From patchwork Fri Sep 7 22:36:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10592655 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E24281515 for ; Fri, 7 Sep 2018 22:35:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D2A732B030 for ; Fri, 7 Sep 2018 22:35:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C65A92B2ED; Fri, 7 Sep 2018 22:35:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 57E082B030 for ; Fri, 7 Sep 2018 22:35:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 83E258E0006; Fri, 7 Sep 2018 18:35:32 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 7EE0A8E0001; Fri, 7 Sep 2018 18:35:32 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6B8148E0006; Fri, 7 Sep 2018 18:35:32 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id 2955B8E0001 for ; Fri, 7 Sep 2018 18:35:32 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id a23-v6so8042801pfo.23 for ; Fri, 07 Sep 2018 15:35:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:date:from:to :cc:subject:message-id:references:mime-version:content-disposition :in-reply-to:user-agent; bh=MV8eJgBn3dck/e6WwiyYPrZefAOHute7GEXGzAC4J9A=; b=mEAZLPHPwyDgsWc85E5RKkjO/sHJF9iihmfSg5lKR0BZNPOQTR3WMAxpztFfmo+25p LknLB/DzDU2uW1uyQGj/zOdp1ht+t65KLS65jlgo7Tde/F/bGWeV0m6GaKMYrEaVxTUR iq2B/gRPzpHD2A8AVDbqRIQuy4tCcuTjekRppEM2w+ef30AH+gNOee27Y9SzkFRj9U3d aHB/irt/EVqDcij9qKvJN+52KtezLh4WKG/VCzfbEkvQySU4w9HKR+8pA2u92I/oS+NA g0c//CbkYh5mUMcMbUYvZeOfyZUwHMExE2qndkNQKGVZBcr0ZZQX0P8FJoYd9CKZr5LU ui/Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51CTJrpoliicxEu2Y6c0xMrMCq6svPSFuAobYoXl6yzmT8gik15n soNycTBspS6kxT4t9NNaTmhxBKoYtPYr9UnFp7I92kR40H2258rAry/tl4/UzlR9dF94AOpSjv9 NQC2lvKGRvqoGrg9dQ//0DieVB+nJfPydDTPnK6lR43i4Kaxq8P69lWvrgnEM8BnqGw== X-Received: by 2002:a17:902:9893:: with SMTP id s19-v6mr10315083plp.130.1536359731824; Fri, 07 Sep 2018 15:35:31 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZOc48bEvaqujPgOWhacOYbQzbo9a+EXjxY4ewQxZmBRClaS5elugcf2mvpa9AbLCIFMv4Y X-Received: by 2002:a17:902:9893:: with SMTP id s19-v6mr10315035plp.130.1536359730799; Fri, 07 Sep 2018 15:35:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536359730; cv=none; d=google.com; s=arc-20160816; b=OHfxUFEcVDCaX5ylLxyciwgVerAQZPKoo6Y62YjJfjnp4kXgdR1Fn+51nwN8hp8vv3 brc0jp26GvtiSeqZiJMwx4UhoB3t2YxR9hv+PHlKOY+aYWWWXrJyaC+SYI3Ip9aD6LQd 3q79lCPtUN6LKsCVS/JrmHGvu9E8F6ShnEk5gH59CsbHkYiDtj2MNlE0E6aHJyAo3VMF rNG5EL4bwAag1+XWr8eUDAnPHvaerhTpyjt0gufNVct8t0V1NaIdkmJ2GduNJnfjTte/ uYZoFj+YEXskax0JpQpS0rsKyg43EeH9wmP6U2Mn4HGMpDl+VFasvl0V8YGL2nvl27EJ xgPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date; bh=MV8eJgBn3dck/e6WwiyYPrZefAOHute7GEXGzAC4J9A=; b=r+RqirCrWYPh49Oj6kL9tCHPJnscoPCYwdzf2knKzOU8LAhMohXmyy/gfjknAsrklr JOEfbHcoJN37FMcTUOWb3NAdooGRMnYMc6dXHuTLlT+DCsjGFmT9G6kOP1Qx6+jwanT4 Da99ZONPR1+vMfxsr+24S17W2tED7pTPmrwpod2lLe7dMSLSyE/YGn+5O+1jcMx7frbe M/iH3sXAqgcsHo//ltaeFNpKAYhmeVRI6wtNlO+Snin615xx6DQ1Dm7ehdDjcjdnmL6a dawNmbsetPdgsYw9IhwDbfTSwySmCYMOwMLtwoPBBrtMZvOb6F4nYXoM1JF3KHDmQPan c6rw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id v21-v6si9288620plo.397.2018.09.07.15.35.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Sep 2018 15:35:30 -0700 (PDT) Received-SPF: pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Sep 2018 15:35:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,344,1531810800"; d="scan'208";a="71260822" Received: from alison-desk.jf.intel.com ([10.54.74.53]) by orsmga007.jf.intel.com with ESMTP; 07 Sep 2018 15:35:29 -0700 Date: Fri, 7 Sep 2018 15:36:12 -0700 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: Kai Huang , Jun Nakajima , Kirill Shutemov , Dave Hansen , Jarkko Sakkinen , jmorris@namei.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-mm@kvack.org Subject: [RFC 04/12] x86/mm: Add helper functions to manage memory encryption keys Message-ID: <28a55df5da1ecfea28bac588d3ac429cf1419b42.1536356108.git.alison.schofield@intel.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Define a global mapping structure to track the mapping of userspace keys to hardware keyids in MKTME (Multi-Key Total Memory Encryption). This data will be used for the memory encryption system call and the kernel key service API. Implement helper functions to access this mapping structure and make them visible to the MKTME Kernel Key Service: security/keys/mktme_keys Signed-off-by: Alison Schofield --- arch/x86/include/asm/mktme.h | 11 ++++++ arch/x86/mm/mktme.c | 85 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index dbfbd955da98..f6acd551457f 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -13,6 +13,17 @@ extern phys_addr_t mktme_keyid_mask; extern int mktme_nr_keyids; extern int mktme_keyid_shift; +/* Manage mappings between hardware keyids and userspace keys */ +extern int mktme_map_alloc(void); +extern void mktme_map_free(void); +extern void mktme_map_lock(void); +extern void mktme_map_unlock(void); +extern int mktme_map_get_free_keyid(void); +extern void mktme_map_clear_keyid(int keyid); +extern void mktme_map_set_keyid(int keyid, unsigned int serial); +extern int mktme_map_keyid_from_serial(unsigned int serial); +extern unsigned int mktme_map_serial_from_keyid(int keyid); + extern struct page_ext_operations page_mktme_ops; #define page_keyid page_keyid diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 660caf6a5ce1..5246d8323359 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -63,6 +63,91 @@ int vma_keyid(struct vm_area_struct *vma) return (prot & mktme_keyid_mask) >> mktme_keyid_shift; } +/* + * struct mktme_mapping and the mktme_map_* functions manage the mapping + * of userspace keys to hardware keyids in MKTME. They are used by the + * the encrypt_mprotect system call and the MKTME Key Service API. + */ +struct mktme_mapping { + struct mutex lock; /* protect this map & HW state */ + unsigned int mapped_keyids; + unsigned int serial[]; +}; + +struct mktme_mapping *mktme_map; + +static inline long mktme_map_size(void) +{ + long size = 0; + + size += sizeof(mktme_map); + size += sizeof(mktme_map->serial[0]) * mktme_nr_keyids; + return size; +} + +int mktme_map_alloc(void) +{ + mktme_map = kzalloc(mktme_map_size(), GFP_KERNEL); + if (!mktme_map) + return 0; + mutex_init(&mktme_map->lock); + return 1; +} + +void mktme_map_free(void) +{ + kfree(mktme_map); +} + +void mktme_map_lock(void) +{ + mutex_lock(&mktme_map->lock); +} + +void mktme_map_unlock(void) +{ + mutex_unlock(&mktme_map->lock); +} + +void mktme_map_set_keyid(int keyid, unsigned int serial) +{ + mktme_map->serial[keyid] = serial; + mktme_map->mapped_keyids++; +} + +void mktme_map_clear_keyid(int keyid) +{ + mktme_map->serial[keyid] = 0; + mktme_map->mapped_keyids--; +} + +unsigned int mktme_map_serial_from_keyid(int keyid) +{ + return mktme_map->serial[keyid]; +} + +int mktme_map_keyid_from_serial(unsigned int serial) +{ + int i; + + for (i = 1; i < mktme_nr_keyids; i++) + if (mktme_map->serial[i] == serial) + return i; + return 0; +} + +int mktme_map_get_free_keyid(void) +{ + int i; + + if (mktme_map->mapped_keyids < mktme_nr_keyids) { + for (i = 1; i < mktme_nr_keyids; i++) + if (mktme_map->serial[i] == 0) + return i; + } + return 0; +} + void prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { int i;