From patchwork Fri Sep 7 22:23:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10592623 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0B99D13BB for ; Fri, 7 Sep 2018 22:22:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EF8F82B3B2 for ; Fri, 7 Sep 2018 22:22:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E38212B3EA; Fri, 7 Sep 2018 22:22:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8670E2B3B2 for ; Fri, 7 Sep 2018 22:22:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 64BB18E0002; Fri, 7 Sep 2018 18:22:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 5FC7C8E0001; Fri, 7 Sep 2018 18:22:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 512408E0002; Fri, 7 Sep 2018 18:22:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by kanga.kvack.org (Postfix) with ESMTP id 0F5338E0001 for ; Fri, 7 Sep 2018 18:22:45 -0400 (EDT) Received: by mail-pl1-f197.google.com with SMTP id c5-v6so7652950plo.2 for ; Fri, 07 Sep 2018 15:22:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:date:from:to :cc:subject:message-id:mime-version:content-disposition:user-agent; bh=I+bxGMnxUVwYhD8MsFv1SME/QyV1YHGBkenqM6NqpGQ=; b=UKAZCzt7Co6STTfR2XcDmugelduRIgvD6Qb+uFHimonbcYCN2sdq6zWZ9DQWu0f8pp nl/zO/X0eXHTBagQ7PvxRhODmh+r5VpFh5Sq9EGbmG/oFjiP/6XlVgPOoc8edgWKzR9C prGsGYRqtmN4zeiajE0qNGemPxWerdY00d9dc4M7ayfaWdwH78SFLC7IarzYs1gKgrDS q1SCCHjS57a/oBRNYhwGor7H0cOEFp3E05NpEaMCZbb2/ttK9tl7nJOnqXZudrcTAxGm 8A9WBOjgOdC/uyVdUVHFE7bpNKPgOM+ZKkNzLG5E1tCpEICEGrWEtpLGu431FxbFyTFv 2WDw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.120 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51DvYyJ2HRVKSC/AgveMcjkRKFLPmRxlwFnvxtQ2DuqqDPBWegsh ra4rNIsHui6SRjXhJXlbWdTWmRryDAItm8+MDz96mhc8alpKZzwQWtTcNbmX4Owvc9MPyRt//aW xH/fqdTnNTvTJOGWKKW93mpQzdlaW+XSX+r2E5GTMJYD0NZPuXMTKKDe9ptLUuHeySA== X-Received: by 2002:a62:9894:: with SMTP id d20-v6mr10883974pfk.186.1536358964608; Fri, 07 Sep 2018 15:22:44 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZgbUTPNiY8qasBiCkd+6UfxLX2Y1BKwc1K5MJR8+yhWtdu0dbBd/aeYyFNvX34OVRDyjAQ X-Received: by 2002:a62:9894:: with SMTP id d20-v6mr10883870pfk.186.1536358963024; Fri, 07 Sep 2018 15:22:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536358963; cv=none; d=google.com; s=arc-20160816; b=GEwYnRSkVdWjJ9d1zGs8DxO5h3NYQShnSLayWJI6Pc7jCRij8hSyoQvT9kFjxQ+M4p NPyGA+GuDQDoVYU4gXNwX87K2vj5dVjq7HcBKWP1UYRDXn/J9WfivrgJ3BwdeB2orJEb JPfcgjlxoJHHIGvlecf5MeHwLjlHxg11gtSjzs4WLrLKJrThY+RhEMY+6SMhyBlt1D/O pIeUhqVB8c7OtjM8kUobsM0j9UE7lSTWRVMei1MdrjRLFI9xuL/XImzrQI5r2McLNYKY X7n5otwhL0Ld/5coG+cQ10/Ikp6sK1ez/HVdKqvD3sDojib/btCljyOHbfgrjwJbET7v S1xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:content-disposition:mime-version:message-id:subject:cc :to:from:date; bh=I+bxGMnxUVwYhD8MsFv1SME/QyV1YHGBkenqM6NqpGQ=; b=Gr3b4Z0NbIsu7bm8dlhS/pKw+Fs+vkIcwOK+OoXCN2J/31owyq3OFZB/izGOEYlUnz 0bLY0eAbKZqrZCkm7Z5O1ryHXajybe/h2fz2/LU3YwMYbam/sdVGop9gjd+4X5Iw6E75 abNrXIuaC0TaGT/S1zMuTcGqONinnkjJJ3M+hVXFdKWruKpn6+gG9S5MMhkbC5b2NEgy 2BMfs1KyyBI0eWgJrkPk1WXgR9bdVAkOFVE8wH12dv+UYErEhrVRZaEtJyI7brIlXwri oh2KdhW1CrJB0IZ6jXOlYdNXp2TQHUFRngPMfVFtUuXUM7eYde+bFT48OogmsAtmh44F Gurw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.120 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga04.intel.com (mga04.intel.com. [192.55.52.120]) by mx.google.com with ESMTPS id z10-v6si9491641pgh.310.2018.09.07.15.22.42 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Sep 2018 15:22:42 -0700 (PDT) Received-SPF: pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.120 as permitted sender) client-ip=192.55.52.120; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.120 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Sep 2018 15:22:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,344,1531810800"; d="scan'208";a="89919124" Received: from alison-desk.jf.intel.com ([10.54.74.53]) by orsmga002.jf.intel.com with ESMTP; 07 Sep 2018 15:22:42 -0700 Date: Fri, 7 Sep 2018 15:23:24 -0700 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: Kai Huang , Jun Nakajima , Kirill Shutemov , Dave Hansen , Jarkko Sakkinen , jmorris@namei.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-mm@kvack.org Subject: [RFC 00/12] Multi-Key Total Memory Encryption API (MKTME) Message-ID: MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Seeking comments on the APIs supporting MKTME on future Intel platforms. MKTME (Multi-Key Total Memory Encryption) is a technology supporting memory encryption on upcoming Intel platforms. Whereas TME allows encryption of the entire system memory using a single key, MKTME allows mulitple encryption domains, each having their own key. While the main use case for the feature is virtual machine isolation, the API needs the flexibility to work for a wide range of use cases. This RFC presents the 2 API additions that enable userspace to: 1) Create Encryption Keys: Kernel Key Service type "mktme" 2) Use the Encryption Keys: system call encrypt_mprotect() In order to share between: the Kernel Key Service, the new system call, and the existing mm code, helper functions were created in arch/x86/mktme This patchset is built upon Kirill Shutemov's patchset for the core MKTME support. You can find that here: git://git.kernel.org/pub/scm/linux/kernel/git/kas/linux.git mktme/wip Alison Schofield (12): docs/x86: Document the Multi-Key Total Memory Encryption API mm: Generalize the mprotect implementation to support extensions syscall/x86: Wire up a new system call for memory encryption keys x86/mm: Add helper functions to manage memory encryption keys x86/mm: Add a helper function to set keyid bits in encrypted VMA's mm: Add the encrypt_mprotect() system call x86/mm: Add helper functions to track encrypted VMA's mm: Track VMA's in use for each memory encryption keyid mm: Restrict memory encryption to anonymous VMA's x86/pconfig: Program memory encryption keys on a system-wide basis keys/mktme: Add a new key service type for memory encryption keys keys/mktme: Do not revoke in use memory encryption keys Documentation/x86/mktme-keys.txt | 153 ++++++++++++++++ arch/x86/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/x86/include/asm/intel_pconfig.h | 42 ++++- arch/x86/include/asm/mktme.h | 21 +++ arch/x86/mm/mktme.c | 141 ++++++++++++++ fs/exec.c | 4 +- include/keys/mktme-type.h | 28 +++ include/linux/key.h | 2 + include/linux/mm.h | 9 +- include/linux/syscalls.h | 2 + include/uapi/asm-generic/unistd.h | 4 +- kernel/fork.c | 2 + kernel/sys_ni.c | 2 + mm/mmap.c | 12 ++ mm/mprotect.c | 93 +++++++++- mm/nommu.c | 4 + security/keys/Kconfig | 11 ++ security/keys/Makefile | 1 + security/keys/internal.h | 6 + security/keys/keyctl.c | 7 + security/keys/mktme_keys.c | 325 +++++++++++++++++++++++++++++++++ 23 files changed, 855 insertions(+), 17 deletions(-) create mode 100644 Documentation/x86/mktme-keys.txt create mode 100644 include/keys/mktme-type.h create mode 100644 security/keys/mktme_keys.c