From patchwork Thu Mar 2 15:14:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9601029 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 128EC60522 for ; Thu, 2 Mar 2017 16:59:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 01CFC283CA for ; Thu, 2 Mar 2017 16:59:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E9943285A9; Thu, 2 Mar 2017 16:59:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 70A79285A0 for ; Thu, 2 Mar 2017 16:59:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752914AbdCBQ7n (ORCPT ); Thu, 2 Mar 2017 11:59:43 -0500 Received: from mail-bn3nam01on0086.outbound.protection.outlook.com ([104.47.33.86]:19463 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752770AbdCBQ7N (ORCPT ); Thu, 2 Mar 2017 11:59:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gZ0QB1oPe6qzj9c6pyB2lJB/fVrnp1uFhMRz6WDJAXg=; b=pARQcJpHwFgxTssnxlQc+Ss90KhmKkko189/9AM9+fyviWGVjXDCDOyScGCs2P8lN2ua11pqQv4hr81rSwVoRLoJQ6Gxa3wjoGbjcH81uURkPduI8JNNM1s1AuWtUyNpH2ZiEXcV20Yr4vUMVf/IF1Uy1nQ4/fRkG3WCqzfXVvY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by CY4PR12MB1605.namprd12.prod.outlook.com (10.172.72.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.933.12; Thu, 2 Mar 2017 15:14:28 +0000 Subject: [RFC PATCH v2 10/32] x86: DMA support for SEV memory encryption From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:14:25 -0500 Message-ID: <148846766532.2349.4832844575566575886.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR09CA0043.namprd09.prod.outlook.com (10.172.184.157) To CY4PR12MB1605.namprd12.prod.outlook.com (10.172.72.14) X-MS-Office365-Filtering-Correlation-Id: e85901fe-fee4-49b9-ac10-08d4617ed330 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR12MB1605; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 3:fX84n/Y4NzmggOCHussRUTwD+ea31TyqypqfD6j8BcRbyXUrYv7xBsF9bvzrdoguI+wRS522xT9DPPgZZYTrz1pKe8U9sTHXpcyDDJIKJcnXpwMPeVGSS/C2MNi66rbN/xOIitAZbGltwHAj2QXHArIWPP4DW5WjjKC6HRUH/sjyZkBQ7f/eOKzEa7xO3mA8mEa0lpKyhGhUK2sVUHRwTldR5VO+w93g1piIkog8xSU58M2Rrydp8Op6krYESwaMr90/Mt9QWMo7KZBcr2JsHPuaRuSxj6v2jShwCd25KzY=; 25:D6/onvIW/6R+/zg1Bi7bTPZzjkOPQgW27qyMus4n2a8ar92iG0NkwxAx9pnkwwwnQKi9+CAmtwvkLuP8GX0J9pxpHj0NpNif6KRrqvSqnLbAS9COCic7ACyzaNfkZZUm77JZXSyvSjdHAYMLaCYp+41uKBmOBakC6lURuiX1qE381baVRmb55rz7UOXVRyPwF3JKFr2ypHfn7UOThOKHUTKjXjifUDx1+BFY/OiEYu4RqpXGPCjUegzYRTqKR8iZ6TVni1zfBK44P+ZDdMvMU1RS0E1RzLLAXaJ5koTvyoFmtckvaPz6Ls9Mi9CcjvLdwFuR4GxpnryFXa0x76qwtvbZO5cz/xJ39dPGBg8I0yIpKS2FWrKkMMjDQZ4blB1NRFopTnX23kqYDutWC8fBIZGK65quHc9f1kVxVjYMbCKJd7J0PTUmxGi/hnSzDAzxQCvr/es4ayWSe8h9SiI3Cg== X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 31:9GT5JRFJkwwDNEqSZXmmWp6e9zaMDYSAfHe8yIEXcHgCBA6VnBSDCig+qN3RzRWT9h5N4FclJTN3o/YthNm1+b0VhxOxLs2bY85NMrYC4MgeQEhypYOy6Y/XUWj/EnkB4V0cYf63TO/INhOB3OpjvXwjBdk4IVrFdLSgaWLtzP/nQ7RIOlI2OGrf96tnkPQO4/Ut8TCrAi3z1+QnISPlNOMb8cnTpdkaWBE4T638lOFtlPyAhgjCEcdLwGbz5AvK; 20:InS/3nU5BrRp4AH7RXHLr0v1Qd3JLzzhlb9Isw91xhO47L/vHm/ziMek82T1BUxI/8qIEe1a/P73+cyVboaCDmhe23Twr4mb11msKxH+MLqa1lujgFOl6Alxg/PPrv7uxfLl+P83bwYaixd+Ut/WoOsKRlnzykJhfEPJmw+lLuBW0LD8qviwxN57ZCK7LG4EVai+dvHVUXYOmc6aZJ5GbaX8M0gX/PKt2bJfl8YfMtoXCbisYantIvxHq9ZBlPLDXPyBZUBr7OxuP4ME6a3xadSRT83nzx2MmT+YuMC1jT+J8q/fItKLcjMl9bWRsqvVkFdWmFWhYZxYDnpFmnPkZcQ0oath6sEI+AgBQi2KXbT1rThFYFbEog+VtNsdEcvEw5RwF44fIq6mH8BL+YiCaW2jxUz3M7mdHDodWGs31BTcONpvW4Nf38mMK6fxFqlW19bpBLyODMCpEz22yWZC4hC40xSIhAPLy2UJDquM3X1Lg1c5TXEaLl1fRJUSgiSM X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123558025)(20161123564025)(20161123560025)(20161123555025)(6072148); SRVR:CY4PR12MB1605; BCL:0; PCL:0; RULEID:; SRVR:CY4PR12MB1605; X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 4:EpLc4qh0KfP7PJyQQEJMlIvs5tUWqzCPZWMxbz1IztnGc9tWXbYazIYpo7jwuA3aMC8qMlfiAwG9d+r5ioNv4G6Egne0cdsq2z6/aBJTdZ00OZ+eAqags2NVu9qdx5LNXFcQDPgSzB/DLtRSq3Mp/scYQFnqrZq8gzCvKUcd9rqYsQ7hCBB22CIx291eegnZvmMkWtHWBfx3MN3atAKeKJvaw5qKG+7GtumtItgKqfYb2UeY0Pk0QBtqC/lFsyNV0c4Iljzazt3EZy263dLVEV6Oh1qd9owmucMUhntQHi/4KE2sEBsYVC8IUBbpYs6GDUb0Pqlqf7z0CQYRMs6QKibnw9ENqO/9jdyfh3+aoVN/9QxaC99PFcYgfN3NQ65ID4MCDwdcNJM4AD4mKBcaBtGgkJmiEvn4eeWmuSybE7HYSd/5gHBZOZz2NLIjG0sE9z94wNxHAA/Dme9aaqDkM7CjkYhoiYzhZGtbwt9MD6+L9/eqRtQdsvLEnr6g5ibLSXmFLI3a+sRxSgc5+3K8g01P+fflmXr58jpn2f34LlwDGT158s0bVBWlJSlGs9NCZ4FRH/pX4Ot/sFua49S23wuT4mmM3SbuqzjLg6Nccdv4PnEFQGQBFq9rDBz8bn5u5cB6oPLtt2VTWXdciJG0dgLEAO4RRlbIHtejRuPWptw= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39450400003)(39860400002)(39840400002)(39850400002)(39410400002)(50986999)(54356999)(76176999)(33646002)(230700001)(7416002)(7366002)(2906002)(42186005)(33716001)(81166006)(7406005)(189998001)(92566002)(7736002)(305945005)(8676002)(1191002)(3846002)(6116002)(2950100002)(6666003)(83506001)(90366009)(6486002)(77096006)(50466002)(47776003)(86362001)(23676002)(53936002)(66066001)(9686003)(25786008)(38730400002)(5660300001)(2201001)(103116003)(921003)(217873001)(83996005)(1121003)(84006005)(2101003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR12MB1605; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxNjA1OzIzOkthOGlWdFdvV25MYi91aXVoeEpvMHBrenE0?= =?utf-8?B?dXpyNUFmRzkxOHNjR3Q2bmpOMmo5cURPRjVDc2hDenMyeStxcUt2d0pIMEhP?= =?utf-8?B?ZndIYjVHbUE2S1pjUmJJYnFnMExIVXA4Rk5veDBudGFTcTRacWJIalpIRllV?= =?utf-8?B?cHZ5dVlBNHBDOGNZeElhQkEvTlljcThPQmwzc3BqZEdkL1R1dWhhc0Q5b3Vk?= =?utf-8?B?ZWdtOEhjS2NuUmZ6MWVGSUIxWHRIcEx6aW1kVk05UURvSjR3NE5reFNBb1ow?= =?utf-8?B?TU82Um45Vm80WmcwWnVHQ0x2V01YcklETGYxSnE2VlFoYzZ5VlF0L3BaR3Zr?= =?utf-8?B?NlNOd1B5WEZyZ2U3Nnd6cEUwUmxRcUhIRGlkTHM0L3IyMmhmZklyUFZvS0gv?= =?utf-8?B?dkUrazlFVUdvQ1R2aXFnVHZwYjRjM2VEWFM1Zk81MFdqZVcwd2xKYzlHTEg1?= =?utf-8?B?Z3J3NHVGV1JFeGZPT3VWMU0rWU1PVmFyR0ZqZkhQMUtyRTVZTXloMEl4K3dF?= =?utf-8?B?L1AwcW9aRW92QXl5ODU0MVFBc1FjeUlwaHFPNStRZ0tOZkpXOVBVN2dxd2Zp?= =?utf-8?B?SERqRjYwd0FhZVU2MVpmV2Y4QmkxKy96cmZRTk43LzlPUmxmS3VaeVNmMzcv?= =?utf-8?B?enkzSmUrbi9NOW9XWFJZQ3NJcXJrMjAremtQT0FqWkg3TTBMQ1ZsUk4zcVkw?= =?utf-8?B?eW53SVNTZDAzNGVIRzY0dmdubFpCclJnZjJpVEFyN09QYTdpUEs0aWdReFg2?= =?utf-8?B?L0tDSWlMN0lZRzc4VFhHZS90anlkSWlIY3VtRCtmZFRoOU4vck5JQ2JmNFBt?= =?utf-8?B?cC9xL0xSd21tYXAxQ1ZFdXJBcmRSTFhKUzl2T09PVjRrYXZ4emJsRnJZL2RQ?= =?utf-8?B?QXRxUUIvZlVjWWVMaThoeFBnZWVVWlNDeldZRjdsbnBHMXZ0QmpzakJyN2Jk?= =?utf-8?B?YmxRK3cySzhnU0o1M3JkV3lWMFU5Umdzci8xZWdJY1c3U2xWdFJvd0p0Ry9t?= =?utf-8?B?WHlibFlmSDA2NG1xZ0hvemxVNGpPd1ZrbFppS09pRVdneFFFT1RwZ1Rwd3N4?= =?utf-8?B?NFRIZHRqRHFiWEZoMmR6QWNwY3ZydEU4bkozK0xFTHlUdzM2dFJmNkhmcTNT?= =?utf-8?B?RzJQN1U5amkxZmt1ajk5bTZpTUpYUWRWay82QnBXOWVtS29aNlEzWWZCNkJF?= =?utf-8?B?WXpmSmJQVVBLbFZPTXk2bWFhTVkzVTM5SXFVN2R5UXgrQjE0VWlKdHlJNWpu?= =?utf-8?B?QWlSbnpVSWFyK3h1ditieUN1a3FDbHNmelBuSFZmNmZ3RjVpUDNpL2VjaEVp?= =?utf-8?B?NkZHMEh5bjFvTGVpbGdPM2VSOFVDc3NIVC9ncFZqNEt4bnhVZGpPUFlKd3pp?= =?utf-8?B?cGExeGIyMThMclQ1RGdxdE95T0lKcHNtSkV6TGVVdDdYbjgzMlFUKzdaSHRj?= =?utf-8?B?c3NtWGFaeDVLRnZiNjNHUmo0YUp2K0lVTEc3a3d5WWtVS2FySERoZ2Q2akpB?= =?utf-8?B?bk9MMzBCRjZIb0llZE5DVTJjTS9reTFucUYxL0xyRkxiRERhTk5RbUlnZnNS?= =?utf-8?B?NW5IdTRvZFdXQmNtdjU0c1JmNEtObXI3Y3BXc0VVZHNsZVN3M00zdWtYNzlo?= =?utf-8?B?MGRFTzBqQi9xd3l2VlV5LzFCTmxOV0ZnaDdhTSt3OTZlMzh5ejhmU2s0bitW?= =?utf-8?Q?KYxx/y/WdsXgN1sGLXFLWn9rPdzMmPKxI19xksn?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 6:6uvWt55IYrZwo6FXgvy3TCAtD9k26cTl9viTNRd8grnBxD4ZWDFRWUCI1D4N6E2unjm3HDcBJaE6eJK9aQowAhz7uKw11tp+nFjvosuSrt5kGc/xV9Clg7In5Q2Qe4Dx4VMJbg/CtZ5jgE8t3DnimgPbJOj5F4exf3zpFvnC7hEKtvr05WDU5o8ycUK1Fvi6jSPhEWz60q1k/1i1HJuUeSNFuGfcW1+ypPOLEj3x8yKIbJ7FTGeA6g/H02HTcBPUAbksQPIcEwwzfcLmckb4azGRjd421OvP6/J9p9MWvCmU9eph8MhqiHFO9jNDkn0huW4E2/O3s7JdbIaR1/fFVMW47a3cbRBPR9cP/RCUxa2nbBNy12E4i0lfojUufuohJ7o1MTFrcefP58EztdzwyddIqIi5eBGQ3jRQz11pyXE=; 5:Buy5r5IVCLhs6slM1Zjsk997hGfKGvjbdNkMfBu4Hae2ZtEMZ5eg4SXBELwohDd/HTt33VvnQCh5bXhuk4MwXp7xtnYmXl+x1i+YL+7GAeZWSi7V13jwqW4hCrhW7g+IjA6vV5gnN+y1aLE9Beb8mQ==; 24:yIbxVoCLST1ox1vXnmUjsUd2+v553oR8zyqGA5x6Qui3HMFfXh53ol4tZjGARbLvvMVKkL49sJyrRQR25D7XbVvBD/53T98IyIr4BqtuOEQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; CY4PR12MB1605; 7:XEYyr/Gu7Mml/X+LqDP9g3ppWMoJoEg0l5HaHgYPwP17Jf104VJ0qSiF4lxomaOa1GuKzMbAiAx/3xWD8h3iQ9JMB8aIzIO9IuN58yw7zbBV/jeSKh7MC5IhoDxGBX0cTfP4OVPnVnW2Hv/L3GQAv68l7TA3aBIiKIqHtPd85ufdm6w99W13VcbGkHrvuEWU8oQyEiWfSb26AgaVkV04apNtKFCS0GTvsVmh5+h9Olun2IO74t35gnU3Jt2Ml/k2pObvza4ESQ5Nhon291RT/AoODd1VgGkOvhX9ujPBDAPpcoZ51oZ1OEgm7dAbFOyXdd8C13YRtxy+WzImVliAnw==; 20:4hOz1aWx9QhTvRiqvCqckD8vF4t2yLjRbWO9JNP7KZB5Lgk20FMgpyWIYOMJjkXKAnfCxgmYety0kTpZ0JxHYtvnkGDqFkzWqGl4xUNCssp0VHHej3qdmD05GwnOFQYOewEhr9ERMCx8ROTEI6SPwCqKyQAvqOmz6HqJsKOE5UGQ7GaPuKFh/s1fetzqFAMZLk1OV8tfNDahJzBVVGniGXMLGpyAMW41W9Ae4VJt5Kq6EwGt2mwNIT78b3QitfN8 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:14:28.2725 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1605 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky DMA access to memory mapped as encrypted while SEV is active can not be encrypted during device write or decrypted during device read. In order for DMA to properly work when SEV is active, the swiotlb bounce buffers must be used. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c | 77 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 090419b..7df5f4c 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -197,8 +197,81 @@ void __init sme_early_init(void) /* Update the protection map with memory encryption mask */ for (i = 0; i < ARRAY_SIZE(protection_map); i++) protection_map[i] = pgprot_encrypted(protection_map[i]); + + if (sev_active()) + swiotlb_force = SWIOTLB_FORCE; +} + +static void *sme_alloc(struct device *dev, size_t size, dma_addr_t *dma_handle, + gfp_t gfp, unsigned long attrs) +{ + unsigned long dma_mask; + unsigned int order; + struct page *page; + void *vaddr = NULL; + + dma_mask = dma_alloc_coherent_mask(dev, gfp); + order = get_order(size); + + gfp &= ~__GFP_ZERO; + + page = alloc_pages_node(dev_to_node(dev), gfp, order); + if (page) { + dma_addr_t addr; + + /* + * Since we will be clearing the encryption bit, check the + * mask with it already cleared. + */ + addr = phys_to_dma(dev, page_to_phys(page)) & ~sme_me_mask; + if ((addr + size) > dma_mask) { + __free_pages(page, get_order(size)); + } else { + vaddr = page_address(page); + *dma_handle = addr; + } + } + + if (!vaddr) + vaddr = swiotlb_alloc_coherent(dev, size, dma_handle, gfp); + + if (!vaddr) + return NULL; + + /* Clear the SME encryption bit for DMA use if not swiotlb area */ + if (!is_swiotlb_buffer(dma_to_phys(dev, *dma_handle))) { + set_memory_decrypted((unsigned long)vaddr, 1 << order); + *dma_handle &= ~sme_me_mask; + } + + return vaddr; } +static void sme_free(struct device *dev, size_t size, void *vaddr, + dma_addr_t dma_handle, unsigned long attrs) +{ + /* Set the SME encryption bit for re-use if not swiotlb area */ + if (!is_swiotlb_buffer(dma_to_phys(dev, dma_handle))) + set_memory_encrypted((unsigned long)vaddr, + 1 << get_order(size)); + + swiotlb_free_coherent(dev, size, vaddr, dma_handle); +} + +static struct dma_map_ops sme_dma_ops = { + .alloc = sme_alloc, + .free = sme_free, + .map_page = swiotlb_map_page, + .unmap_page = swiotlb_unmap_page, + .map_sg = swiotlb_map_sg_attrs, + .unmap_sg = swiotlb_unmap_sg_attrs, + .sync_single_for_cpu = swiotlb_sync_single_for_cpu, + .sync_single_for_device = swiotlb_sync_single_for_device, + .sync_sg_for_cpu = swiotlb_sync_sg_for_cpu, + .sync_sg_for_device = swiotlb_sync_sg_for_device, + .mapping_error = swiotlb_dma_mapping_error, +}; + /* Architecture __weak replacement functions */ void __init mem_encrypt_init(void) { @@ -208,6 +281,10 @@ void __init mem_encrypt_init(void) /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ swiotlb_update_mem_attributes(); + /* Use SEV DMA operations if SEV is active */ + if (sev_active()) + dma_ops = &sme_dma_ops; + pr_info("AMD Secure Memory Encryption (SME) active\n"); }