From patchwork Thu Nov 10 00:37:08 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9420431 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 129BE6048E for ; Thu, 10 Nov 2016 00:52:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 043342927F for ; Thu, 10 Nov 2016 00:52:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ECA9A293D3; Thu, 10 Nov 2016 00:52:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B57F2939E for ; Thu, 10 Nov 2016 00:52:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932308AbcKJAvr (ORCPT ); Wed, 9 Nov 2016 19:51:47 -0500 Received: from mail-cys01nam02on0067.outbound.protection.outlook.com ([104.47.37.67]:39971 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932291AbcKJAvl (ORCPT ); Wed, 9 Nov 2016 19:51:41 -0500 X-Greylist: delayed 858 seconds by postgrey-1.27 at vger.kernel.org; Wed, 09 Nov 2016 19:51:40 EST DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=utNKvZW+c/v+PgRgM9nUOV4+WJr7IsOKxuM5f7TkLEs=; b=cSlHx/BHIbQ66B7sx+BI6FBkFHU7e2KVVTyKOnxWWg8Pk3P8qvV2P6NXixWXh3Xy7TsMQINjAs1yQ9lK0xSLaT3BHOxYtPBaASgQCP21ZWO2nRHVuQvGB2eJdsX6GdKR4m/vFIAm/H11gdQ7O1tuF+yfDFOLOyQjj/2Efhjbvhk= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.707.6; Thu, 10 Nov 2016 00:37:14 +0000 From: Tom Lendacky Subject: [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , "Paolo Bonzini" , Larry Woodman , "Ingo Molnar" , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , "Thomas Gleixner" , Dmitry Vyukov Date: Wed, 9 Nov 2016 18:37:08 -0600 Message-ID: <20161110003708.3280.29934.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR15CA0002.namprd15.prod.outlook.com (10.172.204.140) To CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) X-MS-Office365-Filtering-Correlation-Id: 8a7bc081-fb3a-4f37-ec3f-08d40901b8e1 X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 2:fL5FQFivjWJq4Xu8RmU3gkyd+wNEmwyzZVBZtxja/CarQXjxOjpbzjsWiPogDrOX+LROhgHvzvaa+1bQIdqhk0cCH03nE9XWF0EFQQ42zDBB10I3yDX+4JV21APhXHz3l0ta63Pf50tNIypfY07A0p28U0xBsf/yaC09hCTNmT1mWwK9cjeQO5DGl0wJVX3NDBmZUG/0WPU2RKktWlKB/Q==; 3:KxuvAK43pW9KbKfTjjq2fVp46VTvTi5GrBo8CCnr88f4reTk/aTPz4yvyG3s5N6Gj8LQeYAxf2o4a9Sw8eMq114HBdtQoZ+90ox71zHssnaJCNLhhMajbnnB8RBY84lD4cUPRkBU0NzP15Fg4qgJrg== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 25:+Fhs7y9fqC++4tqQNWOboQPczhUU4OCwVc/ZgPawPqaJQFDNV2LtWTGsW625sSjMwa08msy3eekc81j9XRd21VP9Arq3HN+HUFPKzA0jLRqkpUSewLff94hZbua3T1PnkVDScxLlcE8mLr4dcr5uD25cqFPpQE2mSLffG7m26JLtJinr1oHUJhQZGD+Uabw4NqszVM7ETP+PauSDHTqxmIROlHv4i2IluBIEvnyeqh9AZii1FPYu7z1hlxvtUOxdO5jI+2kcBWWIJOIzIS3wHC1uGPBjuUfbfGpzTZx1t1BJll2X4u/4tlU9r1RhfukT7vpRpzseksGS/oD4zB2hmMnR126DzNSzhqXlO9wObRkMAHWflc50GLcLxAGNDyunOTztBsjkr6z1+qQBvlkyX7StYj3/ma6epwImeWAYBoUmhozwbj5EJL40iHXWC5KLbzcwJr/FhBGVGie8LoNIAjZXT7+QP62Yjx2igp1ch1wn7CaTDk9SUfmFnxp9dfM2ob9hR1CLM8YfU7W1uzb21uirSeBYgaLcMO925O2rdvAZxSJYDOSgTHPNDQJjO3z6gK/fff+UtoFn8uwYZDWqVkIEutBitMqwedkThQVPpuhxHqIJOQkRm/D3gyK0ndb4V4fNdyZ7nnYPEBldJlUS+UZ9zshHNcDPtOjFAOxraMQGWrnSgc11weGZOoUXHVvvSm3MEId3FLqqXVzvCIvUrrl6HGrCCLDw4n2z5+yIbbRbuWumBzKvBOwsuWwDivdR X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 31:oERUXaisobZ+HSKau/44Ily5IVptiu8U1OG408keqL0HcsZ+QSKw0yZsamfxcdjgcpbX9AKCtu/g190iC3tuUfOAzCBOZ8PocSABl3TPXACM7pRHE616OF82yveBNqQWdqZCmzLXnliz2orDGmkLrEOXMA5Q2yJzbxrIkN7HcTFYXZjyjcI2fLPlwPLy5maX/G6x4saUeZqgohhiwQnJ1JkUumL9NWPThMohhH97ElLT+BUjdUeBtbUzIgzFC5LS; 20:+ut1eJjdtCdtiGucTMabCOpNBiGeZyFhjIwWiV8qUqwfB69hYtqmcqwdSsCjhaiLu2i8kNhkumBQC9mbNovD/diY2yqxIyn7PAiT7s3bwRxaEQf17J5kPcEk4tPwSWqcIt/S/RtkkHEn1lXFDcNyNIvHmIHikGjPqpPPVjfUGCdMAwvv3nKBalCt9Yfb6M2KxtXpY2D+f0FTIsWVofudCeYrcmZvjYRGIJ2gxSFaRncjFYaJArtqLh8ESCLPE+yLYYGqDQWsLY4xzapBKz+g5INPTB+mQcaTuZTywZPfaWiUtTqopVBkSdTA7ede8nZOU8oE1/p24NLuqTkFg0Dlo13Cq9OB6nKOr/t8LEhIWcIONStd92ddzdMEZZrK3IWuq1w5HAnSXwY+RE3EAbjlJLHzL0nyIshkiZ/AeWWAgh8SyMhkYwZm8KvzYrVTMCseUOTC4TCsEGewbMMSC0MdTPF4u5Zabd9CY5slWTN4ryl53xTFdYWV0nNpF5sstmoF X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:CY4PR12MB1142; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 4:HKEzjQTg1SaCR739YovcbT/S20kBXrjQx8eAMHbb9imZr7Un982SUfEOyUc0YLQgcgjAR/EN+k/owYi9U2zsX6/17RA21VjuAvqyluBs3TTEzhsMSX/jr/TiKPSdydhOISOv2St6+Z/Y2xf147z9HC1K+oH/hUIkyHQ6708JP690StNqYxkk0uO1jnhYTAs99R5l4JvTGTAUF1tzXnxf4cjqN9Xf9tFAiMK83pGAFY6IcZnvnG9oCZTVUT6fY9h/G/6lo8nMUQwcmcAIOioBzY/gZcT7N4NHiL1oZ6z64JLU01+Ju0XSyP+zPiTyGY3aSBvD9YOfiXywt8XAZJQcKpQIEiJ19G1kvjpP6g2MyYTPq0MUcXqByVcRcKHXZOZ6s1uXVDKLq8padHEk49rkn83ai1RJGKKC6JmFA1yy/tbPhu3NcV0spU2nQZ1F8lt4XTDe/1X9DDXJiJ1U1BWo4A== X-Forefront-PRVS: 01221E3973 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(189002)(199003)(7846002)(97746001)(23676002)(7736002)(5001770100001)(305945005)(101416001)(6666003)(33646002)(69596002)(230700001)(92566002)(2950100002)(103116003)(4001350100001)(66066001)(47776003)(77096005)(97736004)(54356999)(50986999)(76176999)(83506001)(2906002)(6116002)(105586002)(586003)(4326007)(189998001)(7416002)(1076002)(3846002)(81156014)(5660300001)(8676002)(53416004)(86362001)(68736007)(81166006)(50466002)(42186005)(106356001)(2201001)(9686002)(71626007)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1142; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQyOzIzOkNkeVVPWTBNVjM3UzY4bGYzQm83MFdYV2VW?= =?utf-8?B?RU5lWlVpMzI4ZEpMU2YyWkgyRFR5Y0NaeEFIbnRyanRHME1qWEZJemJDaVNp?= =?utf-8?B?ZmdURDl6T3BmTGVFY2Y4K2o3YkFWNXRKQ3V3Wld6NVo1bmI2cThkSlpZQ09R?= =?utf-8?B?bHZpZ2pzRjluR0FaT2FTRG11MEM5aGN2VmhmYXVBVFJwYThlT0pQeWt5MWN5?= =?utf-8?B?VHd1YkMrN283TEdPaTBreTkzYytFOERDa0dpSkRtZ0YrblJOSitHVmd6VTg3?= =?utf-8?B?c0FlZFdxQjc1dDhTOVZ0RDRaNnZ4YWZ0SkVBaTI0YTdkcWVJeHNjUStvanNX?= =?utf-8?B?MDNxNnd6VEN3Q3VHZHl5eXBVcmVxRE1GcEJIR2w4a0ZvYXdKeEpLQjhzTm5O?= =?utf-8?B?U1llcTUrNGdWcUpDZlpuVUdRSEVTWVA5eFpYRnhic1l5QVlGc3JjSXNEY1Q5?= =?utf-8?B?YjVZTzV6amRIN1lFWm1uUHE4Q0t1ZEU4SjdDaldYT1R3OUZqbm5zaFV4KzNw?= =?utf-8?B?SStRNmFJenk2S2pvdjNLRDQwMEJ0V1hZdWlNWFFZb3NrWktNNUcxQzNyWmJI?= =?utf-8?B?aDdYbERDR1VqNUk5YThwNDVTWWx1K1ZTRDBBam5rL3VYNnV4TGdvTklwcEpF?= =?utf-8?B?TVhyRVZCanZ2M25TZ1AyZmZmakZwc1pvQnVGMDRDM3ZXcDZ4UjVPUkE3aGo3?= =?utf-8?B?eVk3YkdHdmhDTjAzRXRha3BzaTJUclN1eCtKY3dmREdqcXYyY2dJQkJhNVYx?= =?utf-8?B?Myt1a25YblIzNmR2c2dwMGZoM0poUGlidWtiN2NwUGtIbmZjaU4yQnEydjRp?= =?utf-8?B?eDJUVGpIbkhqdmNQVlByb0NxWEFockJ0TVU4TmsrWElXVWdPMzlzUGtvdHZu?= =?utf-8?B?SndYQUJDdzNXTVRxWFJWUHB5UXlpTVJMR1N3MzZsakFFV2xSL3ljOFlzVDJv?= =?utf-8?B?ajBiYWM4NnFJbnpSTmFpb2VpdTdXeFRDV3VrdXo2bVV2K1RxY09sRHNyVkVo?= =?utf-8?B?WE53aFBQR1hHRytxa3dFTmpLdXRFbXI1WTkvY01PcXJPK1AxMkZhd0JSa3lS?= =?utf-8?B?d0tiVVNKL2xtTVd0RkFvdUpsMDhJRTZiNFFiWm5TdzRXdHVsekxyVnBRMnBv?= =?utf-8?B?S1krNzBhTlFoaUI4allvMVB3NU8xcXdtNFJRdnppYjVyOEVZRmpHWVR3MDNT?= =?utf-8?B?TGRWZ3ZyTmZXZmJlZjY2NWlBQ0pkeFZoNnd5dEhDOFQ4dTV3aVgzSVFSVXNu?= =?utf-8?B?VHd0ZUVaKzRiSnVpMDNkQ0VGaXFhYTZiUC9JZCsrVzZMWno4NHBFZ1JmaXNa?= =?utf-8?B?eis3NXl2SFZQdFJSU0dmcDlmS0VrZnhvZmZxcVdOa1FFblBGVmNaYWlPTlpX?= =?utf-8?B?LzJ0UFk4THpyeE5qVjFrODlNeS9TeEQ5TVI2UmlHT002RG5heUt6L1pIM3k2?= =?utf-8?B?Q24zNkhZNnUvTnIzL0FONTBNeXoyL2lNbmsxZmMwR0VDNzlSYkhOT2JXbTZ1?= =?utf-8?B?S2taeEtuMlNEbjRZWGhxa0JuYVRnY240QUFyYzZwQWR1QVkzVlJSTTF3cmh1?= =?utf-8?B?b1NFR2VDZEFjanhEcDl2bE5zZnRycUFIRzlFbWtvV2NmSk91NWpucmpXR0Ex?= =?utf-8?B?UTVGK052Z0FuZDBZZTZmSWM0UCtPaE1UMnptWW9UYmlMaXBQYXJTSjVwSXpq?= =?utf-8?Q?56hT9ok5JpPKiXxZCA=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 6:MnRy5fWpSfcQbdVrsP5jG+hgub1z+zGutx518iOx4IopM0q1TDRsvbH2Ike1dKa4hR4jTksU09iXvxp0tdq+FC8Vkh0lt5c3VkfVco3fQ+HOjlxBhNKgAYpd2QICQH4lNt4lklxaNGaFx0P3TACPUSEyssBCyamjJ6H6/4YdlCUlbaVrqTXxIjCvwii9V/IDLSQZu+opI7DVh6zNpGlecgN4JRjshQEeoGnmQ1ZESwp7SdgnU+618+9ku9AduVQSGat1lAZCKKqU09n5uVVrmdM8KdMQfwvByLad39gYn1XZrIwqRtLdf8abTRG/2zcXXNVS8eGjMiAuExTUQpDPAvFFyI8/GMw98OQxCdlUo5U=; 5:c0VehrMYjXvT4cptJ4nGNk607VNnxgDyDKJ/ldmSPMTcNkQ5J68D98bgNyhlUNHFqFQlDKf61QwcNCkEW7lchl9NujakhKSbgU30x/WSBnkGQsRO4bVBZBjBd1an/+GviHLfkeBIG+aiMWJ7ub3ldg==; 24:Od7u5Xw1r52GCnQouMlLjQLaNb5zjGMZQwrG4kGlwpNI3Gb5xfvebfU4Z5xxjrlLPpRYtENDMkE47qQSx+v0dKXv5Pt7mhVo4TmVmFRTmms= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 7:UlJa6Sy3ADXzbl5qaS7XmPHHOlmfSe4WIYAFiQN2tmdN17REg5hDTfAfPeWNLx5odK59SO8aztBgiZBZsrHOkKevHFH5W9uA/YTJmQLirYdMJw4eXOUuBeBia+kGkYmub+prtrZUpn+tkszfXUSEEdkAGBCIu7yjukFipKR/h/JDd1YB7P+JVh+bNiBZs8lKhlQ9uFNvJczAX/sQrpTnVmSd+GDQT6+XujaDHnCskYbItR8rocL9rRdJRMzOo7d4LA5v0Yk236/i+qvvDKkVVf6U7PSSCUU8sS8+X/R/4eGqvGTORm5NDKne4X5kzy1K2r/e/3Q2qZ6AdMarRcSTys61tFgNx8c2TgM2bzG06hE=; 20:hYuwGmiKcYIJHhp3gAsxBte0UBuFrhz0l2mFvcOdbtMgqLgl/++x78aKG8qC9h8UY3pyzsamnyR5hnDiUQp1cHG2r0cgbP5NRe1TM6HPtir4EUZ8IMzEjn47N4/Yc0QfifuT+Bj4p+uzHvOtyPaDBzLHcpOnMIxNmqh4lQWSE4Ch4N+6XEiU9Y3K96lfbG5vdxiJf/fr+0iSNtCGkmiUfM/Zq0TbVyUhRZ9rQenRFdI2jtjQj0UKOUEOXlWZVW44 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2016 00:37:14.0020 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1142 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 5db706f1..44ed32a 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -6,6 +6,7 @@ #include #include #include +#include struct real_mode_header *real_mode_header; u32 *trampoline_cr4_features; @@ -130,6 +131,14 @@ static void __init set_real_mode_permissions(void) unsigned long text_start = (unsigned long) __va(real_mode_header->text_start); + /* + * If memory encryption is active, the trampoline area will need to + * be in un-encrypted memory in order to bring up other processors + * successfully. + */ + sme_early_mem_dec(__pa(base), size); + sme_set_mem_unenc(base, size); + set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); set_memory_x((unsigned long) text_start, text_size >> PAGE_SHIFT);