[RFC,25/62] keys/mktme: Instantiate and destroy MKTME keys

Message ID	20190508144422.13171-26-kirill.shutemov@linux.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <owner-linux-mm@kvack.org> Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> To: Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Andy Lutomirski <luto@amacapital.net>, David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Kai Huang <kai.huang@linux.intel.com>, Jacob Pan <jacob.jun.pan@linux.intel.com>, Alison Schofield <alison.schofield@intel.com>, linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com> Subject: [PATCH, RFC 25/62] keys/mktme: Instantiate and destroy MKTME keys Date: Wed, 8 May 2019 17:43:45 +0300 Message-Id: <20190508144422.13171-26-kirill.shutemov@linux.intel.com> In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Intel MKTME enabling \| expand [RFC,00/62] Intel MKTME enabling [RFC,01/62] mm: Do no merge VMAs with different encryption KeyIDs [RFC,02/62] mm: Add helpers to setup zero page mappings [RFC,03/62] mm/ksm: Do not merge pages with different KeyIDs [RFC,04/62] mm/page_alloc: Unify alloc_hugepage_vma() [RFC,05/62] mm/page_alloc: Handle allocation for encrypted memory [RFC,06/62] mm/khugepaged: Handle encrypted pages [RFC,07/62] x86/mm: Mask out KeyID bits from page table entry pfn [RFC,08/62] x86/mm: Introduce variables to store number, shift and mask of KeyIDs [RFC,09/62] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() [RFC,10/62] x86/mm: Detect MKTME early [RFC,11/62] x86/mm: Add a helper to retrieve KeyID for a page [RFC,12/62] x86/mm: Add a helper to retrieve KeyID for a VMA [RFC,13/62] x86/mm: Add hooks to allocate and free encrypted pages [RFC,14/62] x86/mm: Map zero pages into encrypted mappings correctly [RFC,15/62] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING [RFC,16/62] x86/mm: Allow to disable MKTME after enumeration [RFC,17/62] x86/mm: Calculate direct mapping size [RFC,18/62] x86/mm: Implement syncing per-KeyID direct mappings [RFC,19/62] x86/mm: Handle encrypted memory in page_to_virt() and __pa() [RFC,20/62] mm/page_ext: Export lookup_page_ext() symbol [RFC,21/62] mm/rmap: Clear vma->anon_vma on unlink_anon_vmas() [RFC,22/62] x86/pconfig: Set a valid encryption algorithm for all MKTME commands [RFC,23/62] keys/mktme: Introduce a Kernel Key Service for MKTME [RFC,24/62] keys/mktme: Preparse the MKTME key payload [RFC,25/62] keys/mktme: Instantiate and destroy MKTME keys [RFC,26/62] keys/mktme: Move the MKTME payload into a cache aligned structure [RFC,27/62] keys/mktme: Strengthen the entropy of CPU generated MKTME keys [RFC,28/62] keys/mktme: Set up PCONFIG programming targets for MKTME keys [RFC,29/62] keys/mktme: Program MKTME keys into the platform hardware [RFC,30/62] keys/mktme: Set up a percpu_ref_count for MKTME keys [RFC,31/62] keys/mktme: Require CAP_SYS_RESOURCE capability for MKTME keys [RFC,32/62] keys/mktme: Store MKTME payloads if cmdline parameter allows [RFC,33/62] acpi: Remove __init from acpi table parsing functions [RFC,34/62] acpi/hmat: Determine existence of an ACPI HMAT [RFC,35/62] keys/mktme: Require ACPI HMAT to register the MKTME Key Service [RFC,36/62] acpi/hmat: Evaluate topology presented in ACPI HMAT for MKTME [RFC,37/62] keys/mktme: Do not allow key creation in unsafe topologies [RFC,38/62] keys/mktme: Support CPU hotplug for MKTME key service [RFC,39/62] keys/mktme: Find new PCONFIG targets during memory hotplug [RFC,40/62] keys/mktme: Program new PCONFIG targets with MKTME keys [RFC,41/62] keys/mktme: Support memory hotplug for MKTME keys [RFC,42/62] mm: Generalize the mprotect implementation to support extensions [RFC,43/62] syscall/x86: Wire up a system call for MKTME encryption keys [RFC,44/62] x86/mm: Set KeyIDs in encrypted VMAs for MKTME [RFC,45/62] mm: Add the encrypt_mprotect() system call for MKTME [RFC,46/62] x86/mm: Keep reference counts on encrypted VMAs for MKTME [RFC,47/62] mm: Restrict MKTME memory encryption to anonymous VMAs [RFC,48/62] selftests/x86/mktme: Test the MKTME APIs [RFC,49/62] mm, x86: export several MKTME variables [RFC,50/62] kvm, x86, mmu: setup MKTME keyID to spte for given PFN [RFC,51/62] iommu/vt-d: Support MKTME in DMA remapping [RFC,52/62] x86/mm: introduce common code for mem encryption [RFC,53/62] x86/mm: Use common code for DMA memory encryption [RFC,54/62] x86/mm: Disable MKTME on incompatible platform configurations [RFC,55/62] x86/mm: Disable MKTME if not all system memory supports encryption [RFC,56/62] x86: Introduce CONFIG_X86_INTEL_MKTME [RFC,57/62] x86/mktme: Overview of Multi-Key Total Memory Encryption [RFC,58/62] x86/mktme: Document the MKTME provided security mitigations [RFC,59/62] x86/mktme: Document the MKTME kernel configuration requirements [RFC,60/62] x86/mktme: Document the MKTME Key Service API [RFC,61/62] x86/mktme: Document the MKTME API for anonymous memory encryption [RFC,62/62] x86/mktme: Demonstration program using the MKTME APIs

Message ID

20190508144422.13171-26-kirill.shutemov@linux.intel.com (mailing list archive)

State

New, archived

Headers

Received-SPF: pass (google.com: best guess record for domain of
 kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted
 sender) client-ip=134.134.136.20;
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Andrew Morton <akpm@linux-foundation.org>,
	x86@kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Borislav Petkov <bp@alien8.de>,
	Peter Zijlstra <peterz@infradead.org>,
	Andy Lutomirski <luto@amacapital.net>,
	David Howells <dhowells@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
	Dave Hansen <dave.hansen@intel.com>,
	Kai Huang <kai.huang@linux.intel.com>,
	Jacob Pan <jacob.jun.pan@linux.intel.com>,
	Alison Schofield <alison.schofield@intel.com>,
	linux-mm@kvack.org,
	kvm@vger.kernel.org,
	keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCH, RFC 25/62] keys/mktme: Instantiate and destroy MKTME keys
Date: Wed,  8 May 2019 17:43:45 +0300
Message-Id: <20190508144422.13171-26-kirill.shutemov@linux.intel.com>
In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com>
References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Intel MKTME enabling | expand

Commit Message

kirill.shutemov@linux.intel.com May 8, 2019, 2:43 p.m. UTC

From: Alison Schofield <alison.schofield@intel.com>

Instantiating and destroying are two Kernel Key Service methods
that are invoked by the kernel key service when a key is added
(add_key, request_key) or removed (invalidate, revoke, timeout).

During instantiation, MKTME needs to allocate an available hardware
KeyID and map it to the Userspace Key.

During destroy, MKTME wil returned the hardware KeyID to the pool of
available keys.

Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 security/keys/mktme_keys.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c
index 92a047caa829..14bc4e600978 100644
--- a/security/keys/mktme_keys.c
+++ b/security/keys/mktme_keys.c
@@ -14,6 +14,8 @@ 
 
 #include "internal.h"
 
+static DEFINE_SPINLOCK(mktme_lock);
+
 /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */
 struct mktme_mapping {
 	unsigned int	mapped_keyids;
@@ -95,6 +97,26 @@  struct mktme_payload {
 	u8		tweak_key[MKTME_AES_XTS_SIZE];
 };
 
+/* Key Service Method called when a Userspace Key is garbage collected. */
+static void mktme_destroy_key(struct key *key)
+{
+	mktme_release_keyid(mktme_keyid_from_key(key));
+}
+
+/* Key Service Method to create a new key. Payload is preparsed. */
+int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep)
+{
+	unsigned long flags;
+	int keyid;
+
+	spin_lock_irqsave(&mktme_lock, flags);
+	keyid = mktme_reserve_keyid(key);
+	spin_unlock_irqrestore(&mktme_lock, flags);
+	if (!keyid)
+		return -ENOKEY;
+	return 0;
+}
+
 /* Make sure arguments are correct for the TYPE of key requested */
 static int mktme_check_options(struct mktme_payload *payload,
 			       unsigned long token_mask, enum mktme_type type)
@@ -236,7 +258,9 @@  struct key_type key_type_mktme = {
 	.name		= "mktme",
 	.preparse	= mktme_preparse_payload,
 	.free_preparse	= mktme_free_preparsed_payload,
+	.instantiate	= mktme_instantiate_key,
 	.describe	= user_describe,
+	.destroy	= mktme_destroy_key,
 };
 
 static int __init init_mktme(void)

[RFC,25/62] keys/mktme: Instantiate and destroy MKTME keys

Commit Message

Patch