * There are limited number of early mapping slots, so map (at most) + * one page at time. + */ + while (size) { + len = min_t(size_t, sizeof(me_early_buffer), size); + + /* Create a mapping for encrypted write-protected memory */ + src = early_memremap_enc_wp(paddr, len); + + /* Create a mapping for non-encrypted memory */ + dst = early_memremap_dec(paddr, len); + + /* + * If a mapping can't be obtained to perform the decryption, + * then un-encrypted access to that area will end up causing + * a crash. + */ + BUG_ON(!src || !dst); + + memcpy(me_early_buffer, src, len); + memcpy(dst, me_early_buffer, len); + + early_memunmap(dst, len); + early_memunmap(src, len); + + paddr += len; + size -= len; + } +} void __init sme_early_init(void) {