From patchwork Thu Mar 2 15:15:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9601311 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 68D1F60453 for ; Thu, 2 Mar 2017 17:59:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5E997285AF for ; Thu, 2 Mar 2017 17:59:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 52818285CC; Thu, 2 Mar 2017 17:59:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 47271285AF for ; Thu, 2 Mar 2017 17:59:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754650AbdCBRz4 (ORCPT ); Thu, 2 Mar 2017 12:55:56 -0500 Received: from mail-sn1nam01on0084.outbound.protection.outlook.com ([104.47.32.84]:65264 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752680AbdCBRz2 (ORCPT ); Thu, 2 Mar 2017 12:55:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CGZPEc1Mjp6A+4e4ps8CqQJcYsqoEZlnDz2JViPL5Ak=; b=atsqvsW2aSeg+fYir9Gx2XQBo1AzzrIUwYD+nEAfVRPipDDpQqbt7gwV1L5NgUMSmipfZLIF0giLaIOJhFlYKrlwzcRBaOTUIJn+2txvRAHgl1lASqKYL8vktWEJSvnn/J5wT0ga6xdQ0eMAHYS3n1tGJo21w2uaQb8bn+u5Crc= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by DM5PR12MB1612.namprd12.prod.outlook.com (10.172.40.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Thu, 2 Mar 2017 15:15:30 +0000 Subject: [RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:15:28 -0500 Message-ID: <148846772794.2349.1396854638510933455.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR09CA0040.namprd09.prod.outlook.com (10.172.184.154) To DM5PR12MB1612.namprd12.prod.outlook.com (10.172.40.18) X-MS-Office365-Filtering-Correlation-Id: f1a17d6e-331f-4d0a-a5ed-08d4617ef78b X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR12MB1612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 3:U4vc8x7Pua6iXEOFk9y7Uhyo0FKgcyyjiNMDMGjDzOoIY8nVwPPzd7ezO/QLhYmu6xWGw8oI0tCRsWlO02tznbCxL/FkkaeOKiQFyoEd2soGnwZj9Kr+WlbMz3tWTPxhzPBojrgpR7w2rKwEPrzDWFoNylUKRSAwqUPZRjN3lrdA/9XqKJLh9NIYll6axu4U3kKsrKEYtFihaEH0yCQVxf5WPjz+7+ZRPeK6rw5E901HNWtpwXEln5cjRhvWlhSLJ7CqmXBfIiudb0+W6obpZh0epzugHbzzcKJWrWnpaj4=; 25:Rk461O5C3/1qdqpnFhWiAhFIgmD19Jtivd74ji1lrml7vrNl7qDOvTm6QlA2ofsede18owiea+2SXdOZsJarWBzxpLxBvrEMMDQAsViJPlbguGbUEFXt6oOGfXzUQ/E2iX6DuYKJ4GV9sOt6dZZOOIq/49EeTYyNSrd/ptVJN6fm7/K2xzNbsSeZu9WvUfYqyh8haQopzyQISuYYfnyYOZFVfWplV/DfnIsh6NzOKYf2disY8vYPYASjK9esBRzwpJCztLm9NGVZoe5071ZvVWRvhcj/hRd6boN04e/G6j6EN7AM525nkxEBwNfF95wRqQf6UIDdSsPVf0p5aJqjRcs0Ki57egmep+7PgYVn0JvETjn0Db1z4oOzl7EGo3wUtojTmVCWMXVmf4eH/vHJFSIywwZnIqNy5MTzsSymftzXR9hAep1bWs+jdfuDbeG/ X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 31:zIO7DRux3jhlM8/oGTz+ghKDGKOCMW1Aymshz0n7FdZM+6f0eK4zwOT8ibkFR4NP8/ELMC4XOfDSXckvJc/6CS3PZj7trFsj3Fhl2ZuuSlFAY5pt/39a9wFJ1j1WrSG6hlYV/SQabjVbAZZ7VgNO1p2n0/NJ4PHKecf8TpQgOGNjYqdFvh32IbfQuU6iCqd1V+ZwhrkFtN0l24pGSKzq6Uf4lqkKZ04Iwq4I3PvpaMk=; 20:4WwtljIQo3hw2SA0BIldAKdoVVCDxMtTT65plL7h3afvBaqrVuqoQJRmjZP8eqpxigFY9fvV2U6IlJwB1EErSdsg6wUWh4Q1K/7zSAOYSmjsBUM2cEkVzTYFecjvG73I4LAKcYLh8Y/uejjje1PYvFXwK4e3b5sC/Mq7y04WZ2ZH7eeAgQc3cHgpmZPNfShjp84Se89l16n6kqzj8Xe4qIqHGDtMy3mMka4ZmQZ5odfPnW7MnUsYKKWakvoR2GMKHStsFbv/0kYQSzuXyvq/zus4h0t6hL6ybxTaFVbzFkfdxY3Whg+Tps3332jm8UMy16lrLXdBW3wlls8DaD8HvD5P7RO9iEoXRSpbJ+e1LWc5c9Cp5cCmQ5GOoqGLViVzcHtTV/jMG/m4fDXKmmFONXYJ2hGn6k4rXUtER1ZAEGmH3FKndsBBxrc8kCyFRm7lKSRBOJpmecX1ageGhIdHaMurEYAE3cnzArbYbGOKteSzxr9HjdPRDR2iyMOx9//I X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123558025)(20161123564025)(20161123560025)(20161123562025)(6072148); SRVR:DM5PR12MB1612; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1612; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 4:Q5iK9khVN4OHvG1RGIEku3k8XYXIkmZMxefHpWGphstXmtmVkNwWLwiGF901GmOXzt2D1uakYvsqx0h16hh93QdGcBc6rka38v/Ej74vDWgY79c5SlDDjNBlodpe/G3sFRQOowkTUqCE7wfrf3Wv3YZm285jM9s4ankiPmLUXHcHW8fzWZ+SzGEUNX5hpe+K8PkprmoqKD+D05sVRYpo1NmxWqosEEd9IL1fIG3LSjX7bWMf707aSsToTmDVjxJrfT5j1h2PImLF8xh+O7S5Ot5uRTpjZ0BA+uMr6uyRABq1DyT9XpDrc/xwrdVF+k2eh9D1G7rYRWV7vSzLZ0/iKb0TD54GrbHBiFPaF1NrnHda0OcE9PZz29wp0NN15IfP2HQWGO0K6AAm9HSAokpejs6D+2YsoiaQbS3PVj4efO3QIUBn26KX7znVaH11NNYEx3pIm3nvoo9nE8nAV5nb7ls3rIlegzEMlW++DS6VPlJFxejlNIJ5EpdvHNU7gJhVv2pIIRIvXgdMSkhIGn9jAfLrjOzQ0WDXZ1K8ceGioc/46LMbIxZOfWMEQlOTDmF80Hxx+vVqwUYP6WNcK13MbVrxqrG5s9BFOuc9jQ/B2pnIfkWZ8vrR3D1uvF6VMSr6yHWcM06OV6qqMMGMHgNKl9JkxJnrhpsQLU7gF5V+5J0= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39860400002)(39410400002)(39850400002)(39840400002)(39450400003)(38730400002)(1191002)(81166006)(92566002)(42186005)(8676002)(2201001)(6486002)(77096006)(25786008)(90366009)(2950100002)(83506001)(53936002)(9686003)(6116002)(47776003)(33716001)(86362001)(5660300001)(3846002)(7416002)(103116003)(50986999)(2906002)(575784001)(50466002)(230700001)(7406005)(7366002)(54356999)(305945005)(23676002)(7736002)(66066001)(189998001)(76176999)(33646002)(921003)(83996005)(217873001)(2101003)(84006005)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1612; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxNjEyOzIzOmxKd2tmZkFaSXBPZ2VYYzR2MU50MXpiNXpK?= =?utf-8?B?dVA3K3NkVkZjR040b3BQQ21DaHQvU1BwQnJCMmc1K0w2WERwUnpkVFNRR1Q1?= =?utf-8?B?M3VkS0NFZDRHVVM3Vit0dVNzcGx2NnM3NmZmMUxWcGxzNzVzS3lLaU9Jcitw?= =?utf-8?B?c1VLWjV1WWZCblB1RStLWGI5d2hhVFp0UEVLbW9ZRWtzOWF1ODNodEc3R1NC?= =?utf-8?B?bW9EcTYvKzcwdlJIdDdUNWp2NXh3U3Z3TEFySjNTQVRQd2c1dkIzd0o4VW1M?= =?utf-8?B?eXBJWGRWUWxMRWRuVFZBYW5QQUNvdzJoT2QxNDdvZ2RZRDYrYVBBcHlReEhp?= =?utf-8?B?MnpNc29PK2ZaTDdzZEpRVWhSQUV0eExGSVYwWFdjbUxSMFZ2bVM3WklpblYv?= =?utf-8?B?VmtJOFMxMXRRYmZQQTk4MWJEcXNmYkRNeHJPV21VdEJjYlhNZzVPUmloODE5?= =?utf-8?B?cDB1b05xbWdKbE5sWUp5djBXejZSY2FWWWlueTJrUjNBcW9BcWJrNnRWRXVm?= =?utf-8?B?OSsxMkd4N1hibmRIOG0vUlFOM2FqMHBvalltUUtZSVVGS3FxOEJmalZtTmZR?= =?utf-8?B?U1dsTXkyVmVyRGdaOTlGOTAyVWRCeUd5aWpaQVE5Qm9qZjdzMWpHUitlOUtT?= =?utf-8?B?YlFNYk1yaGo2d3dCRzk2OWNVYWdQU003Znh4TTRDSG5WZ1JsRTY1KytkdytD?= =?utf-8?B?elBoZCtiZG5ya0ZpeklRWUQyN0dRZEQrZlJGMU1FMVljWUVwRnJzN2sra2Fw?= =?utf-8?B?Q0V3bnJaVFMvOWZIdHdLYmdWdnE5NkZqcFpWRVpRYXF6OHFWZjBia1BPRjJx?= =?utf-8?B?UHNxdnhKR3VXcnduWmJCK2RSM2Z2d1M0emU5L2hZbUpnTGZmbVhnTlhVUDB0?= =?utf-8?B?aUtvcXQ5dVRqc2s0NEdHN0JCa2VQU2xwcXBkNkZxUVJ6V0xWVVVTWDRJU0J4?= =?utf-8?B?SHgxRGwxTkR4eXZaSFYrbGNFN2Z4TUhKTmIraU0rcE5RZXBXRnhxTE8zSWEr?= =?utf-8?B?VlFsd1MvOE5oc1NETE82dkNXUm5PWEovNW54WTF0NTFtUHNKdG91MHFRKys3?= =?utf-8?B?LzZUc0crQm84S01zb1lUUnlFdzVzem1kTXlBMVNJYzE2ZHBIU0tCUmt0T2Uv?= =?utf-8?B?SEZnZm9HTmxpTEJYeHVmU0VDMW0yRzdJMGtZTDFYS1g0V1p3c3JoNm83alhk?= =?utf-8?B?T1Y5S1p5eWVSV3lPaTUwQVJFLzg5dEcybGkzMWYvUXV6cm1WWXhHdStKWGE3?= =?utf-8?B?elNPRE1Dd2tnY09iUzBMRDlzSDVESDlFWlV2Y3RZbG5qakZiNkNpTzdKVEZH?= =?utf-8?B?NzZ6c3VNcHpTeTJaMlhaSzdUOE5rNUc0cjh5NmFLeEhPUFdBMkQzMjhNTGNN?= =?utf-8?B?ODRCWFFjL0hYM0RyNTBmNG1uQVZ0UUYxRWRVc1VNNk8yZ05LRnhQTnRzZVlh?= =?utf-8?B?UDFseWJGUDBvL1ZKb0Z1bXU1czA5UWtoaHZhby9Wb05ZalIzSTVtRDV6Q2lw?= =?utf-8?B?MmNhMUZ3U1Q2VlRUNUEvODJzazlFamgxUHlwVVVsMWFlSDlsU21jZXRBOG1C?= =?utf-8?B?MkRJbk5VUFpocUV6ME96dFVPK2FXN2ZWNjZKUHIxWkd6WUZXdGNDNWJNSGFD?= =?utf-8?B?dnpMbFliemM2bkZVWFJTb1RHVEl4RE9kWE9DdFo0MUxTU0VGaEtuMDY0eDhG?= =?utf-8?Q?/8KFDdVwx2Xn4XydhvecwTY9ocFDPkvQTceg4Dt?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 6:G9mLzqgXSlJButjcQpAdjp9jTf4KEzBrEvZ91Bld/tGlW8ThOKIT3ZA+OR8XMZjdtWH1dhdQkd2A0W5hyVUqVHGoqynNj4Tmq8msOVXMJPV4Ydfmt7NLIBXsTWuqAjUsMY+RqKbhtrQyt9hhfoV68lpMRGtqPB77WJCIN5Zq0ADhTH1WNhQdeMGCMqaAQ9uCxGXZuAY/b1qL7ml2P7+7nGqUQM2BrVqfY479nlfWTjczGoI5mCW+OO/ikNDLUibBKiS1yIwxHGTFKEQvBjXy7AkfOl4eHB0g+LhYpZQW6KC83E/waUTXmrP+MtXqvHLeyImrzrheXqWLuSunG9H0GjYtSCa4qD0BD0V4CS0bTsRe1dHqnmhvz3PfkPdvdtsqpoDcYLuUZ/IgglMGHnugveHyscoGpYNM6m0fYFs7oDk=; 5:QYSVlNjWqfEctXiaPDgsFXf/vhYL3VKVq32lxYW9jCbXFwsS43WkZ0N+08FQ2h1fl4fszd0bjhH8xMl3B/7sLhG4nej6OD9L69JfG4FWJvyOqUtbUZM0YVQ4Kof5bn4PEOkHmj9M89TvsOfaQi3TYw==; 24:tjH9Sdu0zLqxMaIhNqTO9q4Q0asNuv6xqVne99CbGoUV/AWizPmJxBCMqVcQp2wiVIKeAl+JmGEnRFYqFMesaBXOteQm8m8K/gb5Eczv21k= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1612; 7:CQ8tNNfZVmhXlwAnQNFwkNQxw9FJhe3L+uW7OYQ3wlaPYAXJ141F3QEMkd9o8biDUZUDyt0kKcTgNupiNYIC+WmeV3FHUHYX96lnoHh2kCe0sKx6h4iMaqo8eJVdC+33/Qh0/ulV7r4/x6kZn7/V1c604HlKXUAWxxPGNerESwI/rHRAZ9vWg7gjK/2IpyElm5hKY2Dk6SVeRFjAiV/JE4fg2xTCDFLwQ5YNEAhHuT4OSn4HWn2itmoYMqBDt01fhqfFzZjKCZNMKupqee3fok2GbvoTt5k7ER3lhAeUCQDXA/01CIMcIh056z9zR2GJE95w6lOa3iYMGyggNbV8TA==; 20:j9zNXqXcsQFdcHBfwfiqOO6337Wr8c3lDsmAHJF1jp0xezAJqc8iOKxfrpF/h5aM65LPX94IDA0W84dDilO6j35feS+KBdDP/8CX1VOI2iE5OyeaUh0LGGprkypnWMkS/rfN0sEtxTY+XkqBSIs4c6q33sfV+R19x03bB0q+tqYzVzpMsJKZ8C16Vjsxmpv/KPu52IpcUqtUZx/UDd+2xwKrCcu5HNhTo2M6DA2grsw8h5lOOHuXGNSVIGQPpWJF X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:15:30.0949 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1612 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Some KVM-specific custom MSRs shares the guest physical address with hypervisor. When SEV is active, the shared physical address must be mapped with encryption attribute cleared so that both hypervsior and guest can access the data. Add APIs to change memory encryption attribute in early boot code. Signed-off-by: Brijesh Singh --- arch/x86/include/asm/mem_encrypt.h | 15 +++++++++ arch/x86/mm/mem_encrypt.c | 63 ++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 9799835..95bbe4c 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -47,6 +47,9 @@ void __init sme_unmap_bootdata(char *real_mode_data); void __init sme_early_init(void); +int __init early_set_memory_decrypted(void *addr, unsigned long size); +int __init early_set_memory_encrypted(void *addr, unsigned long size); + /* Architecture __weak replacement functions */ void __init mem_encrypt_init(void); @@ -110,6 +113,18 @@ static inline void __init sme_early_init(void) { } +static inline int __init early_set_memory_decrypted(void *addr, + unsigned long size) +{ + return 1; +} + +static inline int __init early_set_memory_encrypted(void *addr, + unsigned long size) +{ + return 1; +} + #define __sme_pa __pa #define __sme_pa_nodebug __pa_nodebug diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 7df5f4c..567e0d8 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include @@ -258,6 +259,68 @@ static void sme_free(struct device *dev, size_t size, void *vaddr, swiotlb_free_coherent(dev, size, vaddr, dma_handle); } +static unsigned long __init get_pte_flags(unsigned long address) +{ + int level; + pte_t *pte; + unsigned long flags = _KERNPG_TABLE_NOENC | _PAGE_ENC; + + pte = lookup_address(address, &level); + if (!pte) + return flags; + + switch (level) { + case PG_LEVEL_4K: + flags = pte_flags(*pte); + break; + case PG_LEVEL_2M: + flags = pmd_flags(*(pmd_t *)pte); + break; + case PG_LEVEL_1G: + flags = pud_flags(*(pud_t *)pte); + break; + default: + break; + } + + return flags; +} + +int __init early_set_memory_enc_dec(void *vaddr, unsigned long size, + unsigned long flags) +{ + unsigned long pfn, npages; + unsigned long addr = (unsigned long)vaddr & PAGE_MASK; + + /* We are going to change the physical page attribute from C=1 to C=0. + * Flush the caches to ensure that all the data with C=1 is flushed to + * memory. Any caching of the vaddr after function returns will + * use C=0. + */ + clflush_cache_range(vaddr, size); + + npages = PAGE_ALIGN(size) >> PAGE_SHIFT; + pfn = slow_virt_to_phys((void *)addr) >> PAGE_SHIFT; + + return kernel_map_pages_in_pgd(init_mm.pgd, pfn, addr, npages, + flags & ~sme_me_mask); + +} + +int __init early_set_memory_decrypted(void *vaddr, unsigned long size) +{ + unsigned long flags = get_pte_flags((unsigned long)vaddr); + + return early_set_memory_enc_dec(vaddr, size, flags & ~sme_me_mask); +} + +int __init early_set_memory_encrypted(void *vaddr, unsigned long size) +{ + unsigned long flags = get_pte_flags((unsigned long)vaddr); + + return early_set_memory_enc_dec(vaddr, size, flags | _PAGE_ENC); +} + static struct dma_map_ops sme_dma_ops = { .alloc = sme_alloc, .free = sme_free,