From patchwork Fri Sep 7 22:37:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10592669 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 58A7914E2 for ; Fri, 7 Sep 2018 22:36:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 45D9C2B030 for ; Fri, 7 Sep 2018 22:36:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A0F42B2ED; Fri, 7 Sep 2018 22:36:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B64922B030 for ; Fri, 7 Sep 2018 22:36:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CAA7B8E000A; Fri, 7 Sep 2018 18:36:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C59BB8E0001; Fri, 7 Sep 2018 18:36:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B23568E000A; Fri, 7 Sep 2018 18:36:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 6CA688E0001 for ; Fri, 7 Sep 2018 18:36:52 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id g5-v6so7819018pgq.5 for ; Fri, 07 Sep 2018 15:36:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:date:from:to :cc:subject:message-id:references:mime-version:content-disposition :in-reply-to:user-agent; bh=3GsxOQZfLmhugk38wIv/KdRj/EQxusvb+v+ke+/+4/Y=; b=QbrMUPn2HyWq/z2e+p8sWZCqL4LErGYkeekggwKg4MDEd7QmS/CZL67b7UA8Xsswqp PXc+vlHUoPn4x1x4nZdfvE+6BSj0XV8xVSP+WZRv0xSum+90ADMDPS7Xym7IMuGR5QUm ZVF0E5qmr4QOc1VCb/SfaaaHoWVEzyhHHE646c+pm9XxF1eEWBchr7R+Qnl8BY/MH0IQ BsltkwIooMe50U4y6A4JrMNrghyIuBjWRSeMBc2c5Gtuph2bGijdlZ/BraKnwjc9k2/M WnQpaRx+MRkkuCVK0IvQgtP1QNCD8VWNFrMbZF06VMw0mrerUqKKrdQ9mYl+xTZrsljL Y07Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APzg51DgStWty7T1RZKx1ejwz6LOuthz7FiZva5+Sb1WE+qWw3o3GL52 3dtsxxT2Ka74ltjaEuAmSb+nFNE22uVe8YYBaG+M/WaxUKVI96h6nQfDiNzwI1YyuwuIbmePJPO 7xC0L6JPDZxo7k6ASl+6JGmc6YwHh5VghNHZyYcU+jqDEHMcwzl2tRmRuF8v3uBjt7Q== X-Received: by 2002:a63:5815:: with SMTP id m21-v6mr10509408pgb.78.1536359812077; Fri, 07 Sep 2018 15:36:52 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda7/jkwPGyyNd/OSUFUcz4sXxaKh4eLnk+8iO9d1V0UUg4y46hsa0VMFVLis0k0JBKGgolR X-Received: by 2002:a63:5815:: with SMTP id m21-v6mr10509371pgb.78.1536359811282; Fri, 07 Sep 2018 15:36:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536359811; cv=none; d=google.com; s=arc-20160816; b=CSbIiN36HcQ/+RZaJg2eh1p/cyswn7QRqPn7qQtE37z4E3a+tEQmyBbYN03/04IMfJ 7MQqTYGaEbCyP+r9xDC/T8S8DNr7E67Y0Oq+DUZPfNjdsxy4nrRfcXr6wCIdEeEtyKjD gm10TKheGAKmLD4ym72ycAM8PorR4TvBMoA7PCFF7Dp+sfbLn0PCo3868NYR6oqyQvrG YCkT4rX6tDuQb92hiEu102Piku5aIIDDgy9KYCZvkUhpwXvrdrvlkFYIG+o4pJE9qE9v 5Qktk58n10aw/J+Bx7fc+T91Yv+/IaQPlYyH6M32DOvgRLW77Z2yFo4QzkF0ihsPyzKq ecIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date; bh=3GsxOQZfLmhugk38wIv/KdRj/EQxusvb+v+ke+/+4/Y=; b=P8ECeyeE5Xd2SnXsPrcCbMHj8C3e+RfGBYKiGlVHczTPnDEy0sYxpJDPhiNv6AV4JW JRbkP8mi9o3zxVDPpZTy+5/preQFTIwOxvNbr8Xnrp1/jhpLZbWeee0eDkCQIvANoCWD lZz5nX6ft6Ic5NRHpEE6NHJB/JcMn+sTptem23fUZwifdlQnicrwp8G6k9S0jBnEZkuL g8wA+1+dXiFFA/IhAAqHAga8YqQosFT1wHfAF/DeDLETr+Rblbv1dZcZqyNqR/520fwg bNpChdhn+L81KeQysCQk/0YP7nzJzGwPr0Pc90O3rPW0wwzoeV8OAAKaP0tZRTq/RNod CFNw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id z71-v6si9411933pff.223.2018.09.07.15.36.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Sep 2018 15:36:51 -0700 (PDT) Received-SPF: pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.88 as permitted sender) client-ip=192.55.52.88; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Sep 2018 15:36:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,344,1531810800"; d="scan'208";a="71508767" Received: from alison-desk.jf.intel.com ([10.54.74.53]) by orsmga008.jf.intel.com with ESMTP; 07 Sep 2018 15:36:27 -0700 Date: Fri, 7 Sep 2018 15:37:10 -0700 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: Kai Huang , Jun Nakajima , Kirill Shutemov , Dave Hansen , Jarkko Sakkinen , jmorris@namei.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, linux-mm@kvack.org Subject: [RFC 07/12] x86/mm: Add helper functions to track encrypted VMA's Message-ID: References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP In order to safely manage the usage of memory encryption keys, VMA's using each keyid need to be tracked. This tracking allows the Kernel Key Service to know when the keyid resource is actually in use, or when it is idle and may be considered for reuse. Define a global atomic encrypt_count array to track the number of VMA's oustanding for each encryption keyid. Implement helper functions to manipulate this encrypt_count array. Signed-off-by: Alison Schofield --- arch/x86/include/asm/mktme.h | 7 +++++++ arch/x86/mm/mktme.c | 39 +++++++++++++++++++++++++++++++++++++++ include/linux/mm.h | 2 ++ 3 files changed, 48 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index b707f800b68f..5f3fa0c39c1c 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -16,6 +16,13 @@ extern int mktme_keyid_shift; /* Set the encryption keyid bits in a VMA */ extern void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid); +/* Manage the references to outstanding VMA's per encryption key */ +extern int vma_alloc_encrypt_array(void); +extern void vma_free_encrypt_array(void); +extern int vma_read_encrypt_ref(int keyid); +extern void vma_get_encrypt_ref(struct vm_area_struct *vma); +extern void vma_put_encrypt_ref(struct vm_area_struct *vma); + /* Manage mappings between hardware keyids and userspace keys */ extern int mktme_map_alloc(void); extern void mktme_map_free(void); diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 5ee7f37e9cd0..5690ef51a79a 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -163,6 +163,45 @@ int mktme_map_get_free_keyid(void) return 0; } +/* + * Helper functions manage the encrypt_count[] array that tracks the + * VMA's outstanding for each encryption keyid. The gets & puts are + * used in core mm code that allocates and free's VMA's. The alloc, + * free, and read functions are used by the MKTME key service to + * manage key allocation and programming. + */ +atomic_t *encrypt_count; + +int vma_alloc_encrypt_array(void) +{ + encrypt_count = kcalloc(mktme_nr_keyids, sizeof(atomic_t), GFP_KERNEL); + if (!encrypt_count) + return -ENOMEM; + return 0; +} + +void vma_free_encrypt_array(void) +{ + kfree(encrypt_count); +} + +int vma_read_encrypt_ref(int keyid) +{ + return atomic_read(&encrypt_count[keyid]); +} + +void vma_get_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + atomic_inc(&encrypt_count[vma_keyid(vma)]); +} + +void vma_put_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + atomic_dec(&encrypt_count[vma_keyid(vma)]); +} + void prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { int i; diff --git a/include/linux/mm.h b/include/linux/mm.h index 0f9422c7841e..b217c699dbab 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2803,6 +2803,8 @@ static inline void setup_nr_node_ids(void) {} #ifndef CONFIG_X86_INTEL_MKTME static inline void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid) {} +static inline void vma_get_encrypt_ref(struct vm_area_struct *vma) {} +static inline void vma_put_encrypt_ref(struct vm_area_struct *vma) {} #endif /* CONFIG_X86_INTEL_MKTME */ #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */