Message ID | 20170216154550.19244.5070.stgit@tlendack-t1.amdoffice.net (mailing list archive) |
---|---|
State | New, archived |
Headers | show
Return-Path: <kvm-owner@kernel.org> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7A21560244 for <patchwork-kvm@patchwork.kernel.org>; Thu, 16 Feb 2017 15:46:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BDC22861B for <patchwork-kvm@patchwork.kernel.org>; Thu, 16 Feb 2017 15:46:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5FF0F2861D; Thu, 16 Feb 2017 15:46:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 56EE82861B for <patchwork-kvm@patchwork.kernel.org>; Thu, 16 Feb 2017 15:46:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932758AbdBPPqF (ORCPT <rfc822;patchwork-kvm@patchwork.kernel.org>); Thu, 16 Feb 2017 10:46:05 -0500 Received: from mail-by2nam01on0085.outbound.protection.outlook.com ([104.47.34.85]:23168 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932570AbdBPPqA (ORCPT <rfc822;kvm@vger.kernel.org>); Thu, 16 Feb 2017 10:46:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M6xVlxngATxdpp66Jl8udDKNhnRIbVRw/AR5xLtlL0E=; b=5stYv0ejhaoN8T6gREG5MC9Keoc3E9HPuDvUMaVN0g1zFmRNctKvYNUmDrKkXnz7JY6Ed7BqKfUoB4YyseW+nUrHgisy434rnhHosLz/Wgqpcs2njgKRNiQbT4iF6tVcBx0yUBybQ/Op0RPQFw9fazF/JKWFKSu/ZG/ZlFoVc3w= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Thu, 16 Feb 2017 15:45:53 +0000 From: Tom Lendacky <thomas.lendacky@amd.com> Subject: [RFC PATCH v4 17/28] x86: Decrypt trampoline area if memory encryption is active To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>, <kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>, <x86@kernel.org>, <linux-kernel@vger.kernel.org>, <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>, <iommu@lists.linux-foundation.org> CC: Rik van Riel <riel@redhat.com>, Radim =?utf-8?b?S3LEjW3DocWZ?= <rkrcmar@redhat.com>, Toshimitsu Kani <toshi.kani@hpe.com>, Arnd Bergmann <arnd@arndb.de>, Jonathan Corbet <corbet@lwn.net>, Matt Fleming <matt@codeblueprint.co.uk>, "Michael S. Tsirkin" <mst@redhat.com>, Joerg Roedel <joro@8bytes.org>, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>, Paolo Bonzini <pbonzini@redhat.com>, Brijesh Singh <brijesh.singh@amd.com>, Ingo Molnar <mingo@redhat.com>, Alexander Potapenko <glider@google.com>, Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Andrey Ryabinin <aryabinin@virtuozzo.com>, Thomas Gleixner <tglx@linutronix.de>, Larry Woodman <lwoodman@redhat.com>, Dmitry Vyukov <dvyukov@google.com> Date: Thu, 16 Feb 2017 09:45:50 -0600 Message-ID: <20170216154550.19244.5070.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BY2PR11CA0037.namprd11.prod.outlook.com (10.163.150.47) To CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) X-MS-Office365-Filtering-Correlation-Id: cc999555-bcac-477c-a3fb-08d45682e573 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 3:ef7GcNd8uTVCLVO84k8vEe536TwmrK4EsWZ0PHki8SPn800TnHiO33WdsQIk+DyalA8sugtUhzErzfcbTQoLZaLMKgjq4e6AZDlqxzUZcws/vrwhOSZm57Su/OQf470pdJeNrUKzsKk7Bx1x2DmsKcwReLoLov4c/hQHYV8fJeJGJ1SERxGudNUTl4D21yeoSWtwOvpeooDjoUM0uzWxi6m6GZSwjVR/BCezaCruc74xIXrJ1cblmK7niBEC0iXWYsmi1wxOA50swwn07oCvRlTqWrKVlI2PXV/os45GPsM=; 25:aRP3RVuwQ+nMeORNm2LOQWBk3rjBi4GlXwI1Yb2vSRF+sG914Hup80azSApgUsvkDFkWimkSI2anmspg8DZxVDpWmMSpq5dbWtCamh2ZrfU1S1EBxMS5m4hvSRf9ETGaD9ExSWF0bmcLg7dG2r6QIWrsXoGz8FiKJus6Y/vWXbSaLiKs9NSoF4S0O3dTYQIgG6Fbp0znLAbWk3YsqYwSipdicdk0PP7xPQL0/AIoyC/M/IFeZWzAW4xD2HS9IZAxNzIeXLP+HwP2fooF5Hq7HGpVq1izujVbXMSNdrodvuB0wBv1Ybx1+ks83njK0hBUXbkPmv3dYiCOnC8OO3y7yC4D5rv8BngXaztz3EpHPB0V7vuxcAviINThnLT4zP4kq0ZEVlfBPxUTVq13j2nfS55Dg0nd1F7xzVb6nINmtzH5Tm2HNe5cFfadd6ZTEaWEyFupt5qCJOIX0hC1SFOXrw== X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 31:QmuzbKIynMTuw3vOOR899oIgul8CEy6R8grZq9G7mbKWWp59HYuRZbRR/MbPb0y4lgrSXrFmA3XVXLEdpxwd0/wWQN3dMReqz81Llg9ao0S76ZbNTCD25Kwawoovj8k0xKz26bVCygrqChp3lKC2fH/Rj+DXCJWND1JubKWPDg9QPmStsRULRKMhZMRy16aarQwG5mJkRuc99EDyITrRVLYK9TCdRRCYg9u8SFICF+k=; 20:wdBpDztvIsyfQEVvFAAt140VmqRksUT1mlmE6du/dGjLnpXFjG7X1E0Hxt/L5oQKx9eAe+TTDXcZohSFqudwl9JJCKWYa+rtrxbaigL3HfIgHXpFpk9muXgzi6+xtNTbmiNrzcRIQC2PHbkJj9sSAYN7rQlChzrikWpH7U9sRTYca+jauQbLRfP0GsycEbPZUsb48ma/cYpQ7QjWigurcaKQEdHoeSdJ/SJbyYn3HgykWzNiDhu2+0mMYFsNChklQbKCBMQIMlghwa1I/syp9xerTzN1kwIsBGh5Hm31KnwJ9fTp+W2NDcRS0AYFgu3yaDEy2mrlCpBvtv2iA8Fz7PAsAkepvD0ccpSMj/CRA0v3K1ON95ykdelXxw2CgZuVRWtQktynWPpLps2LnUlg7Y9Zp58HTZ5ljuMjxttB1owIpIeosZ2V2nq94c5EEPwFrCO0N4wQ8hvLbsB8EKmAqJ7kbk6ZlRYaYPXkboKNafW3l53FSjzPYZDu+8dhmj9b X-Microsoft-Antispam-PRVS: <CY4PR12MB1142D4E6E36E730E447F680FEC5A0@CY4PR12MB1142.namprd12.prod.outlook.com> X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123562025)(20161123558025)(20161123560025)(20161123564025)(6072148); SRVR:CY4PR12MB1142; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 4:NBJQkZ9W8Vdo5LtCSJiCpgMwzv5t7fsro/MsKfRpIcNQyI7gCrDhk2gCHEP44JLh0pZSVOJ4tkskvDec4Ai5Zo388GlKc8dr0f4oyF/F0YnuVZbk07GPlC2XKnY7fKP+rEXtE8FXe7jIFLxsj3BT29Jw1Fl0IU0XXBtDidUrbEPpfBjce+ybh3IbQ3J1hazZFRp9ZXo/R9Wm8nwbY/kHrUYvyj1ZQw3iOK1BfDvFf5MgkrFRFAfyvHnGdDdv5o6UTndp3wgLswTRi0hoFTpHOYLW3UYwhT2vxqjGZZArFd+g5QkKcL47nUoO0fSCSahT3uM4mr32lNTzyLfNu3A9+dFmGtAkh+LDkKiHA+fpCua/SGf7+F0U30Ue/8Miaq6K0pjXHskYlOWqL8JNKGOl6S+a/oT+NN1DFh/LJv+GCqNL2llGwFearubsaELQduXWEhYV0RmpkCvnqNYGWz16JVjMoIAUvtcJqaq9U6H27MFxHWLAvxAFsJKDEZ0Jxh2GNslXPar2dhebg/IFUo3b157r77NGsgjw809wWHePSdYEjSTDt/x8DxuIaoDufcrf7zeCgXZ23rui7PS0Y+ZwscId9V+ertT6SsIvQOIrBow7ODPFleZw9JHNIHve7n2anKewezunBWg6PqpVgsUPuNKGHFGe/efBl7Vpl0cP1Kw= X-Forefront-PRVS: 0220D4B98D X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(39840400002)(39850400002)(39450400003)(39860400002)(39410400002)(199003)(189002)(97746001)(23676002)(105586002)(101416001)(106356001)(4326007)(25786008)(33646002)(92566002)(50466002)(6506006)(1076002)(66066001)(2906002)(53416004)(42186005)(47776003)(68736007)(103116003)(76176999)(2201001)(3846002)(6116002)(50986999)(7416002)(2950100002)(97736004)(4001350100001)(69596002)(83506001)(8676002)(230700001)(305945005)(86362001)(81156014)(189998001)(81166006)(5660300001)(38730400002)(9686003)(54906002)(7736002)(389900003)(55016002)(54356999)(53936002)(71626007)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1142; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQyOzIzOmh0Si9NYnA3dUx2UDA1cmFKbkszanhDZUNx?= =?utf-8?B?Y0xLSVhESVB3UDlGTXNIUTFvR3h3ck4vbVJENW5MSkdKQy9mNVMyKzVrT1g3?= =?utf-8?B?WUJQVGU0TWRNZDJaU21jWnpscW0rUDNXbE85RG02N041dWRRSTdoZDFIaHNm?= =?utf-8?B?TEFJV1ZJUkV1ZHcvdkhhLzd2bi9KdnQ2b1pOL2hzc0V1S0hEMCt2aHIyamNa?= =?utf-8?B?WU9XMEZwLzA5RUdocVp6a2h0RTREektiYVg5dVAzWUJ4Nmh0STFsNGtVMkxL?= =?utf-8?B?RTJFYzNFbmZlOUFaY3Z3Qkx6dG9NY1dGMVRCRU8xZjBLSVZVWFBYaWlUbW9G?= =?utf-8?B?TmozM2NEd2JXaUVrR3VPZzBFbGFBY2JQZHFOcXcyb3p1VVpjRk9wYjJaZWxy?= =?utf-8?B?SGhtS2VnQUZPWll0TmlZS1Y4UDZsTWkrVlhDdDNQeVN1UjVXSHBqMExncFR5?= =?utf-8?B?b0txS1lXbUZUMFhNZzEvcmZpNUxRbTR6eW0vSmhjUDJpeGM2Y0FPM3RsSHQ5?= =?utf-8?B?b25meS9YaXFmSnIwdkRuS2N6YXhkSDRYNnBNT3NaamlYVDBLZFlCQmltRWRj?= =?utf-8?B?Y3gweW5RQ0ZXZFVlMVRWYXVkSlVYV0kvZEJ6SFR5NElPSy9XcXlLOFhQd2dY?= =?utf-8?B?eDh4TXZqWGtWK05vYkJSOW9wTGJrejh5WUJta1hjdU9TdmpXYnU1U3VRdDNG?= =?utf-8?B?WC9CMWtkckRERFdFZlVuVU9QMnN0ZitKeHkzTGI2SmsvOFlyOVcxaExjZ0pk?= =?utf-8?B?Um1lN2k2WjFRdmNPZDJHb0dwd2tCWmNteks4bk16aUtaSlo4Z1pGOG5WUkIv?= =?utf-8?B?ME9Ea3lvRDVQNWhoTFFTUzZYalVwb0RQTHFGUVAxemYzTk1pMXlPZFRvR1VY?= =?utf-8?B?ZWk1UGVRREFEcEo2U3BKS0htNm10UUZIaXRuTWtYMWNFZnFrcUhUT3hsVkkz?= =?utf-8?B?ZzJ3Vno2TXcwOFpUY29hZUtNWEtBRnc0bkFNc0Uxb0w1ZWVtMTBWdGFESlli?= =?utf-8?B?emhkak83ZzlHSlErQ0Y0OHl3a0JvaTM3aG9wZzhDVHJPczN0NjMxNUpPK29j?= =?utf-8?B?K1YvWFYrY0R4MWQzd3pieWtmOW9ab2ttV0plK3VGUDNnMllVQ2NIZlZDakVU?= =?utf-8?B?ZUJ0ZGoxQmM1RFN0eHFhWlVhNmdzbjljTWVOSWNNNEhCOCs3aFBONU5JZTUr?= =?utf-8?B?RnlvbitRcmVvTUhrUnByQzZsQ0R5OE93OGtuMnMxaDZvcFlodnA1Mm0vcFJz?= =?utf-8?B?RDNWdFg0N0RPYTNkbm1EbFVWZXlWN3RvcDgydnBJOW5BekJFZVBLbFhmbGRK?= =?utf-8?B?STlnMjR1MGIvYks2eWNBZW1mcUd4djZDSGFJbE9qdXV6cDE2NGw5VVcvV1Vs?= =?utf-8?B?UGdpWUxkYUY5WmZPRTJiSG5qZ0UzZG5waU1raHVtOGtidWRObW1McGl1YktC?= =?utf-8?B?UDE5Mzg4dTFDWjJPMXFRNERvWGZmUzkydnB4aU9WSlFjMWtpZkJmZG52SXl4?= =?utf-8?B?d3l1RFBFZStYUndyUTVZSkJwbitPUGgybWNwRUo5NkVWUlhwaEN3Z29GZFZ0?= =?utf-8?B?VVZZbGtLQ1B6bUxTUndtVFEza28wL2U2UmtsOVllNUJndTUvTTRPWXphRmtF?= =?utf-8?B?U3dMMzBWYnU5ZWc1VlliWjR0UG5maDdXOTVKenUrUzhITE9hY2pyNjNndmlU?= =?utf-8?B?eUJubkNrMk1tUWU2eGtIellObmF5M1dOc3dIc1lpRHRzVmxZbFlpUzI3THZ0?= =?utf-8?B?TjFIUFJoSEpGNFREVW52U1BROHo5SDFFem85UzVydUZUYThrcTlFc2dUcUEw?= =?utf-8?B?MnhzSmJuWU9XSitvNE1uZmJDMHAwTktyWWx1SnNvb0N3V3NsNmdYZ3NmNW1H?= =?utf-8?Q?z+4d1iVuyR3FNiQvojG79DQm6T7hq6mf?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 6:6kiqHsGr5Zgr+jYmjTLCq92DybCx3tEN22iQpPGNs7ZP8dVfwxEcJCqxkhlovZkGzOQt9dV3rZywT8CNlYAOzosbryaNUB4YRvSWMjGcm0ywBcMDXa4ArrHEUlbJVgo/W+U9L7P0PwG6ok4JbTuk0S9+Y7m0oTnQR9O8rsWaLJweY0xxA8e9fF9ZFjaNhrvo5Bzo3xAQ3sJ0QjB0yeKznmpD3H0fh5KQTL9omaMtanZp75BiPDKOZTd0G/ZthIPzYHS6oTEoF0gSpgWr5dwpaPawgyAdUpFOV0uzQVUe5XlQ3hmZZqTKSEHGJU+V4bqN4KeB4HbyzL1gbS78SOhbyS/YpximdmQ7yXGwK2WRULCp/6Mn72r7ievD0pNd0uCsP1mGqOFSa2ysyaTIOlzedCatRRgd+/WrqKf4e944Koc=; 5:PVJIYZGDsJfFuLxJUUWs9qV7AJ5H/KepiHuJ1crPWfA31lM2BouDkiWSXhGOw+XDxqp4fviUAzaUCT7mHwM2NHPzP36hzjrtfpEDU+n7lE0YJe1cQfIvQNmRJvSeUTXBfXZs6Ggi52xdTdu7diXn8g==; 24:iCrPiyc3cO/jdOW4mPO6cpZK/K1U55iWrxtkRc5LH1zLC1yz+c+Pxv2jQWx4vXUpoSlyZ6hr3bftja2JQDMVqmbRN+KxLz5ZovqvJIyPTrA= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 7:MgqopMV6QWvY+MI9aQ48SswzH1gg9zxexszLCTrJ0UNug/cV58Om6fuabTkJIqkjGYPFGu0hFl5fA6R1BuTRXOJJgTMFD6Eacc/jr6Czm1GI+jpgFRsEYSQjuRRG/gmTMPEmzQNrbnIWXbBFbLIPO9cxDMIuKehUcCTrXJ6ocKqxchDGIGKmqyu/vJBUYBJzah4QoU1FTI7qscfY2SCPo8t0hPh/J/Le3loWcvkfAxayGrLmu1jQwbSRKWK0HaRXvrsUKlh7GRr1HhK0zD6G5vbMf+RSMfQS2jiaPNCB+txTreYpy4ozuaxO0YlE/40JmYEMC6GHLLIs+F5BTaQIeA==; 20:gD/xXtMPWStf3pHdSvLm3LsOIgvrUo9aXCcIXaTWvdJ7519AFPdML8P2p3Yk+USsKVTQqLKMbmJ8hI6CJZTpKR4Z1gawcVAbjRVcSGsXU+T9WVTpf9JQOyixUEdTKzqXuDbWNEh5yfQ08GkFUal/H9NTws/7GHvWa+YXHA85j0LXDjHBl+HAhAGfbZ08JVnFHJiT37PqWENubVgw+v9kXLXeManIqgqN/Gz1wyApcM3mpklGSvGw0GXBLrtvDgBt X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2017 15:45:53.6209 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1142 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: <kvm.vger.kernel.org> X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 5db706f1..21d7506 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -6,6 +6,8 @@ #include <asm/pgtable.h> #include <asm/realmode.h> #include <asm/tlbflush.h> +#include <asm/mem_encrypt.h> +#include <asm/cacheflush.h> struct real_mode_header *real_mode_header; u32 *trampoline_cr4_features; @@ -130,6 +132,16 @@ static void __init set_real_mode_permissions(void) unsigned long text_start = (unsigned long) __va(real_mode_header->text_start); + /* + * If SME is active, the trampoline area will need to be in + * decrypted memory in order to bring up other processors + * successfully. + */ + if (sme_active()) { + sme_early_decrypt(__pa(base), size); + set_memory_decrypted((unsigned long)base, size >> PAGE_SHIFT); + } + set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); set_memory_x((unsigned long) text_start, text_size >> PAGE_SHIFT);
When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> --- arch/x86/realmode/init.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)