From patchwork Tue Apr 18 21:19:59 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9686427 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B1C27602C2 for ; Tue, 18 Apr 2017 21:24:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A240F2094F for ; Tue, 18 Apr 2017 21:24:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 96C18269DA; Tue, 18 Apr 2017 21:24:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46A262094F for ; Tue, 18 Apr 2017 21:24:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758059AbdDRVUX (ORCPT ); Tue, 18 Apr 2017 17:20:23 -0400 Received: from mail-bl2nam02on0061.outbound.protection.outlook.com ([104.47.38.61]:22878 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1758055AbdDRVUO (ORCPT ); Tue, 18 Apr 2017 17:20:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=M6xVlxngATxdpp66Jl8udDKNhnRIbVRw/AR5xLtlL0E=; b=4rTbMRDADNThScsZWJvsfJ5rHtktmTiruaSSoTSAPCnJK8Ln8CuSjGjQVanbTmJWx92xBchyvRBl6ZGtFr/gCHzqAMwFtFGUh8b3C2y60NDwhIrXcmgH9hcuFuLbdIDHCFr2OSUSMAXYfSsxET9PUamKRyDtdBjPtM/PDzWK7ls= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.10; Tue, 18 Apr 2017 21:20:02 +0000 From: Tom Lendacky Subject: [PATCH v5 21/32] x86, realmode: Decrypt trampoline area if memory encryption is active To: , , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Dave Young , Thomas Gleixner , Dmitry Vyukov Date: Tue, 18 Apr 2017 16:19:59 -0500 Message-ID: <20170418211959.10190.3481.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170418211612.10190.82788.stgit@tlendack-t1.amdoffice.net> References: <20170418211612.10190.82788.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR1701CA0008.namprd17.prod.outlook.com (10.172.58.18) To CY4PR12MB1142.namprd12.prod.outlook.com (10.168.163.150) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8b42d8ac-0a0e-4683-841d-08d486a0aec5 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 3:OdlDrdUt0w+Us59x4YpwWQO/KqO0rhFElQ1YyYYjXbMIb5bSShKxNbPGuxQaRYWblUfhJt5nEjMtKsHIdSBE1DO3ElcPBd+m6FDTwsvkeYkvJ9gJmzOE8CRktVSwU5A8kfdGjnk4eNTbGq7cGIEqqGWjqKpXO9LPgeRe+5HXl8jVAPwkv+0BXB2Nlzz8FWAn+iqSIgyLAaxb1yK5mDmV+3Cw89rRdq9bP0jW0w62uRzWc9dpVK9lFrHMDs8ThQeFJLNmcgQhIBdar2mRsMMCQQKqriMkb76aKmd0kp4l+ZsmgmvoGkYSFYFTfnBolZghLZBvxCI/sq20/XVg8l1OCUo3U9Z3vEj8tD+/Nm7/VTk=; 25:JBHyn/VsOO1M5V54Gz4gLTPg9lAblxCNJCXzYPHQM6oelqOHxngkzH1jzecqjnHmcuCaXRzPCQtT+OZXsnIIF3j47qakjk/iEKdBTuT5gxd+qlVZnVSkwIHRqrkffzr71LJZrhbWmC1QpbhIMRPHWvH/c4HRMrXjAw/TXsmXJX4m28m6tieOAbVVkIfuGxO02rzkcsONy1FGFO5UtNwvx59qbgBC3Y7xJVopICA1Gruk++1zxNBwK/t3WZ/pIRk2NNf3yIkLmwIudN9X2s8MNp0EfUIMyokjZbzP3Zylw6//oy3LerxtbXr16WYkUiNe9dvIjzQMVdh3gWwcEQV5ZRJ59D2/aWIOhUusg8lB+87Bsz+0zR4rx1cC/Zu5TzmCsHqc3YV2Ypz7H0SeB8V6kyk+jMtOoY+zjtwY6ULhCKGzHY+mimCuJztKnWwVAz4ccaqnlmruArbA2J0JMq9qqw== X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 31:xegycUMSJSkqsvA/hzHMVPBUatGGoG+Egsy4JKikAcAbx0nInADXT1laBMI4pJBTTwaOtfDRoODZ/cVqpSFomKPbQIRuGyijLCXuE9FcVyKb1I+TQxPTIULLi0hKXYUdOrp1qc+tMxuPeN6mLeTgeCVfB9GzWeLwli+amZk/x3a0lJJqCeqJftQwK+mgUOdx9AwCF652sZXhnyXb9mBRWGgDevwZo4SJT7EV9EBdY4U=; 20:tAUfZAYwG3ntAJ3zyXAZsXyi3LNRwzHzOFVMI9EjRnGGqi4cyh760ITSFNzKtFqv3Xv/AyDlfQIq6nJInj+QBXeeMn/T5Yx0feOLO7RK+rMB/Iqd2Fvdf6+aUKmENTHwHjeEWcuid5ZmXnYn0OHfTVBqB+EgATVUfyEIk+na6dtxENPuKzAW0ACz6XhtOqVUjkEMnlWIePcCj5zBYU+sYy3k1sP44FhldE4AbUaM0k9gUz0JDbQXjG0KfMOkoXJF5qAI56TG3uv1E5ltGm38u+oUkhyssOjQ03lpcGu5G+AkYCNOgW8B+4bxTswuvRygJyzPCWGlqoFfsnr1G+SrH2bNWIc/hkntYNlxYw+CoVo+pLwli/6y4a1wQVs3veoUFdJZyHQW93bwXgGqDneoE4jhsFPdZH7lU3Fu03+2+56CMfk1PPLIyzyLVX6Vn2d+alU5VsKnYuyYRj6hiKpSw/fHgNFGTO43AIG4Q3ZNxrUzSDfBJpi2FK2W+zUYLpJJ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR12MB1142; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1142; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 4:89AG3aaDmUoLsT17LQtDYtHh/CTgPfneLNMUrWU5k4BnitJGKqLiO244I7wwLWxQvKMerpE9EtvlILienyRCQvNgGN7PriDQSO9qLxGrRKzCD9vvEAV8XXxzow84dTRVjlUVbaGiKeTiIVp4Tk92f6gmEeVXne1lrqHltiuAUPwnA2i8fQ6C5TMrLYB4Orze9+dsO3qCQmmkMWvH1lopOsGD2SsJhc0ePV62is0N099tUtx1SBMX0n0YJIFPvyL5Ye5Tneoe6olersBa4ILJSBDpxMzmLokrPBNT4N0undZa3aldIsAPbhVIVMZDA+H/81lvHbHntJsOOYRlEhTDQg5Ky6lUYtyRMEbQrQMzq81XGf7cNQeuZIZxeFlcCj1Bx9BdPzAfJMxqEmKbm3IUoborjUn+SNOZXNxaGxPsvadcH1w1QQa45cIYK15E+K6aXAJCsOKoSSHeMy/jJo15/0Iz1S2K+3cYTeng0NLPUPfdBg2dVv7jI+qLeFZ6+w19ZBcgzFntluvM7Q0vKspar14died/P5qMNY75KjJKGRb9n2wxQQDGgTUtMAw/1SZ/FwCGgL+FqXr1NgGI92ZDbxH6O/LwlwoRPliffLss3vLBWO5tlqm7eVDb3wL5vnf/OcMCLRS0Rawqo0/IRJAm5O8wHy+jguGKYG4Ui9EI6VZKrTtlQTpzkrdBtvy0G1p6BvkZC+ctM5ROjVfQppxvBIl/mSaK4pIHaUZ+JIiZP8N0pNQeeZqLtlZNfYmKYVikjz1IlISKoCikNViamUOL3g== X-Forefront-PRVS: 028166BF91 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39410400002)(39400400002)(39850400002)(39860400002)(39840400002)(39450400003)(33646002)(81166006)(7416002)(5660300001)(8676002)(7406005)(189998001)(50466002)(103116003)(3846002)(2906002)(25786009)(4326008)(23676002)(66066001)(53416004)(6116002)(6506006)(54356999)(9686003)(230700001)(1076002)(50986999)(54906002)(2201001)(53936002)(76176999)(7736002)(305945005)(4001350100001)(83506001)(38730400002)(86362001)(42186005)(2950100002)(6666003)(55016002)(97746001)(47776003)(921003)(71626007)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1142; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQyOzIzOkJjc3pTcUt0UHdxZkZUTDdHV2RTR29ycmVX?= =?utf-8?B?VTgxWnYzUC9Wd3IyRS9VVk9rL2dvYUpXbWNrOCtXandvY1JOa2gyOVd5WU1a?= =?utf-8?B?RW9rQjc2em0xMEErUWlPbXR4QjA0ckZyQWF2amxBSVhQd0ZodFhYVVNpWkF6?= =?utf-8?B?NDdUUHZRNFZ6OU1TWWxLTnhjeVZ6WVpXQ2VnMW1lM1MwK1BUemlQNmc2djIy?= =?utf-8?B?WkI1bXZwU285VjJrWVNSYWplNzdiSXNpSmNaTDJSN0lpdndFZ3FWdGNXcU1i?= =?utf-8?B?Y2tiTUMwaDNCbVBLdG5pM2ZqM1JYVXQzSUpvbVFNUWNrL1RuWGdQWjFCYkxF?= =?utf-8?B?bU9uZS84Q3c5eE9NTHYwaGN6TUlhM3BtaHh3MkQrQ29VeENzMEdyaVpnajhp?= =?utf-8?B?UWQvbENPTGtGdmtxcnl6d3JDb1ZlWVNqV3BCSTF6V3lFVCttWlMxMGpNcTRp?= =?utf-8?B?Sy9Pamx0dzhIdUxlVXo3VmdoK0xjYUFZaklhYkFUSmh5MjYrajB5b3BiUDhZ?= =?utf-8?B?NnNiTlh6NDJYMXZnNkhNZ0ZqNWxJMXhoNFJxeGp2MW5lK3ZnWCtPN2JhZ29t?= =?utf-8?B?OXU4VzZsMVdTNEIyeDhrM3NLTGp4RWJZaWw0WmR5cnpLLzJNdS9ITnRYVlkx?= =?utf-8?B?Yk5HaVA0cXhIa1lLV2ovcHZjckNWT09rMk00Z0NwVG5sRFg1V3V0NjR0V0p6?= =?utf-8?B?NTMzR3dhY2pkTnFHWFBZQXZqaHBWdVB2WGM3UjJYNUE4aStaK1h1bW5rRzFj?= =?utf-8?B?aGJKQ0IzL2J3YnN6RHF0Tk5qSUJCUDhwWnA1WEdJSnVoNkM0QzBuMll0eXFB?= =?utf-8?B?bHBaMW1wNm8vbDBJV0NIWFJ2SHNaeEl3Ung4OGF2TjF5a1JyN1dKdmpabG9W?= =?utf-8?B?R1hDNlBCNW96K2lOOS84N1NCRzE0QUJvSjZEOFdHV1FZUGwzZXV1MlJEaWU0?= =?utf-8?B?YzR3SEV2bWxaSTNQV0NZcjBmdWFOWm4vTzFoTEFNaFlrVzc4K2VtYytQdHo1?= =?utf-8?B?Uzc4b2lwekgxK1hHTTY4VE1STm1jdWoySGhkd3V3NVM3enRkVEdWeTFXdEdH?= =?utf-8?B?R3k0dU1FZldYY3FLK2FaS2lGcGJINTRkMU5yQ0c1eThqUFdQeGFxbGZWT1lv?= =?utf-8?B?OVdORWRwSmR4Nmk2UFNVemFjLzd3a0xEU1hiaTFUbUNNdFM0UE9NYmxYM25U?= =?utf-8?B?cVlzekFIT21sZTd2ZkhYSnpqdldyTFkzSmgwdkxhVjBrTm9hZzF4R3FBV1lC?= =?utf-8?B?dFE1b3M4bVNhNGl4UGZsR2NrSjNqTVVscGlJdkhVS21Hc3JwT2dVSHdvMzJa?= =?utf-8?B?MUEvL3FhNm5GQ1BMTmZsWUFzaVBaZk42ME9tMmR1SXJXVlpyTitRVDVhY2RG?= =?utf-8?B?RDFaNGVDUVprQ1JTNHd2MXAvOS95TE5Db1UzRVA1bVZJZVV2TGh3NXI2cDNa?= =?utf-8?B?bk15ZVo2TGtzNk12RFZTMnZhMDdpenlNVlRQU1FkdjQySXNNaER5QnZMWmh3?= =?utf-8?B?YitGbEFTQVQyUlV5V2gwRVV5SFFTOHlhbUM4eHhOQXU2bGRLK3g2ZTNaZ2VP?= =?utf-8?B?ZDFkaWpQTHJWSFBtSjl4aG5QZDA4V3ZjTGtGbFZyblBZOVVaQU1WOUlDcVlW?= =?utf-8?B?WnZPN2prZlE0cHNLZjBOWW5lczM2dU9mN3BTMFBoVkQ5aFBZRUdndW5nPT0=?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 6:wUWfM6Rk0+Fh5EJIqVenaWA1hNQD7XkeielwpNrTQkWfWrx6kvUc824NBxpVQLtJiLeKJfyqaYbBhZbKpF4R6XIRwBxqABDRiUQPFz9aesWiVvOZeC8Is9ogA1kT2zOH/JR8ZelnXSIYsQqkcN5Zik4uhI4eHQYTWv9XA2TWP2JSG73Yz1sn7jdRo8hCgl41890KIbhMOnfEquCPwPzimec0pqRch+HhR1CrHaRMObBXXqWJgu3RSEkNHCKO11yHINeHKqchhxjhGLz82lqFcyOVgSbqClGORPlSGfBtKVi6jfGTaowTYavF2gRbTCenpOVSVTEFMVEtuzDonbyNrkLssATlclsNhLsqpOTccneZT5ip1dyq89VVlwjzJmB4JA9NsiMID2jixdN77NdGqD+SpvYZSjRxEOOlfkUP52dLYSBnyTDeAF18QfVCJC2PGd74i6RSdYa01JCq+RVvaf2s1+1g9F679A/1btrkL/E=; 5:xmJTM3jNKQape5hQPEFZ+WYFGEwAFrEakMTqQ/GAlj8V0uAcVCb4q6B1ryvxqHtKNQMAf0W8tvKP6sY3ascwaf2jdW8T6I4+LErdmD/LE9pbsHg9a9VycIC5SSXgZsjv9g3SyRkvrPP8WmqvWelmyQ==; 24:m5UcPqRJ+jtdOVF736ruS4iv+9guyAr+pVoY8wExscx54Z0qHBoBL+cxAXS/iEMyvvHxGqXplySS2LsRDhCNo9sNhiES7o7jxrHJp3xXwJc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1142; 7:BQlmMwGCm9dkYrFihCreIfhRz511DrvBEYft05IcA9FJqQ0TZY9Q5iqD3aleve8BftaZMEy7mO+QFkdWLmMj/6b+QGe3mbEBRE4GRzWg6s42PuUPLe1iVh2I0mmLFnYAfRAMRPtXZIuI1KsR2Hsx9J7uCfgk3AbioQoPw6uBPI51zSdgIXiDaD4ir7+mRdJJiZdIAEtiwAnNwsMVKZiuIEDsf+cPlSn3DMtCQ4rbTbXMqCVPwKHlxx+AyYuJp+B9wCgNBEnzm5mb0Zh3ZobXmOQ4uqotA5BKCVPdeY2wCcKqe8mvxIFQksnan7+BnFI+TXK4uUVvyrt+OnafC8TI0w==; 20:d5dsSwzawgLxW9q/jI8t6Q9Od5ZHq7nLHUAl0SKlwLjPZu81R/GjRG8SOzISZz5YJLbGdYSJiCZZoiUMQJvz3FHQxkMqQPyVmZaixdSMmcPRKHL2YbEteDzef9GSLw2rQQxi+/dEynH7wd6GW/G/++HyXBOKsXeZxiDQJKgNlc5ljJ2kqTeKO2zvRV1Xys7f4dDkGfcjSV4ND9jkDrmATJTxPKkVS0uKGWYKZQdCwYKnYHfRl1jFjsTJxOE79CQI X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2017 21:20:02.5610 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1142 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 5db706f1..21d7506 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -6,6 +6,8 @@ #include #include #include +#include +#include struct real_mode_header *real_mode_header; u32 *trampoline_cr4_features; @@ -130,6 +132,16 @@ static void __init set_real_mode_permissions(void) unsigned long text_start = (unsigned long) __va(real_mode_header->text_start); + /* + * If SME is active, the trampoline area will need to be in + * decrypted memory in order to bring up other processors + * successfully. + */ + if (sme_active()) { + sme_early_decrypt(__pa(base), size); + set_memory_decrypted((unsigned long)base, size >> PAGE_SHIFT); + } + set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); set_memory_x((unsigned long) text_start, text_size >> PAGE_SHIFT);