From patchwork Tue Dec 4 07:39:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10711223 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 25ABE13BF for ; Tue, 4 Dec 2018 07:37:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 139192A46B for ; Tue, 4 Dec 2018 07:37:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0741F2A544; Tue, 4 Dec 2018 07:37:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 980932A46B for ; Tue, 4 Dec 2018 07:37:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 407E16B6D92; Tue, 4 Dec 2018 02:37:27 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 122E76B6D8D; Tue, 4 Dec 2018 02:37:27 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C43E76B6D8F; Tue, 4 Dec 2018 02:37:26 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 558D16B6D90 for ; Tue, 4 Dec 2018 02:37:26 -0500 (EST) Received: by mail-pf1-f198.google.com with SMTP id y88so13328217pfi.9 for ; Mon, 03 Dec 2018 23:37:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id; bh=kdIRU/g5/FOGBxdKrDS0aSoMDw+4LlqUdeobeykuazI=; b=FcT7kINU+6oecZh6GPd3F6nviL15LHv4hvfLsASHN+xU5ngully6MbO2GUYQSfZ5Xm s8mGMWmlxgS340Ph/ZS/WPxsm6aalhpUcZO5nArNRCuUaI59XMWxgVFQdqHia4UXgPNT CSxo8Nmcp7+TIvm0Exl7/G8dwNaZICyuynhshHTd37ChzB5Fn+BR7jH8CbepdxNIom6O 0sC6/N902v/wtESsR0QvZIpFzEZSr/T1TFTmuHczscqwnVZ4Ucr6MZnQazihuRIVkYdw f8G39LP2y/2vYOSdJg0xlHrwnrl6mQDFTyZB5m1y72yiwv6XhsQIjbvbM5Ar8DtxVZ4k UKHg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: AA+aEWbbzXISSVBPXAQ68afJyzOiMXc+wEJhrYiS1gWpqr4rvyIhwEiX cxAZ82TJ3RJCDVet9UIMqtG7gxILcoHKtqkoJz2SkdIyyQ2YRvnxEPIttBqrSQBDvvwbKcaHJlc Gl+2PSPosGG6l2mRdBwMvy8GjbbZZ/wKqjeIoaZZCFmYpU9oo5vr6THeTxgPIdVm7KA== X-Received: by 2002:a62:6799:: with SMTP id t25mr18979295pfj.139.1543909045949; Mon, 03 Dec 2018 23:37:25 -0800 (PST) X-Google-Smtp-Source: AFSGD/WQSIoA5xXQbVz7OfOWPDLcbRtLXIACunrKAyaJmt4d3OlhNZmBFsivFB5lXxTY3H6A1/RT X-Received: by 2002:a62:6799:: with SMTP id t25mr18979260pfj.139.1543909044934; Mon, 03 Dec 2018 23:37:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543909044; cv=none; d=google.com; s=arc-20160816; b=AAwkxSrXwVJDEJimszvS3tqpYdgIgj5Fa17kmPu8IzK2eH/UdaRcEfuTmgLolFoiLZ 8ph6MNbWLoyDyz/3xfBm/PzZIfWeNnKpBOM834nG/c95YayT5XUOFIUl2/rAtO+WuHfb qW3tfsXdJwQXw4PgPNCqYh6376ZmxEIOBNPqzXvvRAGOsElkde1w/r1NNpwgCH/PVKsz kZSZyogWC4a8hjhhfY8UoGS0K2ep0j6RH8bl7aIefaC28B7ENZ/gMAk7LDAk8ZXqoqIs 0ultTf2uYz/DKkjfLbEerSWen7P/SM+A5Khcnmltynjr59SqdSJUF1z1Q7zgD3NSEL/+ NuOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:subject:cc:to:from; bh=kdIRU/g5/FOGBxdKrDS0aSoMDw+4LlqUdeobeykuazI=; b=bGg5BR3O48hpNypaOFuFk3MHNDLqLqHlr8IpzaV95eE6qJqUynIlWxqOg6nTbMiFSx dcQnhfGMiETnEiw21EYcHfwzEhKHi9EXBszbCDh0BUdqp9YjQKA/OjJIBU0+XM4MpFp4 eFUrXkYE58GvjvAJfIXPGIsrcUm+VxHqswDtiBAlxr0gUljLW63+9yznkZ/oitoCnIU0 HGqWSeSd43JAzzc+vv2qAnlge0W1ah1AnRbbMP/lwjsEkiPKkqGr9MvCXvUShtYQ9YcK RiMiP3RSbwDqFk8JULosAxAViCf1heBMcKE+JO8GZefL545gJry49WW13xSorInA82+I Gs0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id s13si14970777pgc.509.2018.12.03.23.37.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Dec 2018 23:37:24 -0800 (PST) Received-SPF: pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Dec 2018 23:37:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,313,1539673200"; d="scan'208";a="107105256" Received: from alison-desk.jf.intel.com (HELO alison-desk) ([10.54.74.53]) by orsmga003.jf.intel.com with ESMTP; 03 Dec 2018 23:37:21 -0800 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: jmorris@namei.org, mingo@redhat.com, hpa@zytor.com, bp@alien8.de, luto@kernel.org, peterz@infradead.org, kirill.shutemov@linux.intel.com, dave.hansen@intel.com, kai.huang@intel.com, jun.nakajima@intel.com, dan.j.williams@intel.com, jarkko.sakkinen@intel.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org Subject: [RFC v2 00/13] Multi-Key Total Memory Encryption API (MKTME) Date: Mon, 3 Dec 2018 23:39:47 -0800 Message-Id: X-Mailer: git-send-email 2.7.4 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hi Thomas, David, Here is an updated RFC on the API's to support MKTME. (Multi-Key Total Memory Encryption) This RFC presents the 2 API additions to support the creation and usage of memory encryption keys: 1) Kernel Key Service type "mktme" 2) System call encrypt_mprotect() This patchset is built upon Kirill Shutemov's work for the core MKTME support. David: Please let me know if the changes made, based on your review, are reasonable. I don't think that the new changes touch key service specific areas (much). Thomas: Please provide feedback on encrypt_mprotect(). If not a review, then a direction check would be helpful. I picked up a few more 'CCs this time in get_maintainer! Thanks! Alison Changes in RFC2 Add a preparser to mktme key service. (dhowells) Replace key serial no. with key struct point in mktme_map. (dhowells) Remove patch that inserts a special MKTME case in keyctl revoke. (dhowells) Updated key usage syntax in the documentation (Kai) Replaced NO_PKEY, NO_KEYID with a single constant NO_KEY. (Jarkko) Clarified comments in changelog and code. (Jarkko) Add clear, no-encrypt, and update key support. Add mktme_savekeys (Patch 12 ) to give kernel permission to save key data. Add cpu hotplug support. (Patch 13) Alison Schofield (13): x86/mktme: Document the MKTME APIs mm: Generalize the mprotect implementation to support extensions syscall/x86: Wire up a new system call for memory encryption keys x86/mm: Add helper functions for MKTME memory encryption keys x86/mm: Set KeyIDs in encrypted VMAs mm: Add the encrypt_mprotect() system call x86/mm: Add helpers for reference counting encrypted VMAs mm: Use reference counting for encrypted VMAs mm: Restrict memory encryption to anonymous VMA's keys/mktme: Add the MKTME Key Service type for memory encryption keys/mktme: Program memory encryption keys on a system wide basis keys/mktme: Save MKTME data if kernel cmdline parameter allows keys/mktme: Support CPU Hotplug for MKTME keys Documentation/admin-guide/kernel-parameters.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 11 + Documentation/x86/mktme/index.rst | 11 + Documentation/x86/mktme/mktme_demo.rst | 53 +++ Documentation/x86/mktme/mktme_encrypt.rst | 58 +++ Documentation/x86/mktme/mktme_keys.rst | 109 +++++ Documentation/x86/mktme/mktme_overview.rst | 60 +++ arch/x86/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/x86/include/asm/mktme.h | 25 + arch/x86/mm/mktme.c | 179 ++++++++ fs/exec.c | 4 +- include/keys/mktme-type.h | 41 ++ include/linux/key.h | 2 + include/linux/mm.h | 11 +- include/linux/syscalls.h | 2 + include/uapi/asm-generic/unistd.h | 4 +- kernel/fork.c | 2 + kernel/sys_ni.c | 2 + mm/mprotect.c | 91 +++- security/keys/Kconfig | 11 + security/keys/Makefile | 1 + security/keys/mktme_keys.c | 580 ++++++++++++++++++++++++ 24 files changed, 1249 insertions(+), 12 deletions(-) create mode 100644 Documentation/x86/mktme/index.rst create mode 100644 Documentation/x86/mktme/mktme_demo.rst create mode 100644 Documentation/x86/mktme/mktme_encrypt.rst create mode 100644 Documentation/x86/mktme/mktme_keys.rst create mode 100644 Documentation/x86/mktme/mktme_overview.rst create mode 100644 include/keys/mktme-type.h create mode 100644 security/keys/mktme_keys.c