From patchwork Wed May 8 14:43:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935787 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C8CB1912 for ; Wed, 8 May 2019 14:44:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6F78283B0 for ; Wed, 8 May 2019 14:44:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AA96228437; Wed, 8 May 2019 14:44:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4A7D283B0 for ; Wed, 8 May 2019 14:44:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A9A976B0007; Wed, 8 May 2019 10:44:36 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A798F6B0008; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 939826B000A; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 594B26B0007 for ; Wed, 8 May 2019 10:44:36 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id x5so11673308pll.2 for ; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=NOzhRrERcrdj97QkCJT7reDTgPAcG4ER6LSBgl/1sEU=; b=V/NDqEFz3aATqzW2ysSDi6Y+PwnDQkW2kBLh3yVeWlqP5aU4ol5rgc7RoPwYmwsd+l BN667vSpuZJeENEme15qo5lqsoN+FTloqKjg46fmBByxDWZtq0SrGN0x1pztKWVtJ0uc 37zSfVcYVuBgqdPTECr8iwhR/JJgq+qGFUgoB80fKbkmrQXA4g3cbIQpqOBc1DhtqBjG ESh0qWhTMQ6T49QyKPyhV8cQRUq5RHvsyBlSdZHZfpghqwDE68BnkFueIrSpKHE0tWYo 6d48CHpi5O5ybQC5Q1DImJtpOQxwGo8nDGciWgtCeBjzfZmEnPjQ7DeV/NnBqz0ikw1M u4/A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXoTLK5ohW1frlZkfw7DGwkFbUiCwnNdvXvOJiVZrAkJ7BnzVXJ kwEBghMvtPzyDP7L/Nm+oUTcBR5MRPTiEtWQzQURcqvF2WC7Qasz9rGh7mx2kW+DhlQcYdC0gcY hkASNKmivZqOCOSKOu8e5S+xcTAHODTvzqyhEUXAIuL3+Uhj8dt3Nqho38ujB7RBoxg== X-Received: by 2002:a63:6988:: with SMTP id e130mr47892103pgc.150.1557326676004; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqwI+Th2v7kyGoKfwaE0vKfJnIDoWepjLYR8eNcJ6HXe5BUStdlU0rOLuTzrN+TJSAFzcCsP X-Received: by 2002:a63:6988:: with SMTP id e130mr47891984pgc.150.1557326674881; Wed, 08 May 2019 07:44:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326674; cv=none; d=google.com; s=arc-20160816; b=xU1WVV4yTTJhMH2l9Kjo1HWxtFI59hMHQ38qYYwQzQJlWTlqP6zoyB6PbuVL1XjatH pfpcz8oqnrUabDvJvpEFFdBDtyGMaFPsty7vBMsIJflCWtoc8vGtp3mzOYQMhXztH1x6 OIRDFW9zNIKxZswMs9C3PTPryg20ninN/3iDAicSPe0CwrKbQxpPsHTbz1YTrKDa4PaP faHpZyiYLulB2aqWt1DXElHckRyyT2P9uG59CSBr/cSVycFmKyE6VcfZgt6AIpEabJ48 BKv+BfowqPpKVPVMR2McdWKVtwqhG5GBu3u8ctKrbJzt3dSHAt6btEF/WpnMwA/h+0+u xr5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=NOzhRrERcrdj97QkCJT7reDTgPAcG4ER6LSBgl/1sEU=; b=gT4u6vgHKc6UVJgt7/q6Pay06RKHHbPnhaQpbgyHXgX5OkkCswZ6kpP3CJ0wiJ679u oKNQs3vSnc9bN00yJb+F4EFFVavRsoT2WBeO6uJw/rcdoj39GGWGRF8LHfHqUDP7QPYD T9AzAl/SuvkL9qlycUxT2f8MOvLAfo/aVuptnYMS0qRGXNPyTg+FaulqN5Ou1IqbYzfx viBmRyyfNDu4uVxdk+0gVaoR1Jp/cg/PNI2t0m548AUM/oSbCOrLVI6CraWodCtonJ/8 41qxRcNgN3GC5CRmsnqjEB07SQEe2jxkf5VV126KoO4wQI512E0Td3QDhxJ28sLtNkPs eqrA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga03.intel.com (mga03.intel.com. [134.134.136.65]) by mx.google.com with ESMTPS id n6si22562220pgq.486.2019.05.08.07.44.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) client-ip=134.134.136.65; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga103.jf.intel.com with ESMTP; 08 May 2019 07:44:33 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga008.fm.intel.com with ESMTP; 08 May 2019 07:44:29 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 88ED5146; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 01/62] mm: Do no merge VMAs with different encryption KeyIDs Date: Wed, 8 May 2019 17:43:21 +0300 Message-Id: <20190508144422.13171-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP VMAs with different KeyID do not mix together. Only VMAs with the same KeyID are compatible. Signed-off-by: Kirill A. Shutemov --- fs/userfaultfd.c | 7 ++++--- include/linux/mm.h | 9 ++++++++- mm/madvise.c | 2 +- mm/mempolicy.c | 3 ++- mm/mlock.c | 2 +- mm/mmap.c | 31 +++++++++++++++++++------------ mm/mprotect.c | 2 +- 7 files changed, 36 insertions(+), 20 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index f5de1e726356..6032aecda4ed 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -901,7 +901,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file) new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, vma_keyid(vma)); if (prev) vma = prev; else @@ -1451,7 +1451,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, prev = vma_merge(mm, prev, start, vma_end, new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - ((struct vm_userfaultfd_ctx){ ctx })); + ((struct vm_userfaultfd_ctx){ ctx }), + vma_keyid(vma)); if (prev) { vma = prev; goto next; @@ -1613,7 +1614,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, prev = vma_merge(mm, prev, start, vma_end, new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, vma_keyid(vma)); if (prev) { vma = prev; goto next; diff --git a/include/linux/mm.h b/include/linux/mm.h index 6b10c21630f5..13c40c43ce00 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1599,6 +1599,13 @@ static inline bool vma_is_anonymous(struct vm_area_struct *vma) return !vma->vm_ops; } +#ifndef vma_keyid +static inline int vma_keyid(struct vm_area_struct *vma) +{ + return 0; +} +#endif + #ifdef CONFIG_SHMEM /* * The vma_is_shmem is not inline because it is used only by slow @@ -2275,7 +2282,7 @@ static inline int vma_adjust(struct vm_area_struct *vma, unsigned long start, extern struct vm_area_struct *vma_merge(struct mm_struct *, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, struct anon_vma *, struct file *, pgoff_t, - struct mempolicy *, struct vm_userfaultfd_ctx); + struct mempolicy *, struct vm_userfaultfd_ctx, int keyid); extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); extern int __split_vma(struct mm_struct *, struct vm_area_struct *, unsigned long addr, int new_below); diff --git a/mm/madvise.c b/mm/madvise.c index 21a7881a2db4..e9925a512b15 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -138,7 +138,7 @@ static long madvise_behavior(struct vm_area_struct *vma, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *prev = vma_merge(mm, *prev, start, end, new_flags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*prev) { vma = *prev; goto success; diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 2219e747df49..14b18449c623 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -731,7 +731,8 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, ((vmstart - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags, vma->anon_vma, vma->vm_file, pgoff, - new_pol, vma->vm_userfaultfd_ctx); + new_pol, vma->vm_userfaultfd_ctx, + vma_keyid(vma)); if (prev) { vma = prev; next = vma->vm_next; diff --git a/mm/mlock.c b/mm/mlock.c index 080f3b36415b..d44cb0c9e9ca 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -535,7 +535,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *prev = vma_merge(mm, *prev, start, end, newflags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*prev) { vma = *prev; goto success; diff --git a/mm/mmap.c b/mm/mmap.c index bd7b9f293b39..de0bdf4d8f90 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1007,7 +1007,8 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, */ static inline int is_mergeable_vma(struct vm_area_struct *vma, struct file *file, unsigned long vm_flags, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { /* * VM_SOFTDIRTY should not prevent from VMA merging, if we @@ -1021,6 +1022,8 @@ static inline int is_mergeable_vma(struct vm_area_struct *vma, return 0; if (vma->vm_file != file) return 0; + if (vma_keyid(vma) != keyid) + return 0; if (vma->vm_ops && vma->vm_ops->close) return 0; if (!is_mergeable_vm_userfaultfd_ctx(vma, vm_userfaultfd_ctx)) @@ -1057,9 +1060,10 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { - if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && + if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx, keyid) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) return 1; @@ -1078,9 +1082,10 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { - if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && + if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx, keyid) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; vm_pglen = vma_pages(vma); @@ -1135,7 +1140,8 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, unsigned long end, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t pgoff, struct mempolicy *policy, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { pgoff_t pglen = (end - addr) >> PAGE_SHIFT; struct vm_area_struct *area, *next; @@ -1168,7 +1174,7 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(vma_policy(prev), policy) && can_vma_merge_after(prev, vm_flags, anon_vma, file, pgoff, - vm_userfaultfd_ctx)) { + vm_userfaultfd_ctx, keyid)) { /* * OK, it can. Can we now merge in the successor as well? */ @@ -1177,7 +1183,8 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen, - vm_userfaultfd_ctx) && + vm_userfaultfd_ctx, + keyid) && is_mergeable_anon_vma(prev->anon_vma, next->anon_vma, NULL)) { /* cases 1, 6 */ @@ -1200,7 +1207,7 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen, - vm_userfaultfd_ctx)) { + vm_userfaultfd_ctx, keyid)) { if (prev && addr < prev->vm_end) /* case 4 */ err = __vma_adjust(prev, prev->vm_start, addr, prev->vm_pgoff, NULL, next); @@ -1745,7 +1752,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, * Can we just expand an old mapping? */ vma = vma_merge(mm, prev, addr, addr + len, vm_flags, - NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX); + NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX, 0); if (vma) goto out; @@ -3023,7 +3030,7 @@ static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long fla /* Can we just expand an old private anonymous mapping? */ vma = vma_merge(mm, prev, addr, addr + len, flags, - NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX); + NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX, 0); if (vma) goto out; @@ -3221,7 +3228,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; /* should never get here */ new_vma = vma_merge(mm, prev, addr, addr + len, vma->vm_flags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (new_vma) { /* * Source vma may have been merged into new_vma diff --git a/mm/mprotect.c b/mm/mprotect.c index 028c724dcb1a..e768cd656a48 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -399,7 +399,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *pprev = vma_merge(mm, *pprev, start, end, newflags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*pprev) { vma = *pprev; VM_WARN_ON((vma->vm_flags ^ newflags) & ~VM_SOFTDIRTY); From patchwork Wed May 8 14:43:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935789 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 59329924 for ; Wed, 8 May 2019 14:44:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 48CE5283B0 for ; Wed, 8 May 2019 14:44:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3CE6C28437; Wed, 8 May 2019 14:44:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A5BF0283B0 for ; Wed, 8 May 2019 14:44:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C3D26B000D; Wed, 8 May 2019 10:44:37 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 0AE436B000A; Wed, 8 May 2019 10:44:37 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E1B106B000C; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id 84EE36B0005 for ; Wed, 8 May 2019 10:44:36 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id f3so11614818plb.17 for ; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Sxk2x6HISKLJRuuRm6m1tq95dR8EsdPH1NWCxyLMIQY=; b=PAWWbNTiRirsPlTDlFm+615IathWNYJcGvA5l43AF6aBCLdw1JCZxgvFDFw+oibJSq 3AMQzE/ngbvjaxHFvYr0VsKKInvoDRV2u0a6LNJIC56IJ23CEjm4pt9heaf9EW/z+gWR FimWzSsW/OO6ZdWTI2J+kE5p1qdMkS23HHJKjyOyhMQD4F0IvvPIDfb1OcE/FNHR1i+6 CDLskgJ54IrSWJ5BTVdReaFi1cgn1S4YWgwjLzTkf6CWhc6RyVUi6OP0o/8XRf1UfX3N lgpIRtcPmQFwuLRgSqziy3+1Fb32DkXjrKGw6dHNzk9Srz5dsu/H8FTt5kmmwGXxbQ95 2Scw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAW3965itK4EI/yP9x7l9GKqkFPFaQ+LEbO/JIwpijhalDKedvNx mwp+4GVks2Ts7tcqaDN3DG+tnLp1eeBqfLsF2TKjLhncmbXbXugkBqCtcczhYaGaRyZw7OTwDp4 IXk1PnrXhbTST3W9eHDk4nFeN7iDbhgOFGAM0INteRqSi2pxq7vFXv8EzP4nUf47H+g== X-Received: by 2002:a63:b64:: with SMTP id a36mr41319128pgl.58.1557326676186; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFAx3XoKBn/Q+zIM8TApPHF0WQfFyma+8dafEKZNQVrNAhbiWVPXH/ZyD6OFajqjG72xck X-Received: by 2002:a63:b64:: with SMTP id a36mr41318968pgl.58.1557326674651; Wed, 08 May 2019 07:44:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326674; cv=none; d=google.com; s=arc-20160816; b=ITo2IYCXkKyT5wDNats5C0uJIsGjKf7UZDl3kUrZSegOnauJOKoacyK8Hon1VNTGE1 SLb96Dpx/mlsvnaOmamVrZboj4wjSTysymjixvOfwOoVTNOUghrH9A38YY723aqvz6+O qtwyrdzqh3ojME+YxBo1kr5+MeU2fKpdmfSkK/2a/N6m+kScAjcLmF3mmOM4lpbz1Gkw jyPM7pn/ghkKMrE9cRfru/qPatRUicJx6b2DEnhCq/xJ+F9vhgC0cougXUfwJwaWGIrs rvobCxoeo0ZAjcgMKBqL9mK9rUNSO0BgaHJVVWgmSVyQLH2DZGQecMJGfTQ1eSVozc4a Jq0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Sxk2x6HISKLJRuuRm6m1tq95dR8EsdPH1NWCxyLMIQY=; b=ky/tSIkSJ4iGDAIMiQBsFIlIlfg7yahSNo2+of9UHnMfl6VNayaHPqaiVeej1rsePj zyUNkciGYb/zFBwUa03AXGOODt8Ll04EGkmyqnjJGN1tL2PTjmPR287dJlUgcYfH8XvL OdNl0teqy2ZZyn/4M+XSLhKMyy5wDCzVfpgM61RK0bnoWqVemLiDs+RVBbLKST40IOvl 5nobVZ+RoOcFZCrJ/AXElTUEZhN7J+FUntwYLlRsEPrhQydsE747wDjhlv9ub1TInIhq He9l9Im/BFEflyMPdrroy8rxvebr18kwB3Wde2CiawYFQz6oKPXxvPDQq1l1JuAHaVX6 D3Fw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga03.intel.com (mga03.intel.com. [134.134.136.65]) by mx.google.com with ESMTPS id n6si22562220pgq.486.2019.05.08.07.44.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) client-ip=134.134.136.65; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.65 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga103.jf.intel.com with ESMTP; 08 May 2019 07:44:33 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga008.fm.intel.com with ESMTP; 08 May 2019 07:44:29 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9AE752E5; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 02/62] mm: Add helpers to setup zero page mappings Date: Wed, 8 May 2019 17:43:22 +0300 Message-Id: <20190508144422.13171-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP When kernel setups an encrypted page mapping, encryption KeyID is derived from a VMA. KeyID is going to be part of vma->vm_page_prot and it will be propagated transparently to page table entry on mk_pte(). But there is an exception: zero page is never encrypted and its mapping must use KeyID-0, regardless VMA's KeyID. Introduce helpers that create a page table entry for zero page. The generic implementation will be overridden by architecture-specific code that takes care about using correct KeyID. Signed-off-by: Kirill A. Shutemov --- fs/dax.c | 3 +-- include/asm-generic/pgtable.h | 8 ++++++++ mm/huge_memory.c | 6 ++---- mm/memory.c | 3 +-- mm/userfaultfd.c | 3 +-- 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index e5e54da1715f..6d609bff53b9 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -1441,8 +1441,7 @@ static vm_fault_t dax_pmd_load_hole(struct xa_state *xas, struct vm_fault *vmf, pgtable_trans_huge_deposit(vma->vm_mm, vmf->pmd, pgtable); mm_inc_nr_ptes(vma->vm_mm); } - pmd_entry = mk_pmd(zero_page, vmf->vma->vm_page_prot); - pmd_entry = pmd_mkhuge(pmd_entry); + pmd_entry = mk_zero_pmd(zero_page, vmf->vma->vm_page_prot); set_pmd_at(vmf->vma->vm_mm, pmd_addr, vmf->pmd, pmd_entry); spin_unlock(ptl); trace_dax_pmd_load_hole(inode, vmf, zero_page, *entry); diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index fa782fba51ee..cde8b81f6f2b 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -879,8 +879,16 @@ static inline unsigned long my_zero_pfn(unsigned long addr) } #endif +#ifndef mk_zero_pte +#define mk_zero_pte(addr, prot) pte_mkspecial(pfn_pte(my_zero_pfn(addr), prot)) +#endif + #ifdef CONFIG_MMU +#ifndef mk_zero_pmd +#define mk_zero_pmd(zero_page, prot) pmd_mkhuge(mk_pmd(zero_page, prot)) +#endif + #ifndef CONFIG_TRANSPARENT_HUGEPAGE static inline int pmd_trans_huge(pmd_t pmd) { diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 165ea46bf149..26c3503824ba 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -675,8 +675,7 @@ static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm, pmd_t entry; if (!pmd_none(*pmd)) return false; - entry = mk_pmd(zero_page, vma->vm_page_prot); - entry = pmd_mkhuge(entry); + entry = mk_zero_pmd(zero_page, vma->vm_page_prot); if (pgtable) pgtable_trans_huge_deposit(mm, pmd, pgtable); set_pmd_at(mm, haddr, pmd, entry); @@ -2101,8 +2100,7 @@ static void __split_huge_zero_page_pmd(struct vm_area_struct *vma, for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { pte_t *pte, entry; - entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot); - entry = pte_mkspecial(entry); + entry = mk_zero_pte(haddr, vma->vm_page_prot); pte = pte_offset_map(&_pmd, haddr); VM_BUG_ON(!pte_none(*pte)); set_pte_at(mm, haddr, pte, entry); diff --git a/mm/memory.c b/mm/memory.c index ab650c21bccd..c5e0c87a12b7 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2927,8 +2927,7 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf) /* Use the zero-page for reads */ if (!(vmf->flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(vma->vm_mm)) { - entry = pte_mkspecial(pfn_pte(my_zero_pfn(vmf->address), - vma->vm_page_prot)); + entry = mk_zero_pte(vmf->address, vma->vm_page_prot); vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, vmf->address, &vmf->ptl); if (!pte_none(*vmf->pte)) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index d59b5a73dfb3..ac1ce3866036 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -122,8 +122,7 @@ static int mfill_zeropage_pte(struct mm_struct *dst_mm, pgoff_t offset, max_off; struct inode *inode; - _dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr), - dst_vma->vm_page_prot)); + _dst_pte = mk_zero_pte(dst_addr, dst_vma->vm_page_prot); dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); if (dst_vma->vm_file) { /* the shmem MAP_PRIVATE case requires checking the i_size */ From patchwork Wed May 8 14:43:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935785 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4F2D2912 for ; Wed, 8 May 2019 14:44:38 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3B098283B0 for ; Wed, 8 May 2019 14:44:38 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2BDC628437; Wed, 8 May 2019 14:44:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94307283B0 for ; Wed, 8 May 2019 14:44:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 542906B0003; Wed, 8 May 2019 10:44:36 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4F3F86B0005; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E2B86B0007; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id 043356B0003 for ; Wed, 8 May 2019 10:44:36 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id x5so11673304pll.2 for ; Wed, 08 May 2019 07:44:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TCzL5NUW6PZPJubSx6ptHjsKfaI6lzp6k1fXbK9hDAA=; b=E4zaHzphJnWUFgrhLXlD7E5/1fTdiw6d1D8aAXdAjlcKwCAeiBATDOjlou2QCQ/aAG HE4FurlQQ5QHg5Xex3eUApm2NOYZ2qtHUY2/h5G/t8wfVpteT4tK4v6UtsrdlvczV4W1 dC5fhynyKfPMqVR4FW2FWwNbb75AMRBCe8enoAK4XjCnOKy5aDTBGw476951PoN2mbyK UZbRBeAwbVSLClcqLypfSmXHrQ9AkIebqCeTZ28v0tXfbIaFnsy3b/7SODkn2jWCwPMm ul2/b7DqARKl5q1ICf8J6kOCtT0RjjYk8akqO53+9ecVS4iReCkTvJvHTRFivAO7BLg5 XMrw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUXLCgaG4y13LKzsGSjVfUG3vPeynzyVcgrmx4KtitIpP90+LDI IlqjYR7FcYBpguisiBC2BumPyH3L01OGGRq0aYcBCSIyfSbfGCqY3DEc6uneH6d/SmNcsdLre+h m8zdjEJZn0VOEPFeRZ3D/PoCvxq649rrVzh4jU/cgWzlrm86h6Pk367AjDYJeeFHUOw== X-Received: by 2002:aa7:8d81:: with SMTP id i1mr49144532pfr.127.1557326675662; Wed, 08 May 2019 07:44:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqzc29sqrZkB2s6XTIv3IzMR1fos3Xo3p6HigBax9sP8R6iCQeeRAQtkDJaePKwUKHjlr0YU X-Received: by 2002:aa7:8d81:: with SMTP id i1mr49144447pfr.127.1557326674865; Wed, 08 May 2019 07:44:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326674; cv=none; d=google.com; s=arc-20160816; b=ppGi6IvfcSraB1kT6Tn1jJH0Zg5Pb3qziZy6In0+Qsls64WHL5ztRc/MLuLsYIAS7z 3//PqESt37jn/PQ4p19i52B+SilbH3sPW2tnSvA+Vbgw9VSF+EIvptLsBGnzjPleHenb QxKzvO4CeYYDljNpN/wf8bgiJzps6VA6+xnGjHfGAeTTARmpvKEOraS3urD9O+kprFUJ S3/ejOBxZdo/1B0n0NfBxruvZduU45IF0xikqs+nAG6B4xYFNUuOy2TeF+3n3cINyq7p QfTyDJAY1B28wNPvd6ndkWb2Jf6LDcws+zk/80dFWs9zabPxp5WDZN2zVR/UsWmUdcZq Oq1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=TCzL5NUW6PZPJubSx6ptHjsKfaI6lzp6k1fXbK9hDAA=; b=h5oRWp7p+xjyZtGyjOXbqMxDmb5PY01Lf7vpVSGEvh5ByEr3FkSPAUFzFe2I2NerH+ hykD6Kqda/5F1F+eYBbaYAS8ypfaxiLBJJRRMHm3XQfP6KNQ4olSr87rtLazLqA9t0Hz g4moB7ZrRKgfSzYDSUp026wqVXGXtCc+hc3eddTOzm42703q5Ub1rpcFNGo+QFyafKvU nl4OI+XhkX9r60UFHF3TQepQW9XCvzb99MAOoqfAj5Zo3Cm1iCxwtgiRSb796HQnlPNF 02K65VqCaGFs0aP92RxtPMAMRBxDYh6b9RLTYoVBzT57GChPdkFMPCZdvdrj3jV0RMxc 8luQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga18.intel.com (mga18.intel.com. [134.134.136.126]) by mx.google.com with ESMTPS id 192si726287pgb.488.2019.05.08.07.44.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.126 as permitted sender) client-ip=134.134.136.126; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:34 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:29 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id A94D92DA; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 03/62] mm/ksm: Do not merge pages with different KeyIDs Date: Wed, 8 May 2019 17:43:23 +0300 Message-Id: <20190508144422.13171-4-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP KeyID indicates what key to use to encrypt and decrypt page's content. Depending on the implementation a cipher text may be tied to physical address of the page. It means that pages with an identical plain text would appear different if KSM would look at a cipher text. It effectively disables KSM for encrypted pages. In addition, some implementations may not allow to read cipher text at all. KSM compares plain text instead (transparently to KSM code). But we still need to make sure that pages with identical plain text will not be merged together if they are encrypted with different keys. To make it work kernel only allows merging pages with the same KeyID. The approach guarantees that the merged page can be read by all users. Signed-off-by: Kirill A. Shutemov --- include/linux/mm.h | 7 +++++++ mm/ksm.c | 17 +++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 13c40c43ce00..07c36f4673f6 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1606,6 +1606,13 @@ static inline int vma_keyid(struct vm_area_struct *vma) } #endif +#ifndef page_keyid +static inline int page_keyid(struct page *page) +{ + return 0; +} +#endif + #ifdef CONFIG_SHMEM /* * The vma_is_shmem is not inline because it is used only by slow diff --git a/mm/ksm.c b/mm/ksm.c index fc64874dc6f4..91bce4799c45 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -1227,6 +1227,23 @@ static int try_to_merge_one_page(struct vm_area_struct *vma, if (!PageAnon(page)) goto out; + /* + * KeyID indicates what key to use to encrypt and decrypt page's + * content. + * + * KSM compares plain text instead (transparently to KSM code). + * + * But we still need to make sure that pages with identical plain + * text will not be merged together if they are encrypted with + * different keys. + * + * To make it work kernel only allows merging pages with the same KeyID. + * The approach guarantees that the merged page can be read by all + * users. + */ + if (kpage && page_keyid(page) != page_keyid(kpage)) + goto out; + /* * We need the page lock to read a stable PageSwapCache in * write_protect_page(). We use trylock_page() instead of From patchwork Wed May 8 14:43:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935791 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 15E28924 for ; Wed, 8 May 2019 14:44:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0598C283B0 for ; Wed, 8 May 2019 14:44:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EDDA6288EE; Wed, 8 May 2019 14:44:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 771FC283B0 for ; Wed, 8 May 2019 14:44:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 47D156B0008; Wed, 8 May 2019 10:44:37 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1C1486B0005; Wed, 8 May 2019 10:44:37 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EB6C26B0008; Wed, 8 May 2019 10:44:36 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id B35986B000A for ; Wed, 8 May 2019 10:44:36 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id x13so12797339pgl.10 for ; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=49lJbfvv15ZcHha4FIriTS/Z7arlGEdmOhAM+djd50M=; b=Dt/84YcFyVtOoJXDOk0sv2i7pg5FuhGi71Y/QZw3enasL31USjksQ3gQNqizGp7pst xdiZchzCxwCcwtkDfR4Tk9Nw3aQTpePDU1qDdoIpDzgcvUY/Ic4bwFkzJH+PudlQaPXE uPUdB+jAz44owjUEyL87jc8Q8G3BsH4L5iZZt1ABKHG4uifh45k70QieUXLb89w8jev+ PSWbTY2NF8XysR4iTZRTSxXepQUWMVQFMRzQNMZgud4VBSgByx0eVC7Kem68knbSSBEi Ys4DJzwmdOeAjdfV0YHf57ahPPlGRm1ivW6WAparWOYG0WXcx1NGog23W9z0sKIGQr7L P0aw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAV8/6XoUNYzkBTlbLpvtvR0kIGcJxO42iyM7eAWQ1rYnOivOUOt 6R5mYhAgfAZ6UFevNM5RcUt/1flWONw5fmQIBwGWhrhJN9cyUdtjRdKRuohiSkiFAOxBS3Evb7z D616/rF3AAjkQpMfO8JDYnMC/kOnnv8tS68pnsX4e7Q9jtxSAystNAH/ogYxaF8ECWg== X-Received: by 2002:a17:902:b095:: with SMTP id p21mr47788112plr.40.1557326676351; Wed, 08 May 2019 07:44:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqxXfqi2Kf9k4PjgORT6rQ97Lrz6DlFWWxwG4nGzHyNbm8L1sTWTn4zikc8yOQZUEXkyvU0t X-Received: by 2002:a17:902:b095:: with SMTP id p21mr47787950plr.40.1557326674860; Wed, 08 May 2019 07:44:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326674; cv=none; d=google.com; s=arc-20160816; b=YpEPQgCeJ2iSe3htfWkz7+VLZd52oNLGWxXAa9Gt9+28TmdNwtrZAxgLiIb29IsPLh x3Nd5tbh/KeQZedJsKPUtvURV0Scz+bjC2yZ8bO8K7R3o/PICM6M/toQHQb2LNJXAxQD yX0FpSTIqcZPTogBD1RPJQboo270MBFeNCN1B1U6SEdYh/Fcb7FlDH8m6fhcYFf0w3Uj t9QSm1a4dzqWMERJFL+LGrjsfuCRceX5xAI7DJuhwlC2DB3igtFl0DncsPBJ3bNIsa3z cfwniFAGwbOPHnh0OAghSV8DU3ggq8fQghjZWcoBIKIUQgpRpBywYjsD3+93JcXZRDrH TdJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=49lJbfvv15ZcHha4FIriTS/Z7arlGEdmOhAM+djd50M=; b=NCrKne+Knr+NyM1vEbZNMeFppCUuDiePsevDyZNXkrVNhiwh0GhIHTIW4JRVG4V9rP Yz85UO5wYZOvlKRXvZFxtq7YzL6kWw9pUilP5hYrAoHwoKKF8HdxXViOy7biw9cme5on a2Lks3YieuK0EcnzaCtLq4rm5zUzg6+riK8KRKVNZFNVMZ0qaSp/8JmW/udPsixZNQOD gwnYVG01A5kK+SnvXMq/8DqT1QLfcl0SuuFqY7RnNW/Ffkc+Mn4ApBZvNbfaDCkLHwDY w+oqa/c6dapS1LHMtKjURTGMpG43wd6CM+5Z/ChyIvoBeh4ebW6/PyT9w/7mFA4/GZu8 Id7g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id w14si24148884ply.226.2019.05.08.07.44.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:34 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga004.jf.intel.com with ESMTP; 08 May 2019 07:44:29 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id C283D3D1; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 04/62] mm/page_alloc: Unify alloc_hugepage_vma() Date: Wed, 8 May 2019 17:43:24 +0300 Message-Id: <20190508144422.13171-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP We don't need to have separate implementations of alloc_hugepage_vma() for NUMA and non-NUMA. Using variant based on alloc_pages_vma() we would cover both cases. This is preparation patch for allocation encrypted pages. alloc_pages_vma() will handle allocation of encrypted pages. With this change we don' t need to cover alloc_hugepage_vma() separately. The change makes typo in Alpha's implementation of __alloc_zeroed_user_highpage() visible. Fix it too. Signed-off-by: Kirill A. Shutemov --- arch/alpha/include/asm/page.h | 2 +- include/linux/gfp.h | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/alpha/include/asm/page.h b/arch/alpha/include/asm/page.h index f3fb2848470a..9a6fbb5269f3 100644 --- a/arch/alpha/include/asm/page.h +++ b/arch/alpha/include/asm/page.h @@ -18,7 +18,7 @@ extern void clear_page(void *page); #define clear_user_page(page, vaddr, pg) clear_page(page) #define __alloc_zeroed_user_highpage(movableflags, vma, vaddr) \ - alloc_page_vma(GFP_HIGHUSER | __GFP_ZERO | movableflags, vma, vmaddr) + alloc_page_vma(GFP_HIGHUSER | __GFP_ZERO | movableflags, vma, vaddr) #define __HAVE_ARCH_ALLOC_ZEROED_USER_HIGHPAGE extern void copy_page(void * _to, void * _from); diff --git a/include/linux/gfp.h b/include/linux/gfp.h index fdab7de7490d..b101aa294157 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -511,21 +511,19 @@ alloc_pages(gfp_t gfp_mask, unsigned int order) extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, struct vm_area_struct *vma, unsigned long addr, int node, bool hugepage); -#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ - alloc_pages_vma(gfp_mask, order, vma, addr, numa_node_id(), true) #else #define alloc_pages(gfp_mask, order) \ alloc_pages_node(numa_node_id(), gfp_mask, order) #define alloc_pages_vma(gfp_mask, order, vma, addr, node, false)\ alloc_pages(gfp_mask, order) -#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ - alloc_pages(gfp_mask, order) #endif #define alloc_page(gfp_mask) alloc_pages(gfp_mask, 0) #define alloc_page_vma(gfp_mask, vma, addr) \ alloc_pages_vma(gfp_mask, 0, vma, addr, numa_node_id(), false) #define alloc_page_vma_node(gfp_mask, vma, addr, node) \ alloc_pages_vma(gfp_mask, 0, vma, addr, node, false) +#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ + alloc_pages_vma(gfp_mask, order, vma, addr, numa_node_id(), true) extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); From patchwork Wed May 8 14:43:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935809 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C8DF924 for ; Wed, 8 May 2019 14:45:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2682E283E8 for ; Wed, 8 May 2019 14:45:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 163672844B; Wed, 8 May 2019 14:45:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 218FC283E8 for ; Wed, 8 May 2019 14:45:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 095186B026A; Wed, 8 May 2019 10:44:42 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DCC366B0269; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A989C6B026B; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 66EB96B026C for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id 14so12804462pgo.14 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=H08SRBnlS7Dq/x6am3mY5g3mpYdOry1ahexfC0WTES4=; b=rFasYeAZjM9BsN2n82XfbCsPZvTXaghU4GFOpN28MTFy3S/ucwy2vDM6z//EA2UD7C z5GJccH1TViEXcZg77leHZU7QEBYnvZwvIp+556qED8XCBugq+hNeQ28kkEoStpOsnm9 9+s6XChShnqHneyVcHv1RG42C6Nyezr8RiDcDyVIExJ/VG7LJGXJRUtkNqwieup0WQIr 0kXi9rBNVTNSMPP7GAhuhDbcyIOi8BGeeGec8smiTayDdhHDS30it3P9Kn9rQGq/irmu nhiiiQy81TFujJWLLispj3cPK1KVZKJ5cIp+hBNbu88TIM26zCEAQdniZ/4EsILT443Z 4+aw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAV1dGvJO2LwvIwIddDlkLbabhTEjn58wlVu7kZzrp+YLqD3usyl vrnDMeSUvc0BSPldgRaREbk1P74sl8oH02Un5mZH8BpN/zXCD3popJBg56hvoSG+aCtNNIUPOi0 ZCpcjqoPzWptCF0G9E7JV7w7LyxxG6yYosqOnapKBFDfnnrkrP8EwZLBDi1QZQBHS5Q== X-Received: by 2002:a62:ac0c:: with SMTP id v12mr48643010pfe.59.1557326681053; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqxuwQCia3bMchGYTGpr7t4ddrMj05fwdZfac1ZYlyWMePJJ44ED5ISTXJ4ThY3dcAT5DBQJ X-Received: by 2002:a62:ac0c:: with SMTP id v12mr48642824pfe.59.1557326679303; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=a+vSU7zrVStI1lDc2mEsDclO3YANLkdXz5nr9pI9uhPNcX/kusw2EBEOAJfJmOnlTb 3qE0Tp8yxb+1kuRWaVJ9nc7El4SHQSRidBA/d8jAJUXqFRJW0btfhRMaxLZWTaOSiPYZ cNRWslVaOIDEz4WpkTS9RPO7IeMHLE9CPYH1QVaI9iPMQL0Xyj2q59nUvVOQMPdjx0lU 10jSQpu19O2v9nBW8qfJIpvbjeqdCZK/e4Dpkkr3iER0tB73ihoACCrpBBniczQHbq5Q kGLXRg1JNCR8T2xq9IM6mtsK2qrEcCYJxO68xH7ZfrWzZHLPtPHSGhmnHbA5ATpUcbiJ Es0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=H08SRBnlS7Dq/x6am3mY5g3mpYdOry1ahexfC0WTES4=; b=XX0szG+nTOiOkd15IJFUH808OrhAeOPRY58+/rNp/gnK+RsrQdITTomaI1gjalHR9q mTAoijgc19odtMibL+oDU3GTVxfPUVD775HYbZNUGYyjinA/2NRlREBgAGkOLoc2pH5O E1cIWcRWTLzivuKX8Kj5Q/oTGv/dufNER9NFjG3st/LWrbFtbX/mA3/N9ZPB8UOuIPit ks1hKnDljz1Jq4kbVlrKIwL/fnpi6aRucVLNviARQsR7KQJBQUoO89epOsTxf4qdCNc/ vogtEUeqEGoVARXQgO6A52aXAD2HsBdt5zhcbw5AKVfvGdBPdiZZihSL2qVsDoYKJqT5 +0ZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id k12si23661077pls.436.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:38 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 08 May 2019 07:44:34 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id CB0B2355; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 05/62] mm/page_alloc: Handle allocation for encrypted memory Date: Wed, 8 May 2019 17:43:25 +0300 Message-Id: <20190508144422.13171-6-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For encrypted memory, we need to allocate pages for a specific encryption KeyID. There are two cases when we need to allocate a page for encryption: - Allocation for an encrypted VMA; - Allocation for migration of encrypted page; The first case can be covered within alloc_page_vma(). We know KeyID from the VMA. The second case requires few new page allocation routines that would allocate the page for a specific KeyID. An encrypted page has to be cleared after KeyID set. This is handled in prep_encrypted_page() that will be provided by arch-specific code. Any custom allocator that dials with encrypted pages has to call prep_encrypted_page() too. See compaction_alloc() for instance. Signed-off-by: Kirill A. Shutemov --- include/linux/gfp.h | 45 ++++++++++++++++++++++++++++++++----- include/linux/migrate.h | 14 +++++++++--- mm/compaction.c | 3 +++ mm/mempolicy.c | 27 ++++++++++++++++------ mm/migrate.c | 4 ++-- mm/page_alloc.c | 50 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 126 insertions(+), 17 deletions(-) diff --git a/include/linux/gfp.h b/include/linux/gfp.h index b101aa294157..1716dbe587c9 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -463,16 +463,43 @@ static inline void arch_free_page(struct page *page, int order) { } static inline void arch_alloc_page(struct page *page, int order) { } #endif +#ifndef prep_encrypted_page +static inline void prep_encrypted_page(struct page *page, int order, + int keyid, bool zero) +{ +} +#endif + +/* + * Encrypted page has to be cleared once keyid is set, not on allocation. + */ +static inline bool deferred_page_zero(int keyid, gfp_t *gfp_mask) +{ + if (keyid && (*gfp_mask & __GFP_ZERO)) { + *gfp_mask &= ~__GFP_ZERO; + return true; + } + + return false; +} + struct page * __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order, int preferred_nid, nodemask_t *nodemask); +struct page * +__alloc_pages_nodemask_keyid(gfp_t gfp_mask, unsigned int order, + int preferred_nid, nodemask_t *nodemask, int keyid); + static inline struct page * __alloc_pages(gfp_t gfp_mask, unsigned int order, int preferred_nid) { return __alloc_pages_nodemask(gfp_mask, order, preferred_nid, NULL); } +struct page *__alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order); + /* * Allocate pages, preferring the node given as nid. The node must be valid and * online. For more general interface, see alloc_pages_node(). @@ -500,6 +527,19 @@ static inline struct page *alloc_pages_node(int nid, gfp_t gfp_mask, return __alloc_pages_node(nid, gfp_mask, order); } +static inline struct page *alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order) +{ + if (nid == NUMA_NO_NODE) + nid = numa_mem_id(); + + return __alloc_pages_node_keyid(nid, keyid, gfp_mask, order); +} + +extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + struct vm_area_struct *vma, unsigned long addr, + int node, bool hugepage); + #ifdef CONFIG_NUMA extern struct page *alloc_pages_current(gfp_t gfp_mask, unsigned order); @@ -508,14 +548,9 @@ alloc_pages(gfp_t gfp_mask, unsigned int order) { return alloc_pages_current(gfp_mask, order); } -extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, - struct vm_area_struct *vma, unsigned long addr, - int node, bool hugepage); #else #define alloc_pages(gfp_mask, order) \ alloc_pages_node(numa_node_id(), gfp_mask, order) -#define alloc_pages_vma(gfp_mask, order, vma, addr, node, false)\ - alloc_pages(gfp_mask, order) #endif #define alloc_page(gfp_mask) alloc_pages(gfp_mask, 0) #define alloc_page_vma(gfp_mask, vma, addr) \ diff --git a/include/linux/migrate.h b/include/linux/migrate.h index e13d9bf2f9a5..a6e068762d08 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -38,9 +38,16 @@ static inline struct page *new_page_nodemask(struct page *page, unsigned int order = 0; struct page *new_page = NULL; - if (PageHuge(page)) + if (PageHuge(page)) { + /* + * HugeTLB doesn't support encryption. We shouldn't see + * such pages. + */ + if (WARN_ON_ONCE(page_keyid(page))) + return NULL; return alloc_huge_page_nodemask(page_hstate(compound_head(page)), preferred_nid, nodemask); + } if (PageTransHuge(page)) { gfp_mask |= GFP_TRANSHUGE; @@ -50,8 +57,9 @@ static inline struct page *new_page_nodemask(struct page *page, if (PageHighMem(page) || (zone_idx(page_zone(page)) == ZONE_MOVABLE)) gfp_mask |= __GFP_HIGHMEM; - new_page = __alloc_pages_nodemask(gfp_mask, order, - preferred_nid, nodemask); + /* Allocate a page with the same KeyID as the source page */ + new_page = __alloc_pages_nodemask_keyid(gfp_mask, order, + preferred_nid, nodemask, page_keyid(page)); if (new_page && PageTransHuge(new_page)) prep_transhuge_page(new_page); diff --git a/mm/compaction.c b/mm/compaction.c index 3319e0872d01..559b8bd6d245 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -1557,6 +1557,9 @@ static struct page *compaction_alloc(struct page *migratepage, list_del(&freepage->lru); cc->nr_freepages--; + /* Prepare the page using the same KeyID as the source page */ + if (freepage) + prep_encrypted_page(freepage, 0, page_keyid(migratepage), false); return freepage; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 14b18449c623..5cad39fb7b35 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -961,22 +961,29 @@ static void migrate_page_add(struct page *page, struct list_head *pagelist, /* page allocation callback for NUMA node migration */ struct page *alloc_new_node_page(struct page *page, unsigned long node) { - if (PageHuge(page)) + if (PageHuge(page)) { + /* + * HugeTLB doesn't support encryption. We shouldn't see + * such pages. + */ + if (WARN_ON_ONCE(page_keyid(page))) + return NULL; return alloc_huge_page_node(page_hstate(compound_head(page)), node); - else if (PageTransHuge(page)) { + } else if (PageTransHuge(page)) { struct page *thp; - thp = alloc_pages_node(node, + thp = alloc_pages_node_keyid(node, page_keyid(page), (GFP_TRANSHUGE | __GFP_THISNODE), HPAGE_PMD_ORDER); if (!thp) return NULL; prep_transhuge_page(thp); return thp; - } else - return __alloc_pages_node(node, GFP_HIGHUSER_MOVABLE | - __GFP_THISNODE, 0); + } else { + return __alloc_pages_node_keyid(node, page_keyid(page), + GFP_HIGHUSER_MOVABLE | __GFP_THISNODE, 0); + } } /* @@ -2053,9 +2060,13 @@ alloc_pages_vma(gfp_t gfp, int order, struct vm_area_struct *vma, { struct mempolicy *pol; struct page *page; - int preferred_nid; + bool deferred_zero; + int keyid, preferred_nid; nodemask_t *nmask; + keyid = vma_keyid(vma); + deferred_zero = deferred_page_zero(keyid, &gfp); + pol = get_vma_policy(vma, addr); if (pol->mode == MPOL_INTERLEAVE) { @@ -2097,6 +2108,8 @@ alloc_pages_vma(gfp_t gfp, int order, struct vm_area_struct *vma, page = __alloc_pages_nodemask(gfp, order, preferred_nid, nmask); mpol_cond_put(pol); out: + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); return page; } diff --git a/mm/migrate.c b/mm/migrate.c index 663a5449367a..04b36a56865d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -1880,7 +1880,7 @@ static struct page *alloc_misplaced_dst_page(struct page *page, int nid = (int) data; struct page *newpage; - newpage = __alloc_pages_node(nid, + newpage = __alloc_pages_node_keyid(nid, page_keyid(page), (GFP_HIGHUSER_MOVABLE | __GFP_THISNODE | __GFP_NOMEMALLOC | __GFP_NORETRY | __GFP_NOWARN) & @@ -2006,7 +2006,7 @@ int migrate_misplaced_transhuge_page(struct mm_struct *mm, int page_lru = page_is_file_cache(page); unsigned long start = address & HPAGE_PMD_MASK; - new_page = alloc_pages_node(node, + new_page = alloc_pages_node_keyid(node, page_keyid(page), (GFP_TRANSHUGE_LIGHT | __GFP_THISNODE), HPAGE_PMD_ORDER); if (!new_page) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index c02cff1ed56e..ab1d8661aa87 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -3930,6 +3930,41 @@ should_compact_retry(struct alloc_context *ac, unsigned int order, int alloc_fla } #endif /* CONFIG_COMPACTION */ +#ifndef CONFIG_NUMA +struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + struct vm_area_struct *vma, unsigned long addr, + int node, bool hugepage) +{ + struct page *page; + bool deferred_zero; + int keyid = vma_keyid(vma); + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = alloc_pages(gfp_mask, order); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + + return page; +} +#endif + +struct page * __alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order) +{ + struct page *page; + bool deferred_zero; + + VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES); + VM_WARN_ON(!node_online(nid)); + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = __alloc_pages(gfp_mask, order, nid); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + + return page; +} + #ifdef CONFIG_LOCKDEP static struct lockdep_map __fs_reclaim_map = STATIC_LOCKDEP_MAP_INIT("fs_reclaim", &__fs_reclaim_map); @@ -4645,6 +4680,21 @@ __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order, int preferred_nid, } EXPORT_SYMBOL(__alloc_pages_nodemask); +struct page * +__alloc_pages_nodemask_keyid(gfp_t gfp_mask, unsigned int order, + int preferred_nid, nodemask_t *nodemask, int keyid) +{ + struct page *page; + bool deferred_zero; + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = __alloc_pages_nodemask(gfp_mask, order, preferred_nid, nodemask); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + return page; +} +EXPORT_SYMBOL(__alloc_pages_nodemask_keyid); + /* * Common helper functions. Never use with __GFP_HIGHMEM because the returned * address cannot represent highmem pages. Use alloc_pages and then kmap if From patchwork Wed May 8 14:43:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935813 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9E737924 for ; Wed, 8 May 2019 14:45:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8CE7C283B0 for ; Wed, 8 May 2019 14:45:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8134028437; Wed, 8 May 2019 14:45:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A45E283B0 for ; Wed, 8 May 2019 14:45:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65C726B026D; Wed, 8 May 2019 10:44:42 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 525946B0271; Wed, 8 May 2019 10:44:42 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E94526B026D; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id 89D5D6B0269 for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id z7so12815854pgc.1 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=2a86XFpPB1yBdakeeQxjTF554iXKWdzVOx15RcYIa0M=; b=XbRDuLLWs4WbcU39gTME1U7a9HTb6mbooqx89lZZ88AcO58NWuNw3eusT7s1woYove kDyOduQ5Ce8Q+MIs2SuMMtTYzu26snipV0bPh6x3ZocY9yuYRxFMAtpVdewGr3exz/jS TxG7COk6D7GiNQMRMzGtMc65d92HtgzbkrKLg30UqjXIwa4EU4lo7+12YpjxlxsX0DtZ CCtEZNdUYr0fOlDJB3YTwTNbyOxGWEjSdAS3TF6jI6bP/rWzrYiIgp1jil0h4qetXhcG t/ER7cOJoxredR50QwVdS9h5mG591ApUF62qRYghFd8W/Pmcbr2e48Qm2bndKNNrKOkI rz+A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUYwhffc1Xx+Bh1t7pJuhNFoXSoMR3td90FHUbyB/18k519v9r2 A5PCXMwP0eLWxuaOrxLz80heDhoB900azzOyykUEcODc4oL+Q1iHnIuduU5m0vrm+8hDCkI78Ud mAVM2aO4gOWcKiu854O3WrQfmem3URssH5A2L1UpZJaPiQ+h5VGfVFKhyfaPkroaL9Q== X-Received: by 2002:a63:dd58:: with SMTP id g24mr46966768pgj.161.1557326681177; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqwpMsNC2ASFzuS87qNgE9rkH8OiBdn7WrIAnt+MlUnMVC3kiCBaWilS1JnMNpPV6vLMXrif X-Received: by 2002:a63:dd58:: with SMTP id g24mr46966607pgj.161.1557326679725; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=uxP/fZMKN8NGbUwsmyT2Jz2MJJ33Oqgdom2ixN7eqWJJesHL3A0K1AuGJi0wA1jUdp +W4YcWV9URC6g/AX/UxDOdsIQVZZuP4Cdh+xX8WtT1Su/PKiN5aCXXfi0SDigKHp3QIh 4pEM+NI2YQcAh7o2lFaGxpErxzslYzHdwYepAMRTOueOcH9slNSwR2o6YGkyUsEv14Hh LlSemXEtAnt3CIK4mnuSnmZd5k5YhL+u5g7zvpzIRIv7uKFPn/Tzs6IO66rfDbnNCTfS 30DD3RacQ/WXVskeJ8OV1BxD2Wo1PNmkl8BZQCn+uSDYEJck2wsTjLDS3vubyVrYs6i+ YdpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=2a86XFpPB1yBdakeeQxjTF554iXKWdzVOx15RcYIa0M=; b=aNfYTo97ZOdTosLyp6XTG92Q6vcBQaDV4AYcCeDLLLtNUOXsblTgrCTybVGu/FxxD/ Jww5zfe9y/Ptk173lGQBGeT6sVMAYyXp9f6wRzaradJedT15H5fUPRCgESP+CGctmk7j OuvNu3UPMKYYi6+SRasH1I7SwnsHhoMkUb8TEMUsaxWX+SwgTpBoLU1IkYs5YkkHYKHU O9EjWL0JMcT4dA4rTrKB+D9ouilp8uv4ATZCn3n7MYfrVsIoCknjQ7HIvd26NAzZM3+u Nefw4GEwSaovey6encyJ02d/QtvK8kYl7d6mKSst6b7y4tgjI7gdXQ/gQPU7kYccf/vF aeAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga006.jf.intel.com with ESMTP; 08 May 2019 07:44:34 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id DC7154AB; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 06/62] mm/khugepaged: Handle encrypted pages Date: Wed, 8 May 2019 17:43:26 +0300 Message-Id: <20190508144422.13171-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For !NUMA khugepaged allocates page in advance, before we found a VMA for collapse. We don't yet know which KeyID to use for the allocation. The page is allocated with KeyID-0. Once we know that the VMA is suitable for collapsing, we prepare the page for KeyID we need, based on vma_keyid(). Signed-off-by: Kirill A. Shutemov --- mm/khugepaged.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 449044378782..96326a7e9d61 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1055,6 +1055,16 @@ static void collapse_huge_page(struct mm_struct *mm, */ anon_vma_unlock_write(vma->anon_vma); + /* + * At this point new_page is allocated as non-encrypted. + * If VMA's KeyID is non-zero, we need to prepare it to be encrypted + * before coping data. + */ + if (vma_keyid(vma)) { + prep_encrypted_page(new_page, HPAGE_PMD_ORDER, + vma_keyid(vma), false); + } + __collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl); pte_unmap(pte); __SetPageUptodate(new_page); From patchwork Wed May 8 14:43:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935805 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 69971924 for ; Wed, 8 May 2019 14:44:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59220283B0 for ; Wed, 8 May 2019 14:44:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4D49228437; Wed, 8 May 2019 14:44:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D1F96283B0 for ; Wed, 8 May 2019 14:44:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 76BA06B0266; Wed, 8 May 2019 10:44:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 62E276B026B; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A98E6B0266; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id DBA676B000E for ; Wed, 8 May 2019 10:44:40 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id e128so12720303pfc.22 for ; Wed, 08 May 2019 07:44:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=9YHtkwxGIV+d1GTMPRWNkobcvSAfYRY2fTtas/iQlJE=; b=qHf/wfgvhmoEF7zRixKI9le92Y2JusR8R5eYBfdWp03j3PJ9Llmq0nkWkU2YbOSqyi gMDSRNM1bCJ2Q6YnTRKQ8IHSalTDOtMCweAOF60+/FiOovjb3RC7fvUoWTJ3uQ+kvuLr aHGlzR+tO0uIgvxKUthOuVbQ9SxfX2si9/tSOoepBJGBg5o0SREfi3NJvciCdIrBWrfa oxvzpjFDL9uODuS9gcucZWQHBKXt9dGcr6CuhNoJ4an7AwxWIJEYkcJt6R1I+214Uuke 87Z1YnmIPNVGIjnUi/IChhrdgYWDoR8p6/deJzRELaoVYBHppyfIRwj2YrvfYKElnGi2 bPpw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXdJ8nPz5JolCkfGniF56DV3I4CF7MLYsmORKbOZ6hAuRe6lr9R it3kvmKlzT4y6XbtQohE9LhtZIeAD8ksv7jhKFwRnljn3gJiLlA/DcTFUDIiSPNjyk1rDnmSLmi XFPRfIeNk1b0lm4tcXPcKjF3qaVuntsxDHDR/pG6RbivrkBwckafs/5dvzROOmcCHcw== X-Received: by 2002:aa7:8046:: with SMTP id y6mr49991981pfm.251.1557326680575; Wed, 08 May 2019 07:44:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqzxit4LEwvUDJytGlb0jv2oVlSt2+r+DxGNZ2vK/dbtaEh1ndBOWzguWcWYKSucYUtgSlBI X-Received: by 2002:aa7:8046:: with SMTP id y6mr49991865pfm.251.1557326679456; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=yOAP5hx6XB1T/QnDgU3A4heRaCdcko6GHtur6RcrdLTSF6wz2RYweunkA4hvt9lX/C WRJmBOD+vsuNkK1DARyQdSMrcjtES5PO6E5d4GSDR/Hq2zW97S3d/q/bxE/HMNt34O5Z GavEJKLBKu7Ek1FmeYK+OdY9sqjfXk0epBzVGR/VpvXXVPIlA+MPvS7/zGVKk+oGfY3R yPeij/m3XF8vq4iJV1TykKxZFqvK+ITk13Z3407tSz/eYF0FhwaSuCHY7IXTIpOZQ8oN wFn2iVdp1gJsLA9Bx1kMofggA/h7jYaiwBuoKdyUXMvG3F/OsSuntK/6TgWkZ0WAcFrT aTjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=9YHtkwxGIV+d1GTMPRWNkobcvSAfYRY2fTtas/iQlJE=; b=VH0ptbqW4ZS12p8twivP0pLagaEwYmAimfLmbxLZHPL8g/M2FWRQL6HZlK8e/WkyGU 91rBtlUv1ANBw/sz89l/kheNtP3+5JKxKM6OIv2bbnDrULCHC2OrJORv5rOU6oLaq/BK WBWg21OEjJaTzNhCC4fF/9fgz7KxfMDR80dcbRE/aVusqgNFLcDeo862bnl4OnIC84VX n+ik5mNYmjI5IhedOtOhEiv+vDzEDMZsJqR6cdJ/d9TVLg464d74FlVWkMTWAM2ngamY xaylvfcSkDnK4+PN51WbJ6vfbBMlF0PlcXkgexUOayPOrkRsr3aXrjy/0rCi/0lgicFB Hp/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:38 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 08 May 2019 07:44:34 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id E99E54F8; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 07/62] x86/mm: Mask out KeyID bits from page table entry pfn Date: Wed, 8 May 2019 17:43:27 +0300 Message-Id: <20190508144422.13171-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP MKTME claims several upper bits of the physical address in a page table entry to encode KeyID. It effectively shrinks number of bits for physical address. We should exclude KeyID bits from physical addresses. For instance, if CPU enumerates 52 physical address bits and number of bits claimed for KeyID is 6, bits 51:46 must not be threated as part physical address. This patch adjusts __PHYSICAL_MASK during MKTME enumeration. Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 3142fd7a9b32..5dfecc9c2253 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -589,6 +589,29 @@ static void detect_tme(struct cpuinfo_x86 *c) mktme_status = MKTME_ENABLED; } +#ifdef CONFIG_X86_INTEL_MKTME + if (mktme_status == MKTME_ENABLED && nr_keyids) { + /* + * Mask out bits claimed from KeyID from physical address mask. + * + * For instance, if a CPU enumerates 52 physical address bits + * and number of bits claimed for KeyID is 6, bits 51:46 of + * physical address is unusable. + */ + phys_addr_t keyid_mask; + + keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, c->x86_phys_bits - keyid_bits); + physical_mask &= ~keyid_mask; + } else { + /* + * Reset __PHYSICAL_MASK. + * Maybe needed if there's inconsistent configuation + * between CPUs. + */ + physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + } +#endif + /* * KeyID bits effectively lower the number of physical address * bits. Update cpuinfo_x86::x86_phys_bits accordingly. From patchwork Wed May 8 14:43:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935817 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42AA71515 for ; Wed, 8 May 2019 14:45:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 32CA8283B0 for ; Wed, 8 May 2019 14:45:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 262DF2844B; Wed, 8 May 2019 14:45:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7EE67283B0 for ; Wed, 8 May 2019 14:45:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C77286B026C; Wed, 8 May 2019 10:44:42 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8C6216B026E; Wed, 8 May 2019 10:44:42 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 658426B026B; Wed, 8 May 2019 10:44:42 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id EF0646B026F for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id a97so11667249pla.9 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=I+6wOyh018CdSW3M6/P7TyGLXnkc+VcasOUnlcz5gSo=; b=a6vH16BJMwIf5OaVh0LUgpaw5frYa5SAaz8fjEDDP2KBBKPQqyQZLPtzK3kmBchHeT YxLQ3nfS9hmrDeE9MyDccipH9rpFKFpPvboxqOyefOmYee9GlqsJ1aqUPxpXr0mh5/Cl 2iYrJ4bVxYGuz2YZ2Jtt3LLt5y6gnKPuF5u1iYXuTci9O1F5tmQkXT6uKWeazl108dgo sWImEWRQwlyl1DcE2DtI6nkTeNFVimiYTAuSTNP0vDLCVLwaweVBVyWBg3JA1ifNL3Y5 cATAwayVbj4c8YeM3642XK6ZCiQIWcvD4LdqBp8EzuoDLNDO/bqb5gdadhRi5uAfeS8w 4KlQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUf7LCVlw2W7DWUEcrXWZL2ph+38pMVeLYwpGwmPjP7fc6qzyM5 6ENfhJ9M1FP8see2aDW45iswnCBak8b7AFUf5+Pi+nNTd+Lg4+j0P/z58MhCYbpBBGvDtj1T9+U ERX9OvVuXiyenqaF2OEWOPOjgFGDtXSy1dIwoccBQ3sirABNVNBaEMxw6E8ywq/00jw== X-Received: by 2002:a63:8dc9:: with SMTP id z192mr46619546pgd.6.1557326681622; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqw0prfdz+TSoDBD7/3r3oSu4niaBRHyXYWaLwv/HgLJORY6TlucUtGzf6zZRdfOYtslO3VG X-Received: by 2002:a63:8dc9:: with SMTP id z192mr46619397pgd.6.1557326680206; Wed, 08 May 2019 07:44:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326680; cv=none; d=google.com; s=arc-20160816; b=SehCZ8jo6Q7roCGPKrvt4RdcmcCwPM6yUwFJwWmCnRa015YpuXiAc0FTZJifzZf2+Y GhDaWRUco2PjBgmlGP+xDI9UgRGvlSDtsaWysdZfzPNSt+E3od1DGxB4De/9XTZSJlIL LvED1nQFN+aMpFKJ/SqOEq44amEQck4vKHDcrC4z1X77aDn3QD7RBWkv9NhB/R5G1NtV xZ+GubXkO7YSRNBZe6PcwOv+eTfSvk76E92f3vPSQCER4c4ZaoDE7sA1dfC6oKXiILrY tRmIC0SyHiCwHv//W+Ip9qq9UsWJgUG+YFt8k1LQqDpMQ7iPYqcyFhIpM7PG9gblvPI5 yahQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=I+6wOyh018CdSW3M6/P7TyGLXnkc+VcasOUnlcz5gSo=; b=RsypiUjcaitDvZhpd+zgj4pyEwxWCNnULnIOq7SSOn0IZWk064H2OZizZS3WVn5Ua+ UX0lWdFPXZHKNXIw7cf7WhhC4er/skZzio1Veanqhn7zf7RGptiLW8uo0d3H5OZU/KUg 4Q6n1lrYXF3EVCAgW+eIr8WjtwAYYUEy3v180LNZAR80/YO9nvCOhdWOYPahDceDwxmR XrKrxT593F+TbdxhybMAlgcx1hgVWstYcc7dywwml+SpcJSpcMaBs6HSx6M5P7QNMSPy DqBzXnETPcRDI6dRETyYzBa5fz9H7KOIN/EVCpRz1k0rsUi/EdrAURi3Ij2jC+MOgQlM 0nKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id e61si23294206plb.123.2019.05.08.07.44.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 07B934FD; Wed, 8 May 2019 17:44:28 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 08/62] x86/mm: Introduce variables to store number, shift and mask of KeyIDs Date: Wed, 8 May 2019 17:43:28 +0300 Message-Id: <20190508144422.13171-9-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP mktme_nr_keyids holds the number of KeyIDs available for MKTME, excluding KeyID zero which used by TME. MKTME KeyIDs start from 1. mktme_keyid_shift holds the shift of KeyID within physical address. mktme_keyid_mask holds the mask to extract KeyID from physical address. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 16 ++++++++++++++++ arch/x86/kernel/cpu/intel.c | 16 ++++++++++++---- arch/x86/mm/Makefile | 2 ++ arch/x86/mm/mktme.c | 11 +++++++++++ 4 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 arch/x86/include/asm/mktme.h create mode 100644 arch/x86/mm/mktme.c diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h new file mode 100644 index 000000000000..df31876ec48c --- /dev/null +++ b/arch/x86/include/asm/mktme.h @@ -0,0 +1,16 @@ +#ifndef _ASM_X86_MKTME_H +#define _ASM_X86_MKTME_H + +#include + +#ifdef CONFIG_X86_INTEL_MKTME +extern phys_addr_t mktme_keyid_mask; +extern int mktme_nr_keyids; +extern int mktme_keyid_shift; +#else +#define mktme_keyid_mask ((phys_addr_t)0) +#define mktme_nr_keyids 0 +#define mktme_keyid_shift 0 +#endif + +#endif diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 5dfecc9c2253..e271264e238a 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -591,6 +591,9 @@ static void detect_tme(struct cpuinfo_x86 *c) #ifdef CONFIG_X86_INTEL_MKTME if (mktme_status == MKTME_ENABLED && nr_keyids) { + mktme_nr_keyids = nr_keyids; + mktme_keyid_shift = c->x86_phys_bits - keyid_bits; + /* * Mask out bits claimed from KeyID from physical address mask. * @@ -598,17 +601,22 @@ static void detect_tme(struct cpuinfo_x86 *c) * and number of bits claimed for KeyID is 6, bits 51:46 of * physical address is unusable. */ - phys_addr_t keyid_mask; - - keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, c->x86_phys_bits - keyid_bits); - physical_mask &= ~keyid_mask; + mktme_keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, mktme_keyid_shift); + physical_mask &= ~mktme_keyid_mask; } else { /* * Reset __PHYSICAL_MASK. * Maybe needed if there's inconsistent configuation * between CPUs. + * + * FIXME: broken for hotplug. + * We must not allow onlining secondary CPUs with non-matching + * configuration. */ physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + mktme_keyid_mask = 0; + mktme_keyid_shift = 0; + mktme_nr_keyids = 0; } #endif diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 4b101dd6e52f..4ebee899c363 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -53,3 +53,5 @@ obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o + +obj-$(CONFIG_X86_INTEL_MKTME) += mktme.o diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c new file mode 100644 index 000000000000..91a415612519 --- /dev/null +++ b/arch/x86/mm/mktme.c @@ -0,0 +1,11 @@ +#include + +/* Mask to extract KeyID from physical address. */ +phys_addr_t mktme_keyid_mask; +/* + * Number of KeyIDs available for MKTME. + * Excludes KeyID-0 which used by TME. MKTME KeyIDs start from 1. + */ +int mktme_nr_keyids; +/* Shift of KeyID within physical address. */ +int mktme_keyid_shift; From patchwork Wed May 8 14:43:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935801 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7C390924 for ; Wed, 8 May 2019 14:44:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6A373283B0 for ; Wed, 8 May 2019 14:44:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5E40F28437; Wed, 8 May 2019 14:44:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DCCCB283B0 for ; Wed, 8 May 2019 14:44:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 474046B000E; Wed, 8 May 2019 10:44:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3BDD86B0010; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 20F476B0269; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id DC60B6B0010 for ; Wed, 8 May 2019 10:44:40 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id d12so12786928pfn.9 for ; Wed, 08 May 2019 07:44:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Fyr98K7S1me9TsMulAhHdp7GU89gOrJm0h1JtvOHlB0=; b=tAcinjFahaLg7zbkDETG58Rnwyd9CBxrxwSerUiQg1r5dc4dIBjsiBNk1CKZB84qgt pLUNNg9BCfz8d0ONkUez7sa2CO8woZUY48I1AYeMIy58zEYu3LcWM8/ePIuWqNnyEot1 C+kcCoYMyYpgoF0S6L4CFGjuPuj6RItj3R2mChYSqGUglrOzFhwUqtRdkUHIeXjdR0/q Iq2nbaE9P1YJldwJisq/6HwFCZQ1qklBrUfToc3jr1aLD/M7qXZcdkP4VmplJZZzu71T lJFVlKx85VXHfEomtRB9kR/fJ+9oquGUGat/4SSZt7gjAA9iS+5Wq29r782nseUmDjOz 5oAA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVCBePqpoBAilsrJbCqAYb+ZFWKoTiYCwCnFdeNzphDGs07bsx7 ES4RtsRIBy+hSZ29Zf33FaR/UCO6N6oRsJl5V34ZREXiqIYN6Llvuu/o+eU9/5ojZ/YGHbSRZPR PaxA4zlRTcOFb7OVUr8Of41TisvftrKn9mvj9RzUQP34XB0rkxwKbUh9WY+EYIBZPJg== X-Received: by 2002:a63:309:: with SMTP id 9mr26237063pgd.49.1557326680548; Wed, 08 May 2019 07:44:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJFsdd1KxcLolWsiGzuMY0LrkiQKUGZe818aDMPAdEBxzua4h7B8d9vfuikQsNidenHptb X-Received: by 2002:a63:309:: with SMTP id 9mr26236972pgd.49.1557326679727; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=oVa1Lna4VuLFleJflJyHG9LQQG2m3HZYvi63sH8h1j1l5KClsXfz4f8b4gtDzynQou RPeIxW0xsHuEgLLPtAgl/U6qtpSAfxpljKgMuD5C5lNnnhVzqJBDVqisjQZ4FXgnnaNs hhNpBBQWQwmz8AAKpYUi91Jx+PCL/PdKVN25ft19ZJOg6QOQGcZbgJMxyvZXqxBFFvsj GgL/Z5QTSDcGDjuXwBHuOV967A47Miux9LZcQ9/nusjIxososKkt8xsnRwRPRijPjfTx hJuuHNEcY51qGNdOpotSve6PTdkUkPDqMtxFOB6e6q3yQsde76Akk17+5Y9VG8HruzNA g8LA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Fyr98K7S1me9TsMulAhHdp7GU89gOrJm0h1JtvOHlB0=; b=xQt92rSVbUhIW0RUSe+a5dUAFpojuf3F2c+B5mHWLwCvLXv/a38X2zd24j02uBA0nu UeGao/FopMdZdbY3unLpwAe6Iq1tVXnG/+90dL2zx1EeDgCy2l4kbANg0lV8CBDV3tRK sNqWOLqSZgAmDTBV5tBmJ/xM5YB5VYOgxiZMfH4st3hGyLaBYSeV4diVhQErAdEheRm9 4rbBhQPfU69JDeKanL4XRWWk9jkYKIRDZ3neKyHAPRjp/Zf5+rf//zNtbegqYqZM0okG pBfvX5e9xNM3SKHvZStZ9hMVftrOcw8f0fj7KIK6I3LvTncj5dJJiZNbl7TiHQrENDhn O1LQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id w14si24148884ply.226.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656525" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 15EF358A; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 09/62] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() Date: Wed, 8 May 2019 17:43:29 +0300 Message-Id: <20190508144422.13171-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP An encrypted VMA will have KeyID stored in vma->vm_page_prot. This way we don't need to do anything special to setup encrypted page table entries and don't need to reserve space for KeyID in a VMA. This patch changes _PAGE_CHG_MASK to include KeyID bits. Otherwise they are going to be stripped from vm_page_prot on the first pgprot_modify(). Define PTE_PFN_MASK_MAX similar to PTE_PFN_MASK but based on __PHYSICAL_MASK_SHIFT. This way we include whole range of bits architecturally available for PFN without referencing physical_mask and mktme_keyid_mask variables. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/pgtable_types.h | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index d6ff0bbdb394..7d6f68431538 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -117,12 +117,25 @@ _PAGE_ACCESSED | _PAGE_DIRTY) /* - * Set of bits not changed in pte_modify. The pte's - * protection key is treated like _PAGE_RW, for - * instance, and is *not* included in this mask since - * pte_modify() does modify it. + * Set of bits not changed in pte_modify. + * + * The pte's protection key is treated like _PAGE_RW, for instance, and is + * *not* included in this mask since pte_modify() does modify it. + * + * They include the physical address and the memory encryption keyID. + * The paddr and the keyID never occupy the same bits at the same time. + * But, a given bit might be used for the keyID on one system and used for + * the physical address on another. As an optimization, we manage them in + * one unit here since their combination always occupies the same hardware + * bits. PTE_PFN_MASK_MAX stores combined mask. + * + * Cast PAGE_MASK to a signed type so that it is sign-extended if + * virtual addresses are 32-bits but physical addresses are larger + * (ie, 32-bit PAE). */ -#define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ +#define PTE_PFN_MASK_MAX \ + (((signed long)PAGE_MASK) & ((1ULL << __PHYSICAL_MASK_SHIFT) - 1)) +#define _PAGE_CHG_MASK (PTE_PFN_MASK_MAX | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE) From patchwork Wed May 8 14:43:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935807 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5AD58924 for ; Wed, 8 May 2019 14:44:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AE1A283B0 for ; Wed, 8 May 2019 14:44:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3CCDC2844B; Wed, 8 May 2019 14:44:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CD084283B0 for ; Wed, 8 May 2019 14:44:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CEA376B0270; Wed, 8 May 2019 10:44:41 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id BF8CD6B026E; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9FB1A6B026D; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id 550126B026A for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id 5so6721700pff.11 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=rhG5yn7GLfSHaDKkVIZRLQk3h60qOXt5jTZAW01pjMo=; b=tsVZRKp3WkI8dfz52GUTa8hL45QnFqwpRtme4FAZoF+lBXV7yLWtVQp4nIEOxZ2Mwz R3knAiTUNuHA0urd5BTaGjJBym8C9sN3Qgik25gUjJDqCffktOfdYQsZHkIQ29m/XsRJ QC8GWOFuuzuPA+cgfGKg9o1FcT8do9e3D43F6J8qwgKxwK+EpfK2SHf9BfambI1SGVum N5/owJHpVsosZJke8/STyCHxQjtZ6qmKkRlbt0vr0oCQRmOdCa5C0cFSCpbaHM3gS2wI 6hjENVoUvUVqRRWyvqqZnU1zh9sZx0RjI77/eC77Gmwto0hMibw++hEfwm1oGjNBuaNe cndw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVQdd+HwgUgK33NsYy6wyHSsJ5yHEW71IRUr4Grzz/ZyXdibBX2 EUWPZHDQ5wHgNFDj8ywFMM9K+qQ7anpMz24T6I9U5BVoZRrx3M6IbWGFxNOxp2X2gQY+k5rEgfp tpng8+OSUL7/cw0CeXQc/CcAFQP8U67WCMnd/jJUooXb/RL2sRQtmqKnxFeL9F15H0g== X-Received: by 2002:aa7:881a:: with SMTP id c26mr45687033pfo.254.1557326681004; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqwOfhFvQZxmXYO1V4XK1CZAgkZlqWKAlEunKSwIi446olE5dsMGWR9EBvmO6UTcNORw05B1 X-Received: by 2002:aa7:881a:: with SMTP id c26mr45686906pfo.254.1557326679880; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=VehZCG2xUC+fpcUt1Tcn4D4QjtMZCAuOWrGTHMtwUENlvUEJLD/pa6xeNR0AOovzkY w0tRuSerfEdVPDmrypNwRTTLfUfx2IMqtZqDTSId2zuXzbVZsVGHWYkvWKKn3N+nLdXU 5VB9OhNge4v+AA/xUa06bP02mHeIdsXtpd50E0RQ7dQm+rX+6NLwyiISBRSru40B/4he VLOeqUSNx93v90u/dSiFhH+OlHu3TxZ3l9Leas4VBOU4w5GQPLvdFjybV1Bw4F7QnHkf 0Lf1JfGw3DKJQEWC4YMTRlv73tT8Qaul3PcJhujHe9QFGcZIBe66m98Y5Cd70kdT8J9N KaHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=rhG5yn7GLfSHaDKkVIZRLQk3h60qOXt5jTZAW01pjMo=; b=gXrR1p1wxkKZtk85D0g/tKJfWZinf07BO44HZmJJ73VBna9GhAciyHz/3j9F6cURon WRXMqLAbaD4FWB73w7u2AGmH/xs+d9XSc16C6Ff6qGywx6d6XLkTSBbrH2vE2SkYDNTj sf87qoGRAU2kYRjReW89kjQd37lhkT940wJCQJDRNADr8Nlc/HZ9D/ygkg0G5+2RLRsK zFUefrzfkqgICFz3KMi+sfJsGEHAxQVG4YjkWVGzPr5TjKpxVxtx/lxwn68xbsuAHIUQ UOdDV2JHtNkMzejNakZRVEUlq1oYY0Rp9/EyZTZ4Od0U6rPrtQjClhywO0QgXgbsVDjT VGzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id k12si23661077pls.436.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 243E9709; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 10/62] x86/mm: Detect MKTME early Date: Wed, 8 May 2019 17:43:30 +0300 Message-Id: <20190508144422.13171-11-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP We need to know the number of KeyIDs before page_ext is initialized. We are going to use page_ext to store KeyID and it would be handly to avoid page_ext allocation if there's no MKMTE in the system. page_ext initialization happens before full CPU initizliation is complete. Move detect_tme() call to early_init_intel(). Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index e271264e238a..4c9fadb57a13 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -161,6 +161,8 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) return false; } +static void detect_tme(struct cpuinfo_x86 *c); + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -311,6 +313,9 @@ static void early_init_intel(struct cpuinfo_x86 *c) */ if (detect_extended_topology_early(c) < 0) detect_ht_early(c); + + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme(c); } #ifdef CONFIG_X86_32 @@ -791,9 +796,6 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_VMX)) detect_vmx_virtcap(c); - if (cpu_has(c, X86_FEATURE_TME)) - detect_tme(c); - init_intel_energy_perf(c); init_intel_misc_features(c); From patchwork Wed May 8 14:43:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935819 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79DB4924 for ; Wed, 8 May 2019 14:45:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68461283B0 for ; Wed, 8 May 2019 14:45:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5BAB32844B; Wed, 8 May 2019 14:45:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BCA39283B0 for ; Wed, 8 May 2019 14:45:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1E81F6B026B; Wed, 8 May 2019 10:44:43 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 1C1256B026E; Wed, 8 May 2019 10:44:43 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B22B6B026F; Wed, 8 May 2019 10:44:43 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id B613E6B026B for ; Wed, 8 May 2019 10:44:42 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id d7so7324659pgc.8 for ; Wed, 08 May 2019 07:44:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sM37wl1NnlRkUU+xXEZgDRNuEPDgwwOxsEwMR2MysS0=; b=knbsbnIgiJ9D1krJbEW1HemoIE0zq3xmzAGCgS02PmQOvoINhrG4QumD9M2//PNDio RRJgnZGdIxvFGgcGCyaXrwTy+iAzs4E5bCLh2F4xl9u9mS0HCjJJZ1Uj8mBIp4YJhoNb EW2h61AmJJJ1YXUXHE815qcTncJwRw/wkvsZP+jf2qY31KHb7KF1bIcLahtWmsnLcXoo A1aedL2oD2xJPzJTj1gKqVizTcjeMwVF5d8pnikYHg6/uePXYDd/eGmYbLsFbw6axobu WrcoYEwP+UHRHOKlsRGzs8u+swBwzmK9e7kuWhZr8/4IlQOZ4s4gyCneI9WmMVvfC60G HkLw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAV9k0QcJxmBB6TfN+rXni+bRkYhOFKBsEZZBF1xPeHcOU3BDwqP Zc1K22HnMd3p73CqRG0w0L6d4SQ06c4KbXOCP6cHPo782I10fHZ0fbpiHmFUdIubCqtqPwHxc64 quJpB5g5uouJI6YN73o/2MyVQAk+gE2s14updfK8SO/nLRtnIpEJ0fNzFtfedRbd+jQ== X-Received: by 2002:a63:ca0b:: with SMTP id n11mr46269068pgi.442.1557326682341; Wed, 08 May 2019 07:44:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqzygp4zGPDIH1VHh3vvlv8lDzcZZkpa+7Pl7UBKLR8TmG4y2hXqTB1ZsG9fIJMWHZUapZx/ X-Received: by 2002:a63:ca0b:: with SMTP id n11mr46268913pgi.442.1557326680855; Wed, 08 May 2019 07:44:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326680; cv=none; d=google.com; s=arc-20160816; b=CF3XzC6MeYCFqAH0/uN8vgB5nOWYZwiJV6N5Zl/nCx23owccRtlZwgVrTRh+JmNrSF VSNtG5aWT+E9aSoC3s4pZBIogu3SBEcBxTnjkaTcWsSgJbzYH2f5rww2y+DDTdt+8PU8 T6DlUmlmMZ5giU8FEDwYwOMKWnnOsivSsMuw/aZIkyuZIJf19N/IPPa9OGgujJIegIaC aDi86+s0MjTypHpjsFZQb357lW4PAtzakQsnoT89M7Mf0zeKI4YAd2Ksuym/Twqz++Uy RTiByoW8IpP25j9Twny5Dc6DCvp4nMQT6cWRMSGJulUtwNmloYwbrAqsgl0i6Jfm5UtD S8HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=sM37wl1NnlRkUU+xXEZgDRNuEPDgwwOxsEwMR2MysS0=; b=z5ljH/hLrkswXp2tkCOAO20nQ8heT/ZQfDQ+OutIpKOLWboBKwVCnyK+RIAOJrb1VC wwivJbN9e/fRPaECxmAZVTaq2J9lTyl/kMRDuMnRA4BjrapGEYVEZeSjY4ugw2Ab/dj/ FrX7Jf7cERkMZEJZWduay/oWxZh4WRI9eMF29JULJpLNFn+kn8xYiOulT6Xerp9EOSAR RjUTNgzqViOgiEPZKyXsGThn3U4cRYnUIf3CG8+eh8k1A1ayICc14eE2T4gcoNcL1Ynu flf8pKuX98zlg/nvufnKumIxeSye/TuKht6uqRkZ/KYouvwolNhBEsHAOSsjTN5+LEGq VoFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id f6si24524459plf.90.2019.05.08.07.44.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:40 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 323C8739; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 11/62] x86/mm: Add a helper to retrieve KeyID for a page Date: Wed, 8 May 2019 17:43:31 +0300 Message-Id: <20190508144422.13171-12-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP page_ext allows to store additional per-page information without growing main struct page. The additional space can be requested at boot time. Store KeyID in bits 31:16 of extended page flags. These bits are unused. page_keyid() returns zero until page_ext is ready. page_ext initializer enables a static branch to indicate that page_keyid() can use page_ext. The same static branch will gate MKTME readiness in general. We don't yet set KeyID for the page. It will come in the following patch that implements prep_encrypted_page(). All pages have KeyID-0 for now. page_keyid() will be used by KVM which can be built as a module. We need to export mktme_enabled_key to be able to inline page_keyid(). Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 28 ++++++++++++++++++++++++++++ arch/x86/include/asm/page.h | 1 + arch/x86/mm/mktme.c | 21 +++++++++++++++++++++ include/linux/mm.h | 2 +- include/linux/page_ext.h | 11 ++++++++++- mm/page_ext.c | 3 +++ 6 files changed, 64 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index df31876ec48c..51f831b94179 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -2,15 +2,43 @@ #define _ASM_X86_MKTME_H #include +#include +#include #ifdef CONFIG_X86_INTEL_MKTME extern phys_addr_t mktme_keyid_mask; extern int mktme_nr_keyids; extern int mktme_keyid_shift; + +DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); +static inline bool mktme_enabled(void) +{ + return static_branch_unlikely(&mktme_enabled_key); +} + +extern struct page_ext_operations page_mktme_ops; + +#define page_keyid page_keyid +static inline int page_keyid(const struct page *page) +{ + if (!mktme_enabled()) + return 0; + + return lookup_page_ext(page)->keyid; +} + + #else #define mktme_keyid_mask ((phys_addr_t)0) #define mktme_nr_keyids 0 #define mktme_keyid_shift 0 + +#define page_keyid(page) 0 + +static inline bool mktme_enabled(void) +{ + return false; +} #endif #endif diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h index 7555b48803a8..39af59487d5f 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -19,6 +19,7 @@ struct page; #include +#include extern struct range pfn_mapped[]; extern int nr_pfn_mapped; diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 91a415612519..9dc256e3654b 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -9,3 +9,24 @@ phys_addr_t mktme_keyid_mask; int mktme_nr_keyids; /* Shift of KeyID within physical address. */ int mktme_keyid_shift; + +DEFINE_STATIC_KEY_FALSE(mktme_enabled_key); +EXPORT_SYMBOL_GPL(mktme_enabled_key); + +static bool need_page_mktme(void) +{ + /* Make sure keyid doesn't collide with extended page flags */ + BUILD_BUG_ON(__NR_PAGE_EXT_FLAGS > 16); + + return !!mktme_nr_keyids; +} + +static void init_page_mktme(void) +{ + static_branch_enable(&mktme_enabled_key); +} + +struct page_ext_operations page_mktme_ops = { + .need = need_page_mktme, + .init = init_page_mktme, +}; diff --git a/include/linux/mm.h b/include/linux/mm.h index 07c36f4673f6..2684245f8503 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1607,7 +1607,7 @@ static inline int vma_keyid(struct vm_area_struct *vma) #endif #ifndef page_keyid -static inline int page_keyid(struct page *page) +static inline int page_keyid(const struct page *page) { return 0; } diff --git a/include/linux/page_ext.h b/include/linux/page_ext.h index f84f167ec04c..d9c5aae9523f 100644 --- a/include/linux/page_ext.h +++ b/include/linux/page_ext.h @@ -23,6 +23,7 @@ enum page_ext_flags { PAGE_EXT_YOUNG, PAGE_EXT_IDLE, #endif + __NR_PAGE_EXT_FLAGS }; /* @@ -33,7 +34,15 @@ enum page_ext_flags { * then the page_ext for pfn always exists. */ struct page_ext { - unsigned long flags; + union { + unsigned long flags; +#ifdef CONFIG_X86_INTEL_MKTME + struct { + unsigned short __pad; + unsigned short keyid; + }; +#endif + }; }; extern void pgdat_page_ext_init(struct pglist_data *pgdat); diff --git a/mm/page_ext.c b/mm/page_ext.c index d8f1aca4ad43..1af8b82087f2 100644 --- a/mm/page_ext.c +++ b/mm/page_ext.c @@ -68,6 +68,9 @@ static struct page_ext_operations *page_ext_ops[] = { #if defined(CONFIG_IDLE_PAGE_TRACKING) && !defined(CONFIG_64BIT) &page_idle_ops, #endif +#ifdef CONFIG_X86_INTEL_MKTME + &page_mktme_ops, +#endif }; static unsigned long total_usage; From patchwork Wed May 8 14:43:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935821 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 95445924 for ; Wed, 8 May 2019 14:45:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 84D49283B0 for ; Wed, 8 May 2019 14:45:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 787902844B; Wed, 8 May 2019 14:45:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0ABDA283B0 for ; Wed, 8 May 2019 14:45:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A25D46B026F; Wed, 8 May 2019 10:44:43 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9AF0C6B0271; Wed, 8 May 2019 10:44:43 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 876BB6B0272; Wed, 8 May 2019 10:44:43 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by kanga.kvack.org (Postfix) with ESMTP id 3FAC66B026F for ; Wed, 8 May 2019 10:44:43 -0400 (EDT) Received: by mail-pl1-f197.google.com with SMTP id y1so5441672plr.13 for ; Wed, 08 May 2019 07:44:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=14T31bfznPI+LnnwAYK8Vb1jSm85ESHn0/2GAcqthOk=; b=Lq9RKnTYR8/XpRQm6N0BayklSqIF7sZUjbsLsa3ELEXHPGfb73Q/lvI6iro/o6XYB5 aI0fhSimv4aqvDmYZV966h6VZBD6sMy91HwZzASDJ5mTDuzXNOtJZ2DVmEA0N7Ux03FU h/kt/E7e6nxwzP/n1LxEx3dh2n/509OVgawNDdICweqhNWh7bIOtDxcJY6fkQpQkGY5P rhzoI0dGI8nstBSsTEDbiqFt7GEe98fgEE/3YRQEeWpce1J0MVKRa+sJWbNQ7KRugzu7 5pVD0KhyEHVTcWtR2CxsyXJtbEhqZU4fInbCMy3JnnealSULe9kCVS+3oPcktJJx6aSh OgDw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVmHV5StiF9eDJs8/Chq/Q7eR/sT4vf6Pu6sn/HSs5nVnisbRnk OwbsXX9jh82NFxekZgIEH5Hb5D+v3kxzBeQPiL01z99oLvvBy43wMvYH6Dwy2pLi9XZU0i+TiiH ANubMf8PAJ4uHnGYAZ+d9Egfv7+q7S8rcuROWKrUHjO224S6lnL4yiu7OuLofRu1odg== X-Received: by 2002:a63:d408:: with SMTP id a8mr46373303pgh.184.1557326682862; Wed, 08 May 2019 07:44:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqwAOAs3G2UmbZ6cQZ9dSRYaJxkh7GLPTEhkwQu7DGABPzoB3jwLUrh10s2c+akN5to5TgWC X-Received: by 2002:a63:d408:: with SMTP id a8mr46373181pgh.184.1557326681552; Wed, 08 May 2019 07:44:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326681; cv=none; d=google.com; s=arc-20160816; b=qJlu8AUy2qLjnKhsww7UTmjJG2zROsvnsQqPZLuJHQpQVElCtl+TX9+IejHo8RlkFP /1KyQsS1hV3/GsoYEiFyEeVqfIxvAIk6NacjOa7opIPtoKubVMHzA0yfOFNrpfhFO/Xh Srd24Dx0CmNQ7iheKboAoo5nfcAlKUkMMzYqpBhNCd+mQS1WxjZPgeUyq5cr/Y4FVJWl W+1UIwUO8bFeYbXNm4bFE3dgy6Mfrs6DKX3UqdMlsuOBVF76Bz5q1ZqDpzo7PetEKryy RH96zWLN7VdnkIgAbLlUI7yAqPeuAsBq7axTC0OlWN+f1JgvgzasUak7OEmqBNda4VaQ Qjlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=14T31bfznPI+LnnwAYK8Vb1jSm85ESHn0/2GAcqthOk=; b=Vu5bJwcr4uXlKrXUBYnbUvOXRDVWzZI63QUUWnsVfWoai5SBNV0FUYXZY7alCR5TFJ gDJCcc6GOUo0+A4sCW8BeFYuXrZDPW5SC+cvrbNPru3aGsA54gdOD5LNvbqrJ6vBUjmJ wek49xAm9isTCvO+vSNwdeNl6pz5BghwuCLXsujXSRLlMVeJS4GnXC6hIEGpfMA84SNS a4xIJG1uiF4mMBsKkAXZK5Wn26nk3xSsnu6zaa7zKGJmzG8MX5SjR9YOjGdBSYWAy3Jb cLOUmLdKCsiIK38tw3mgeBXx6wU46cxS/osbBFtD7OqRk9P/4KipbnKcyUd8DqOdDBTL 59pw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga17.intel.com (mga17.intel.com. [192.55.52.151]) by mx.google.com with ESMTPS id b11si666839pge.440.2019.05.08.07.44.41 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) client-ip=192.55.52.151; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:40 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga003.jf.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 3EF8574A; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 12/62] x86/mm: Add a helper to retrieve KeyID for a VMA Date: Wed, 8 May 2019 17:43:32 +0300 Message-Id: <20190508144422.13171-13-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP We store KeyID in upper bits for vm_page_prot that match position of KeyID in PTE. vma_keyid() extracts KeyID from vm_page_prot. With KeyID in vm_page_prot we don't need to modify any page table helper to propagate the KeyID to page table entires. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 12 ++++++++++++ arch/x86/mm/mktme.c | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 51f831b94179..b5afa31b4526 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -5,6 +5,8 @@ #include #include +struct vm_area_struct; + #ifdef CONFIG_X86_INTEL_MKTME extern phys_addr_t mktme_keyid_mask; extern int mktme_nr_keyids; @@ -28,6 +30,16 @@ static inline int page_keyid(const struct page *page) } +#define vma_keyid vma_keyid +int __vma_keyid(struct vm_area_struct *vma); +static inline int vma_keyid(struct vm_area_struct *vma) +{ + if (!mktme_enabled()) + return 0; + + return __vma_keyid(vma); +} + #else #define mktme_keyid_mask ((phys_addr_t)0) #define mktme_nr_keyids 0 diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 9dc256e3654b..d4a1a9e9b1c0 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,3 +1,4 @@ +#include #include /* Mask to extract KeyID from physical address. */ @@ -30,3 +31,9 @@ struct page_ext_operations page_mktme_ops = { .need = need_page_mktme, .init = init_page_mktme, }; + +int __vma_keyid(struct vm_area_struct *vma) +{ + pgprotval_t prot = pgprot_val(vma->vm_page_prot); + return (prot & mktme_keyid_mask) >> mktme_keyid_shift; +} From patchwork Wed May 8 14:43:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935815 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D7EF61515 for ; Wed, 8 May 2019 14:45:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C9E99283B0 for ; Wed, 8 May 2019 14:45:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BD5CA2844C; Wed, 8 May 2019 14:45:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46466283B0 for ; Wed, 8 May 2019 14:45:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 96D106B0010; Wed, 8 May 2019 10:44:42 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6C6116B026C; Wed, 8 May 2019 10:44:42 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 060F66B0010; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id A0AF36B026A for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id a8so12752857pgq.22 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sEAdbNfbRTCjC9a0sD0Qg1cJEdXEvR4Mo/Vl8HfdoKs=; b=BlIApVnySu83nJ7PtM98wedTjQ2wGmlO5OpC79HJt1JEpJzaT8KFeSX5HiU84egK+o rGvlQplGeltvwiuyNKNg2caaJzPL8x1naPY5t2uGej1hUZYL/pXg9gSYWsVKtt+3OW6m 9CVVxi0cDSI6teysOUnPIX//yJmY0N3Ue6luLfaRjq0NDG07AOlO2BwXsBZIyCcnqyvf NfrcuWmC7o6YG3wyqdsE3ihsEOveWt92UswQcNxpfwi3Y54vR/n6E9GAzoaTwfvxpgax uXIzylSjUFqecmohqIp7017k1wn7WoYBHpwz29ejCYGUtTyGkq7tVn/moa2WzIh9pzMa 3qgw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWxKQ5EvfuKegLbJXdrKHIcCYtMxUUAeo8TEtIRuqtkAYhAY+lL dSY0Qilke8sGGVj8dueEtLKJrflu1HwlRWEi0/t8KpKv143Z83MqzHRG8TFc5dYKfUojU/St0IF dqha6wdC8rtgo2risEWjexLZPVy3HRSPrvxQzW8EnuRLXzmDYDQMutkTnkiPnuMWCRQ== X-Received: by 2002:a17:902:6842:: with SMTP id f2mr48111884pln.189.1557326681323; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqzJY5rjeaNDErnCt6n9U8z//3bbC9rmaY5UrxTmRH0IBDhF0Q+ZWSc3aj2ddriI1jYZpAqo X-Received: by 2002:a17:902:6842:: with SMTP id f2mr48111741pln.189.1557326679954; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=yB2jH2njjzpKFC7yjA9fiv8GwUUN7jqV1wShp4rfoSO+DZ0o2EWUzzgjZ+ewzChzz6 LH+JZhm5ZKtXnDe4jozZiQchuzlvO+zGkFkm5dWGPyDdLTZJhJDQ6w5EgtRlssP7ku9w Vqu92Z4jqtMjGM0Yywwhs8kSbJ0XIGmUUqcPhLJJpMY/jTWPKooP/9zz4zjeoQB7HFXu h4x5/x9WJaL2uZ1BfrsrudK17yUACn5lkushCgls5yaUaicng58j2NxZA1A4ezzXId7R NpgY84kU0JoQvT/fNCcc4K4CtzrFwOwTsUN7GwnUKlKVS8DPqdQOt7sgQpl7vhB7STx0 9/9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=sEAdbNfbRTCjC9a0sD0Qg1cJEdXEvR4Mo/Vl8HfdoKs=; b=GUcVFIWzmrl80VmRdo2gvoubRHClC6zBlAaU3raUmANqoPI1ZZtaDd0h4C4X4bdjuQ A/bGJBEvnxYd10QP4T1lkoyq9DCIVF3kev32z9+P9KzyKUFcSooHifmXramk2ng7jqKs 4dyikzMJ93h/acFMHoaZ9rQVrZM/myxTWOuXKtX9Yg6wGMEnhIf8nGH7m9qYGAVQ7iRz I3Tv1LdrM1PzWnFu+xi5qpgHX30fItLbeYH3MytwcEQoBQPJiqzJ4pI1hhm3d1GT3akU PhI5KTQwT6Z/gZP2t/rvayO+o9OdV0YPqxMwDl0wSNTWR6BNDTrJlJrVqSlzl3jDveFG 1dBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id w14si24148884ply.226.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656527" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 4C59F79C; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 13/62] x86/mm: Add hooks to allocate and free encrypted pages Date: Wed, 8 May 2019 17:43:33 +0300 Message-Id: <20190508144422.13171-14-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Hook up into page allocator to allocate and free encrypted page properly. The hardware/CPU does not enforce coherency between mappings of the same physical page with different KeyIDs or encryption keys. We are responsible for cache management. Flush cache on allocating encrypted page and on returning the page to the free pool. prep_encrypted_page() also takes care about zeroing the page. We have to do this after KeyID is set for the page. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 17 +++++++++++++ arch/x86/mm/mktme.c | 49 ++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index b5afa31b4526..6e604126f0bc 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -40,6 +40,23 @@ static inline int vma_keyid(struct vm_area_struct *vma) return __vma_keyid(vma); } +#define prep_encrypted_page prep_encrypted_page +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero); +static inline void prep_encrypted_page(struct page *page, int order, + int keyid, bool zero) +{ + if (keyid) + __prep_encrypted_page(page, order, keyid, zero); +} + +#define HAVE_ARCH_FREE_PAGE +void free_encrypted_page(struct page *page, int order); +static inline void arch_free_page(struct page *page, int order) +{ + if (page_keyid(page)) + free_encrypted_page(page, order); +} + #else #define mktme_keyid_mask ((phys_addr_t)0) #define mktme_nr_keyids 0 diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index d4a1a9e9b1c0..43489c098e60 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,4 +1,5 @@ #include +#include #include /* Mask to extract KeyID from physical address. */ @@ -37,3 +38,51 @@ int __vma_keyid(struct vm_area_struct *vma) pgprotval_t prot = pgprot_val(vma->vm_page_prot); return (prot & mktme_keyid_mask) >> mktme_keyid_shift; } + +/* Prepare page to be used for encryption. Called from page allocator. */ +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* All pages coming out of the allocator should have KeyID 0 */ + WARN_ON_ONCE(lookup_page_ext(page)->keyid); + lookup_page_ext(page)->keyid = keyid; + + /* Clear the page after the KeyID is set. */ + if (zero) + clear_highpage(page); + + page++; + } +} + +/* + * Handles freeing of encrypted page. + * Called from page allocator on freeing encrypted page. + */ +void free_encrypted_page(struct page *page, int order) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* Check if the page has reasonable KeyID */ + WARN_ON_ONCE(lookup_page_ext(page)->keyid > mktme_nr_keyids); + lookup_page_ext(page)->keyid = 0; + page++; + } +} From patchwork Wed May 8 14:43:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935811 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 10416924 for ; Wed, 8 May 2019 14:45:06 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F41EB283B0 for ; Wed, 8 May 2019 14:45:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E65DA28437; Wed, 8 May 2019 14:45:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 86DEF283B0 for ; Wed, 8 May 2019 14:45:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 377156B0269; Wed, 8 May 2019 10:44:42 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 28E926B026E; Wed, 8 May 2019 10:44:42 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CE8FC6B026C; Wed, 8 May 2019 10:44:41 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 6EF836B0010 for ; Wed, 8 May 2019 10:44:41 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id 13so12764222pfo.15 for ; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=SVmYwDv3j5Zqu2stWHOAZhr/mhJK4ly92EXT5VclcOA=; b=UQ9XBwvLLHW8tugJovCQ9XE8tJlLamcmqyGghTRt0WuNWKJ2w3KdVqnMiGU0npz6+D 7LX+2zl0i8cavwPxe4bY16RWigdestI3Gtp60rl97+3Hu5GubIkTkqE+ZzJ20ns8z1Os 8UZ1sCLzD/4gn4AxNEbLqq8+b60DoqqfNaBi5GS9x3C3+FCSiYOBp3wpoKZ7D9aohUCa ZMEQFTRfKAR4lAQiJUNceHXueaivd4pQmSmd/hruQ9uja+YwsyS/jMw1QoPcXpFnr+Bs +VseHYfWaIgmOWP+ri13BXAFY8T/0x4wG362h1hrTld8kAfiXMhftY3z7EbSnFPkWQ+X t+vQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVKuYy2vfIYcdellukLN01djqaNGEGLSwbsQXqZfoc4BX6NGdR1 cMO0ZBCVVTag3Oz33hdjtpRlGIssC0U5hwdGWxFAwHiV2sqvZm8fcLJveYl4v+PzpKYebK6XC7W dt8jXSdV3CYbwUu1jPjJohHbdeDcPzgbtC9JWMpr1XCAQR6jQCKWnJ9t+fPZMmviWbA== X-Received: by 2002:a63:9dc8:: with SMTP id i191mr46263963pgd.91.1557326681116; Wed, 08 May 2019 07:44:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqyq81PTSsHGVCzswobthbkq/K8TB/ITNQwQ9ww4MLZpg/MQsRNl9JlqNLruxDXDXpxIksS6 X-Received: by 2002:a63:9dc8:: with SMTP id i191mr46263848pgd.91.1557326679978; Wed, 08 May 2019 07:44:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326679; cv=none; d=google.com; s=arc-20160816; b=kTgSJlNn8kCuu6K42ct3SZqV6cGwugKw+3o2LBunvkrb5An86yIQ7USoIXc2qwR/vb HB8KtD/HSm/kwHXMSQrwLT8JuwSVCJgbAc2t1A8Y1lumRNwqL4Hghm2njLaDNLtKaadL N2HsfGra2K/hXyKGLvB/jTE5Vt29Se6crcWkmPrB+5dU8k57CUN1k+R895eXasDgGtRc xmIyEGTRVY6WNcTH0sE7RhHu1ppyuwIubXLHeXlTvlmkwZgaT3ugmIdXE7W24GHO3LuS K0Pir1F6jWBHgaZF/E68KoGEVNV2fKA69n5zLdgSW0O9JiYFrChIbRzy9ESZBpJ4e2qq 9f1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=SVmYwDv3j5Zqu2stWHOAZhr/mhJK4ly92EXT5VclcOA=; b=1I8kiHQQukB6/4FaU9WG/e3PfxVryeo1mY0UmohVhopGQDl6DDmzxvGZF1R+GGtlxC fInfHpM6XpbBVNjCEKkdzsqQ8pDVeuELqHX+ystX7ekZRuc54jIWMd9QL2dbJ84TrjYo S1ygyP62Q/VUCh0wLyWO0QLFjjPY5wGiIe59ZrI/mFcsaw+9Pf+6zXX3UP3wg/+6V8S1 FFbK/JT7f8BuQfe3iDwwiOmh+CUDJwsBTJIIY32i24OyrmVsLcXH9jmaZ7Otfu7TqqeF JQpNa84QUvphxqUkG6KB6POTa+B54f0TidAprEPlTf6kRMTrsquWRhkm7ttSrSBqu6Dl O66A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id j1si22102151pgp.557.2019.05.08.07.44.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) client-ip=192.55.52.88; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga004.fm.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 58DEC858; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 14/62] x86/mm: Map zero pages into encrypted mappings correctly Date: Wed, 8 May 2019 17:43:34 +0300 Message-Id: <20190508144422.13171-15-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Zero pages are never encrypted. Keep KeyID-0 for them. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/pgtable.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 50b3e2d963c9..59c3dd50b8d5 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -803,6 +803,19 @@ static inline unsigned long pmd_index(unsigned long address) */ #define mk_pte(page, pgprot) pfn_pte(page_to_pfn(page), (pgprot)) +#define mk_zero_pte mk_zero_pte +static inline pte_t mk_zero_pte(unsigned long addr, pgprot_t prot) +{ + extern unsigned long zero_pfn; + pte_t entry; + + prot.pgprot &= ~mktme_keyid_mask; + entry = pfn_pte(zero_pfn, prot); + entry = pte_mkspecial(entry); + + return entry; +} + /* * the pte page can be thought of an array like this: pte_t[PTRS_PER_PTE] * @@ -1133,6 +1146,12 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, #define mk_pmd(page, pgprot) pfn_pmd(page_to_pfn(page), (pgprot)) +#define mk_zero_pmd(zero_page, prot) \ +({ \ + prot.pgprot &= ~mktme_keyid_mask; \ + pmd_mkhuge(mk_pmd(zero_page, prot)); \ +}) + #define __HAVE_ARCH_PMDP_SET_ACCESS_FLAGS extern int pmdp_set_access_flags(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp, From patchwork Wed May 8 14:43:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935827 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3FA53924 for ; Wed, 8 May 2019 14:45:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2EA0F276D6 for ; Wed, 8 May 2019 14:45:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 224D82844C; Wed, 8 May 2019 14:45:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE29A276D6 for ; Wed, 8 May 2019 14:45:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9418B6B0272; Wed, 8 May 2019 10:44:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 67C8B6B0271; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 42F5C6B0273; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id 046436B0272 for ; Wed, 8 May 2019 10:44:45 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id n4so12805179pgm.19 for ; Wed, 08 May 2019 07:44:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=oy9k/lofk32Hk6frBD0fIszp4fG0mb5SPdi5BaNsex0=; b=bq+tJnqHFCcDCxkygtkTyfFZlYORMrDWu2pW4ZHZQd4O/6Yol6KqKraGtG0m96e4z7 lOiruj8yKySzrd6ZVD+ItpUlT0dD8OKbIpXOiUoczAT5GUdBQNVJ3oyNrusq3V3yT5R3 +CG7VAbHhwiSpV2gKZJNKiuiyIsfGYH+RiV8mllcD4FWD+f3p9BD7btJfJTRAntHuWu3 Nt3DHgA42LnYJ6x9pCWWyF7zleHnebAsbTI2eeJQzMj7R5e2FtOpVRLjXXoHadoxqWeP xWtcw/SNsPv1e3HCN7eW/gC90jj6LW6kFSFHof16hYGt1lA8wOmW/852q33+/fDdhTzN eLXw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU5We+X8SwkPN0YglPJTfdCjYoJWCwjt5dALNXqC3rqnzMFFNKw BrZ6QRPoZm75Tc+kmZo7eA3Ynt1qX2KqfDBVL6b1kl7y/J2SX5W6czZLMRied1x+Ij4Ulzn3Sz5 Ing8M6eqpnZHF4+N2CsnYE525B5uckbPMp1N7nFlbcPXFyEG4MupIhXn+xFcvKznUMg== X-Received: by 2002:a65:63c8:: with SMTP id n8mr12379005pgv.96.1557326684679; Wed, 08 May 2019 07:44:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqz5jLFhqm0AsnCbDCfFh4/aAkwl+KWrQ5yqvWdC/+g2LCC+w/bmxSFqqhUrfOEAtv2hWzXU X-Received: by 2002:a65:63c8:: with SMTP id n8mr12378922pgv.96.1557326683838; Wed, 08 May 2019 07:44:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326683; cv=none; d=google.com; s=arc-20160816; b=njr+sm+PUUyr542jK2q5NRY0zox9jm/LTKoXQFKd//AUZ83dOdDWKbmBEBptlVQLaA T2NF90iXKjDotEC1bzqeQrVYTJvyWFUm4HPKZJ7LizS1PRMqnN/iXeVc/AKadNTQzMdv NwwOvD81md/ggAHj/+9uH/w2MfdJDBm63x6MQ93nUeZq1I6qbMj19fenA3+lpQkkG7Ln 64PbbZjtJqeYsKWZdrPV6IwQAagfVNfuHgusgYattAxP8+Kd8p+VAs9ag1/l9zD0WLu2 J7yEMtbqZSwaSHIliJQV/KUgFPU36diFB6pTwGNPaq21sp8I5ra7gfgAfevscYPhsNEv kJIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=oy9k/lofk32Hk6frBD0fIszp4fG0mb5SPdi5BaNsex0=; b=jJtqpLiYjJcjArVE7AFxkAhEmfEsKfuVrzmZDXMzMtEhm3YuYIMUFlc0z4eMbkwQYk MHxJgsFN60UqvmnqreuLjYdqJMsZRjHEOTFoQbDz5WAfSFvKC6zxE1k5fHZWQrgMzNsb z1eFtWRcJ+lh3KgSsM1K+dPcRj4TkroPW3H/I0OGeqyUH6usFyzQyWVs1GKyAF2uxJ0z lOCwitqwAn85ekOlC7Bo1lk8dvwIM7wHZl/ZZeOZFHX85JhlKBqNy+ZAnsZ+8J6Ptl8K ks6X2tHO6zvgBam+uW/f6vLdd31DWpWtUn+keYSaR7nCW8iQ0Yk46VOCWBwqIYY2HwtT OqIQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id 90si19482350plb.86.2019.05.08.07.44.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:43 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 6629B926; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 15/62] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING Date: Wed, 8 May 2019 17:43:35 +0300 Message-Id: <20190508144422.13171-16-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Rename the option to CONFIG_MEMORY_PHYSICAL_PADDING. It will be used not only for KASLR. Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 2 +- arch/x86/mm/kaslr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 62fc3fda1a05..62cfb381fee3 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2201,7 +2201,7 @@ config RANDOMIZE_MEMORY If unsure, say Y. -config RANDOMIZE_MEMORY_PHYSICAL_PADDING +config MEMORY_PHYSICAL_PADDING hex "Physical memory mapping padding" if EXPERT depends on RANDOMIZE_MEMORY default "0xa" if MEMORY_HOTPLUG diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index d669c5e797e0..2228cc7d6b42 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -103,7 +103,7 @@ void __init kernel_randomize_memory(void) */ BUG_ON(kaslr_regions[0].base != &page_offset_base); memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + - CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING; + CONFIG_MEMORY_PHYSICAL_PADDING; /* Adapt phyiscal memory region size based on available memory */ if (memory_tb < kaslr_regions[0].size_tb) From patchwork Wed May 8 14:43:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935823 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0F74F1515 for ; Wed, 8 May 2019 14:45:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3291283B0 for ; Wed, 8 May 2019 14:45:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E73FB2844B; Wed, 8 May 2019 14:45:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7089E283B0 for ; Wed, 8 May 2019 14:45:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 67E9F6B0275; Wed, 8 May 2019 10:44:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 51C0C6B0272; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 398A86B0274; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id EA9466B0271 for ; Wed, 8 May 2019 10:44:44 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id d22so119108pgg.2 for ; Wed, 08 May 2019 07:44:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=yWHOhsSwc3WWUoJslsLAWQcHXdi9Dc2j78/2TZTMTFI=; b=K/vaTZg2FbSBqSIsGDl4P4+xbnGVBDbFyJSm7PYbLntuqKZ/oEkq0GEKZ4mBKlqq/P mawQFAk/O9yaE6VZeuMPQf284S5WbPcVhOfRnXbg9cHeuZkxh0rOKXS2QVQtIBFGfcw9 QT8RLdHwyuft/OMVR6zSwAOfo/RjJYeMM7NP0Y6H3VyJJ6hlFl+mIdu3qhx38SyxcWBf XJ2nRLt9r0P9I9GznygWonc1C1inLGsfTz/wOqoWyrZJ8qgu5hrSZclK7bB1qWR0yDV5 8xxW1iLP6Zxq6TxiinCcubTaDX18q95hZalt6jD/BcNR++c7nEmRLPEhjg4je6Zcs8De zqpQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXnfyXxWs5i6IbCs829FORsDLdn8PGWAQ6t6o8jpT7XbbbuhI0g 6WnbSYDqtdtH3epkdHxG0sKaWcGNdHSFoYPO/VUbAzO56k06TDVsyow93l6wj86fX6oL6q9k/QA lSBEveIRcya2k9A7vjtVzxwOJdlRXZ9Hx1JF12KWxKbkFIfiK+J8NyvpzOk5z7uw3KQ== X-Received: by 2002:a63:4a5a:: with SMTP id j26mr9001682pgl.361.1557326684610; Wed, 08 May 2019 07:44:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqy+Wk2tXComJ8de/b5g4SCwf4zJfUE2dkXyBTsHRWUTOWxx7+J4I1K29v8LgIeIl2g2u+NZ X-Received: by 2002:a63:4a5a:: with SMTP id j26mr9001568pgl.361.1557326683390; Wed, 08 May 2019 07:44:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326683; cv=none; d=google.com; s=arc-20160816; b=YrkbF9DPwep9Hy8SLzGhQjjiq5cWemPz5IxM10tXyK88i/oWMjMDHR1i6+vr+7HgRH R/PLmgM2l8m3DGBpszEYJtdQMC1LTGtF21ymjoHrD/XpwNNBLGFiVL1K46LmrEtE1a0k EzQxyPUgulm+09Wdj9nIIAFwVHVyjWOsw+e0f34I/Pjeb81nXMcO6iXYBrqWDGxjZ+cz bojSzC7pXlO9UGZAb52CjCVeYRe6IWJwI3EZAeXY+MKW08C2PEJpwjMmZjXw8B2BZZ4i F3064YQ3vIu9pbIQEeKTS7F0mQ4tV66UsbWPcCoF+coqvAc46YEzDFWTwd87fGsRes7r Tdbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=yWHOhsSwc3WWUoJslsLAWQcHXdi9Dc2j78/2TZTMTFI=; b=F0GMQzFGd5ZDhwOs2T9aAEy5ylssjO3W2uIL8dUlw91dwrdx8Zjzt5HeLMRn6uoWvV a5E6bqsyl6uHRtGD2ChbZm33I3eyZvDcM2KXsSz02LvMpZDaTXdV0pEj5TlItsNw7CIw Q8cicPHEjVruK7kT4QvbEElGEyBEwipAig/akWEuJl6P+B8+0ZOLnIsDD2HkNhmHRyln g4sbKS5WPC6JieCsUwu5m73Y9OHhX4LntiCno8RUGCojxK2mndsjrALnCQjb1F0uqhcX ZJ3eBW8yCxTdNgjjGb09y0wa+/W2nr8VA8tCYd88V2rkkCHmRIK3/Pvj33mm5pS8Sgwh wHGw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:43 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 74047949; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 16/62] x86/mm: Allow to disable MKTME after enumeration Date: Wed, 8 May 2019 17:43:36 +0300 Message-Id: <20190508144422.13171-17-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The new helper mktme_disable() allows to disable MKTME even if it's enumerated successfully. MKTME initialization may fail and this functionality allows system to boot regardless of the failure. MKTME needs per-KeyID direct mapping. It requires a lot more virtual address space which may be a problem in 4-level paging mode. If the system has more physical memory than we can handle with MKTME the feature allows to fail MKTME, but boot the system successfully. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 5 +++++ arch/x86/kernel/cpu/intel.c | 5 +---- arch/x86/mm/mktme.c | 10 ++++++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 6e604126f0bc..454d6d7c791d 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -18,6 +18,8 @@ static inline bool mktme_enabled(void) return static_branch_unlikely(&mktme_enabled_key); } +void mktme_disable(void); + extern struct page_ext_operations page_mktme_ops; #define page_keyid page_keyid @@ -68,6 +70,9 @@ static inline bool mktme_enabled(void) { return false; } + +static inline void mktme_disable(void) {} + #endif #endif diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 4c9fadb57a13..f402a74c00a1 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -618,10 +618,7 @@ static void detect_tme(struct cpuinfo_x86 *c) * We must not allow onlining secondary CPUs with non-matching * configuration. */ - physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; - mktme_keyid_mask = 0; - mktme_keyid_shift = 0; - mktme_nr_keyids = 0; + mktme_disable(); } #endif diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 43489c098e60..9221c894e8e9 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -15,6 +15,16 @@ int mktme_keyid_shift; DEFINE_STATIC_KEY_FALSE(mktme_enabled_key); EXPORT_SYMBOL_GPL(mktme_enabled_key); +void mktme_disable(void) +{ + physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + mktme_keyid_mask = 0; + mktme_keyid_shift = 0; + mktme_nr_keyids = 0; + if (mktme_enabled()) + static_branch_disable(&mktme_enabled_key); +} + static bool need_page_mktme(void) { /* Make sure keyid doesn't collide with extended page flags */ From patchwork Wed May 8 14:43:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935839 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28F6F1515 for ; Wed, 8 May 2019 14:45:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17D63276D6 for ; Wed, 8 May 2019 14:45:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 096BF2844B; Wed, 8 May 2019 14:45:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2BB72276D6 for ; Wed, 8 May 2019 14:45:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BFD7F6B027E; Wed, 8 May 2019 10:44:47 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id AE9FE6B027C; Wed, 8 May 2019 10:44:47 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 939816B027B; Wed, 8 May 2019 10:44:47 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id 58CB26B0278 for ; Wed, 8 May 2019 10:44:47 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id z7so12816007pgc.1 for ; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=F0ymXJAnrrXyppjxA1B59vs7TgNB0ViOHAJtcr83nEY=; b=g3OvjigzULXs7DEQwNFis/ieQN6h+ATZOI6ThcI+PGgY46EF5WjbuPjNLmrXS7xc/H ofPJT3repHi/JEAXCXIpxmPjRZwhFirlcswz+5PlZa/TgHfHy3igSstdvriP8GSjIF6A byCOyuEV4VYHXcVfE3OQiP6oSpidQDPcnABe5fKu0stqFtredFkHMJ0NWv85XewTsqGC Xx7kq61qJA4relnhpCXfI5qRQex/cGEwZP8y744s1kJywUQ+4Vkzq+5APIQc0aqzJB7o extDz/bpcKPYb/dGVpFZj0JROhe/YTTKjAcD/b96ExCcCJ843YwxvLnS+bYqC7/wyLIB akgQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVLKKJ20WRCOrTnYm9ruYwZ/qAD8nBmOiK8CcZwdOG5lwsAmFRI xHJ+dq1c0zM4SP2XwimXi9RCq5z1WLmlmYnRFSWgxmiFbZCPwV4o98TETV8B8gNcYX9Kl75W70k xsjlTTSg05IX5y/OFYI88v9nGuNwH/MmoH+KcjGFUKj9Yo+jnzivtQ3HjHvZN+UUxRQ== X-Received: by 2002:a17:902:201:: with SMTP id 1mr1448316plc.89.1557326686968; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqzG4cGBjtFCee5AXl/UzxqPwj8Wku/7rrdORvJM3mGfn+mTF10rkf95gXlAPZrJxSph537m X-Received: by 2002:a17:902:201:: with SMTP id 1mr1448210plc.89.1557326685781; Wed, 08 May 2019 07:44:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326685; cv=none; d=google.com; s=arc-20160816; b=hHBvtdm3QB1rEjwMLZ6QUnvrQMta17LPzbfThckhTSWQRLJplX2jOjaWGJFJQerNrA ey19T63/8IAjWuzHokvvhkByzDUJAP8cMcngqpwY0/kqei9N5wD4PKan3u8/tukxe4nG AO4de5izjpQP4okWZVXGP68b54kWbC8ryZCTlgvORx2MqLc00XQ3Nh/mcnjPbLr2yLqv ydQz9XRq49iNfrhUlOKLt/1YtTBr4DJSwvbKAiqnI98nMrTApMO5D/AmguQeYWSNKnAS 4AvGDVtW5CRRCABce5LwNqyJWUndQGXK0HRwHiS5u3DOshphbFSNZ/PSVVnBekSW3EED h4NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=F0ymXJAnrrXyppjxA1B59vs7TgNB0ViOHAJtcr83nEY=; b=aJqbjJnR9/19RYPZql90QiyPRyqG1nJt+92XXglJyUE3MxGI3nAIgmOzEep+TA3ha4 UUoFrAQBMm9aSWWlaonDHKTBhe2BznLIZiSIbmICctrULqEU5hAMPVbbtpG+5gdcYvVx LKFcOtCQuS88NFj7z+DXefBHyLtOT4cYkEV70LVe0rcoAD+ag3aZG2kcF/2bGFGM6+/K 9JaNCmgbIYUCfzxiqx3erFXjll0MrJdbqplL1ileO0+5JCC6iQCJ2TCXxpYhDlsRGnf1 ieSGA0AxVj5d802RwC189vTPrsQi3gzGWLpJGY/+OS4B1YQ5GeNqawWR4jAXg79/sg/K L6Ug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id y4si21166079pgv.154.2019.05.08.07.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga008.jf.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 8189A9B0; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 17/62] x86/mm: Calculate direct mapping size Date: Wed, 8 May 2019 17:43:37 +0300 Message-Id: <20190508144422.13171-18-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The kernel needs to have a way to access encrypted memory. We have two option on how approach it: - Create temporary mappings every time kernel needs access to encrypted memory. That's basically brings highmem and its overhead back. - Create multiple direct mappings, one per-KeyID. In this setup we don't need to create temporary mappings on the fly -- encrypted memory is permanently available in kernel address space. We take the second approach as it has lower overhead. It's worth noting that with per-KeyID direct mappings compromised kernel would give access to decrypted data right away without additional tricks to get memory mapped with the correct KeyID. Per-KeyID mappings require a lot more virtual address space. On 4-level machine with 64 KeyIDs we max out 46-bit virtual address space dedicated for direct mapping with 1TiB of RAM. Given that we round up any calculation on direct mapping size to 1TiB, we effectively claim all 46-bit address space for direct mapping on such machine regardless of RAM size. Increased usage of virtual address space has implications for KASLR: we have less space for randomization. With 64 TiB claimed for direct mapping with 4-level we left with 27 TiB of entropy to place page_offset_base, vmalloc_base and vmemmap_base. 5-level paging provides much wider virtual address space and KASLR doesn't suffer significantly from per-KeyID direct mappings. It's preferred to run MKTME with 5-level paging. A direct mapping for each KeyID will be put next to each other in the virtual address space. We need to have a way to find boundaries of direct mapping for particular KeyID. The new variable direct_mapping_size specifies the size of direct mapping. With the value, it's trivial to find direct mapping for KeyID-N: PAGE_OFFSET + N * direct_mapping_size. Size of direct mapping is calculated during KASLR setup. If KALSR is disabled it happens during MKTME initialization. With MKTME size of direct mapping has to be power-of-2. It makes implementation of __pa() efficient. Signed-off-by: Kirill A. Shutemov --- Documentation/x86/x86_64/mm.txt | 4 +++ arch/x86/include/asm/page_32.h | 1 + arch/x86/include/asm/page_64.h | 2 ++ arch/x86/include/asm/setup.h | 6 ++++ arch/x86/kernel/head64.c | 4 +++ arch/x86/kernel/setup.c | 3 ++ arch/x86/mm/init_64.c | 58 +++++++++++++++++++++++++++++++++ arch/x86/mm/kaslr.c | 11 +++++-- 8 files changed, 86 insertions(+), 3 deletions(-) diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt index 804f9426ed17..81a1b96e0902 100644 --- a/Documentation/x86/x86_64/mm.txt +++ b/Documentation/x86/x86_64/mm.txt @@ -132,6 +132,10 @@ The direct mapping covers all memory in the system up to the highest memory address (this means in some cases it can also include PCI memory holes). +With MKTME, we have multiple direct mappings. One per-KeyID. They are put +next to each other. PAGE_OFFSET + N * direct_mapping_size can be used to +find direct mapping for KeyID-N. + vmalloc space is lazily synchronized into the different PML4/PML5 pages of the processes using the page fault handler, with init_top_pgt as reference. diff --git a/arch/x86/include/asm/page_32.h b/arch/x86/include/asm/page_32.h index 94dbd51df58f..8bce788f9ca9 100644 --- a/arch/x86/include/asm/page_32.h +++ b/arch/x86/include/asm/page_32.h @@ -6,6 +6,7 @@ #ifndef __ASSEMBLY__ +#define direct_mapping_size 0 #define __phys_addr_nodebug(x) ((x) - PAGE_OFFSET) #ifdef CONFIG_DEBUG_VIRTUAL extern unsigned long __phys_addr(unsigned long); diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index 939b1cff4a7b..f57fc3cc2246 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -14,6 +14,8 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long direct_mapping_size; +extern unsigned long direct_mapping_mask; static inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index ed8ec011a9fd..d2861074cf83 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -62,6 +62,12 @@ extern void x86_ce4100_early_setup(void); static inline void x86_ce4100_early_setup(void) { } #endif +#ifdef CONFIG_MEMORY_PHYSICAL_PADDING +void calculate_direct_mapping_size(void); +#else +static inline void calculate_direct_mapping_size(void) { } +#endif + #ifndef _SETUP #include diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 16b1cbd3a61e..c1a3ef88cb08 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -60,6 +60,10 @@ EXPORT_SYMBOL(vmalloc_base); unsigned long vmemmap_base __ro_after_init = __VMEMMAP_BASE_L4; EXPORT_SYMBOL(vmemmap_base); #endif +unsigned long direct_mapping_size __ro_after_init = -1UL; +EXPORT_SYMBOL(direct_mapping_size); +unsigned long direct_mapping_mask __ro_after_init = -1UL; +EXPORT_SYMBOL(direct_mapping_mask); #define __head __section(.head.text) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 3d872a527cd9..8b47e3e38926 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1057,6 +1057,9 @@ void __init setup_arch(char **cmdline_p) */ init_cache_modes(); + /* direct_mapping_size has to be initialized before KASLR and MKTME */ + calculate_direct_mapping_size(); + /* * Define random base addresses for memory sections after max_pfn is * defined and before each memory section base is used. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index bccff68e3267..3a08d707eec8 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1383,6 +1383,64 @@ unsigned long memory_block_size_bytes(void) return memory_block_size_probed; } +#ifdef CONFIG_MEMORY_PHYSICAL_PADDING +void __init calculate_direct_mapping_size(void) +{ + unsigned long available_va; + + /* 1/4 of virtual address space is didicated for direct mapping */ + available_va = 1UL << (__VIRTUAL_MASK_SHIFT - 1); + + /* How much memory the system has? */ + direct_mapping_size = max_pfn << PAGE_SHIFT; + direct_mapping_size = round_up(direct_mapping_size, 1UL << 40); + + if (!mktme_nr_keyids) + goto out; + + /* + * For MKTME we need direct_mapping_size to be power-of-2. + * It makes __pa() implementation efficient. + */ + direct_mapping_size = roundup_pow_of_two(direct_mapping_size); + + /* + * Not enough virtual address space to address all physical memory with + * MKTME enabled. Even without padding. + * + * Disable MKTME instead. + */ + if (direct_mapping_size > available_va / (mktme_nr_keyids + 1)) { + pr_err("x86/mktme: Disabled. Not enough virtual address space\n"); + pr_err("x86/mktme: Consider switching to 5-level paging\n"); + mktme_disable(); + goto out; + } + + /* + * Virtual address space is divided between per-KeyID direct mappings. + */ + available_va /= mktme_nr_keyids + 1; +out: + /* Add padding, if there's enough virtual address space */ + direct_mapping_size += (1UL << 40) * CONFIG_MEMORY_PHYSICAL_PADDING; + if (mktme_nr_keyids) + direct_mapping_size = roundup_pow_of_two(direct_mapping_size); + + if (direct_mapping_size > available_va) + direct_mapping_size = available_va; + + /* + * For MKTME, make sure direct_mapping_size is still power-of-2 + * after adding padding and calculate mask that is used in __pa(). + */ + if (mktme_nr_keyids) { + direct_mapping_size = rounddown_pow_of_two(direct_mapping_size); + direct_mapping_mask = direct_mapping_size - 1; + } +} +#endif + #ifdef CONFIG_SPARSEMEM_VMEMMAP /* * Initialise the sparsemem vmemmap using huge-pages at the PMD level. diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 2228cc7d6b42..9cfba6627603 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -102,10 +102,15 @@ void __init kernel_randomize_memory(void) * add padding if needed (especially for memory hotplug support). */ BUG_ON(kaslr_regions[0].base != &page_offset_base); - memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + - CONFIG_MEMORY_PHYSICAL_PADDING; - /* Adapt phyiscal memory region size based on available memory */ + /* + * Calculate space required to map all physical memory. + * In case of MKTME, we map physical memory multiple times, one for + * each KeyID. If MKTME is disabled mktme_nr_keyids is 0. + */ + memory_tb = (direct_mapping_size * (mktme_nr_keyids + 1)) >> TB_SHIFT; + + /* Adapt physical memory region size based on available memory */ if (memory_tb < kaslr_regions[0].size_tb) kaslr_regions[0].size_tb = memory_tb; From patchwork Wed May 8 14:43:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935943 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B8064924 for ; Wed, 8 May 2019 14:47:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A5452276D6 for ; Wed, 8 May 2019 14:47:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 986122844C; Wed, 8 May 2019 14:47:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68AD328485 for ; Wed, 8 May 2019 14:47:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 541EA6B02CD; Wed, 8 May 2019 10:46:38 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4CBC76B02CE; Wed, 8 May 2019 10:46:38 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3BB7E6B02CF; Wed, 8 May 2019 10:46:38 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id ED8EF6B02CD for ; Wed, 8 May 2019 10:46:37 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id g6so11611311plp.18 for ; Wed, 08 May 2019 07:46:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=mGWxsgZUF78DJoxLPILHTD5pkaTBsUb3oE6oZjmsOWU=; b=k6CyMnwJ9PjW+xoRcU8V40pfWDI1SBa7l5ehSPcf0p6FXW9xHKsecvyN7Ct2DCfEzG 8nzxP2i23+Zv0xoucHQMD2+0FGXqQsA7W9XNRMnC6X2hAx5SizQtXkO+jQIovQTsIEQa oXX6W7mI2dovRrcXy6ci+2H6NuV6PtKCfassBZAiqLU6aoh6MMbsDjnyWoMGR5s4XJVR +J2+YZgH6Aia1/rPd88c49X5UXSs5WPIjdWEdnC6hUTMKT1DPV/kgBpB7G2zKiIduItM bzLB9AUikBooZ1Pp/teA9VH1Jr1ve6fzhhfN6kZ7wOAFQlG6Iodx6AxqNNstyeLg+37L WCAA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXR62c2XOfPBuquh9KkndjRQt0PUu6wVhcj3klOOqAx7iTgbrSa 7bwPbm4KA49cyVdaGGX7Snnve41ChNRExKFtpq49usUrvb04A6uFkvby7oRm/5hSAwtSlH57NSD kNlxcepuWAIvqKzb+y3Tsduvag95njHrPm2vCzbPQgg1s6hU7MWHPt3wz0BWLDp9vWA== X-Received: by 2002:a63:fb01:: with SMTP id o1mr47062579pgh.135.1557326797590; Wed, 08 May 2019 07:46:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqzOIIcS2jceyJjtVwqnIyN7TpXsxOal8bx/pni3Wn6D+fIOwH7/znRpUwjI4WT/HJTLVpBY X-Received: by 2002:a63:fb01:: with SMTP id o1mr47049800pgh.135.1557326684644; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=n73DIKdtSD/8WWfKx2BSSVnqZw21/hRPKWu/AFvPRwsGrKRiHqD0I29bANCMoi5WWU nF69j5eAlrgOlzCrxOwAzM3LuP/hcV8s9RBHuRFjK4/9+6FMF4FTcPb2DYEXqZKOoIJj mTZlQUcoeDbQu7Fu3rT0ol6EI8UeLKyDN4sLm3YjB+1lDolM8TTVHdCgdvLvVL7sTUqu GrcHnYsl90pyzmwX9zIpDY8ms5BYOJMzOPWM9Hzj1MGn51RP7caYHs7P75ByxTydgPmx dLjBk+Ley7przrhBQg3s88Bam9UiYOP3ZXxMSPTEK4dlbtbEPKJEZ7uUdlgKVZM77L9E OtIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=mGWxsgZUF78DJoxLPILHTD5pkaTBsUb3oE6oZjmsOWU=; b=gLtN9K549ynInWu7XSpU0vrpFjwSxOf76krtDdeRrkczu3pai2tJqru6s9BhJg7eKW twFJ+ACoD7m12WQ1ko26dXTM1uX5flUNJisE3nmKFAOwJ1lHgNYNpYZ9QDauCgacySjO R22x1WA1zzR+JM6+WOn9vkgbo0GlUsUlk5Fc4kLeoEtYHcE74rYDroACi3KJ81qRgfpH pLfnOCn+w/ecnWbR9afYjaamoadfSDksmew3pimM5ylzmfqIAvUd3rMRB8EWWszfHCiW O3jwaZosmek3k5LCyQaK6Zr/CJ4DeXMZQHzuNK5r6L7eBsUncAgH007HocNkAZhntAnT MmFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id e61si23294206plb.123.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by FMSMGA003.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 93F2C9B1; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 18/62] x86/mm: Implement syncing per-KeyID direct mappings Date: Wed, 8 May 2019 17:43:38 +0300 Message-Id: <20190508144422.13171-19-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP For MKTME we use per-KeyID direct mappings. This allows kernel to have access to encrypted memory. sync_direct_mapping() sync per-KeyID direct mappings with a canonical one -- KeyID-0. The function tracks changes in the canonical mapping: - creating or removing chunks of the translation tree; - changes in mapping flags (i.e. protection bits); - splitting huge page mapping into a page table; - replacing page table with a huge page mapping; The function need to be called on every change to the direct mapping: hotplug, hotremove, changes in permissions bits, etc. The function is nop until MKTME is enabled. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 6 + arch/x86/mm/init_64.c | 10 + arch/x86/mm/mktme.c | 441 +++++++++++++++++++++++++++++++++++ 3 files changed, 457 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 454d6d7c791d..bd6707e73219 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -59,6 +59,8 @@ static inline void arch_free_page(struct page *page, int order) free_encrypted_page(page, order); } +int sync_direct_mapping(void); + #else #define mktme_keyid_mask ((phys_addr_t)0) #define mktme_nr_keyids 0 @@ -73,6 +75,10 @@ static inline bool mktme_enabled(void) static inline void mktme_disable(void) {} +static inline int sync_direct_mapping(void) +{ + return 0; +} #endif #endif diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 3a08d707eec8..ad4ea3703faf 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -693,6 +693,7 @@ kernel_physical_mapping_init(unsigned long paddr_start, { bool pgd_changed = false; unsigned long vaddr, vaddr_start, vaddr_end, vaddr_next, paddr_last; + int ret; paddr_last = paddr_end; vaddr = (unsigned long)__va(paddr_start); @@ -726,6 +727,9 @@ kernel_physical_mapping_init(unsigned long paddr_start, pgd_changed = true; } + ret = sync_direct_mapping(); + WARN_ON(ret); + if (pgd_changed) sync_global_pgds(vaddr_start, vaddr_end - 1); @@ -1135,10 +1139,13 @@ void __ref vmemmap_free(unsigned long start, unsigned long end, static void __meminit kernel_physical_mapping_remove(unsigned long start, unsigned long end) { + int ret; start = (unsigned long)__va(start); end = (unsigned long)__va(end); remove_pagetable(start, end, true, NULL); + ret = sync_direct_mapping(); + WARN_ON(ret); } int __ref arch_remove_memory(int nid, u64 start, u64 size, @@ -1247,6 +1254,7 @@ void mark_rodata_ro(void) unsigned long text_end = PFN_ALIGN(&__stop___ex_table); unsigned long rodata_end = PFN_ALIGN(&__end_rodata); unsigned long all_end; + int ret; printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10); @@ -1280,6 +1288,8 @@ void mark_rodata_ro(void) free_kernel_image_pages((void *)text_end, (void *)rodata_start); free_kernel_image_pages((void *)rodata_end, (void *)_sdata); + ret = sync_direct_mapping(); + WARN_ON(ret); debug_checkwx(); } diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 9221c894e8e9..024165c9c7f3 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,6 +1,8 @@ #include #include #include +#include +#include /* Mask to extract KeyID from physical address. */ phys_addr_t mktme_keyid_mask; @@ -36,6 +38,8 @@ static bool need_page_mktme(void) static void init_page_mktme(void) { static_branch_enable(&mktme_enabled_key); + + sync_direct_mapping(); } struct page_ext_operations page_mktme_ops = { @@ -96,3 +100,440 @@ void free_encrypted_page(struct page *page, int order) page++; } } + +static int sync_direct_mapping_pte(unsigned long keyid, + pmd_t *dst_pmd, pmd_t *src_pmd, + unsigned long addr, unsigned long end) +{ + pte_t *src_pte, *dst_pte; + pte_t *new_pte = NULL; + bool remove_pte; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pte = !src_pmd && PAGE_ALIGNED(addr) && PAGE_ALIGNED(end); + + /* + * PMD page got split into page table. + * Clear PMD mapping. Page table will be established instead. + */ + if (pmd_large(*dst_pmd)) { + spin_lock(&init_mm.page_table_lock); + pmd_clear(dst_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (pmd_none(*dst_pmd)) { + new_pte = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pte) + return -ENOMEM; + dst_pte = new_pte + pte_index(addr + keyid * direct_mapping_size); + } else { + dst_pte = pte_offset_map(dst_pmd, addr + keyid * direct_mapping_size); + } + src_pte = src_pmd ? pte_offset_map(src_pmd, addr) : NULL; + + spin_lock(&init_mm.page_table_lock); + + do { + pteval_t val; + + if (!src_pte || pte_none(*src_pte)) { + set_pte(dst_pte, __pte(0)); + goto next; + } + + if (!pte_none(*dst_pte)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pte_pfn(*dst_pte) != pte_pfn(*src_pte)); + } + + /* Copy entry, but set KeyID. */ + val = pte_val(*src_pte) | keyid << mktme_keyid_shift; + val &= __supported_pte_mask; + set_pte(dst_pte, __pte(val)); +next: + addr += PAGE_SIZE; + dst_pte++; + if (src_pte) + src_pte++; + } while (addr != end); + + if (new_pte) + pmd_populate_kernel(&init_mm, dst_pmd, new_pte); + + if (remove_pte) { + __free_page(pmd_page(*dst_pmd)); + pmd_clear(dst_pmd); + } + + spin_unlock(&init_mm.page_table_lock); + + return 0; +} + +static int sync_direct_mapping_pmd(unsigned long keyid, + pud_t *dst_pud, pud_t *src_pud, + unsigned long addr, unsigned long end) +{ + pmd_t *src_pmd, *dst_pmd; + pmd_t *new_pmd = NULL; + bool remove_pmd = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pmd = !src_pud && IS_ALIGNED(addr, PUD_SIZE) && IS_ALIGNED(end, PUD_SIZE); + + /* + * PUD page got split into page table. + * Clear PUD mapping. Page table will be established instead. + */ + if (pud_large(*dst_pud)) { + spin_lock(&init_mm.page_table_lock); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (pud_none(*dst_pud)) { + new_pmd = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pmd) + return -ENOMEM; + dst_pmd = new_pmd + pmd_index(addr + keyid * direct_mapping_size); + } else { + dst_pmd = pmd_offset(dst_pud, addr + keyid * direct_mapping_size); + } + src_pmd = src_pud ? pmd_offset(src_pud, addr) : NULL; + + do { + pmd_t *__src_pmd = src_pmd; + + next = pmd_addr_end(addr, end); + if (!__src_pmd || pmd_none(*__src_pmd)) { + if (pmd_none(*dst_pmd)) + goto next; + if (pmd_large(*dst_pmd)) { + spin_lock(&init_mm.page_table_lock); + set_pmd(dst_pmd, __pmd(0)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + __src_pmd = NULL; + } + + if (__src_pmd && pmd_large(*__src_pmd)) { + pmdval_t val; + + if (pmd_large(*dst_pmd)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pmd_pfn(*dst_pmd) != pmd_pfn(*__src_pmd)); + } else if (!pmd_none(*dst_pmd)) { + /* + * Page table is replaced with a PMD page. + * Free and unmap the page table. + */ + __free_page(pmd_page(*dst_pmd)); + spin_lock(&init_mm.page_table_lock); + pmd_clear(dst_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + /* Copy entry, but set KeyID. */ + val = pmd_val(*__src_pmd) | keyid << mktme_keyid_shift; + val &= __supported_pte_mask; + spin_lock(&init_mm.page_table_lock); + set_pmd(dst_pmd, __pmd(val)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + + ret = sync_direct_mapping_pte(keyid, dst_pmd, __src_pmd, + addr, next); +next: + addr = next; + dst_pmd++; + if (src_pmd) + src_pmd++; + } while (addr != end && !ret); + + if (new_pmd) { + spin_lock(&init_mm.page_table_lock); + pud_populate(&init_mm, dst_pud, new_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_pmd) { + spin_lock(&init_mm.page_table_lock); + __free_page(pud_page(*dst_pud)); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_pud(unsigned long keyid, + p4d_t *dst_p4d, p4d_t *src_p4d, + unsigned long addr, unsigned long end) +{ + pud_t *src_pud, *dst_pud; + pud_t *new_pud = NULL; + bool remove_pud = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pud = !src_p4d && IS_ALIGNED(addr, P4D_SIZE) && IS_ALIGNED(end, P4D_SIZE); + + /* + * P4D page got split into page table. + * Clear P4D mapping. Page table will be established instead. + */ + if (p4d_large(*dst_p4d)) { + spin_lock(&init_mm.page_table_lock); + p4d_clear(dst_p4d); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (p4d_none(*dst_p4d)) { + new_pud = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pud) + return -ENOMEM; + dst_pud = new_pud + pud_index(addr + keyid * direct_mapping_size); + } else { + dst_pud = pud_offset(dst_p4d, addr + keyid * direct_mapping_size); + } + src_pud = src_p4d ? pud_offset(src_p4d, addr) : NULL; + + do { + pud_t *__src_pud = src_pud; + + next = pud_addr_end(addr, end); + if (!__src_pud || pud_none(*__src_pud)) { + if (pud_none(*dst_pud)) + goto next; + if (pud_large(*dst_pud)) { + spin_lock(&init_mm.page_table_lock); + set_pud(dst_pud, __pud(0)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + __src_pud = NULL; + } + + if (__src_pud && pud_large(*__src_pud)) { + pudval_t val; + + if (pud_large(*dst_pud)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pud_pfn(*dst_pud) != pud_pfn(*__src_pud)); + } else if (!pud_none(*dst_pud)) { + /* + * Page table is replaced with a pud page. + * Free and unmap the page table. + */ + __free_page(pud_page(*dst_pud)); + spin_lock(&init_mm.page_table_lock); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + /* Copy entry, but set KeyID. */ + val = pud_val(*__src_pud) | keyid << mktme_keyid_shift; + val &= __supported_pte_mask; + spin_lock(&init_mm.page_table_lock); + set_pud(dst_pud, __pud(val)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + + ret = sync_direct_mapping_pmd(keyid, dst_pud, __src_pud, + addr, next); +next: + addr = next; + dst_pud++; + if (src_pud) + src_pud++; + } while (addr != end && !ret); + + if (new_pud) { + spin_lock(&init_mm.page_table_lock); + p4d_populate(&init_mm, dst_p4d, new_pud); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_pud) { + spin_lock(&init_mm.page_table_lock); + __free_page(p4d_page(*dst_p4d)); + p4d_clear(dst_p4d); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_p4d(unsigned long keyid, + pgd_t *dst_pgd, pgd_t *src_pgd, + unsigned long addr, unsigned long end) +{ + p4d_t *src_p4d, *dst_p4d; + p4d_t *new_p4d_1 = NULL, *new_p4d_2 = NULL; + bool remove_p4d = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_p4d = !src_pgd && IS_ALIGNED(addr, PGDIR_SIZE) && IS_ALIGNED(end, PGDIR_SIZE); + + /* Allocate a new page table if needed. */ + if (pgd_none(*dst_pgd)) { + new_p4d_1 = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_p4d_1) + return -ENOMEM; + dst_p4d = new_p4d_1 + p4d_index(addr + keyid * direct_mapping_size); + } else { + dst_p4d = p4d_offset(dst_pgd, addr + keyid * direct_mapping_size); + } + src_p4d = src_pgd ? p4d_offset(src_pgd, addr) : NULL; + + do { + p4d_t *__src_p4d = src_p4d; + + next = p4d_addr_end(addr, end); + if (!__src_p4d || p4d_none(*__src_p4d)) { + if (p4d_none(*dst_p4d)) + goto next; + __src_p4d = NULL; + } + + ret = sync_direct_mapping_pud(keyid, dst_p4d, __src_p4d, + addr, next); +next: + addr = next; + dst_p4d++; + + /* + * Direct mappings are 1TiB-aligned. With 5-level paging it + * means that on PGD level there can be misalignment between + * source and distiantion. + * + * Allocate the new page table if dst_p4d crosses page table + * boundary. + */ + if (!((unsigned long)dst_p4d & ~PAGE_MASK) && addr != end) { + if (pgd_none(dst_pgd[1])) { + new_p4d_2 = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_p4d_2) + ret = -ENOMEM; + dst_p4d = new_p4d_2; + } else { + dst_p4d = p4d_offset(dst_pgd + 1, 0); + } + } + if (src_p4d) + src_p4d++; + } while (addr != end && !ret); + + if (new_p4d_1 || new_p4d_2) { + spin_lock(&init_mm.page_table_lock); + if (new_p4d_1) + pgd_populate(&init_mm, dst_pgd, new_p4d_1); + if (new_p4d_2) + pgd_populate(&init_mm, dst_pgd + 1, new_p4d_2); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_p4d) { + spin_lock(&init_mm.page_table_lock); + __free_page(pgd_page(*dst_pgd)); + pgd_clear(dst_pgd); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_keyid(unsigned long keyid) +{ + pgd_t *src_pgd, *dst_pgd; + unsigned long addr, end, next; + int ret = 0; + + addr = PAGE_OFFSET; + end = PAGE_OFFSET + direct_mapping_size; + + dst_pgd = pgd_offset_k(addr + keyid * direct_mapping_size); + src_pgd = pgd_offset_k(addr); + + do { + pgd_t *__src_pgd = src_pgd; + + next = pgd_addr_end(addr, end); + if (pgd_none(*__src_pgd)) { + if (pgd_none(*dst_pgd)) + continue; + __src_pgd = NULL; + } + + ret = sync_direct_mapping_p4d(keyid, dst_pgd, __src_pgd, + addr, next); + } while (dst_pgd++, src_pgd++, addr = next, addr != end && !ret); + + return ret; +} + +/* + * For MKTME we maintain per-KeyID direct mappings. This allows kernel to have + * access to encrypted memory. + * + * sync_direct_mapping() sync per-KeyID direct mappings with a canonical + * one -- KeyID-0. + * + * The function tracks changes in the canonical mapping: + * - creating or removing chunks of the translation tree; + * - changes in mapping flags (i.e. protection bits); + * - splitting huge page mapping into a page table; + * - replacing page table with a huge page mapping; + * + * The function need to be called on every change to the direct mapping: + * hotplug, hotremove, changes in permissions bits, etc. + * + * The function is nop until MKTME is enabled. + */ +int sync_direct_mapping(void) +{ + int i, ret = 0; + + if (!mktme_enabled()) + return 0; + + for (i = 1; !ret && i <= mktme_nr_keyids; i++) + ret = sync_direct_mapping_keyid(i); + + flush_tlb_all(); + + return ret; +} From patchwork Wed May 8 14:43:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935833 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A8327924 for ; Wed, 8 May 2019 14:45:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 97606276D6 for ; Wed, 8 May 2019 14:45:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8B7A52844B; Wed, 8 May 2019 14:45:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E6F6276D6 for ; Wed, 8 May 2019 14:45:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A020A6B0276; Wed, 8 May 2019 10:44:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 78CD86B0279; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 56AE86B0277; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f197.google.com (mail-pg1-f197.google.com [209.85.215.197]) by kanga.kvack.org (Postfix) with ESMTP id 0C37C6B0276 for ; Wed, 8 May 2019 10:44:46 -0400 (EDT) Received: by mail-pg1-f197.google.com with SMTP id d7so7324733pgc.8 for ; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pNwqrAx4EWfKpCuOStxOcRQu6AVWzjQUQUZ1ejxFi2U=; b=VWMTweSdhRaSkNVxNN63GcNoo/RafnI60O/3iJ7R6Mxr+tgLuI3zUl0AL8Fpz+h+U+ Tzy/f17A2wX9f9PeGr+t2OJsCsH80s7wkwSk3aIvRm7iVGw9UTzUXqk2Y5Myb75odU5F gdkytNmCBJQnpJzozVqMVVrAZr1d/z29zDT1U+H+MvJrQPlax74eMCO82dK65M6bxfjw n8IysU7qRUyfIR4iYaMqjY3G0LbqzgLsBeKs3oNoVKeb+lIcGKac/GFJrUc5q8+4s3N3 F93RMz4QNrrHklgaZxnYlqBsv5X2b7lIGe5gx3PTruXN2/ceUxdw0RqHweg5u0hOM4D+ sebQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVrzJkrrNvhxj73lpWTqBK0Aw/6OxXHssR03f0eyW2Pxzyy82JY 3uUjw6WIteFIljZSzJ8SAb6XlEvt5srRn2y9N4tbAbM3tHGmMBB8tIy/UaXQuqtcRqFO501bt/v x8KFAUlbHI6UCOTV8+VfGXhY8PtFwCdybCEUzYyMCtclsmg6Bhu4XjbwYWos2414yQA== X-Received: by 2002:a65:6686:: with SMTP id b6mr48090046pgw.419.1557326685708; Wed, 08 May 2019 07:44:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqwWpdOTd40eXzHs3YZfW3tJ+TL4JOg/jtRX3GtBdEbkavjvhu0mLSkOpOqK6IehaS46STeM X-Received: by 2002:a65:6686:: with SMTP id b6mr48089932pgw.419.1557326684602; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=J9ciXUhfx4WD145FOe3BPaGNOIg1IoGu7nLSemyqzH+kmwPZo3iUsfXr3am05jdkEo B12F6Qp74rb6OOgsDgnskDPRVF9SwUauBRHBaBi2fhylRZsGk+c09K+YLx+AkwwJCg3e acCNfyZEycwO6WxDtjw4BHhJpwlq/sjnjJ7nRYdF3NBdvm5N3TFx8Q9dlT2qH6Unh56U 55giyUAO49f8+8qMrYAqw2JdEezHudorcZA1J5gMCk1BYgxvZpkVa/wmbZ3TwY4T/GlY KHDCYDcCTmND+6EPE3nh49Qcq61xNHNoc9UqjPlBoa1+jTgjqwW3+rFSheo9sh3VqgBx 0iVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=pNwqrAx4EWfKpCuOStxOcRQu6AVWzjQUQUZ1ejxFi2U=; b=AeusQFbW1Fk1Nf0w/jqM21p6Lz5AdSWYWJT/ZUhJHe5SF+fZ8n0Spq2Iu+3y3wJBEr 3G/qhfTL7u66GF5/jMYWuLZnkmosvxfiZy6SxGIkusUbTilTMgKsXSSRJ58HzMiWVtIU vsHNqlFuEKibaTCbbVvSPW5g1uBkarlq9WzKaxIgOjd2ddPLePNbbdY3c06qPPTyXtQ2 kbNk0aCRmKoOHpZXU3dxrRi0ldtAdmf6tHviYsTl4KVWxSI6LjsOkg5jKep3I1/UpKx4 8ZfrUmrTPXr+TJUlCU7H6eodBp+qFBXkBLGTLB+NWdsUmF3/moPXSjmPiiz7Jr7cBByO JNBw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga006.jf.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id A195D9EA; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 19/62] x86/mm: Handle encrypted memory in page_to_virt() and __pa() Date: Wed, 8 May 2019 17:43:39 +0300 Message-Id: <20190508144422.13171-20-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Per-KeyID direct mappings require changes into how we find the right virtual address for a page and virt-to-phys address translations. page_to_virt() definition overwrites default macros provided by . Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/page.h | 3 +++ arch/x86/include/asm/page_64.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h index 39af59487d5f..aff30554f38e 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -72,6 +72,9 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr, extern bool __virt_addr_valid(unsigned long kaddr); #define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long) (kaddr)) +#define page_to_virt(x) \ + (__va(PFN_PHYS(page_to_pfn(x))) + page_keyid(x) * direct_mapping_size) + #endif /* __ASSEMBLY__ */ #include diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index f57fc3cc2246..a4f394e3471d 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -24,7 +24,7 @@ static inline unsigned long __phys_addr_nodebug(unsigned long x) /* use the carry flag to determine if x was < __START_KERNEL_map */ x = y + ((x > y) ? phys_base : (__START_KERNEL_map - PAGE_OFFSET)); - return x; + return x & direct_mapping_mask; } #ifdef CONFIG_DEBUG_VIRTUAL From patchwork Wed May 8 14:43:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935951 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 04D64924 for ; Wed, 8 May 2019 14:47:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6F752844C for ; Wed, 8 May 2019 14:47:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DB5002890F; Wed, 8 May 2019 14:47:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 802DA2844C for ; Wed, 8 May 2019 14:47:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D05E6B02D4; Wed, 8 May 2019 10:46:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 281766B02D5; Wed, 8 May 2019 10:46:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 171346B02D6; Wed, 8 May 2019 10:46:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id D20C36B02D4 for ; Wed, 8 May 2019 10:46:51 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id y9so1895582plt.11 for ; Wed, 08 May 2019 07:46:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=hzud1pZzk11Z4MTkeEFL/myfLNNdwcv2ATalXrKplz0=; b=NZouNb+/u70pVfPsulTKH9DsW41U5VnUxKv8E7vRXVDe8rvUR7D4HsY1cRiBMpAm8L nDtuXajuLxpt7ciI4jKj/ijYFSr6O37YO5dmn+hUDXysj5/q/3UJhDEN+NRbsTBhhM0v H9BsllujzuemuzCRoDuhIQeu8XeMA0Fl7X8l+a9U670LtUsgtI7E4DdEQXR95O6UK4wO R5FlAgaZwQox43yJZnK0Fx0Bkb4secbcrU/m0w6kWdXyi6xpGiTVyxttwmxqBw1HBdl9 NYAwDuD7phItJP7p8uYRZPtdYj5nizKa8L0Brk4v3TqRPMzzKNgk4vQDoAK/IOaUrXi3 ssDQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVuRQS547IS94IPsP9TjZEW/GUo7jeeiqa6aOYH5e+APPcOqNG+ GLxWkDxzSgHxOwDSIPkGzLTLJFXJvtqfaN6ZfrG1FKaes064ns8cwj40dvBVQWjyvq6tT1u4393 iDa6X1qKv30hBra4J3uOSp9OF6FE0nBKQDkNqPMBmyiyTiqtUszMYD2mQfTCA1Pl/qQ== X-Received: by 2002:aa7:92c4:: with SMTP id k4mr50765624pfa.183.1557326811530; Wed, 08 May 2019 07:46:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqzKokrle53rtes2wnQvjFwXjoOQTJzHN6Tbc96TREyo2ZIfCJ7ydQ+9NUZRJ0P/gFwjEaA6 X-Received: by 2002:aa7:92c4:: with SMTP id k4mr50749903pfa.183.1557326684054; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=UFgDeWI2T3NBBEu9hsDohH5gIY+ThVy0Ge6KlbvIPQX41zDeh0xYJ0t6CRnsbhe5ah IOoDpk5jx8WC/FjlZ+unnBD1cPx8nE89VH08oLq8nUu+Yxt65G1PoE1cbRdLv+qrVSuS DqbaA6zckvg4+6ep1CCY4s10SJ92dbmoMnnFv/z5Njguhq+Ti1kDvutE4aS9LLazhJI5 sBNAirCWPc/mcWeVrc+eh3FoM6Vez6T6KT9ks9iOdD5UiEmifn5ArnP9XK23l10d4Iq1 LphNMKC/Wy0eEB/rX8DsvIpe/Y50jasR4xAo4nRddnjAMIZ30wvDcLqMX6qvBpa/kHhZ /lmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=hzud1pZzk11Z4MTkeEFL/myfLNNdwcv2ATalXrKplz0=; b=WohleZ8uW6H6QJk7kRyfkT2U3wTZ3fEtEx7sBw+BKWFAf02+NLfU+2AjYP/ldGi3wY te7tJJYkcOyaBNKIxyOnDTmwMre41fV5FV3x7v4DdKAO2/aX2Kr2dE9hq+OPohiMmAlA eIHPas5QGQYDbf6Y5p3f0bu5hO4DawmZSKm6F4NcPWvcekTyJmkNQcrbBlkGkBkmTgnI 00YbdS4rZK9netMTatjHszQSAbGlgiNbVtaNOxf2Jwe673qdmm+gEcdGjBEP7W1nzAIj cLXP4EId8tJwQIva3EnXebSOSZ7U7m9jCeZr4so5p6gjVFHXfSe1ngF/QkOkDQd+VGdg SCXg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id f6si24524459plf.90.2019.05.08.07.44.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656539" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id AF1AFA17; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 20/62] mm/page_ext: Export lookup_page_ext() symbol Date: Wed, 8 May 2019 17:43:40 +0300 Message-Id: <20190508144422.13171-21-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP page_keyid() is inline funcation that uses lookup_page_ext(). KVM is going to use page_keyid() and since KVM can be built as a module lookup_page_ext() has to be exported. Signed-off-by: Kirill A. Shutemov --- mm/page_ext.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/page_ext.c b/mm/page_ext.c index 1af8b82087f2..91e4e87f6e41 100644 --- a/mm/page_ext.c +++ b/mm/page_ext.c @@ -142,6 +142,7 @@ struct page_ext *lookup_page_ext(const struct page *page) MAX_ORDER_NR_PAGES); return get_entry(base, index); } +EXPORT_SYMBOL_GPL(lookup_page_ext); static int __init alloc_node_page_ext(int nid) { @@ -212,6 +213,7 @@ struct page_ext *lookup_page_ext(const struct page *page) return NULL; return get_entry(section->page_ext, pfn); } +EXPORT_SYMBOL_GPL(lookup_page_ext); static void *__meminit alloc_page_ext(size_t size, int nid) { From patchwork Wed May 8 14:43:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935829 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 47E351515 for ; Wed, 8 May 2019 14:45:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 31541283E8 for ; Wed, 8 May 2019 14:45:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 24FC4276D6; Wed, 8 May 2019 14:45:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B88A1276D6 for ; Wed, 8 May 2019 14:45:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D80B86B0271; Wed, 8 May 2019 10:44:45 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id D311A6B0273; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C47236B0274; Wed, 8 May 2019 10:44:45 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 7F6806B0273 for ; Wed, 8 May 2019 10:44:45 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id c12so12789397pfb.2 for ; Wed, 08 May 2019 07:44:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=aDWClVMg7o0q6W+CS5Ktmi+M2XAVNiQkNlzid5TzL2w=; b=Hok3L4IAKIkzww6wmTRR+S6IzL67iL7cITa83PZR0GxA+c4+S6QUVa4hY1RBGN3JGB ENZ6GvcaRJ4nvBOc3RaBq6IC9fg7MYdQ/XP4woIhDPQxisTW5aFO8XOA342lORjKPruk SKNtUPtGsgCQQJhHhgA8iah+54i5wbT3ueM+N2VSVfVo5G6yE+VlFCRhY8OstS/OtFAp fwglgPCMNU7jfcEr8NDHsVTYpBuMVVxDOf6EB5/gqpnj3i7A0voMf/ykLq+MjajQbXLh NLJbn0vkKOS9/3RslbHXvym3YjwZpabv+llP4WDKLOP9JMDrX+3xUH/8ct1HFgYHYD53 +eqw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVYkTdmOV0u4BgG5A82XwcRNJOIKhf5DH79uLT9Dbku4EdTD/tr Aotl4ThJ1hQOQomh7XUp/VsLadr9NfCboXRXuegKZ0gbn8V1IphSnDUKyEGu9pnbsoIul8tUWJl n8nIKsrR9UGiSjQXLafOe7LmSlbmS9fksREvJMlfQ7JuOIWavAEaAIdIgYEJLNr67jw== X-Received: by 2002:a62:304:: with SMTP id 4mr47689780pfd.99.1557326685201; Wed, 08 May 2019 07:44:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqxJuEgsmxgVa4orqBKQYDEToIZMgx/7vkhUVHTN2NqycH3R11i0nrLR9q9iDTMtCwBkX/Th X-Received: by 2002:a62:304:: with SMTP id 4mr47689686pfd.99.1557326684264; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=pnPPI/wgWYRFaGJXmTe9Am6sDBr1pSqSBdMoLPDndOK+pskVlQj+gaK0U7POgIeCwp Qushnng1twCM3vA2InO/5Ud9ePupOFj4pyFhuhv1w+hexrg6qglq3NfXtXj1DH2uth1s TwLj3FHUnjrQHY0/TPDSrN4x4w7dqDBSz3MCYobz735jwNv1h5S+nGG+s4F7bXxYlGsr 8p1TsCFYD2/2Hfq2xB4Z6CTJdeKhmgrvvyZWYW9obc9pWmn1siCKclfpWXZT71G7i1pF tWkbrYRu6GoUhqhQdIcL9lzYq//msGYZyD6JwrhTPGIsdWDswYVce/V5brv6V3cpovq/ 33nQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=aDWClVMg7o0q6W+CS5Ktmi+M2XAVNiQkNlzid5TzL2w=; b=jTzoDvpCI34QTAt74/RZ0Ed3ZQY7wxRT6Q9YyPZWME/7fL4FTTy0BcjTjeTRNKwsOp mC8J1LFEK1SQ/hocb0D4nKftGIUb89mS7wYi7k8gbZLZYCvUjVJeIHszS861yI/NEvF2 zbjG7wBuox/4BPp2xRbhvYTLdRQY1TqDMOjVpEeIUwQJ3gteJRwXmW0MZ41v0xuJSgx/ j4tL16Qy+Faqt9zKKen5unnkGGAxUn21n8H/SXpWprclib7/47Muk8RRdkccBXafOFAg 4jqzqiz15wTPAyMiO5HgkNQ53HRxhtp3llCkgcZvAHLsDa8x4ENg2mgq/VWb/uRAPqQv YfnQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id g13si12322802pgs.161.2019.05.08.07.44.43 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) client-ip=192.55.52.88; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:43 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga004.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id B90ABA50; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 21/62] mm/rmap: Clear vma->anon_vma on unlink_anon_vmas() Date: Wed, 8 May 2019 17:43:41 +0300 Message-Id: <20190508144422.13171-22-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP If all pages in the VMA got unmapped there's no reason to link it into original anon VMA hierarchy: it cannot possibly share any pages with other VMA. Set vma->anon_vma to NULL on unlink_anon_vmas(). With the change VMA can be reused. The new anon VMA will be allocated on the first fault. Signed-off-by: Kirill A. Shutemov --- mm/rmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/rmap.c b/mm/rmap.c index b30c7c71d1d9..4ec2aee7baa3 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -400,8 +400,10 @@ void unlink_anon_vmas(struct vm_area_struct *vma) list_del(&avc->same_vma); anon_vma_chain_free(avc); } - if (vma->anon_vma) + if (vma->anon_vma) { vma->anon_vma->degree--; + vma->anon_vma = NULL; + } unlock_anon_vma_root(root); /* From patchwork Wed May 8 14:43:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935953 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E66681515 for ; Wed, 8 May 2019 14:47:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4EAA2844C for ; Wed, 8 May 2019 14:47:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C93422890F; Wed, 8 May 2019 14:47:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 595122844C for ; Wed, 8 May 2019 14:47:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EDF3A6B02D5; Wed, 8 May 2019 10:46:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E68186B02D7; Wed, 8 May 2019 10:46:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D56C06B02D8; Wed, 8 May 2019 10:46:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id A07F66B02D5 for ; Wed, 8 May 2019 10:46:52 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id h12so3690244pll.20 for ; Wed, 08 May 2019 07:46:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Kj3xFje8z8MAF13PrAdu5omi33lo97QkSLPU9hFx5qo=; b=cQdZWSbs7NsrPzlBrBebQhcAsj2CgM83Zbvo61MrAAkkomgAG2mzI+eikAfqYrkugD iKXzCp74vI4KjvaR63RKQqSCk2u/ornho/pT2vv8rEVglhe2KfsuJpgUgQ6fBqRBtUlQ 3hyQaWujTrHKIvIaHC3UKosGJ4cYJX7qt8gajhOZRP/aDYlvOX+TFax3NBlIxei1+VSb 8r7gFgIRHo+QocilFoKg6cRsz9KN11RAWjVksrxk/gOrYmoX8JxcXBpFJ5RnLg8Cr2dh QHSjJoeRUIW1kAkiIHE7TMNuIou+V9BX220UzQPYQQtEuJ7Is1wM4Nju9Z7dmaMjoafR DNng== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU8Frw7kfmGJojn7qb30EXZtkKm3X25H2Ul8NUwveNOCY5Zm6cC g+FXBFDzcXgMWTBAWHzJfMRx8cwAi5KT+nBoDQLHOTk9tUP0f2FKxr1aJewsheVgeCR8NOqtDJm G9bhIOk8KAu6uSR2xyZNwCM990ub2LqSXF09BMLeBsdsA7R9AceRHO196PRjzyeis9Q== X-Received: by 2002:a63:950d:: with SMTP id p13mr15743359pgd.269.1557326812316; Wed, 08 May 2019 07:46:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqyD6V3NIm4Ssdw+Q50sny7x5M1VJx0vkuYQwBycZ+d80FAZ50vBi8J80jsL679nTEd2LkxX X-Received: by 2002:a63:950d:: with SMTP id p13mr15728791pgd.269.1557326684674; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=c0Ivv3E88L+K4y81ZmTCI5+SUxSW2UwFD2Fy6UczFQ25Gl5r3vZh1GiYfhl5KeSev/ aERNWGSlIiqtIwMjui62Hq/abyWgXPLPt3HDYCi8dSK+lyWNLjpvpvsTnlWg1/snsKVC HhEEkNBBplg7Udj9UXdlLuSNQdy6bbKzi9rkaXMlyNiI5gfZcZyBTMqoLsdufgjKeBCK 2EwfJRFwHPn/qgjYRIuVjS16wQTATkUsGZ5LkU/n6UdJP/tvMP+4gejJVqQ6i4tRp+cJ 7GHYrhHgHg0/bsX0Lj0crhBoPF4uC+g1IzCO5gIKJxg3ODX8s5A+n9NTIpPN/AKXcYY5 skSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=Kj3xFje8z8MAF13PrAdu5omi33lo97QkSLPU9hFx5qo=; b=QRwu2SE9WvFgJvCAqu0tTNntT4k/a9wBf3gzMC1ZfgpoGj27QvtJPcc/wshHKYBEVD QedQsNWT4rl0HaKSgSsX4AeCBXDpeReJW/SmSRCUn3bS0tR5gIjsl2xyYEWeGFmnPgDG 7BE3jHnLplQZvH6k9XMCF56OBzUsf9d69PTu3A+cq65Ty3Q6ildBN+SrHWAuXRIXIu8P gGxsq1oZ53sah1abK7NoOYTQY7QFwuyWCzSv6XDu5llVOOSMDzb0f7iVhXHA6cTKlOLZ xgGOADfXeTTwvnd7+0cSch4Nyb2gv7u2T208i3N34szGGqIuApopuUon92SfpO045h+i 3TSg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id f6si24524459plf.90.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656544" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id C4835A64; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 22/62] x86/pconfig: Set a valid encryption algorithm for all MKTME commands Date: Wed, 8 May 2019 17:43:42 +0300 Message-Id: <20190508144422.13171-23-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The Intel MKTME architecture specification requires a valid encryption algorithm for all command types. For commands that actually perform encryption, SET_KEY_DIRECT and SET_KEY_RANDOM, the user specifies the algorithm when requesting the key through the MKTME Key Service. For CLEAR_KEY and NO_ENCRYPT commands, a valid encryption algorithm is also required by the MKTME hardware. However, it does not make sense to ask userspace to specify one. Define the CLEAR_KEY and NO_ENCRYPT type commands to always include a valid encryption algorithm. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/intel_pconfig.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/intel_pconfig.h b/arch/x86/include/asm/intel_pconfig.h index 3cb002b1d0f9..15705699a14e 100644 --- a/arch/x86/include/asm/intel_pconfig.h +++ b/arch/x86/include/asm/intel_pconfig.h @@ -21,14 +21,20 @@ enum pconfig_leaf { /* Defines and structure for MKTME_KEY_PROGRAM of PCONFIG instruction */ +/* mktme_key_program::keyid_ctrl ENC_ALG, bits [23:8] */ +#define MKTME_AES_XTS_128 (1 << 8) +#define MKTME_ANY_VALID_ALG (1 << 8) + /* mktme_key_program::keyid_ctrl COMMAND, bits [7:0] */ #define MKTME_KEYID_SET_KEY_DIRECT 0 #define MKTME_KEYID_SET_KEY_RANDOM 1 -#define MKTME_KEYID_CLEAR_KEY 2 -#define MKTME_KEYID_NO_ENCRYPT 3 -/* mktme_key_program::keyid_ctrl ENC_ALG, bits [23:8] */ -#define MKTME_AES_XTS_128 (1 << 8) +/* + * CLEAR_KEY and NO_ENCRYPT require the COMMAND in bits [7:0] + * and any valid encryption algorithm, ENC_ALG, in bits [23:8] + */ +#define MKTME_KEYID_CLEAR_KEY (2 | MKTME_ANY_VALID_ALG) +#define MKTME_KEYID_NO_ENCRYPT (3 | MKTME_ANY_VALID_ALG) /* Return codes from the PCONFIG MKTME_KEY_PROGRAM */ #define MKTME_PROG_SUCCESS 0 From patchwork Wed May 8 14:43:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935919 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 55D46924 for ; Wed, 8 May 2019 14:47:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 46CC52844C for ; Wed, 8 May 2019 14:47:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3B37C288F8; Wed, 8 May 2019 14:47:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BDE672844C for ; Wed, 8 May 2019 14:47:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 47FC56B02B2; Wed, 8 May 2019 10:46:05 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 431D16B02B4; Wed, 8 May 2019 10:46:05 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F77E6B02B5; Wed, 8 May 2019 10:46:05 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id E701A6B02B2 for ; Wed, 8 May 2019 10:46:04 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id o1so12798278pgv.15 for ; Wed, 08 May 2019 07:46:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=LCcp+NaHSkyxYVzCq9AR5JBhCaNxEkGTOS5HXRjuHDo=; b=LPEsTKcIUXHl0rF2Hl2IhdO5Wu/tFOdEX1v8G/1hQIDlr7RRcU2SF/PEPqM3X35qsS tXMyXWMdnke9JmtKZ6NZlAuilFt7Gv8qKH6xwWOob3DMMURTbXDTcqkTDX0hONwVRwId eq+ZgVtpc7wQKiEAuJ747KE/+lYF4/Tp1KQyk0bikJXc/G+g1kvUyUydlg3ggja4aHbs 7Jgtp3P8+ABX4dZM7XaJ6oEsuKiCRye+lqS1vg0w7NtLRj7PI5LYQ3u64JDZh54xUIfO mtRU5nIAk0U/9xZ+Ur6CKEUTENDBt66AHWet00+1AGViQivsTTq3mQlmz9NpCK64Kqa3 /7DQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUcMAR0TGpJY+mNQ0MW2jU27CVpoiAYFeZSlgd/8c7zejcTJfjI iTzWIaLcADKBXU0SVRIPA3pzRRNUAWU1OUTMxeKVWpxoahRoijZ/yoIng0zoPDT4XF11q640pxZ Sn2TIjy6kpJp1IznD7m1KSlQigYmxys9POKTe2BMJBdREIrr7rlXi/nhuohRMlyPUMw== X-Received: by 2002:a63:309:: with SMTP id 9mr26246793pgd.49.1557326764537; Wed, 08 May 2019 07:46:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqwU88KlhYmdT1IBJ9WlCz9a7YAauc6jNWNm4kvBq1ByU57KkwfA0H7MD6TI9OAwkLjkX0aQ X-Received: by 2002:a63:309:: with SMTP id 9mr26237618pgd.49.1557326686078; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=HdmBoTBYJm4hk8dzD35fJcE9MZZcrRwxMhMKsUeM9G0SgPGHvQOd5CtvU/YsVlv/XZ /HKkuNlYoix67ZLCsNPPPD70RNqKQyiAUHaw0RJAz65sSGen382BZFM70QdSrK2vkJB3 olLhaKqmf3o3p87WNdnEcbCo8zlpCppe5UCbFeXPD1lgh1PhcGYomJPuw0LCitd54N5z 6WqXq2Oo5N2QmFYu4qm1li073bz9f2SMcrgHmpbuZsQjz4ylv4w5UGxko9KJcU+ZxzYh SD7fdaRVfO3aD9nrf3XK9a3Ir0R3n1ebfqwscx8Bn4iBlEwtxkE8pwd0bxBKh/fkMl2G 70EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=LCcp+NaHSkyxYVzCq9AR5JBhCaNxEkGTOS5HXRjuHDo=; b=zbSlDPoRfnET4YD5uRBmRzmqtxhg2WgInizUi+yiM3mVKz2SvgKIU5oTjzVEe42ngS /AbcHA2+4g5UbwpC+AAKJvx/8v4VjcK5hR3t6zUbg18RfUEX20IvOJ7bniN8NniIROc3 fK8pxbaM0cP4iqrFBOojDzpcM/aWDpMkctuDQCoeiGyNX2I7ZkI8cCgl5d+lmb34C7P7 51mytxJJOBGYpxW7vRf7JQrYyaOc/JWBJ8+AiUk+sjp9W5NChHhIvmvoLbelmAo/8aXV /SPA/+apvG9iTqmqgLUOUD0ZQCh9UwoI5vplzHHbLU6yhzulqR6Gmx65IXI75RaR0WdV e6Ig== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:45 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id CED38A79; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 23/62] keys/mktme: Introduce a Kernel Key Service for MKTME Date: Wed, 8 May 2019 17:43:43 +0300 Message-Id: <20190508144422.13171-24-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME (Multi-Key Total Memory Encryption) is a technology that allows transparent memory encryption in upcoming Intel platforms. MKTME will support multiple encryption domains, each having their own key. The MKTME key service will manage the hardware encryption keys. It will map Userspace Keys to Hardware KeyIDs and program the hardware with the user requested encryption options. Here the mapping structure and associated helpers are introduced, as well as the key service initialization and registration. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/Makefile | 1 + security/keys/mktme_keys.c | 98 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 security/keys/mktme_keys.c diff --git a/security/keys/Makefile b/security/keys/Makefile index 9cef54064f60..28799be801a9 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile @@ -30,3 +30,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += keyctl_pkey.o obj-$(CONFIG_BIG_KEYS) += big_key.o obj-$(CONFIG_TRUSTED_KEYS) += trusted.o obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ +obj-$(CONFIG_X86_INTEL_MKTME) += mktme_keys.o diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c new file mode 100644 index 000000000000..b5e8289f041b --- /dev/null +++ b/security/keys/mktme_keys.c @@ -0,0 +1,98 @@ +// SPDX-License-Identifier: GPL-3.0 + +/* Documentation/x86/mktme_keys.rst */ + +#include +#include +#include +#include +#include + +#include "internal.h" + +/* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ +struct mktme_mapping { + unsigned int mapped_keyids; + struct key *key[]; +}; + +struct mktme_mapping *mktme_map; + +static inline long mktme_map_size(void) +{ + long size = 0; + + size += sizeof(*mktme_map); + size += sizeof(mktme_map->key[0]) * (mktme_nr_keyids + 1); + return size; +} + +int mktme_map_alloc(void) +{ + mktme_map = kvzalloc(mktme_map_size(), GFP_KERNEL); + if (!mktme_map) + return -ENOMEM; + return 0; +} + +int mktme_reserve_keyid(struct key *key) +{ + int i; + + if (mktme_map->mapped_keyids == mktme_nr_keyids) + return 0; + + for (i = 1; i <= mktme_nr_keyids; i++) { + if (mktme_map->key[i] == 0) { + mktme_map->key[i] = key; + mktme_map->mapped_keyids++; + return i; + } + } + return 0; +} + +void mktme_release_keyid(int keyid) +{ + mktme_map->key[keyid] = 0; + mktme_map->mapped_keyids--; +} + +int mktme_keyid_from_key(struct key *key) +{ + int i; + + for (i = 1; i <= mktme_nr_keyids; i++) { + if (mktme_map->key[i] == key) + return i; + } + return 0; +} + +struct key_type key_type_mktme = { + .name = "mktme", + .describe = user_describe, +}; + +static int __init init_mktme(void) +{ + int ret; + + /* Verify keys are present */ + if (mktme_nr_keyids < 1) + return 0; + + /* Mapping of Userspace Keys to Hardware KeyIDs */ + if (mktme_map_alloc()) + return -ENOMEM; + + ret = register_key_type(&key_type_mktme); + if (!ret) + return ret; /* SUCCESS */ + + kvfree(mktme_map); + + return -ENOMEM; +} + +late_initcall(init_mktme); From patchwork Wed May 8 14:43:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935845 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 752831515 for ; Wed, 8 May 2019 14:45:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62A86276D6 for ; Wed, 8 May 2019 14:45:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5345F2844B; Wed, 8 May 2019 14:45:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A6158276D6 for ; Wed, 8 May 2019 14:45:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 796636B0279; Wed, 8 May 2019 10:44:48 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4F2656B027B; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1C0FE6B027D; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id B30D36B027B for ; Wed, 8 May 2019 10:44:47 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id e20so12786773pgm.16 for ; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=N2jLN5QWnTSH1XUYhZ/otarDGjastGUX2NwaocN9qk8=; b=hjU4N15FkiS+1qsPcyQvWXSPq+eAbeaVZ5Y23PtU5u5JQLmb3a4p3LxGdx1xl2Ef2r xmNjKl2fHaIyhBJUh1EHsUBttIxfX5Nivm6PA2KvBoSnrln6WCTo3MwDuP29d10i2Ivv w6oQZeYrZgk9osAe2dmEpiBy5XyYaY76q/kLAJ2Iu/Avr7TYgvtoCvlw7xg96KZwkhE9 bIpkq3gU0wmjpvBsySw5QZ+x411H4S/+w6HDWuGB1GHl4aMRUgWBK0XjOZI/zfoTXSfi jTV2TLjC8WGk6WUIogJPN3mdgvwfhfkhrD6J9Gg/o/mI7xv5n5EetuorAq4MPNOCqxyw sc3A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVS5NoWbtYe6raqMTM5/qA5Zcdgx13aIisWD8P1PLNBqyCsL2jC m6wTfFhZwFxkvcF1v5TKYaQWLqi41tTm2t267wJXookD225tu8YWhLAgw7lghEZUrFLdHk71A8p 42RIeXjSRly3FC1B3+dy2Vu6OclSqPD7+GBV3CosCmhFB92hVsav/Ahl5ovXeTZUfKw== X-Received: by 2002:a62:7a8f:: with SMTP id v137mr35046640pfc.243.1557326687371; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqx9KUkuKoUPUZGFTxS9ghF/dWdmesu5z9GO3b7oVCYDqNxdKJBnLbV9+Xal1cvygkA3aEeh X-Received: by 2002:a62:7a8f:: with SMTP id v137mr35046486pfc.243.1557326685832; Wed, 08 May 2019 07:44:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326685; cv=none; d=google.com; s=arc-20160816; b=gGptEKwXf+v1uG+oqWH/HVJvbEMPWfK0l3WqsSlFyVTUDn0e9hAEIdmkR2Kj3ZR6Mm I4/Z0AxIGk8ni+LvSHfHeZjSYEN6iC3CGDOjlEwV/KdMylthSJ+hZzt6CcP+FKbKCbCn LufAzG/xVshqpQ5IFYvGP/7WMYld7sXCYVnqSMbfA0Y22D+Rmaa73p55K5O/gixr40qb q4trqtnQDDr3IVElSmnX/ErTvTrdxJ3GV5t4E8+30eQpsIsIjSR06ulzLJowTgMWp9F3 KMTR3+FZd8bk/CxxCL79462i/bhXWuXz33Sk1Bl2sdGgNyD27RenSgEeWJ5eIimdmPH9 LMIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=N2jLN5QWnTSH1XUYhZ/otarDGjastGUX2NwaocN9qk8=; b=N40M5XHpqfVYlNrTIpxiyQBgWP30PWrlEX+XDIX8V2tYXXpcvE+l1MMFhHd2ZsDe6d 7JLZZhijk8yQVtW69docljXV4Lql+YJLsbuv07EBnHXyrtj+CvUqayxoIZF4DhgW5qoo U0gJeKJt4PFb/0jVJpEYlyQkAZhqLV7VG+9vZcCa0jpEkhnn+hZVCJkyvgMDG9L/sqWk RIxGo2lKSlhZF56mpsHG1Gerr+BW96SL88bHOglOhQg9n6B069OXiwBnyG+sKW2mCbBJ 7P7fdh3z8eC1gFCNNJT7MI1gZ9hmZD6C8j5vC4nQ4qHdBQhVVLIFeH9sjpTDdewx1TWa IbOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:45 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id DA53DAA9; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 24/62] keys/mktme: Preparse the MKTME key payload Date: Wed, 8 May 2019 17:43:44 +0300 Message-Id: <20190508144422.13171-25-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield It is a requirement of the Kernel Keys subsystem to provide a preparse method that validates payloads before key instantiate methods are called. Verify that userspace provides valid MKTME options and prepare the payload for use at key instantiate time. Create a method to free the preparsed payload. The Kernel Key subsystem will that to clean up after the key is instantiated. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- include/keys/mktme-type.h | 39 +++++++++ security/keys/mktme_keys.c | 165 +++++++++++++++++++++++++++++++++++++ 2 files changed, 204 insertions(+) create mode 100644 include/keys/mktme-type.h diff --git a/include/keys/mktme-type.h b/include/keys/mktme-type.h new file mode 100644 index 000000000000..032905b288b4 --- /dev/null +++ b/include/keys/mktme-type.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* Key service for Multi-KEY Total Memory Encryption */ + +#ifndef _KEYS_MKTME_TYPE_H +#define _KEYS_MKTME_TYPE_H + +#include + +/* + * The AES-XTS 128 encryption algorithm requires 128 bits for each + * user supplied data key and tweak key. + */ +#define MKTME_AES_XTS_SIZE 16 /* 16 bytes, 128 bits */ + +enum mktme_alg { + MKTME_ALG_AES_XTS_128, +}; + +const char *const mktme_alg_names[] = { + [MKTME_ALG_AES_XTS_128] = "aes-xts-128", +}; + +enum mktme_type { + MKTME_TYPE_ERROR = -1, + MKTME_TYPE_USER, + MKTME_TYPE_CPU, + MKTME_TYPE_NO_ENCRYPT, +}; + +const char *const mktme_type_names[] = { + [MKTME_TYPE_USER] = "user", + [MKTME_TYPE_CPU] = "cpu", + [MKTME_TYPE_NO_ENCRYPT] = "no-encrypt", +}; + +extern struct key_type key_type_mktme; + +#endif /* _KEYS_MKTME_TYPE_H */ diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index b5e8289f041b..92a047caa829 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -6,6 +6,10 @@ #include #include #include +#include +#include +#include +#include #include #include "internal.h" @@ -69,8 +73,169 @@ int mktme_keyid_from_key(struct key *key) return 0; } +enum mktme_opt_id { + OPT_ERROR, + OPT_TYPE, + OPT_KEY, + OPT_TWEAK, + OPT_ALGORITHM, +}; + +static const match_table_t mktme_token = { + {OPT_TYPE, "type=%s"}, + {OPT_KEY, "key=%s"}, + {OPT_TWEAK, "tweak=%s"}, + {OPT_ALGORITHM, "algorithm=%s"}, + {OPT_ERROR, NULL} +}; + +struct mktme_payload { + u32 keyid_ctrl; /* Command & Encryption Algorithm */ + u8 data_key[MKTME_AES_XTS_SIZE]; + u8 tweak_key[MKTME_AES_XTS_SIZE]; +}; + +/* Make sure arguments are correct for the TYPE of key requested */ +static int mktme_check_options(struct mktme_payload *payload, + unsigned long token_mask, enum mktme_type type) +{ + if (!token_mask) + return -EINVAL; + + switch (type) { + case MKTME_TYPE_USER: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + if ((test_bit(OPT_KEY, &token_mask)) && + (test_bit(OPT_TWEAK, &token_mask))) + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_DIRECT; + else + return -EINVAL; + break; + + case MKTME_TYPE_CPU: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_RANDOM; + break; + + case MKTME_TYPE_NO_ENCRYPT: + payload->keyid_ctrl |= MKTME_KEYID_NO_ENCRYPT; + break; + + default: + return -EINVAL; + } + return 0; +} + +/* Parse the options and store the key programming data in the payload. */ +static int mktme_get_options(char *options, struct mktme_payload *payload) +{ + enum mktme_type type = MKTME_TYPE_ERROR; + substring_t args[MAX_OPT_ARGS]; + unsigned long token_mask = 0; + char *p = options; + int ret, token; + + while ((p = strsep(&options, " \t"))) { + if (*p == '\0' || *p == ' ' || *p == '\t') + continue; + token = match_token(p, mktme_token, args); + if (token == OPT_ERROR) + return -EINVAL; + if (test_and_set_bit(token, &token_mask)) + return -EINVAL; + + switch (token) { + case OPT_KEY: + ret = hex2bin(payload->data_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TWEAK: + ret = hex2bin(payload->tweak_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TYPE: + type = match_string(mktme_type_names, + ARRAY_SIZE(mktme_type_names), + args[0].from); + if (type < 0) + return -EINVAL; + break; + + case OPT_ALGORITHM: + ret = match_string(mktme_alg_names, + ARRAY_SIZE(mktme_alg_names), + args[0].from); + if (ret < 0) + return -EINVAL; + break; + + default: + return -EINVAL; + } + } + return mktme_check_options(payload, token_mask, type); +} + +void mktme_free_preparsed_payload(struct key_preparsed_payload *prep) +{ + kzfree(prep->payload.data[0]); +} + +/* + * Key Service Method to preparse a payload before a key is created. + * Check permissions and the options. Load the proposed key field + * data into the payload for use by the instantiate method. + */ +int mktme_preparse_payload(struct key_preparsed_payload *prep) +{ + struct mktme_payload *mktme_payload; + size_t datalen = prep->datalen; + char *options; + int ret; + + if (datalen <= 0 || datalen > 1024 || !prep->data) + return -EINVAL; + + options = kmemdup_nul(prep->data, datalen, GFP_KERNEL); + if (!options) + return -ENOMEM; + + mktme_payload = kzalloc(sizeof(*mktme_payload), GFP_KERNEL); + if (!mktme_payload) { + ret = -ENOMEM; + goto out; + } + ret = mktme_get_options(options, mktme_payload); + if (ret < 0) { + kzfree(mktme_payload); + goto out; + } + prep->quotalen = sizeof(mktme_payload); + prep->payload.data[0] = mktme_payload; +out: + kzfree(options); + return ret; +} + struct key_type key_type_mktme = { .name = "mktme", + .preparse = mktme_preparse_payload, + .free_preparse = mktme_free_preparsed_payload, .describe = user_describe, }; From patchwork Wed May 8 14:43:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935831 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 11FD21515 for ; Wed, 8 May 2019 14:45:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3E46276D6 for ; Wed, 8 May 2019 14:45:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E30462844B; Wed, 8 May 2019 14:45:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C6FA276D6 for ; Wed, 8 May 2019 14:45:33 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6FB0C6B0274; Wed, 8 May 2019 10:44:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 654496B0276; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 457626B0278; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 0B1F26B0274 for ; Wed, 8 May 2019 10:44:46 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id x5so12774108pfi.5 for ; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=W6m17Hrz7mMXRuCnuzuaf5je4qoyo8lsRAEw+Mb4/RY=; b=T0+FdC3grnmVGqlXPxeha+U1u4Rnj9F9HBCzPrW4ORUylWfMXIoD5/mB13gYPX4H4J kW5U/HKsoEw8CnkbpTOla4Fru/VHsgaIzduNXDDWsEM2hj/UrnnmxCCQOldxHmMhK+Pv j0ZIk6JkPWv6cv1z61ERYhyBe06sCDFhxFry3JpPanmhollX+eC4l451pLkGFjX16pW/ x3HFhDOsCpV9/0mlx71uAJZCLQTKe8ZoyRD1XVhw5K6KPQuA8VAQ+K4GQmY2ltNFDp36 x/nBiJuwCg04bNu9fUMuSmlXgoda2vTd3VJ7kwP/tbi9czkMt5N9nrrU/xCvhPkr1dNd lliA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWiHdZezENoHiJ9RSZJn7cvrutWX12NDOi6n7c1T9iX+WhM3uBJ vrjA6tK+fmSsLKs9yoWO1F1Ld4Jw+iEov6k7fMzoAaE9+g0qpSSTlFxzBaOrcRqKM4Z5Qu9r5hV Ued1lfeEy9aI90O0rCXo4qWuQGWS9LTacgevtDAhdeF1GiAsEm35Zm7SIIlSgde/t3g== X-Received: by 2002:a17:902:5ac8:: with SMTP id g8mr16475265plm.154.1557326685693; Wed, 08 May 2019 07:44:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqy4LP429x9KQVXRobkucxd2vmd6VRyGlv1g99pH3N1xLhUr6JUE1BhRdkQQtWhrF2zgFJzM X-Received: by 2002:a17:902:5ac8:: with SMTP id g8mr16475139plm.154.1557326684418; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=DVOL3uFxB4j1e4uUKk4tUtISYSPUwhT8mELDMlk6j8RhpVDon2XtvhFAhKB/RwqyY1 M1UY2LgiddLk1yUj70PTQOZpIQj5x7ZAlLlRH1OJWckDoWgdSfNx6V57wSEYzr08QUyp AIBnH+6JwF1dMjhZkNM6uJs5MpDxOgQ+nVcp4wVzg+FifCrkEmdEeSePdtK6XqhwNQeU gzKveygxY0uGoyEBPaSJAs2X6bJucOCGE186ILu8MVDNBimbDB5nOIyajows0vprUJQO UGRPumNMHDDSMWnmXduuBv7nFKfQ++6ST+45w1+icnaAXMyeI4FTOrSnBjhvboXcQW9T +72Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=W6m17Hrz7mMXRuCnuzuaf5je4qoyo8lsRAEw+Mb4/RY=; b=o1IntS4GdIz2DE6Mlpnhw/0+osJXlhDu/k3BvaWu2Sl70fj+klNMX59YZjVzVtVCL1 hWHKmGgHW4D17yEivjRihKO+HcHxEwtG8X88K50ei1bQLQWlRv+CB+1cFl2+a8/gcOJv Cei53K2bHhmaEPOOqp+g0+d541Mh/ZeLUqgtXkmn6hAEKqLVMjEChO1mf2aBf+eNb0o7 hovWHTsFp9PJx0g1Z77JouiNL64XTjTmt1EKLfPAqbfPUXlw01sEz1JNLC0bS+CjdN4n 9iXY1RJaGvZSZfQpw08ar6KwwpRqB0CVNMlItYHoYI6EC+nXqAK40wLgC1nJo4hHYWyC VgnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id f6si24524459plf.90.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656541" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id E5276ABE; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 25/62] keys/mktme: Instantiate and destroy MKTME keys Date: Wed, 8 May 2019 17:43:45 +0300 Message-Id: <20190508144422.13171-26-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Instantiating and destroying are two Kernel Key Service methods that are invoked by the kernel key service when a key is added (add_key, request_key) or removed (invalidate, revoke, timeout). During instantiation, MKTME needs to allocate an available hardware KeyID and map it to the Userspace Key. During destroy, MKTME wil returned the hardware KeyID to the pool of available keys. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 92a047caa829..14bc4e600978 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -14,6 +14,8 @@ #include "internal.h" +static DEFINE_SPINLOCK(mktme_lock); + /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { unsigned int mapped_keyids; @@ -95,6 +97,26 @@ struct mktme_payload { u8 tweak_key[MKTME_AES_XTS_SIZE]; }; +/* Key Service Method called when a Userspace Key is garbage collected. */ +static void mktme_destroy_key(struct key *key) +{ + mktme_release_keyid(mktme_keyid_from_key(key)); +} + +/* Key Service Method to create a new key. Payload is preparsed. */ +int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) +{ + unsigned long flags; + int keyid; + + spin_lock_irqsave(&mktme_lock, flags); + keyid = mktme_reserve_keyid(key); + spin_unlock_irqrestore(&mktme_lock, flags); + if (!keyid) + return -ENOKEY; + return 0; +} + /* Make sure arguments are correct for the TYPE of key requested */ static int mktme_check_options(struct mktme_payload *payload, unsigned long token_mask, enum mktme_type type) @@ -236,7 +258,9 @@ struct key_type key_type_mktme = { .name = "mktme", .preparse = mktme_preparse_payload, .free_preparse = mktme_free_preparsed_payload, + .instantiate = mktme_instantiate_key, .describe = user_describe, + .destroy = mktme_destroy_key, }; static int __init init_mktme(void) From patchwork Wed May 8 14:43:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935835 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 42786924 for ; Wed, 8 May 2019 14:45:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 315D8276D6 for ; Wed, 8 May 2019 14:45:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 25B8B2844C; Wed, 8 May 2019 14:45:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B792276D6 for ; Wed, 8 May 2019 14:45:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E91FC6B0277; Wed, 8 May 2019 10:44:46 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E43ED6B0278; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D0D616B0279; Wed, 8 May 2019 10:44:46 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 7E6546B0277 for ; Wed, 8 May 2019 10:44:46 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id s19so11646772plp.6 for ; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xvq7Qpxy3tYrBN7UYa84bMjbm+FLBqPlB9IY6Yr2j34=; b=ponJe43VydunEP+wx9jXqnx3L02lGSFI5Hk7HHWLAwX6H2itu3Yi1Ym7HDNOwq+RZA tCX6vnqADmRURFaBtBZRFzfTmxdz8MlzjoBRkURsx+KVDDl4QoruEo26jVuzngt7CaIp kpCJwprt7OJBYqfK+PdboKIXI+tKuoDlFztR92QwckPjsnJ8goOJQP1Z24PHevjR9Uhz YFz2L6aaHYs04wyOQNd8Y8gmURF1reMwth+abM+i9INGtpcFGD/6p0/GUAt4ssF0PGhe w2DMC0nQr1NNwIdWg1zxGahaQWXZCqs4gIt64IltPt0vWZ2p/xQ1fIiJmCzKrWB42DGZ hk7A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWwx4fZ3/crSBaeoDuN/NSHwCQ6ywB0ksJzeVrlXNaW89j97XQS Mk9bFaKQuNYatmK40CvBscpXXlE93mM77HHTgpsdAwPVuvEUld/7KMbf0f0HV8F4F/IhljkxHEw 8GaMqEe59idQQ/srlBYNJcloLdZJwslFcAZ1tCJhwOJDlCjNZAKDaOF6eC3doEEBL+w== X-Received: by 2002:a17:902:be09:: with SMTP id r9mr47942329pls.215.1557326686149; Wed, 08 May 2019 07:44:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwnWas7vQv5LLRJItsZhmRhYnnBO+HiUyw2YB7bvLzllJT4XS2QtVEYmErpZ3GwhdooyZl9 X-Received: by 2002:a17:902:be09:: with SMTP id r9mr47942202pls.215.1557326684825; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=A8OioIrrpTNL6TL5Tt9di7JYKl3m0lQaAo/5DDlPjJnnL1YA9URbazP9agcIguhxZo 2qSTbtuluK4rKQmrpDf1ZxnsxLzoRMUizHUuHASwMlNPacfb8xN0scZArV2KQO5Gqzvz Vly+sQ0awJHML74KekofspVRLSRlIhPBSwjSWDq3S1KjCqb4kbDWG+OuCAq1LelSrMB9 ag+Hsce2RFNoEZslUx7xrRsGMWUkV4+xMmxpA4hQFBcsoyKhbcjeKa6R+MyPw+YNqW2W 08iEgjc096YHolU9s8FYoJOx2A9lXhU9PHc4NayW9VS0K+SG0OKQ6irR6DHMEUcwkwKd QnIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=xvq7Qpxy3tYrBN7UYa84bMjbm+FLBqPlB9IY6Yr2j34=; b=ycBFKgAXSaZtYXqFBToo5QAAqlzIO8mXUEHE5/mUA9n1FP8PCKvhvkEsmWs4sz7dcs 0KmhRqqRRpDoPcLsEmoW/v3D+4hXXEPZXrsldJi96CoDrSn1/6XkpNtxdAj1R3JgsiKF Ujdl0zfH9sPzSDmjLTtKHBibI5rh9SsXHpuIHPFZqCmHAzQYsfDEQr8TGTy7orbD0GUK 6CnZplR6PEqZ2km6zk3o5aBAdKVLQt+wi4NNZmwBa/EDoiqjDdyG2ibp6RiJBbAGkP3w 6ta3gvigxpiAMBHJj/FH4r6qJ4mq5dCc0fWiYE35WSGGQ2q85f1naa+GcVn/imiOvW3G 3f9Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id g8si22265475plt.4.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:39 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id EFE6EAC1; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 26/62] keys/mktme: Move the MKTME payload into a cache aligned structure Date: Wed, 8 May 2019 17:43:46 +0300 Message-Id: <20190508144422.13171-27-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield In preparation for programming the key into the hardware, move the key payload into a cache aligned structure. This alignment is a requirement of the MKTME hardware. Use the slab allocator to have this structure readily available. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 39 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 14bc4e600978..a7ca32865a1c 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -15,6 +15,7 @@ #include "internal.h" static DEFINE_SPINLOCK(mktme_lock); +struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { @@ -97,6 +98,27 @@ struct mktme_payload { u8 tweak_key[MKTME_AES_XTS_SIZE]; }; +/* Copy the payload to the HW programming structure and program this KeyID */ +static int mktme_program_keyid(int keyid, struct mktme_payload *payload) +{ + struct mktme_key_program *kprog = NULL; + int ret; + + kprog = kmem_cache_zalloc(mktme_prog_cache, GFP_ATOMIC); + if (!kprog) + return -ENOMEM; + + /* Hardware programming requires cached aligned struct */ + kprog->keyid = keyid; + kprog->keyid_ctrl = payload->keyid_ctrl; + memcpy(kprog->key_field_1, payload->data_key, MKTME_AES_XTS_SIZE); + memcpy(kprog->key_field_2, payload->tweak_key, MKTME_AES_XTS_SIZE); + + ret = MKTME_PROG_SUCCESS; /* Future programming call */ + kmem_cache_free(mktme_prog_cache, kprog); + return ret; +} + /* Key Service Method called when a Userspace Key is garbage collected. */ static void mktme_destroy_key(struct key *key) { @@ -106,6 +128,7 @@ static void mktme_destroy_key(struct key *key) /* Key Service Method to create a new key. Payload is preparsed. */ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) { + struct mktme_payload *payload = prep->payload.data[0]; unsigned long flags; int keyid; @@ -114,7 +137,14 @@ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) spin_unlock_irqrestore(&mktme_lock, flags); if (!keyid) return -ENOKEY; - return 0; + + if (!mktme_program_keyid(keyid, payload)) + return MKTME_PROG_SUCCESS; + + spin_lock_irqsave(&mktme_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_lock, flags); + return -ENOKEY; } /* Make sure arguments are correct for the TYPE of key requested */ @@ -275,10 +305,15 @@ static int __init init_mktme(void) if (mktme_map_alloc()) return -ENOMEM; + /* Used to program the hardware key tables */ + mktme_prog_cache = KMEM_CACHE(mktme_key_program, SLAB_PANIC); + if (!mktme_prog_cache) + goto free_map; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ - +free_map: kvfree(mktme_map); return -ENOMEM; From patchwork Wed May 8 14:43:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935931 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA2A41515 for ; Wed, 8 May 2019 14:47:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A87C628485 for ; Wed, 8 May 2019 14:47:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9CDFB28928; Wed, 8 May 2019 14:47:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2B00228485 for ; Wed, 8 May 2019 14:47:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A72396B02BF; Wed, 8 May 2019 10:46:19 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A23686B02C0; Wed, 8 May 2019 10:46:19 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 875816B02C2; Wed, 8 May 2019 10:46:19 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 4AE426B02C0 for ; Wed, 8 May 2019 10:46:19 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id g6so11610834plp.18 for ; Wed, 08 May 2019 07:46:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=r4np14USnRYf0pSmuynNxiGvJ92FnJxR9tAT5ohZpVY=; b=ks4wZ5ugiklkdg/S5KoGs4a4qLKI03L1WSssKFd2ozz2h3Hzc65nI7TXb1sO8VvMy9 IURAjFfLk4EMruvBeo4s3HBkcWBHIWP5vrWqfwPEuKuNoAxg/4MSG9L/Nk8epq1NjPcO tRtOL/QGngxAK4qRLd6kW98qx6ITDmI9HSfK5d4e9EfJxoUPnDybapmvLIwqfTcdTduF Adl4N9QWRwi1kvQONLgk4N0qmmw0RNu3UdF9Ago32/jyOTFyTcWnvfNzuGHnBiTImxlf 0PJd/UZaUzgoDja7uRoWLOvkmSLG0k+1nBIxcxRCPvrzMgx9BfMjcJ1VEGIb+GZRg8XI oXlA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXSZIR5mBq9cIbMaWdtv/lMow8ZOoKAzfDU7cYofeB1RpCEAfZu 81z+D1eFAr4YZM3K8BN74qFl9bb/3N6JdMi7nIJ1yfZ8MvpgblSu5OWZkQZefBWBiLCkIJmKjbW 8R8m9wxPhKe4WvNgS/ko8PsfMc7L3u3hh/SYhUiHDSQgusoz8UugNVOqgWkKIjJXwTg== X-Received: by 2002:a17:902:b581:: with SMTP id a1mr12748754pls.206.1557326778962; Wed, 08 May 2019 07:46:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqxDOFDOrn50+l9dpBZA9MZ+fFA0nn7BnIh5dqYU2EBf8RlT9jBvHehQYR/e0afmEOqXB+7i X-Received: by 2002:a17:902:b581:: with SMTP id a1mr12738094pls.206.1557326684562; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=XskDc8jtBqSnw7nVBbtC2t3wywqVFrgAPZUWhEe3lnH7HgCjWg8F5meHoN3UzqMgdE XryW64B3MyGQxARLZ8PEi2hM/B5bNi49cS6Ixy1A6SwgjbFYL8vHork32lciUuQR2HUO kiNo4YxEXmW2zV2DvAhX2Y1qbYp3TIOr1PeDfe2gyzkzrL0/diDTJ1RcIgtD8+koKBAf 89YarXSatQWu+JtIm+pOjQaEct3Uf01bqlXF40W7WOt9C+waWP0+YCnjxc9uKy93eFFV jSZJlRvhz8hKvJRvSVLT+5O1RM/p9F/3V1QWIoMgAdpnVkeFlK33DSwd3tTh5sEFckTl R79g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=r4np14USnRYf0pSmuynNxiGvJ92FnJxR9tAT5ohZpVY=; b=VLRvexZzYUiIEI1Brr5wgQy0QwfLNY+jP9Hh9ke7lu6Prmn6R6/m/woWVJfsY03Ozy NeLyDOfxoYeAGddZYVFqJxCbgDgViq5ztmkurMT3g0QNuuBX8sgWt+sALL+x/9lfHei9 mctYKwmhDw1eektfdsG8eliXp+uANlrSro3zRN/xB2lhteKYWZHde7O2pDwtk8IJmGWM M+xbfNChG21jEu1wHxPcGIzyt9FZzRDtpz6qOPG7akdJIw67ah0eYCGPVNJ16WTzvMsS YdJr8F8CPsolpKc4E71ECfD2J9RskNdgVUrmTxcPPaJEWytUqlHJok0aruxYY8DnxovT cWbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id 90si19482350plb.86.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 06098AD9; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 27/62] keys/mktme: Strengthen the entropy of CPU generated MKTME keys Date: Wed, 8 May 2019 17:43:47 +0300 Message-Id: <20190508144422.13171-28-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield If users request CPU generated keys, mix additional entropy bits from the kernel into the key programming fields used by the hardware. This additional entropy may compensate for weak user supplied, or CPU generated, entropy. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index a7ca32865a1c..9fdf482ea3e6 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -102,7 +103,8 @@ struct mktme_payload { static int mktme_program_keyid(int keyid, struct mktme_payload *payload) { struct mktme_key_program *kprog = NULL; - int ret; + u8 kern_entropy[MKTME_AES_XTS_SIZE]; + int ret, i; kprog = kmem_cache_zalloc(mktme_prog_cache, GFP_ATOMIC); if (!kprog) @@ -114,6 +116,14 @@ static int mktme_program_keyid(int keyid, struct mktme_payload *payload) memcpy(kprog->key_field_1, payload->data_key, MKTME_AES_XTS_SIZE); memcpy(kprog->key_field_2, payload->tweak_key, MKTME_AES_XTS_SIZE); + /* Strengthen the entropy fields for CPU generated keys */ + if ((payload->keyid_ctrl & 0xff) == MKTME_KEYID_SET_KEY_RANDOM) { + get_random_bytes(&kern_entropy, sizeof(kern_entropy)); + for (i = 0; i < (MKTME_AES_XTS_SIZE); i++) { + kprog->key_field_1[i] ^= kern_entropy[i]; + kprog->key_field_2[i] ^= kern_entropy[i]; + } + } ret = MKTME_PROG_SUCCESS; /* Future programming call */ kmem_cache_free(mktme_prog_cache, kprog); return ret; From patchwork Wed May 8 14:43:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935927 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4DEF21515 for ; Wed, 8 May 2019 14:47:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D4D82844B for ; Wed, 8 May 2019 14:47:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 316642890F; Wed, 8 May 2019 14:47:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A4252844B for ; Wed, 8 May 2019 14:47:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B0EDB6B02BA; Wed, 8 May 2019 10:46:15 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A72236B02BB; Wed, 8 May 2019 10:46:15 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9102C6B02BD; Wed, 8 May 2019 10:46:15 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 5703F6B02BB for ; Wed, 8 May 2019 10:46:15 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id d22so121618pgg.2 for ; Wed, 08 May 2019 07:46:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=x4/Z50S2DWAd5rYId6h1vAEZLevWJ2xcvSwXBFBahYU=; b=rTs3LW4Y442i22owHhS66Db38yser9EzYK8tS6a3UVqYr2fczLDPGtFHiG3/aCAmIT BWijJJt1XuBowyl5eCGp8rQeIMVaguybr+EyZKT8W9bbWrn0tIKNGRnPQXpJLQ3s9QAR +C/IalMAYhZm556kOHN7zhAG6GnccFDvxXJScJWRj38T1A+RJjC9dv0xjcvLtpaGh3jm slZKaYtYVlyIIAATAGB+W+b8YIZZgzGJHGzIfTRAKlfTB8Z+c4IA2iGS3KXhI/b3IJkW ThqRzUFjQzZJli4MniTuMWp5rm2gVlmFvnp2otXCezaiQ1NGri6THWup3DImQtP6eAz1 S/Jw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXwBOVzFHwKlISoYKpYN3Gw74KH+WqjvKkp/fStbvNZHC7UUs/W xnq2PB9ZcO/t2mGf1SEQCC7sqTKPcdcn/xHSM3BXkBmrKvN/+iuveXrWzneg9M0GrK5q15N0brB PHuUytjD5EqLUQOMqsrtiIssctmXpJjkod0xw3WOubtnSzUgMq9zoHsp99R5NkSQOmA== X-Received: by 2002:a63:2d41:: with SMTP id t62mr47971406pgt.113.1557326774990; Wed, 08 May 2019 07:46:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpbLZ4ymIks4q1Pv9VVEfIHNR7cQb2iNIBtZq2wD79o2kr9liFayxoIJwyEaK90weDuivm X-Received: by 2002:a63:2d41:: with SMTP id t62mr47960942pgt.113.1557326684949; Wed, 08 May 2019 07:44:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326684; cv=none; d=google.com; s=arc-20160816; b=xiDKcpFZ2hp393FCkWOiIuccMQ0SHwL4wncsritNzXmSPCMzXOyy9W1YzrBdchDsmg UtyNtj77S+pcy1AQArn9J/tBsOM2FZmATHlWmqWg1iEYwDN4kOCBOprEy06U1eW9WXDI 4IWUGbvIqImbVrKsZg4yTc3jOCaCfvlpQOZBQx8QAmnCYL5BdR0aj4p3M7rd9IV5nU/5 G6ieiDILeHx31eYeOr6a9HyuvFGk9lTKzFfJfI/FG6ZphBaUrSyzEUUvWB5Rmhh1miMn aRIpppNnev+kOxh6J4ojePoN2IkSpAhHs/oooGP8eE89jXCVimiCp4+464FOHYFqMMfs B33w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=x4/Z50S2DWAd5rYId6h1vAEZLevWJ2xcvSwXBFBahYU=; b=0OgsiqgCstek+mNWuxRofwS1rzM8lQdWGdYXUctSii+cPxfTTLcfpKN6VEabeVjwfW tSEnMapQwzhKL0Pd7Q6dQr+gGX1ypCqvbkhvRaydNVxvby5hA3lh8yz/FN1UsSzQ684u rYJb5GCej5YvePwSx7SNRli+jip8TKJVBasMbMDjvdZn/Qk4YpqXngAdc6UbxuMaaDrp piJ/2O5q0l1WO7Z5exy8tFyeyia/akjDujk4LE9n4sWxuNeO61ITAeCnlUyx57wySKwY meG1S0L+CvGYBkBbOWS9KC2xk1WJ85ibiitW46z4k/9ypyd2DRwtCwsRVBSilFie8Zku YI7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id 90si19482350plb.86.2019.05.08.07.44.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:44 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 11A32AF7; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 28/62] keys/mktme: Set up PCONFIG programming targets for MKTME keys Date: Wed, 8 May 2019 17:43:48 +0300 Message-Id: <20190508144422.13171-29-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME Key service maintains the hardware key tables. These key tables are package scoped per the MKTME hardware definition. This means that each physical package on the system needs its key table programmed. These physical packages are the targets of the new PCONFIG programming command. So, introduce a PCONFIG targets bitmap as well as a CPU mask that includes the lead CPUs capable of programming the targets. The lead CPU mask will be used every time a new key is programmed into the hardware. Keep the PCONFIG targets bit map around for future use during hotplug events. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 42 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 9fdf482ea3e6..b5b44decfd3e 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme_keys.rst */ +#include #include #include #include @@ -17,6 +18,8 @@ static DEFINE_SPINLOCK(mktme_lock); struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ +unsigned long *mktme_target_map; /* Pconfig programming targets */ +cpumask_var_t mktme_leadcpus; /* One lead CPU per pconfig target */ /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { @@ -303,6 +306,33 @@ struct key_type key_type_mktme = { .destroy = mktme_destroy_key, }; +static void mktme_update_pconfig_targets(void) +{ + int cpu, target_id; + + cpumask_clear(mktme_leadcpus); + bitmap_clear(mktme_target_map, 0, sizeof(mktme_target_map)); + + for_each_online_cpu(cpu) { + target_id = topology_physical_package_id(cpu); + if (!__test_and_set_bit(target_id, mktme_target_map)) + __cpumask_set_cpu(cpu, mktme_leadcpus); + } +} + +static int mktme_alloc_pconfig_targets(void) +{ + if (!alloc_cpumask_var(&mktme_leadcpus, GFP_KERNEL)) + return -ENOMEM; + + mktme_target_map = bitmap_alloc(topology_max_packages(), GFP_KERNEL); + if (!mktme_target_map) { + free_cpumask_var(mktme_leadcpus); + return -ENOMEM; + } + return 0; +} + static int __init init_mktme(void) { int ret; @@ -320,9 +350,21 @@ static int __init init_mktme(void) if (!mktme_prog_cache) goto free_map; + /* Hardware programming targets */ + if (mktme_alloc_pconfig_targets()) + goto free_cache; + + /* Initialize first programming targets */ + mktme_update_pconfig_targets(); + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + + free_cpumask_var(mktme_leadcpus); + bitmap_free(mktme_target_map); +free_cache: + kmem_cache_destroy(mktme_prog_cache); free_map: kvfree(mktme_map); From patchwork Wed May 8 14:43:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935841 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 78D40924 for ; Wed, 8 May 2019 14:45:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 674BC276D6 for ; Wed, 8 May 2019 14:45:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5B54A2844B; Wed, 8 May 2019 14:45:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C771C276D6 for ; Wed, 8 May 2019 14:45:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E63776B027A; Wed, 8 May 2019 10:44:47 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id BFADE6B0279; Wed, 8 May 2019 10:44:47 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A898C6B027A; Wed, 8 May 2019 10:44:47 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id 688176B0279 for ; Wed, 8 May 2019 10:44:47 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id 14so12804614pgo.14 for ; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=xNB81vjfr29anZNeZJ7zWyFQitPew0Qf2mqnTgj07L4=; b=AbvsSkXmDh0tJaASQ8ikz9PTq3ak03a8yGXKXFBWkC3gfzMpgh0n7xdpLpUAY7gP/Z 023jriZECHckyam083TWXbLUTEGNsWhdPo76jUBJ0Ab2phsDTCf909gPjDUUypSt+H+g aOsnHf0wmhTEO6rS4hOsUqVIkmhlpyH/9dCHfCp3PvW5bZSaeWR+yFvFMG81B+nhRz0H tXUkwxLzc/y0Fu0WkcyKz7BLn91PhbybWHDcxg/5LXu3v1yWL8B6ziS/m9xQt1MH0Fym SN25CGZJsuXBRZzmWq2696YIibGLRMtMivazqsHNxK6XOamxQSohOjkId1KUjXOS15x3 JdYQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUvXgbwVVeLL9W1p914veDwUNukgfSwWgtX4SrKLeVcCNTTCxc6 MMNfpBXV07ccgnDMtOY+w30isz3mLcU4JlLGyBhwFoedfJLUQ+1ju2gUYioJRSXP3XwqKiiscBp 5szpU52H5F0zTesZLtcMI/csvTmP+O1HU4++h6hmu1UoYTud+EVhdV0GBBndURmQ1rQ== X-Received: by 2002:a63:2bc8:: with SMTP id r191mr46493992pgr.72.1557326687066; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqyjKuBfgISgA/9EVPLSIk4goDF0aLvSidvoizeRzzZWfs/x+gn6KRzHafwlavSdrPmfRVvc X-Received: by 2002:a63:2bc8:: with SMTP id r191mr46493857pgr.72.1557326685563; Wed, 08 May 2019 07:44:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326685; cv=none; d=google.com; s=arc-20160816; b=DJSW5hsLJg3zgkzmVQl3fvDmRLavZQZ/iI9Q3InfB4x7rUtUF2uIkr7IN0/TauQOZG vvgFMh7TxuU6OrTk7QBZuwzVCUBuHA3Pq6x/5zuTwx2kDTC121v79h4ivfyt8G6NWLuz XRtR1ewkH7Beo+1dHmyU9OkIfN4+Uq0tvz/mdqV9nTGI3UkHEys1imLLkYqHDx33Uvru CtouSrsqLs2Hc4V/nscA6t+y5CGUFcY2cumnCCbEl/2ngh6W1CjXXbNE6/DoAHyxja3z jn2cdkqN2pYNfAFf2yeQnyy0dXlC62UaPmw/8peZI1fVopDUU7ziSnh8TNKPpThW09kA sBgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=xNB81vjfr29anZNeZJ7zWyFQitPew0Qf2mqnTgj07L4=; b=vlNmOfM8qZq2giMTzvooiuKsWT48hhSmfI6Aik2tybta4etPlD4vLHvIKMZIMbiWh5 lgilAZRhhusMiROW3eXi21lwk43K3hgQPea6XdlNDZafHLfSUYj5F4o1Kh4ILNiUuVPu mw3N1HcVkahYi+AozwSXveRP1DI4VdLJ0K6TpKbzWEjQnvk+9Uy+yElXBWXY0wQSlpzD LPMWI0b5FayYNXrfPPMstkBcMJhivO1aFFPfMdVyxJPiSJP14sYhJDxDwnjV9+PqGqDn EDcr5E1Po7HwpcFQswXiSWyBjyMJISxa7fa/MaQVcmJwBh3mL20aeS7Uxkkc6v5irk/b dBhQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:45 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 1BE06B26; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 29/62] keys/mktme: Program MKTME keys into the platform hardware Date: Wed, 8 May 2019 17:43:49 +0300 Message-Id: <20190508144422.13171-30-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Finally, the keys are programmed into the hardware via each lead CPU. Every package has to be programmed successfully. There is no partial success allowed here. Here a retry scheme is included for two errors that may succeed on retry: MKTME_DEVICE_BUSY and MKTME_ENTROPY_ERROR. However, it's not clear if even those errors should be retried at this level. Perhaps they too, should be returned to user space for handling. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 92 +++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index b5b44decfd3e..f70533b1a7fd 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -102,6 +102,96 @@ struct mktme_payload { u8 tweak_key[MKTME_AES_XTS_SIZE]; }; +struct mktme_hw_program_info { + struct mktme_key_program *key_program; + int *status; +}; + +struct mktme_err_table { + const char *msg; + bool retry; +}; + +static const struct mktme_err_table mktme_error[] = { +/* MKTME_PROG_SUCCESS */ {"KeyID was successfully programmed", false}, +/* MKTME_INVALID_PROG_CMD */ {"Invalid KeyID programming command", false}, +/* MKTME_ENTROPY_ERROR */ {"Insufficient entropy", true}, +/* MKTME_INVALID_KEYID */ {"KeyID not valid", false}, +/* MKTME_INVALID_ENC_ALG */ {"Invalid encryption algorithm chosen", false}, +/* MKTME_DEVICE_BUSY */ {"Failure to access key table", true}, +}; + +static int mktme_parse_program_status(int status[]) +{ + int cpu, sum = 0; + + /* Success: all CPU(s) programmed all key table(s) */ + for_each_cpu(cpu, mktme_leadcpus) + sum += status[cpu]; + if (!sum) + return MKTME_PROG_SUCCESS; + + /* Invalid Parameters: log the error and return the error. */ + for_each_cpu(cpu, mktme_leadcpus) { + switch (status[cpu]) { + case MKTME_INVALID_KEYID: + case MKTME_INVALID_PROG_CMD: + case MKTME_INVALID_ENC_ALG: + pr_err("mktme: %s\n", mktme_error[status[cpu]].msg); + return status[cpu]; + + default: + break; + } + } + /* + * Device Busy or Insufficient Entropy: do not log the + * error. These will be retried and if retries (time or + * count runs out) caller will log the error. + */ + for_each_cpu(cpu, mktme_leadcpus) { + if (status[cpu] == MKTME_DEVICE_BUSY) + return status[cpu]; + } + return MKTME_ENTROPY_ERROR; +} + +/* Program a single key using one CPU. */ +static void mktme_do_program(void *hw_program_info) +{ + struct mktme_hw_program_info *info = hw_program_info; + int cpu; + + cpu = smp_processor_id(); + info->status[cpu] = mktme_key_program(info->key_program); +} + +static int mktme_program_all_keytables(struct mktme_key_program *key_program) +{ + struct mktme_hw_program_info info; + int err, retries = 10; /* Maybe users should handle retries */ + + info.key_program = key_program; + info.status = kcalloc(num_possible_cpus(), sizeof(info.status[0]), + GFP_KERNEL); + + while (retries--) { + get_online_cpus(); + on_each_cpu_mask(mktme_leadcpus, mktme_do_program, + &info, 1); + put_online_cpus(); + + err = mktme_parse_program_status(info.status); + if (!err) /* Success */ + return err; + else if (!mktme_error[err].retry) /* Error no retry */ + return -ENOKEY; + } + /* Ran out of retries */ + pr_err("mktme: %s\n", mktme_error[err].msg); + return err; +} + /* Copy the payload to the HW programming structure and program this KeyID */ static int mktme_program_keyid(int keyid, struct mktme_payload *payload) { @@ -127,7 +217,7 @@ static int mktme_program_keyid(int keyid, struct mktme_payload *payload) kprog->key_field_2[i] ^= kern_entropy[i]; } } - ret = MKTME_PROG_SUCCESS; /* Future programming call */ + ret = mktme_program_all_keytables(kprog); kmem_cache_free(mktme_prog_cache, kprog); return ret; } From patchwork Wed May 8 14:43:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935847 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1AB63924 for ; Wed, 8 May 2019 14:45:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 090A7276D6 for ; Wed, 8 May 2019 14:45:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F08FC2844B; Wed, 8 May 2019 14:45:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6EE2A276D6 for ; Wed, 8 May 2019 14:45:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A78966B027B; Wed, 8 May 2019 10:44:48 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6C9286B027F; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 45AA26B027C; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id F187B6B027C for ; Wed, 8 May 2019 10:44:47 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id a17so12769955pff.6 for ; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=nxgctlSwkuGLHPGiqehWnGCrtge4VEN6ON3Go+SCJw4=; b=ZHx3B1MPVs6OvBV7G4+udvcC9tSoW+jjrqFZbYNxxdzYqreRr1UckP9IudeCK6oRZa zICLeiy0N5XkKxEGdSvnhCGY+RK+oeYHZ++usbInig3SCyHblanZjQE3Yo1z2Q5JMr82 EbJimbfWoxAh+lLMPKaMGiGPLXCnDoPVbnDryFpwpob7d6oyAQ3lZPJNNjExkztJ/VqO Uw7gIcqsV+TacbtGffjsCB7PziZq130Zuso+s9nKEq0Uxde8G8msuKJknOdsaAOIDl8V 53+8bg3xWwHPG+3B/5A5wNAgeUw26t95Kl1/LSMHEt0V1QyH0H2eCKfUPgfW7OnZkkxx 1jnA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVCqGPhnOnFWu8hTaqXw9UeFrFSOUoh2I+9zGLEBkrShpKnglkQ dH6Y3Seyt8NnKWXkwCGqAr0yRP8e8P/8QAUIKyfsLcMgfq22Gg2sinrpArQf1Aui9JdMbq7/w33 qed1aev1eXqu+v8FggLPZi4Aq3W6n9TmHBJRsGXqqDCXduHdIEPc2Nqdzr8PPWmlmMg== X-Received: by 2002:a62:69c2:: with SMTP id e185mr49001193pfc.119.1557326687637; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqzByFr+Ed0brEv7i1/DSZk8GmzBnA7p1kR7WfFlX1juJunA6VirECYxLVdsY2EuW0iswaaS X-Received: by 2002:a62:69c2:: with SMTP id e185mr49001070pfc.119.1557326686352; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=Uza0k61Y3ofiCe8bJ6G3lAJN/htTuex3F7At5UzynchNH4iHSwPBDrb1I2qZwSNscV LqZ5NhyQnpDr5CF/gOYwMvjc9wDLs5xv62VATcUyq+Gg8wA2+kkPtzmU3Vdb8MvEaz3u T0Z7F6jPIWpqYFHFE/IRMC3EFJsnKDg/D1JzkuaHD8hf/G5BYCqPOk6uhClNRy8EWWmi fRIGLEiNYnzQzOJYAEwwuK6C4AEWgfBubbizU8XIw4Ph+87hGuB1+zH8cBPdQbT8gv5r SVfsY28dR0CXqMq+933Ot/8VGxRmwTXBLRCWy75jl96692OF/klHtsTNvHbA7f54sGnh QpzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=nxgctlSwkuGLHPGiqehWnGCrtge4VEN6ON3Go+SCJw4=; b=woZ8Ed+yYba5NdFye/4mt17U36b8dxuG8Jq5ChVOu78B7rV7wZtkYxoezD7C7/RhXA egdsQBU62RyK7CTfTI2i9FWDx2rBfhi9FHLJBBgmzkXLThu+5vN4APhvQVxGrUHc3S3T dmGBHwJg1IXKg5Z/ZaFDgsuvv4286VX6qiJOo01azmtfByo2/IZR3yOFuMl2D02H4oPq Jp8efYAF/1aDAmoW2Z5XFa+bQ9U0uKBtrOZaC47IhC3rROdncqEQZ/MME9triU6hkBeC 4oZT6pgPl8b/BUKt7//rMmgmODYm0m2goGx6HvVpW5CMINPhdvdKQPyljle5bmzamylv dkPA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d3si22507173pfc.278.2019.05.08.07.44.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:45 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga001.jf.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 297B6B2F; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 30/62] keys/mktme: Set up a percpu_ref_count for MKTME keys Date: Wed, 8 May 2019 17:43:50 +0300 Message-Id: <20190508144422.13171-31-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME key service needs to keep usage counts on the encryption keys in order to know when it is safe to free a key for reuse. percpu_ref_count applies well here because the key service will take the initial reference and typically hold that reference while the intermediary references are get/put. The intermediaries in this case are the encrypted VMA's. Align the percpu_ref_init and percpu_ref_kill with the key service instantiate and destroy methods respectively. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 40 +++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index f70533b1a7fd..496b5c1b7461 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -80,6 +81,26 @@ int mktme_keyid_from_key(struct key *key) return 0; } +struct percpu_ref *encrypt_count; +void mktme_percpu_ref_release(struct percpu_ref *ref) +{ + unsigned long flags; + int keyid; + + for (keyid = 1; keyid <= mktme_nr_keyids; keyid++) { + if (&encrypt_count[keyid] == ref) + break; + } + if (&encrypt_count[keyid] != ref) { + pr_debug("%s: invalid ref counter\n", __func__); + return; + } + percpu_ref_exit(ref); + spin_lock_irqsave(&mktme_map_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_map_lock, flags); +} + enum mktme_opt_id { OPT_ERROR, OPT_TYPE, @@ -225,7 +246,10 @@ static int mktme_program_keyid(int keyid, struct mktme_payload *payload) /* Key Service Method called when a Userspace Key is garbage collected. */ static void mktme_destroy_key(struct key *key) { - mktme_release_keyid(mktme_keyid_from_key(key)); + int keyid = mktme_keyid_from_key(key); + + mktme_map->key[keyid] = (void *)-1; + percpu_ref_kill(&encrypt_count[keyid]); } /* Key Service Method to create a new key. Payload is preparsed. */ @@ -241,9 +265,15 @@ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) if (!keyid) return -ENOKEY; + if (percpu_ref_init(&encrypt_count[keyid], mktme_percpu_ref_release, + 0, GFP_KERNEL)) + goto err_out; + if (!mktme_program_keyid(keyid, payload)) return MKTME_PROG_SUCCESS; + percpu_ref_exit(&encrypt_count[keyid]); +err_out: spin_lock_irqsave(&mktme_lock, flags); mktme_release_keyid(keyid); spin_unlock_irqrestore(&mktme_lock, flags); @@ -447,10 +477,18 @@ static int __init init_mktme(void) /* Initialize first programming targets */ mktme_update_pconfig_targets(); + /* Reference counters to protect in use KeyIDs */ + encrypt_count = kvcalloc(mktme_nr_keyids + 1, sizeof(encrypt_count[0]), + GFP_KERNEL); + if (!encrypt_count) + goto free_targets; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + kvfree(encrypt_count); +free_targets: free_cpumask_var(mktme_leadcpus); bitmap_free(mktme_target_map); free_cache: From patchwork Wed May 8 14:43:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935939 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F1B2F1515 for ; Wed, 8 May 2019 14:47:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFE6228485 for ; Wed, 8 May 2019 14:47:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D370828958; Wed, 8 May 2019 14:47:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7825628485 for ; Wed, 8 May 2019 14:47:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 36E7C6B02C8; Wed, 8 May 2019 10:46:28 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 2D1186B02CA; Wed, 8 May 2019 10:46:28 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05EC96B02C9; Wed, 8 May 2019 10:46:28 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id C02D26B02C7 for ; Wed, 8 May 2019 10:46:27 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id 93so9777312plf.14 for ; Wed, 08 May 2019 07:46:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=tOzY6YSnq7kQhl1Xfuc6nOLOEJG32H3j/0J5lRyZG10=; b=qykHlDYS3oXEDVKM07KyufCiIISTmMQSltRqNU/LgmnjDH8bbxwgKQbHPvIybnjZhc 838/YX7lKirSk2ZA5zKQI2kexwmGbHME9gDYlSny6hrhzhH8cabMjbdsYNTiLmYj/pEr saR6v9agbAfs1Mz4SINhjYgb07RxgTbhAlwWcGYBu8HuXH4KSGY6A/UJ+z3BOxir5KLP WyhUDvvLbACUMbUA2S/Wcs9P+QZSs88v2vkFhLycc/2lk7tlTC4ESHB5J2jwBi6DNvnk 7szmTY1UdY9kOZpQ9WAyVz1Zidf9PNzrdFp8kXpgnZ5lds+DwnGlAcWbutZMcgEcECE5 mSYw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU7GQRF5SJXbUpPKKvqxx8ODYDsFwthuIbVCq9afA05BrJB/GeR 8W4Mzjkpb/1eICI9u9rthUhN6P2FIdbRq2G+i02+nvmPWi/wQV44JwY2FnJmPMUxTwofEjrWP8x 49eKhn17759vUGIGGyKo9bTUjMeaGAnnt9XWTgqi7nCi81huUXQWaiKkPkWqpBNMJwQ== X-Received: by 2002:a62:75d8:: with SMTP id q207mr8696094pfc.35.1557326787452; Wed, 08 May 2019 07:46:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqzFrVmU9C8WuASHmFCN4OehwduC+37BrqqgzW2xLFh4Rq3IcRcwek0AQ9PGHb4tJ14xKYNM X-Received: by 2002:a62:75d8:: with SMTP id q207mr8684130pfc.35.1557326686116; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=IaIHuIGThlJOu5vxgpVPCmJB4blFX9nridLILPEhAx5ANCOOPbwnJPUv1DyM6FI6kg +hlNhctkzckGzQEk1lUGziqgFuSERHe1/AxecRVd5dfv9Sus1IDn5POBJKUnYaNvrCcP 2s5vf6aNl7Zo1PfIaTnOi6hbHe7WzcGI+QcPvBRDhJP60XfvN6lbKlaPgbOemQscurQ+ RWAT3gNpBHdIfbQejaFmEJa/qAv3OgPQFp9rYYI7DJFDrc45l8rtsp7f+TRn8r5are97 AERB5N750lt1Fk9F3VcKaOVj/md2/uVRNxYLmRM7GiZylN8hFO8y1BJuLyJ1KQoKPU1v UAsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=tOzY6YSnq7kQhl1Xfuc6nOLOEJG32H3j/0J5lRyZG10=; b=Mg6wl/jrZG7jMUW6Wlf85EKUAVQzPTYXzhbti1L6zfwKw4/vWa90hKrwR7wU5dl9Nh Y6TNUohtZvjd45FU89bw++0s91feXKkMfD32c2yM2a3zCzSIzI9QQdtiiogEqUISyNSg 6038mvKb+h6Uf+aYLJWwUPVUv8umuEjkiGvyR2cTb9/Ov8X/jO9oQtq9wttjn5+gSxYk xKemfrgsaALr78pVy8scDeUEX5Cyj/xxjuQLORKEk8Gm0VxCEg+NbfQWYcV49hssaUWa so5+ZTa0RsEPMY7IMSpQZBUTOpnML79yZCAzP+/0GC/EetM2j9hlmhmEs/pnW/qz4uIu Y3TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:46 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 08 May 2019 07:44:40 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 36B88B36; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 31/62] keys/mktme: Require CAP_SYS_RESOURCE capability for MKTME keys Date: Wed, 8 May 2019 17:43:51 +0300 Message-Id: <20190508144422.13171-32-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME key type uses capabilities to restrict the allocation of keys to privileged users. CAP_SYS_RESOURCE is required, but the broader capability of CAP_SYS_ADMIN is accepted. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 496b5c1b7461..4b2d3dc1843a 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme_keys.rst */ +#include #include #include #include @@ -393,6 +394,9 @@ int mktme_preparse_payload(struct key_preparsed_payload *prep) char *options; int ret; + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + return -EACCES; + if (datalen <= 0 || datalen > 1024 || !prep->data) return -EINVAL; From patchwork Wed May 8 14:43:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D53D51515 for ; Wed, 8 May 2019 14:45:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3780276D6 for ; Wed, 8 May 2019 14:45:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B77B72844B; Wed, 8 May 2019 14:45:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7AEE276D6 for ; Wed, 8 May 2019 14:45:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 45A8D6B0278; Wed, 8 May 2019 10:44:48 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 397306B0279; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 08A866B027F; Wed, 8 May 2019 10:44:48 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id AE9A26B0278 for ; Wed, 8 May 2019 10:44:47 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id 94so9893288plc.19 for ; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=KEsmdKVxv2nRa2UTw3kELxFgu3Ph2mW16nw51h3TTXA=; b=QLXd4y4gYpZ9HnF5gRRrv+oQc73RlAxvkk6pK5b6Ze6RrzoZL8pYPd3kpVk6tiIOWu Al0FPnfyXKXZg5uhoseILchRIIL38RC+bWrxlQCJJCWM3EaKKAtEDOvapu2GD7PAZ4HZ lSFeyjJBVsKhwBshxgpiK1WpHi636e4fBSxYy45LV42pTnXJ5/OzTpzI/8j4ZRtSWnGE easCcJk7i97MPoT8ZrXngUkwhTZ+SRtCs3hH5LbZ458OnDUSXRyl4vUsAIyq2n/qVy7V ItQk2c0/6fl253/wlebCtZJPRPc1ngiXHRqPVxRs0g8LJmhh4yteTg1s3RnJmZOS9BkX Fliw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUjMS9R4JHsK7ryAGFz5yZ8dXhUSRmy1lPgHQMhPuH8Vy9aNhch 7M1rwe/rLXUti6YrWFSoO/C4gITz22qiaNF/TGHFJFEuN6YvagYWZL2t3EzhZXwjtk1NQqW46eG fO6S4PhUdHCUGZi+NrsJR9mO5372H3VHJwvzG2u1a+RulwFColfb85iSGEZpUmdv4qA== X-Received: by 2002:a17:902:4683:: with SMTP id p3mr46408761pld.42.1557326687350; Wed, 08 May 2019 07:44:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxWL0YMxbgiXQgeWuqGffhPYj6ipULcQqhZNpl9GhumLm979Z2+lBlRNXjo8a3N1JChaKJn X-Received: by 2002:a17:902:4683:: with SMTP id p3mr46408654pld.42.1557326686266; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=PRlGi8VS4rFHTT0myrl23giKANc6XecNX6/hsvPcn91cdnzecjnHaUB/ylyCqOmfuV WYUWY8GVWLycaqJke1WKIfuQ2Tkycboi3SYmYKEiFCUYR2/zzk/lUZ3D16iXjFjWDZnn oWxHyiYjPcrFXSeqLhX60fTIVLs5HTw/K8A2Wm3Tigr0Or4oWXFtOAvambDSzRBLIIFx cizeEDVg5gTgP6yjjlw3neDvE58b9xBLQCnGV2oYpbhjdAqxmSaeh9JdA5sZ385Dtga8 B3nNFJvV+kdQkK6SVEasItjjThVwk8BhLXl8Yoszc1yLtO1WNMGOuFzfCmmn7UViSbht CHwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=KEsmdKVxv2nRa2UTw3kELxFgu3Ph2mW16nw51h3TTXA=; b=rS5vwCcW/rOaXk7krZ0+VZvnAWgHy3XQnZ6tKr/hM/tFF7sYp/uHDbbJcOQt1nxGBP Llzp7NAJxclhRhz8qz45weQFjrZPwn2VYNizkCzbLytYquFPJsBwINXjD8GUypThvvvl dgZ6gk1EPGSY2re9cQSlbnuWUjdtlhZYer4nO5j6Ga/KFDZX16IVCZssYavSBWpeGSg+ TCq0d092zvJ1k8iSlQlz6vj2kAnfYbH6Ts6f4RvY7+0YW6wyYHHuC1j5t+fvrNEhh6uD YJeqNO4pogUMDTw1grk65BwPC7EsSQpg5k0oLpb6lmuqwuCa7nLZ9CHY6h2Ap3e2sfXA SyXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga17.intel.com (mga17.intel.com. [192.55.52.151]) by mx.google.com with ESMTPS id b11si666839pge.440.2019.05.08.07.44.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) client-ip=192.55.52.151; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:45 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga003.jf.intel.com with ESMTP; 08 May 2019 07:44:41 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 441E5B47; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 32/62] keys/mktme: Store MKTME payloads if cmdline parameter allows Date: Wed, 8 May 2019 17:43:52 +0300 Message-Id: <20190508144422.13171-33-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME (Multi-Key Total Memory Encryption) key payloads may include data encryption keys, tweak keys, and additional entropy bits. These are used to program the MKTME encryption hardware. By default, the kernel destroys this payload data once the hardware is programmed. However, in order to fully support Memory Hotplug, saving the key data becomes important. The MKTME Key Service cannot allow a new memory controller to come online unless it can program the Key Table to match the Key Tables of all existing memory controllers. With CPU generated keys (a.k.a. random keys or ephemeral keys) the saving of user key data is not an issue. The kernel and MKTME hardware can generate strong encryption keys without recalling any user supplied data. With USER directed keys (a.k.a. user type) saving the key programming data (data and tweak key) becomes an issue. The data and tweak keys are required to program those keys on a new physical package. In preparation for adding support for onlining new memory: Add an 'mktme_key_store' where key payloads are stored. Add 'mktme_storekeys' kernel command line parameter that, when present, allows the kernel to store user type key payloads. Add 'mktme_bitmap_user_type' to recall when USER type keys are in use. If no USER type keys are currently in use, new memory may be brought online, despite the absence of 'mktme_storekeys'. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- .../admin-guide/kernel-parameters.rst | 1 + .../admin-guide/kernel-parameters.txt | 11 ++++ security/keys/mktme_keys.c | 51 ++++++++++++++++++- 3 files changed, 61 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.rst b/Documentation/admin-guide/kernel-parameters.rst index b8d0bc07ed0a..1b62b86d0666 100644 --- a/Documentation/admin-guide/kernel-parameters.rst +++ b/Documentation/admin-guide/kernel-parameters.rst @@ -120,6 +120,7 @@ parameter is applicable:: Documentation/m68k/kernel-options.txt. MDA MDA console support is enabled. MIPS MIPS architecture is enabled. + MKTME Multi-Key Total Memory Encryption is enabled. MOUSE Appropriate mouse support is enabled. MSI Message Signaled Interrupts (PCI). MTD MTD (Memory Technology Device) support is enabled. diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 2b8ee90bb644..38ea0ace9533 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2544,6 +2544,17 @@ in the "bleeding edge" mini2440 support kernel at http://repo.or.cz/w/linux-2.6/mini2440.git + mktme_storekeys [X86, MKTME] When CONFIG_X86_INTEL_MKTME is set + this parameter allows the kernel to store the user + specified MKTME key payload. Storing this payload + means that the MKTME Key Service can always allow + the addition of new physical packages. If the + mktme_storekeys parameter is not present, users key + data will not be stored, and new physical packages + may only be added to the system if no user type + MKTME keys are programmed. + See Documentation/x86/mktme.rst + mminit_loglevel= [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this parameter allows control of the logging verbosity for diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 4b2d3dc1843a..bcd68850048f 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -22,6 +22,9 @@ static DEFINE_SPINLOCK(mktme_lock); struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ unsigned long *mktme_target_map; /* Pconfig programming targets */ cpumask_var_t mktme_leadcpus; /* One lead CPU per pconfig target */ +static bool mktme_storekeys; /* True if key payloads may be stored */ +unsigned long *mktme_bitmap_user_type; /* Shows presence of user type keys */ +struct mktme_payload *mktme_key_store; /* Payload storage if allowed */ /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { @@ -124,6 +127,27 @@ struct mktme_payload { u8 tweak_key[MKTME_AES_XTS_SIZE]; }; +void mktme_store_payload(int keyid, struct mktme_payload *payload) +{ + /* Always remember if this key is of type "user" */ + if ((payload->keyid_ctrl & 0xff) == MKTME_KEYID_SET_KEY_DIRECT) + set_bit(keyid, mktme_bitmap_user_type); + /* + * Always store the control fields to program newly + * onlined packages with RANDOM or NO_ENCRYPT keys. + */ + mktme_key_store[keyid].keyid_ctrl = payload->keyid_ctrl; + + /* Only store "user" type data and tweak keys if allowed */ + if (mktme_storekeys && + ((payload->keyid_ctrl & 0xff) == MKTME_KEYID_SET_KEY_DIRECT)) { + memcpy(mktme_key_store[keyid].data_key, payload->data_key, + MKTME_AES_XTS_SIZE); + memcpy(mktme_key_store[keyid].tweak_key, payload->tweak_key, + MKTME_AES_XTS_SIZE); + } +} + struct mktme_hw_program_info { struct mktme_key_program *key_program; int *status; @@ -270,9 +294,10 @@ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) 0, GFP_KERNEL)) goto err_out; - if (!mktme_program_keyid(keyid, payload)) + if (!mktme_program_keyid(keyid, payload)) { + mktme_store_payload(keyid, payload); return MKTME_PROG_SUCCESS; - + } percpu_ref_exit(&encrypt_count[keyid]); err_out: spin_lock_irqsave(&mktme_lock, flags); @@ -487,10 +512,25 @@ static int __init init_mktme(void) if (!encrypt_count) goto free_targets; + /* Detect presence of user type keys */ + mktme_bitmap_user_type = bitmap_zalloc(mktme_nr_keyids, GFP_KERNEL); + if (!mktme_bitmap_user_type) + goto free_encrypt; + + /* Store key payloads if allowable */ + mktme_key_store = kzalloc(sizeof(mktme_key_store[0]) * + (mktme_nr_keyids + 1), GFP_KERNEL); + if (!mktme_key_store) + goto free_bitmap; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + kfree(mktme_key_store); +free_bitmap: + bitmap_free(mktme_bitmap_user_type); +free_encrypt: kvfree(encrypt_count); free_targets: free_cpumask_var(mktme_leadcpus); @@ -504,3 +544,10 @@ static int __init init_mktme(void) } late_initcall(init_mktme); + +static int mktme_enable_storekeys(char *__unused) +{ + mktme_storekeys = true; + return 1; +} +__setup("mktme_storekeys", mktme_enable_storekeys); From patchwork Wed May 8 14:43:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935923 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7C5521515 for ; Wed, 8 May 2019 14:47:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BAE62844B for ; Wed, 8 May 2019 14:47:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5FF7928485; Wed, 8 May 2019 14:47:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D67CF2844B for ; Wed, 8 May 2019 14:47:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 541F26B02B8; Wed, 8 May 2019 10:46:15 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 51BD36B02BA; Wed, 8 May 2019 10:46:15 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E6306B02BB; Wed, 8 May 2019 10:46:15 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id ED6726B02B8 for ; Wed, 8 May 2019 10:46:14 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id t1so12766972pfa.10 for ; Wed, 08 May 2019 07:46:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=SWcujcOdjJ4n7cFeyFQDmfheevccd9AmduaPEsJQk94=; b=nB2RrcYcllDG6uEF9bBTv7ffhCBQigT1w46MIm3LqLIT4w/6lSfyyXeHPGvmO7eVze hiPsbMgGYhuhjU+9CCx06I53J2/N6gMUYykf5sD6PprSItsOIIDwrlysaXwzikaCiOEE 14hnG5pUtQZwm4VUiCqC31xdFRFGEXx55EQQdrQZTue3WxVyrWvpiTgKvZVAo/WOFWTn uyu/uY7Mncp1KTqjnTCShOJbPEz27g/Xsu31mFNcADZzvfEV6TwsxMiTnIqDbVyK8Qq7 YGyrq0aayl80NDIJuMa4ysqbGSBN7OIsbUlvgpoj+vG6To7V3P9ViWdPr2/71/WeM+y4 L0rA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUhbfZ7IuTM/4ESxTlkpCF5SR92Uj77kVG/Sxgbv48N7x27Ew48 tNAVUZ3RizbOpqpLJ/jXXTgZKz+vqvOpS98/1UdlB6GLHwNqeiBjMhW3F5lO+touIQ+o5Dl3C5/ JWEuAPHeCA22wZKRKGnO/hxVR5ui06XFv89YVkfrmSkZE07JhQtrd5b73+CF53eW5yQ== X-Received: by 2002:a62:d244:: with SMTP id c65mr48978738pfg.173.1557326774629; Wed, 08 May 2019 07:46:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqzUrb/LH30TxSBw6+bYVvZEYgsglB2JC4qm9O5sihWnZZ9byCF/FFss9+HwAebcVwtJ8lqY X-Received: by 2002:a62:d244:: with SMTP id c65mr48968261pfg.173.1557326686337; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=sJoJm/K2w3bJ2I1Iw+d+xdINrvGH01O8jqmoVz9bSjinqNKUQbqipvd2g9PbUkyApr cEmxwGzB07TMIU6zCW3rpFVNm4Ik2gtmulsCY4zeLzngsm+jL6ocd7rpfdeerUCRXM8B FHHtuYPlkOF8rTeioBHg26vpsg59d7b14bc1U/Z2X2p1WMCdsi0k7jBYy3Obe7YnssMT zGjAqSUqYoheH3fVtWbLacysmAKJQbF5ERhWMm51rsHjmW/W2/NskZUj/CXJRGuQ8X5s X+xk7peR2CVrIxxmEezJKuv/H+0NSCFItr9LPUBGOEIDZhi9o23Hzn5jIeDnDwTyG3ka G/PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=SWcujcOdjJ4n7cFeyFQDmfheevccd9AmduaPEsJQk94=; b=GBfzGpfc82Qt2FIfQyCZUBUC3Jg03IUW7/Fx4R1fDH3zjq+JT5Ck3MP1fnszST6lbK VoeayH8eeLc5p1y5QhoQZYcd32qlxHI3CAnyUzf03ESoak0Syy4tD5PpzA7PhSrSjHnU ay+2tnpRKS/1oS5xDzjtovfwBlPbSqc2fuhJrEgk2kqsjTv3z8orOfkYdFP7eqX3lzsW fbbG6exW/2bhX9IA8Gjqvu2qNc8hLzbp1YqfxKo57jTGRdw+FfnrLN2GJzpVGTzsPez3 3hLWd9LpY4H945iTOoi5ehavk7MhExYqy93om4cvuLWI/r9LIgyGqMZPKtpLbS8t47/a lblQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:46 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 08 May 2019 07:44:41 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 51199B86; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 33/62] acpi: Remove __init from acpi table parsing functions Date: Wed, 8 May 2019 17:43:53 +0300 Message-Id: <20190508144422.13171-34-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield ACPI table parsing functions are useful outside of init time. For example, the MKTME (Multi-Key Total Memory Encryption) key service will evaluate the ACPI HMAT table when the first key creation request occurs. This will happen after init time. Additionally, the table parsing functions can be used when _HMA objects are evaluated at runtime. The _HMA object provides a completely new HMAT, overriding the existing table. The table parsing functions will come in handy for those events. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/tables.c | 10 +++++----- include/linux/acpi.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c index 3d0da38f94c6..35646b0fa7eb 100644 --- a/drivers/acpi/tables.c +++ b/drivers/acpi/tables.c @@ -47,7 +47,7 @@ static char *mps_inti_flags_trigger[] = { "dfl", "edge", "res", "level" }; static struct acpi_table_desc initial_tables[ACPI_MAX_TABLES] __initdata; -static int acpi_apic_instance __initdata; +static int acpi_apic_instance; enum acpi_subtable_type { ACPI_SUBTABLE_COMMON, @@ -63,7 +63,7 @@ struct acpi_subtable_entry { * Disable table checksum verification for the early stage due to the size * limitation of the current x86 early mapping implementation. */ -static bool acpi_verify_table_checksum __initdata = false; +static bool acpi_verify_table_checksum = false; void acpi_table_print_madt_entry(struct acpi_subtable_header *header) { @@ -294,7 +294,7 @@ acpi_get_subtable_type(char *id) * On success returns sum of all matching entries for all proc handlers. * Otherwise, -ENODEV or -EINVAL is returned. */ -static int __init +static int acpi_parse_entries_array(char *id, unsigned long table_size, struct acpi_table_header *table_header, struct acpi_subtable_proc *proc, int proc_num, @@ -370,7 +370,7 @@ acpi_parse_entries_array(char *id, unsigned long table_size, return errs ? -EINVAL : count; } -int __init +int acpi_table_parse_entries_array(char *id, unsigned long table_size, struct acpi_subtable_proc *proc, int proc_num, @@ -402,7 +402,7 @@ acpi_table_parse_entries_array(char *id, return count; } -int __init +int acpi_table_parse_entries(char *id, unsigned long table_size, int entry_id, diff --git a/include/linux/acpi.h b/include/linux/acpi.h index 7c7515b0767e..75078fc9b6b3 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -240,11 +240,11 @@ int acpi_numa_init (void); int acpi_table_init (void); int acpi_table_parse(char *id, acpi_tbl_table_handler handler); -int __init acpi_table_parse_entries(char *id, unsigned long table_size, +int acpi_table_parse_entries(char *id, unsigned long table_size, int entry_id, acpi_tbl_entry_handler handler, unsigned int max_entries); -int __init acpi_table_parse_entries_array(char *id, unsigned long table_size, +int acpi_table_parse_entries_array(char *id, unsigned long table_size, struct acpi_subtable_proc *proc, int proc_num, unsigned int max_entries); int acpi_table_parse_madt(enum acpi_madt_type id, From patchwork Wed May 8 14:43:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935917 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 38CA1924 for ; Wed, 8 May 2019 14:47:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 245E72844B for ; Wed, 8 May 2019 14:47:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 177B028485; Wed, 8 May 2019 14:47:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A0AF62844B for ; Wed, 8 May 2019 14:47:11 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C6F136B02B1; Wed, 8 May 2019 10:46:03 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id C47B06B02B2; Wed, 8 May 2019 10:46:03 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B0C8F6B02B3; Wed, 8 May 2019 10:46:03 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id 718C16B02B1 for ; Wed, 8 May 2019 10:46:03 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id 14so12806882pgo.14 for ; Wed, 08 May 2019 07:46:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=bMhGYPvhch86dLFBTwNjwlU0ss5Zx9fxnvAxoB5kLBo=; b=YpD+mZNHDvFUTH+1iItCAXQh8135ZqsOldZLmktKWnvf8nNEIuYd5x7QJSiXOikTn5 jhet9L7TfaX9cMN0DdtfKWIfu8tMhNGmIUQxe+qrn+WTVEQ8SIQiGqTfBxcOXWFv6bfb 5dNdD1vVKQjVgk8f3kMHZrVT12LtwxRJHAZx77WiWpklQbJ2LeKHRoRCUVakbPop1ufN vhwlniX5LTxFdDIT5YdacVH3pio3taUllKvHlheye8uJRPbaMtQbFUE04eFE+lUJ6Aba eAfcxjD3h1Hu0wjEYWivl1iAbiV01j5PGcVsVJlB7gohJ5CwxgfdyUHBMPdiNtYeggds Ha6g== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUS3F5RlI+oblWTfZb/xNoIUyqyw9ClFAWo2nXQaE+vPttxg28f k7IiDNfTsJE1aZCBUjxa0usnmsgGNCQh8ZcqS7TFsPBBgxg36fxF2vv9RgIFI9ky0f1Ualkv81i gswZVmWHOyjnvg2ipNWskufKJPQK9N8rbItITgiR2eGJ7FVLoh770RUNv3T2UHTVikg== X-Received: by 2002:a17:902:8bc3:: with SMTP id r3mr48068991plo.53.1557326763136; Wed, 08 May 2019 07:46:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqyyD/PVE1XkbbCIXsvGMTCfi/BT/6a1bLreKgZt7qGLqZ8/aKUJ0BkgOPL86XC1QdRSgWSK X-Received: by 2002:a17:902:8bc3:: with SMTP id r3mr48060188plo.53.1557326686436; Wed, 08 May 2019 07:44:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326686; cv=none; d=google.com; s=arc-20160816; b=ku8xXzvlsFsDc62nehUTj7iUT7Xer/m/7n+DRR9eKx18zGfVYOVVnAqiDyU1e6pRZR Do45LI+vJaw6ZdZuY1PPl31S547tFq3iquTvhBzprxC+fbDW13JKCRDq3439IO+lTuWU lSPnlBWSm6uRUopQrGle1ENePwLDLd9tDaBatIeE6eXLwNG8r3sCow3OLKezdfQ8gyDW WTuoX/e+tSKaX/bGXcEGk2DrzAqlR7fN5jCxT+kPt0Sf328p6XZSGwMtxOmM8ewyQg44 5R6o6PTdKXn9mcbmNl3SM9M4jrRpXJqiLISNqexl3tvIe0r0gVXVVluqns9JOmA8WUlE CbiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=bMhGYPvhch86dLFBTwNjwlU0ss5Zx9fxnvAxoB5kLBo=; b=Yo+Js1Yq0rKrP/ssXLfCmi4SBneT64RHuD42IEt6tcviBhsXsMApCybuuk1crtmkIw P/4mFmXe/ROtXL0gkccvKtG26Cvg9cqQiIy4/vS5rm2yVQ499L2VS72yKAfeyxYOMr+v x2zVx8wUYWdLhyS8u8zCaFOExXQAQo0mWPQ0SU2HqhqAMKqwajFSz/3qPtS0YJNLoMBa NMLFubzPcCk7Pbj1BbQCmENklE9I7XlkrppYrs6MNKIeX8BcQr8da/PsmmHpS/tSMRxE DUl19VkITln0FnEpFnUBNnqp0EMF9pK4xCr8gHgAdDXzeryJFnenfxIGifak9byhFYfq 2MaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:46 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 08 May 2019 07:44:41 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 5EB75BC1; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 34/62] acpi/hmat: Determine existence of an ACPI HMAT Date: Wed, 8 May 2019 17:43:54 +0300 Message-Id: <20190508144422.13171-35-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Platforms that need to confirm the presence of an HMAT table can use this function that simply reports the HMATs existence. This is added in support of the Multi-Key Total Memory Encryption (MKTME), a feature on future Intel platforms. These platforms will need to confirm an HMAT is present at init time. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/hmat/hmat.c | 13 +++++++++++++ include/linux/acpi.h | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c index 96b7d39a97c6..38e3341f569f 100644 --- a/drivers/acpi/hmat/hmat.c +++ b/drivers/acpi/hmat/hmat.c @@ -664,3 +664,16 @@ static __init int hmat_init(void) return 0; } subsys_initcall(hmat_init); + +bool acpi_hmat_present(void) +{ + struct acpi_table_header *tbl; + acpi_status status; + + status = acpi_get_table(ACPI_SIG_HMAT, 0, &tbl); + if (ACPI_FAILURE(status)) + return false; + + acpi_put_table(tbl); + return true; +} diff --git a/include/linux/acpi.h b/include/linux/acpi.h index 75078fc9b6b3..fe3ad4ca5bb3 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -1339,4 +1339,8 @@ acpi_platform_notify(struct device *dev, enum kobject_action action) } #endif +#ifdef CONFIG_X86_INTEL_MKTME +extern bool acpi_hmat_present(void); +#endif /* CONFIG_X86_INTEL_MKTME */ + #endif /*_LINUX_ACPI_H*/ From patchwork Wed May 8 14:43:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935849 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A1B9B924 for ; Wed, 8 May 2019 14:45:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 908B0283E8 for ; Wed, 8 May 2019 14:45:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 847212844C; Wed, 8 May 2019 14:45:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 255C3283E8 for ; Wed, 8 May 2019 14:45:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 961686B0293; Wed, 8 May 2019 10:44:49 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 9133F6B0294; Wed, 8 May 2019 10:44:49 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 829316B0295; Wed, 8 May 2019 10:44:49 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 45D956B0293 for ; Wed, 8 May 2019 10:44:49 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id d21so12791190pfr.3 for ; Wed, 08 May 2019 07:44:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=YUiV7ciEmu1VpZKDN9yq95Yz4mn5jz12GvAwo9oqPZY=; b=aad57X9zsG4C0iBrc0QkUol02Fju8R72EQvA32qkHLde9FpSMZg2CosAWeRyHCPUkk CxMRROo5yph7f4m9nOv9oxW3gTc+bZIsogCjDRoA0l2/WG7d7kCXwhc/ZoDfmyGLcZcI pHsF4rwRp+i4WmPdxFOAP5V5YubhqdkBy9OMAQLe11N5W01FI4yFUZGVr0p1DByrFJDD N17O0Btr3Ez1V28Jxa9z+hsuAW+fjmXE3WOTYMqu4rLxAsAq9FRC/AYssQ1yo6XBuNp5 fjTxRAJj8FqYV5mxwjQlMU5g4BZw4EbMG0EVo7mvJNCUTt1RerycUkdcSyTkGTpJBTwA CY/g== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWfFr6cByronew0qHhNEDY5QiSemwXdrdjdbFRuFAtXuRzCOAxO TnmVJ0vU30151u5U5h4pV9xmZi9nbWsu8YSV3e4pPAuhk4jPN3Cp49ZNCuqSsZZZQq1ZxZFinys QYo5N0lLOFaeEiynbCX7GF0MWXnJz1njAUvoFqQcKVeG5WgTVNnZO2rQxxizhvZn2OA== X-Received: by 2002:a65:4302:: with SMTP id j2mr46930832pgq.291.1557326688948; Wed, 08 May 2019 07:44:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqz6WYBbUaY24YHR8LOIMoGIAXX8OaS/h1LRNNmUCSD9VpYTAqTRO3PmT9jPmKAA8EMJ3Yl3 X-Received: by 2002:a65:4302:: with SMTP id j2mr46930712pgq.291.1557326687771; Wed, 08 May 2019 07:44:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326687; cv=none; d=google.com; s=arc-20160816; b=IkiI42OIerkZT423M0k46QGSg7hDTDqjB7z4VD+EfUFnq2Wmtop7xJZv09K/hdnwIL ytkRjNxcDUQq8LDSAulhvcRWhJDu+yJzUObSczGI/xmcINPrw9hR7B+oswA+JU/2pH0+ JKxLSCs29Bh7O6QxTouBWhs26gcvwWn3DdkOArYSnMY3e6t9IkY1v9Aqsn4Do/yQwZDs +9ZAlq5QvGCxVFeqtN0s9lMR8MgaI27/JBDHqiMxfkdA2i3FVtcWak9TZIo9lh1kO9hE TMzolYEJ8/+MjVG3Ae97BpBHlL3nl1jgoceeNtaE4gcDtGqpObO8EgZdz5VymmJA3o+m oK2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=YUiV7ciEmu1VpZKDN9yq95Yz4mn5jz12GvAwo9oqPZY=; b=fmzG31o2/PiBqNIJ62FyX4Z5oUEhk7CLc74swv7A/fB/GbiPFp1urK+J565O3Ki7qX fH+LpFg+gQtgjBLGZUv4iECqQ671/B0Ob626ZA/Tu1+vh8mAvgZvoYEtqYTKRXRw+Luz kE2HBNVmV4HgbrMc56cNB05jM1H2FtTAYgkDb/SkE9GYr7LAm0mwqQssClfT3vbPkqvT cOIDc8FBg57GNFHIO5mhXfhtIzVoCATtrZhXF8uoCtw3acrRZNCVoywVkCT6Je1QXwKr Mn8XCAuCqOV/OB1LFdNzBOdDM4zeZ10wH/vko5pUg3AuQocwrNm2qoHoD6tWokOKjeca SWgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.47 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:47 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 08 May 2019 07:44:43 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 6B821BD1; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 35/62] keys/mktme: Require ACPI HMAT to register the MKTME Key Service Date: Wed, 8 May 2019 17:43:55 +0300 Message-Id: <20190508144422.13171-36-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The ACPI HMAT will be used by the MKTME key service to identify topologies that support the safe programming of encryption keys. Those decisions will happen at key creation time and during hotplug events. To enable this, we at least need to have the ACPI HMAT present at init time. If it's not present, do not register the type. If the HMAT is not present, failure looks like this: [ ] MKTME: Registration failed. ACPI HMAT not present. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index bcd68850048f..f5fc6cccc81b 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme_keys.rst */ +#include #include #include #include @@ -490,6 +491,12 @@ static int __init init_mktme(void) if (mktme_nr_keyids < 1) return 0; + /* Require an ACPI HMAT to identify MKTME safe topologies */ + if (!acpi_hmat_present()) { + pr_warn("MKTME: Registration failed. ACPI HMAT not present.\n"); + return -EINVAL; + } + /* Mapping of Userspace Keys to Hardware KeyIDs */ if (mktme_map_alloc()) return -ENOMEM; From patchwork Wed May 8 14:43:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935929 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1D719924 for ; Wed, 8 May 2019 14:47:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0AC462844B for ; Wed, 8 May 2019 14:47:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F283328485; Wed, 8 May 2019 14:47:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73B942844B for ; Wed, 8 May 2019 14:47:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3E3C16B02BE; Wed, 8 May 2019 10:46:19 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3B8806B02BF; Wed, 8 May 2019 10:46:19 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 233E16B02C0; Wed, 8 May 2019 10:46:19 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id E0F7A6B02BE for ; Wed, 8 May 2019 10:46:18 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id a90so11630904plc.7 for ; Wed, 08 May 2019 07:46:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=sFNXeoj5VSTs2wgVxlm7rC7QOxoLc6G2loYXKuB7a6o=; b=UGq2WBAlEbLmevJ4vGcIjUSSi3daouHaiU/WXzScWz5SXgaDrG/D03r9vxX+PSICuR CVMlln3Twl/TRGkMfPFBLqMTSFEXIJcPYnEujApAAzpsoSVrp4FFkG8BQF3NJjM/s6gT IDaaZgi/wLczVkaX1ywgm6OnzWRmgDBpsVLrxGVZaendiOAxYg6sZgq9jq7gvBrWrIW3 11W4I4DXRhWGCquGOYcIzZsCywvvPjCeR4exb3eZBKasyvxe2lwwsUgwpd0U0g68lFtR lveeLJTaHfUHRDCMTIu7Oys7NlpUK6e2J15o05mOLlw4B7gaLHFx2/Rsw6Jz1iuChB02 eplw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXV2FsNJrhzBxd1CO3pIak7wpMFg/GEUe9h6oEzztbjoMHEdMWm 2/VYiyDA7hOz2YlzkEwfcPU2ig70TaB7Di6Dr8X5fITyzSbzGgyexciZI7vxte7+oEsIzzPDpkV jDiN927CbGk2kWunpqPcTURvBsAYWY+QujkHgAMxT5gvkarsszJLXa2smLT6p/GXJSA== X-Received: by 2002:a63:231c:: with SMTP id j28mr47519921pgj.430.1557326778578; Wed, 08 May 2019 07:46:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqwD8Q7N9zcTJCxIEIJ1GlfMp2DJjAE73wIme02iqXopfeMOQxdB1Aw7FuYFZJDQgPLE6r8E X-Received: by 2002:a63:231c:: with SMTP id j28mr47509589pgj.430.1557326690426; Wed, 08 May 2019 07:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326690; cv=none; d=google.com; s=arc-20160816; b=FuZtNcsxXJz06lxpW8oHSy6EOS7Erepe+al3znMgGh1zKOVR3n9zhBLN7v+xqH3rHP kANpXRxuA4dC/GHD6k5wGERwDcr9KVxURhuOLqs26Q6Sly7FuDiiBg9gaNuxPMXdk1Ft IJZmV7zfoIWDfhq80/Fa8ddIRDfQOl5liSCCpbIFPwD9fcfxexnlSGHlXnmz8DwczKKS ttCKPUqIyQAuAfhClfEu/q8wlC75+w8Vk4x1cpmxXHL2fEFrkLmc5HD7RXLBrAyMXrTs w7dxwrzbWo9XLZYk9xI1Hu68rCCDU0LvGYn55iM68NPjbKxoTWc/1LW+LbAlQgqeP7ye 8tzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=sFNXeoj5VSTs2wgVxlm7rC7QOxoLc6G2loYXKuB7a6o=; b=PzYgfsGlU9nVCQkWVPWHFhJgeg00Wsq62y9fkpYR4zS5SFKRugQQ8rSlx9gO//tr5w dbVeaIjXgL+yjmMFpWoPQe5hqjUVptBOOFtX9FX8lVKvo1/gv+tB14TY+PBiSNsEVNDX ghiKbbGOiPyYDtuLTWsvn21hwnqC/Dflxra5E7I7X6XWG42O85VTkFiSsD5YB2Za6rVl Ucom4ky4zs1WBtwlx6av7M2glUKaNjpnhCipjCDZNk8cbQpIiRLvmgZneu2cZNuWk20K vFuhPBs5PTy7ntRc2J+YLB9bQI3gJIioyk7rLNzW8Pgv612cMReUK16Ns91WXBbff8JC IX7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id d11si23177393pgj.84.2019.05.08.07.44.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:50 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 08 May 2019 07:44:43 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 78815BD3; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 36/62] acpi/hmat: Evaluate topology presented in ACPI HMAT for MKTME Date: Wed, 8 May 2019 17:43:56 +0300 Message-Id: <20190508144422.13171-37-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME, Multi-Key Total Memory Encryption, is a feature on Intel platforms. The ACPI HMAT table can be used to verify that the platform topology is safe for the usage of MKTME. The kernel must be capable of programming every memory controller on the platform. This means that there must be a CPU online, in the same proximity domain of each memory controller. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/hmat/hmat.c | 54 ++++++++++++++++++++++++++++++++++++++++ include/linux/acpi.h | 1 + 2 files changed, 55 insertions(+) diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c index 38e3341f569f..936a403c0694 100644 --- a/drivers/acpi/hmat/hmat.c +++ b/drivers/acpi/hmat/hmat.c @@ -677,3 +677,57 @@ bool acpi_hmat_present(void) acpi_put_table(tbl); return true; } + +static int mktme_parse_proximity_domains(union acpi_subtable_headers *header, + const unsigned long end) +{ + struct acpi_hmat_proximity_domain *mar = (void *)header; + struct acpi_hmat_structure *hdr = (void *)header; + + const struct cpumask *tmp_mask; + + if (!hdr || hdr->type != ACPI_HMAT_TYPE_PROXIMITY) + return -EINVAL; + + if (mar->header.length != sizeof(*mar)) { + pr_warn("MKTME: invalid header length in HMAT\n"); + return -1; + } + /* + * Require a valid processor proximity domain. + * This will catch memory only physical packages with + * no processor capable of programming the key table. + */ + if (!(mar->flags & ACPI_HMAT_PROCESSOR_PD_VALID)) { + pr_warn("MKTME: no valid processor proximity domain\n"); + return -1; + } + /* Require an online CPU in the processor proximity domain. */ + tmp_mask = cpumask_of_node(pxm_to_node(mar->processor_PD)); + if (!cpumask_intersects(tmp_mask, cpu_online_mask)) { + pr_warn("MKTME: no online CPU in proximity domain\n"); + return -1; + } + return 0; +} + +/* Returns true if topology is safe for MKTME key creation */ +bool mktme_hmat_evaluate(void) +{ + struct acpi_table_header *tbl; + bool ret = true; + acpi_status status; + + status = acpi_get_table(ACPI_SIG_HMAT, 0, &tbl); + if (ACPI_FAILURE(status)) + return -EINVAL; + + if (acpi_table_parse_entries(ACPI_SIG_HMAT, + sizeof(struct acpi_table_hmat), + ACPI_HMAT_TYPE_PROXIMITY, + mktme_parse_proximity_domains, 0) < 0) { + ret = false; + } + acpi_put_table(tbl); + return ret; +} diff --git a/include/linux/acpi.h b/include/linux/acpi.h index fe3ad4ca5bb3..82b270dfb785 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -1341,6 +1341,7 @@ acpi_platform_notify(struct device *dev, enum kobject_action action) #ifdef CONFIG_X86_INTEL_MKTME extern bool acpi_hmat_present(void); +extern bool mktme_hmat_evaluate(void); #endif /* CONFIG_X86_INTEL_MKTME */ #endif /*_LINUX_ACPI_H*/ From patchwork Wed May 8 14:43:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935851 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8B3D61515 for ; Wed, 8 May 2019 14:45:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 78965283E8 for ; Wed, 8 May 2019 14:45:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6BAC22844C; Wed, 8 May 2019 14:45:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DE69E283E8 for ; Wed, 8 May 2019 14:45:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E44276B0298; Wed, 8 May 2019 10:44:50 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DCCB66B029C; Wed, 8 May 2019 10:44:50 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C47546B0299; Wed, 8 May 2019 10:44:50 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id 8DE096B0294 for ; Wed, 8 May 2019 10:44:50 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id x5so11673677pll.2 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=dqpuT+9O5x3PWBM5fykV5GjRYUg/5N+OL/uQud0+8W0=; b=QL9uz1RNlt6N/td+o4bVva0hRulTt8nTnBYAlUfSqzqYal4ZOysAF6WS7RNjWQPIX7 QPUqP33MC7xXWd0UzXvxlKCQ4UgGoVEW1OxHLy6p/f/cmCD2Hp0LngqhSEiHk1odPe/C WE7rizJtRBPlk9jGvdVM8RIaBF+XVk79xnk1GL/vA8yGMZ4foVUCZjPzWyJcm/FFE6GJ 19N6Vt+jEQgqm6w3NW+2tZMt+8b4TctC0Yq2w9EOa/ONWxcYN74LL0qYQavXK8fqRNwI EhcLlrBQi0CVc+E9zxM/hLk4lveVXhLO4jRxdDtrzyhXLKHFrZ3GwoaL3ds5xjn7pagb 5OfQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAX/PAHjt6I447S0klQuSBmnhbgTgHN8Z6ne4PVoNjnb15iZZi78 uJ+R78B4Cn8gkjoVuBRLqJPPGkWMnfjMXWRtRNsu6a8W/AIeNrso5aQvz1ZwCaCgiqXN70TCbnl wVqPlTih7UQU/dC23fjdDUqy+IcmGIuTHlvMbG8yxXrQXJNYEEM3IBnaP08XzMy5HUQ== X-Received: by 2002:aa7:8453:: with SMTP id r19mr49297083pfn.44.1557326690207; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqzjrfcJdRf/lo4bmSwi1gynLMKwX56dwUgLbUukBuqSM4Rw+3QNUu8TUPgvS2D9NLj5+/BO X-Received: by 2002:aa7:8453:: with SMTP id r19mr49296941pfn.44.1557326688877; Wed, 08 May 2019 07:44:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326688; cv=none; d=google.com; s=arc-20160816; b=PcvJUUnrDKOdOAU+I+U4P5O9RSTkyHZjFImaJnI7g4c3nMZbvAoZAZJxiIBkN2a2Mb t34IFNqFSwBW/SeOOxQewmHLlDn2FmBV29X4UYrvuPoT7vPyRy28oSITxHyy6SeHPiDO OpMJVyokUPj6gWrFpR8tMwKW2TTKu7Eg5AWtliLWoGCgyg/izV9lV44tqKatSo7OlnzC +eYai/VM0r2d2OOpc0GVRwtnRf8nDI3pXfD4ti/fXDV0vOsSp1XSRWDA2f7uTf7iMM2G uBYnV1QcETra9RWWAGmUmorLM90JPToSxrnf5QxjPHqN52S8kFgmxp7PHTmarKTbwkbT w5ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=dqpuT+9O5x3PWBM5fykV5GjRYUg/5N+OL/uQud0+8W0=; b=JKmV8vKTiVpR+fqSu5zEPLGMmc2LsJgZVajua9eURSjkDsbiY0/6fwfI2I9jJcewcx hje8v0dXZka23X5RTVzuEq86MvAsKRiadKqRgGvHslauB4bU5C+iMqKqU3Lg4hqhc8J9 QEw4ujDP+C4Jj/6EcrqO5fZ2xi6761PqkIRcwTDME2oYgZFFe8CDl/gaqWSua1+rKIwY 2ywNv8NA3NFSgmFxvk7o1jnxNBjhox2DcuXPbMd+/FUABZA8zW1mZwR4p//ssKqAYo64 d+sVvM/yEPNc8kxLALsIufXooHyodc2YnQo99DiDfEFFwzTPHsNyZ0FJlDl6s3XeJzfh DAeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656560" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 8506EBF5; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 37/62] keys/mktme: Do not allow key creation in unsafe topologies Date: Wed, 8 May 2019 17:43:57 +0300 Message-Id: <20190508144422.13171-38-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME feature depends upon at least one online CPU capable of programming each memory controller in the platform. An unsafe topology for MKTME is a memory only package or a package with no online CPUs. Key creation with unsafe topologies will fail with EINVAL and a warning will be logged one time. For example: [ ] MKTME: no online CPU in proximity domain [ ] MKTME: topology does not support key creation These are recoverable errors. CPUs may be brought online that are capable of programming a previously unprogrammable memory controller, or an unprogrammable memory controller may be removed from the platform. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 39 ++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index f5fc6cccc81b..734e1d28eb24 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -26,6 +26,7 @@ cpumask_var_t mktme_leadcpus; /* One lead CPU per pconfig target */ static bool mktme_storekeys; /* True if key payloads may be stored */ unsigned long *mktme_bitmap_user_type; /* Shows presence of user type keys */ struct mktme_payload *mktme_key_store; /* Payload storage if allowed */ +bool mktme_allow_keys; /* True when topology supports keys */ /* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ struct mktme_mapping { @@ -278,33 +279,55 @@ static void mktme_destroy_key(struct key *key) percpu_ref_kill(&encrypt_count[keyid]); } +static void mktme_update_pconfig_targets(void); /* Key Service Method to create a new key. Payload is preparsed. */ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) { struct mktme_payload *payload = prep->payload.data[0]; unsigned long flags; + int ret = -ENOKEY; int keyid; spin_lock_irqsave(&mktme_lock, flags); + + /* Topology supports key creation */ + if (mktme_allow_keys) + goto get_key; + + /* Topology unknown, check it. */ + if (!mktme_hmat_evaluate()) { + ret = -EINVAL; + goto out_unlock; + } + + /* Keys are now allowed. Update the programming targets. */ + mktme_update_pconfig_targets(); + mktme_allow_keys = true; + +get_key: keyid = mktme_reserve_keyid(key); spin_unlock_irqrestore(&mktme_lock, flags); if (!keyid) - return -ENOKEY; + goto out; if (percpu_ref_init(&encrypt_count[keyid], mktme_percpu_ref_release, 0, GFP_KERNEL)) - goto err_out; + goto out_free_key; - if (!mktme_program_keyid(keyid, payload)) { - mktme_store_payload(keyid, payload); - return MKTME_PROG_SUCCESS; - } + ret = mktme_program_keyid(keyid, payload); + if (ret == MKTME_PROG_SUCCESS) + goto out; + + /* Key programming failed */ percpu_ref_exit(&encrypt_count[keyid]); -err_out: + +out_free_key: spin_lock_irqsave(&mktme_lock, flags); mktme_release_keyid(keyid); +out_unlock: spin_unlock_irqrestore(&mktme_lock, flags); - return -ENOKEY; +out: + return ret; } /* Make sure arguments are correct for the TYPE of key requested */ From patchwork Wed May 8 14:43:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935853 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F289D1515 for ; Wed, 8 May 2019 14:46:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E00BB2844B for ; Wed, 8 May 2019 14:46:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D1E3728485; Wed, 8 May 2019 14:46:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 45B402844B for ; Wed, 8 May 2019 14:46:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 44C076B029A; Wed, 8 May 2019 10:44:51 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 175EF6B029F; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E413C6B0296; Wed, 8 May 2019 10:44:50 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id 9FF536B0296 for ; Wed, 8 May 2019 10:44:50 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id l13so12821434pgp.3 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7eEV193O1yOekktulhSkIW0ieskAH9Mu6tK3MJFJ1ek=; b=UwYJOVIbL5KnuMk6y1gUtUOcaMIZCDrRQRxyjAgSptQ4bzUcMBUbq4GMjTvq6Ubkq5 5rSZm5FgcQjqd8K5aHoXqxIQIKUNbVogYLKkuD0EWPP0rOZzly7K2l7Vs8DEkmiFWIwh xd9CkIjRwiq8MfLw/kUBCT/wHKzAdQAgYkOPRW/l/dDx74XivoobfBdkDdjwRsApXk/8 k5ADmeVVB9Bnbz/DO3tyv2jXeCeLnMQrrKaUnLH5+uPIgKISGqVGrMngPWNcogewoTeS 3IUj1HNlX4BrgKdgIwlhVNdCvamJ5IVmsy/kvi74YWUY89jRcraszRSNG0hKrTOVYUIr shVA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWwdTPpOddW5kkAnDyCB56PSF4rOI7ucxNP4qkupwYCf+sFHUCg uTcm2nBoO3PThTSxgkpNqDQs/FfhPkGxkJENw3FJMqmf1RlegLsaDzCuXMHF1WqT/ZzTTbULd2x clqW5nLZulGYznfVz8X9NMpS558RJpWtnMCMwG+TCemV+R8OXnDDRK3UAqxqYmtw/iQ== X-Received: by 2002:a17:902:684b:: with SMTP id f11mr39991296pln.96.1557326690301; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqzGwtETZMcVWA5tJeFt3lJmBt2h2a6fxNfy6uQMqdsddeQfttQZZRquhmw1aJ3lLZTskRsd X-Received: by 2002:a17:902:684b:: with SMTP id f11mr39991146pln.96.1557326688959; Wed, 08 May 2019 07:44:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326688; cv=none; d=google.com; s=arc-20160816; b=R+Uvqn7gzP1Fdc8Ai1btaEfTwxVfEwH1Lahk/AYitTqTKDABsyF3Wulk9NVnvo2kBS d7iQZJLZGOK9mt/+/LdJM/t81/PEB3RcI3b38wFHCychEofQ0lJesA1MB+O2TIDAmUQC vL96QyXfUJslGg3otss0V6BHgpiNpZ7UKEoyHYHGfwqeXFFblIky+3SrAU2LBPNn81QI YniMy3p2mBZY3HC9GRVsRCXCPDbBlB5s9gHgigVBS9UyaiXULp/JPee6kU++RxL2XjxE m0vFVArRipmFlManijskR0AZZpOD4/BJH62bRzKJt6GKX4TQZcENkxhgQsWwoTeIe5Ij kahg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=7eEV193O1yOekktulhSkIW0ieskAH9Mu6tK3MJFJ1ek=; b=EgOMfucKTPjkgeW+Xh5BZuD/rnMVXvlSVvNfv0pqmzvSvCdBqNqmjLlhNY0j9dFi5m G7LZSWvFGJ5Zn1QFwChUy+3s0WSdhPXKcu8wtok19DZnqDn4YI8RF9PMOoy/1gYPmfVP uuF9pwpg4Nmx61KCZ0eDuFkJOYQXIB/uJ2YAdkwd27SXB44IgrQHZhRX6uTtJ+TSh7YP Giy76dKhgX0z2tI2wyDp0n5GGp8MEILMzn5Cc25S2GPWk0mBmTG2Zmg1WymvFMi/JFj6 UOern+Vizt47/g5BGkz9LVGw/YSJriZ8XQjiWsrXlBMGo++JtXREyWqQBY9CPCbmo/z8 HlLQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id g13si12322802pgs.161.2019.05.08.07.44.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) client-ip=192.55.52.88; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:48 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga004.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9190FC01; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 38/62] keys/mktme: Support CPU hotplug for MKTME key service Date: Wed, 8 May 2019 17:43:58 +0300 Message-Id: <20190508144422.13171-39-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME encryption hardware resides on each physical package. The encryption hardware includes 'Key Tables' that must be programmed identically across all physical packages in the platform. Although every CPU in a package can program its key table, the kernel uses one lead CPU per package for programming. CPU Hotplug Teardown -------------------- MKTME manages CPU hotplug teardown to make sure the ability to program all packages is preserved when MKTME keys are present. When MKTME keys are not currently programmed, simply allow the teardown, and set "mktme_allow_keys" to false. This will force a re-evaluation of the platform topology before the next key creation. If this CPU teardown mattered, MKTME key service will report an error and fail to create the key. (User can online that CPU and try again) When MKTME keys are currently programmed, allow teardowns of non 'lead CPU's' and of CPUs where another, core sibling CPU, can take over as lead. Do not allow teardown of any lead CPU that would render a hardware key table unreachable! CPU Hotplug Startup ------------------- CPUs coming online are of interest to the key service, but since the service never needs to block a CPU startup event, nor does it need to prepare for an onlining CPU, a callback is not implemented. MKTME will catch the availability of the new CPU, if it is needed, at the next key creation time. If keys are not allowed, that new CPU will be part of the topology evaluation to determine if keys should now be allowed. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 51 +++++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 734e1d28eb24..3dfc0647f1e5 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -102,9 +102,9 @@ void mktme_percpu_ref_release(struct percpu_ref *ref) return; } percpu_ref_exit(ref); - spin_lock_irqsave(&mktme_map_lock, flags); + spin_lock_irqsave(&mktme_lock, flags); mktme_release_keyid(keyid); - spin_unlock_irqrestore(&mktme_map_lock, flags); + spin_unlock_irqrestore(&mktme_lock, flags); } enum mktme_opt_id { @@ -506,9 +506,46 @@ static int mktme_alloc_pconfig_targets(void) return 0; } +static int mktme_cpu_teardown(unsigned int cpu) +{ + int new_leadcpu, ret = 0; + unsigned long flags; + + /* Do not allow key programming during cpu hotplug event */ + spin_lock_irqsave(&mktme_lock, flags); + + /* + * When no keys are in use, allow the teardown, and set + * mktme_allow_keys to FALSE. That forces an evaluation + * of the topology before the next key creation. + */ + if (!mktme_map->mapped_keyids) { + mktme_allow_keys = false; + goto out; + } + /* Teardown CPU is not a lead CPU. Allow teardown. */ + if (!cpumask_test_cpu(cpu, mktme_leadcpus)) + goto out; + + /* Teardown CPU is a lead CPU. Look for a new lead CPU. */ + new_leadcpu = cpumask_any_but(topology_core_cpumask(cpu), cpu); + + if (new_leadcpu < nr_cpumask_bits) { + /* New lead CPU found. Update the programming mask */ + __cpumask_clear_cpu(cpu, mktme_leadcpus); + __cpumask_set_cpu(new_leadcpu, mktme_leadcpus); + } else { + /* New lead CPU not found. Do not allow CPU teardown */ + ret = -1; + } +out: + spin_unlock_irqrestore(&mktme_lock, flags); + return ret; +} + static int __init init_mktme(void) { - int ret; + int ret, cpuhp; /* Verify keys are present */ if (mktme_nr_keyids < 1) @@ -553,10 +590,18 @@ static int __init init_mktme(void) if (!mktme_key_store) goto free_bitmap; + cpuhp = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, + "keys/mktme_keys:online", + NULL, mktme_cpu_teardown); + if (cpuhp < 0) + goto free_store; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + cpuhp_remove_state_nocalls(cpuhp); +free_store: kfree(mktme_key_store); free_bitmap: bitmap_free(mktme_bitmap_user_type); From patchwork Wed May 8 14:43:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935865 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 639ED924 for ; Wed, 8 May 2019 14:46:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 553412844B for ; Wed, 8 May 2019 14:46:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4930E28485; Wed, 8 May 2019 14:46:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D849F2844B for ; Wed, 8 May 2019 14:46:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17AF26B0297; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id CBAAE6B02A2; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AC2686B029F; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 0EB796B029D for ; Wed, 8 May 2019 10:44:51 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id u1so7217206plk.10 for ; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=C0qd/ZrLjU/aqPZxyXdJXxvU47OZwk6fFZiZPrrOo54=; b=KbprH3MTbTVcuX/91/KixUnU8xCDFHpemYaUEzI7JsiWlREU0JUEf8koBwzHCcvji2 mB3pijdXH90a4DneKit4YsVDOgC1UAeHFmC0I94BFW8VCQAYaPVmTDbUnUQAqRf+aqZv StLq3NijrQH5Hs0oB6WdfA+RcMggPHvzgBQ1im6UNltKo6pSQrr4QPcjja1MjJxn7sVM TADjDjZ4IxbvJUEHei5MJF0PEjNmRKBFcifWBY+ZCaphMo42YGQlyHK/jRY4uUkqirv5 TSpkc2cDIO4Zrvi3C3MZriJajEc5rMUMi42e+931kymbgRgujVAFnepxZXuMeVwU8cvY H2xA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWvqZJlTgmEqyNKf2Kwv2JC2wr0ASXZ0k+ZSGE3CkcEg4Of4Zcp rKMihArZMgXcfhKNw0vJKfeE136EFBLViwBpszw8GWWBc2PVZfUdW9ZGMJRVkgwvxYyV9XDhj1W POIGVz4s8T8an9piH6PnvSv1FU1HCniObYFRZU7VUTkXhWsTjfR+6QXBnp1X78AsY8Q== X-Received: by 2002:a63:d0e:: with SMTP id c14mr7072436pgl.345.1557326690729; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqzzAn7c9gJqgN7ZlcbBN4ykIcAie7uMNG2JV6/yp/QCr/YiwEP7NeH8kf1sDV6rQ9rZ3EGF X-Received: by 2002:a63:d0e:: with SMTP id c14mr7072295pgl.345.1557326689423; Wed, 08 May 2019 07:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326689; cv=none; d=google.com; s=arc-20160816; b=CsTqRI33tGNkTfVjSjkzWomn+WY8z8ZKbj2cEADSSSF1z+4hTKqILQoppTGqSTD+nf +jRZyFV8+I0TfhmOSnNZekgcg6EaiodyAiDVgrGLKmr5bRt4YHQdF4N8IDvxMaEUMSWS aV0LUC1elGq/DQl6a/n5xjOBPnlS3/lp/7B2I4wYSpmokZh2tfHfyrEfGftvY8hiDqxr 7DLM5qzPmUGiWhyAYhkTPgBCC1UEWpLLHrqMKffeZ6zdZz3IG0KIDCKtlx73UPsRI2bU a8IHisiyJHKo9577eQHggw/LzVHJI1C/nAWjTvg54zDntlC836HVNhU4bk1/AA2z8eIP zSbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=C0qd/ZrLjU/aqPZxyXdJXxvU47OZwk6fFZiZPrrOo54=; b=w4OefjDvK6sduhk0gpZ20NiO7cKGixX0i0DUeOMTNS7E9YFmUXYVkooaXhurQXuH81 2plUq7foWjTx0oeWhiIEuo5qPue1VCohQHeAGaykMuoUffm05yylrcsWe0ompuBfEbDK OB3PKX2JRDQ80G3G/AclzLHfLCSrRdgfwBlj5qeD6ATaBYFLHJHlP6P5N0ymGOUa7kwM 8djckYTCJ1joMbJRlYNC7tyAQbeRRdq9U6ixdWkHfxbYE3CwH1wWhzbAJA3SYrRpwuiW k5QnmBjp8qNQz1LRbM3QWjgNMnXn1KK3iRp5gpb/qd9ocHuEM0ttnm/wGs3H+Ua8fbZi vQuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id e61si23294206plb.123.2019.05.08.07.44.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by FMSMGA003.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9F78EC1D; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 39/62] keys/mktme: Find new PCONFIG targets during memory hotplug Date: Wed, 8 May 2019 17:43:59 +0300 Message-Id: <20190508144422.13171-40-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Introduce a helper function that detects a newly added PCONFIG target. This will be used in the MKTME memory hotplug notifier to determine if a new PCONFIG target has been added that needs to have its Key Table programmed. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 3dfc0647f1e5..2c975c48fe44 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -543,6 +543,45 @@ static int mktme_cpu_teardown(unsigned int cpu) return ret; } +static int mktme_get_new_pconfig_target(void) +{ + unsigned long *prev_map, *tmp_map; + int new_target; /* New PCONFIG target to program */ + + /* Save the current mktme_target_map bitmap */ + prev_map = bitmap_alloc(topology_max_packages(), GFP_KERNEL); + bitmap_copy(prev_map, mktme_target_map, sizeof(mktme_target_map)); + + /* Update the global targets - includes mktme_target_map */ + mktme_update_pconfig_targets(); + + /* Nothing to do if the target bitmap is unchanged */ + if (bitmap_equal(prev_map, mktme_target_map, sizeof(prev_map))) { + new_target = -1; + goto free_prev; + } + + /* Find the change in the target bitmap */ + tmp_map = bitmap_alloc(topology_max_packages(), GFP_KERNEL); + bitmap_andnot(tmp_map, prev_map, mktme_target_map, + sizeof(prev_map)); + + /* There should only be one new target */ + if (bitmap_weight(tmp_map, sizeof(tmp_map)) != 1) { + pr_err("%s: expected %d new target, got %d\n", __func__, 1, + bitmap_weight(tmp_map, sizeof(tmp_map))); + new_target = -1; + goto free_tmp; + } + new_target = find_first_bit(tmp_map, sizeof(tmp_map)); + +free_tmp: + bitmap_free(tmp_map); +free_prev: + bitmap_free(prev_map); + return new_target; +} + static int __init init_mktme(void) { int ret, cpuhp; From patchwork Wed May 8 14:44:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935855 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 36AB6924 for ; Wed, 8 May 2019 14:46:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 23AB42844B for ; Wed, 8 May 2019 14:46:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17B0028485; Wed, 8 May 2019 14:46:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 923542844B for ; Wed, 8 May 2019 14:46:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6AC4D6B0294; Wed, 8 May 2019 10:44:51 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 395896B0299; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F072E6B029A; Wed, 8 May 2019 10:44:50 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id B30AA6B0297 for ; Wed, 8 May 2019 10:44:50 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id h12so3686968pll.20 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=018UgTJ/DlaExsBeCC+mPQWwJqpTOkW1qegnhZScuV8=; b=csfgWsPCDr9L2Lh3FB4zJvll+Y/NnkpoXo8OOF26d8FEXaQuSt1aztFCmxWO5fs1db MoOX/jktqAg5lEnuVL68kCCIP66JP1oUPo+NZqa9NEolV4fz31VCjQHuuAwjUr/9MWoS P/GDW37RU/T6lko4i6RuaXYutW0EG4lDRwMnkzKjIIBc4T6hX3QQSer1kEsy6tdKwcgM bOpDwiubBV82D03x099uXngeCMHHhK84o2OMWekHLv3JvzEnVABSu57UsQc2ttoAnkZ+ 0oocLeIR2eyfYla9viiN9kMd+cOxQOf/+0iLnxyC49T0LILPOAw/drDF6V2SScsQH8Ro 2IFg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUsx6t0BY4YsNFcr4/4CZ7igTd2Rk0VbZyGgKjkQ0+NO7M2GFs5 GmFsFzpvXlFrRGvvNSsiTWczABRLXasY2FoWbP+ILMf9Y4Kh546Gv5i129csQtcK0AksiVrGrJ/ B2YLcLXl9SBYUru9SdHS5CxVYcoulwaLcD6oLrW96ZU0gHLz6IFMAAMoByt94NxKs3A== X-Received: by 2002:a63:e550:: with SMTP id z16mr47672840pgj.329.1557326690383; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqyIO9juUSnQtnsd4NeyzGy1v37YGOOoiLJ7sv0YIj6RkrEJwcFv5fPookjCKnCgWZvWCjwD X-Received: by 2002:a63:e550:: with SMTP id z16mr47672705pgj.329.1557326689098; Wed, 08 May 2019 07:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326689; cv=none; d=google.com; s=arc-20160816; b=AkmmHFbAGf8v/KhKSJFbcYdSmPZi41GjXtl8B5H8cBIBBJ7wVNtyQ6FEL3A3oPou5d BdRvrs4sS3o2NrROVhS28SKOyp/P3yFP0SqH9Ei3NqPChslRwTDFHV2rANANXq2uE0ok hUqbGEJW89KXJJRBQ3KGaxrhOQaNxa5vlcaa/qSJWnqFQDL74UdEx6JIbwflt3KRGBwY NZ/i/CPK90EeNBLGdvaSrzNH9LcMs7hWqv+QtKLGwoUTT8yhwh19oYYyxi8Onhjgd7F4 pI6PscGEqr5o5M5/GJHxjNEq+o4A33xMT8LGzcvTbkyH8YpgoPNewYuBfYMA7hGSZqfD yj7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=018UgTJ/DlaExsBeCC+mPQWwJqpTOkW1qegnhZScuV8=; b=UnZEB2SNlXvRkk1z21okME1pN82FwFK1YmSB1KWZLdzCRSbWu/RYA9K+l5tNb/QVmi BfRDGdBFeDWcwsybqB4mglyEvs0GbQEcJT/J5PTOg4YhB+aoMcGHb0U39MIqnlkcb8K5 1XT9ML3XH7LPPd2txuiFugsft9cNj1vxhsBpZbUK0iwSY2eMlo1gh2RaC6TQ0KjK6qNI diiMXnJFzJJr9dnTl6JuZTTfWC/j7iY53kwPctmlfQvAFPb0FBxNt38ImY/D2GLr/3J+ yL2gD2Vq0g/zVwPqEkY4IizvZXWSzSFudGbghuHJuLuZ/lBkLDa5RwUKdwEeJf98Isr+ +ZJw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id 184si24250871pfg.32.2019.05.08.07.44.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656563" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id B16F3D2B; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 40/62] keys/mktme: Program new PCONFIG targets with MKTME keys Date: Wed, 8 May 2019 17:44:00 +0300 Message-Id: <20190508144422.13171-41-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield When a new PCONFIG target is added to an MKTME platform, its key table needs to be programmed to match the key tables across the entire platform. This type of newly added PCONFIG target may appear during a memory hotplug event. This key programming path will differ from the normal key programming path in that it will only program a single PCONFIG target, AND, it will only do that programming if allowed. Allowed means that either user type keys are stored, or, no user type keys are currently programmed. So, after checking if programming is allowable, this helper function will program the one new PCONFIG target, with all the currently programmed keys. This will be used in MKTME's memory notifier callback supporting MEM_GOING_ONLINE events. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 2c975c48fe44..489dddb8c623 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -582,6 +582,50 @@ static int mktme_get_new_pconfig_target(void) return new_target; } +static int mktme_program_new_pconfig_target(int new_pkg) +{ + struct mktme_payload *payload; + int cpu, keyid, ret; + + /* + * Only program new target when user type keys are stored or, + * no user type keys are currently programmed. + */ + if (!mktme_storekeys && + (bitmap_weight(mktme_bitmap_user_type, mktme_nr_keyids))) + return -EPERM; + + /* Set mktme_leadcpus to only include new target */ + cpumask_clear(mktme_leadcpus); + for_each_online_cpu(cpu) { + if (topology_physical_package_id(cpu) == new_pkg) { + __cpumask_set_cpu(cpu, mktme_leadcpus); + break; + } + } + /* Program the stored keys into the new key table */ + for (keyid = 1; keyid <= mktme_nr_keyids; keyid++) { + /* + * When a KeyID slot is not in use, the corresponding key + * pointer is 0. '-1' is an intermediate state where the + * key is on it's way out, but not gone yet. Program '-1's. + */ + if (mktme_map->key[keyid] == 0) + continue; + + payload = &mktme_key_store[keyid]; + ret = mktme_program_keyid(keyid, payload); + if (ret != MKTME_PROG_SUCCESS) { + /* Quit on first failure to program key table */ + pr_debug("mktme: %s\n", mktme_error[ret].msg); + ret = -ENOKEY; + break; + } + } + mktme_update_pconfig_targets(); /* Restore mktme_leadcpus */ + return ret; +} + static int __init init_mktme(void) { int ret, cpuhp; From patchwork Wed May 8 14:44:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935875 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0E35E1515 for ; Wed, 8 May 2019 14:46:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F0FCA2844B for ; Wed, 8 May 2019 14:46:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E419828485; Wed, 8 May 2019 14:46:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6468B2844B for ; Wed, 8 May 2019 14:46:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8C5986B029C; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 879606B02A5; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 47E7E6B029C; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id 05D8A6B029F for ; Wed, 8 May 2019 10:44:52 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id d21so12791259pfr.3 for ; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=28xTjItZNk8xmIKVtdFAjCqOM3U8CMWMQgK9dL8uH64=; b=Gk59464pz+1NrTjylUCUC0bpYJ3iKNdOrLKMtMdpToa4OrXZV4SyvceLl9kjBpzEzS Z0oBXJWeXguwHvkXI4RpEMenjoFb8jJK5EXXbt22pcBlGJ+o+bTYiL19awCvMr3O6J1L lSvyg+9gFO1ErXOM66IapWwLrabw0bmCQToWtPT0GiCiZ7guZTwf0U2n8YQcFxyKgITh azwhOp6QAe7Js8QySwjGCGoAGZon1g7+r+qNgd4pasdH4HyR5WobFhjTyJPPPr6lxd/d Y9KJCfiKYqTNIrsiQ3VMDEb9X42nIpFKuyD0Q5zlvaHi60UOltgPUriICMvadQbPhrYY lhWQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVzPxO3o27mEOia0Rfgc2H6AP8RgX1rY3/L2Mgpa+EsvyXF6ITR twr8psQaj7EHnwswIswkjr0ZIQ0+MUIfOPenMrNkw3/2W/e7qbczYx0B4XTvObKp6FAIkd67Up3 cRT519ycZahs3d4901BoUW1mRtajOCK75vfs3K6RHLwLhNy9sTWKkNRbHQldleDQu9A== X-Received: by 2002:a17:902:868e:: with SMTP id g14mr48733829plo.183.1557326691564; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqwmr/nrpBgZ8Ldu+Nr8LeTn3GJnVJCKH45Muwikhxnx8Ts931xidLIhbA83o7KULSZelc9b X-Received: by 2002:a17:902:868e:: with SMTP id g14mr48733697plo.183.1557326690329; Wed, 08 May 2019 07:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326690; cv=none; d=google.com; s=arc-20160816; b=pxPj01szZ79wX8D2Ad2REEDIZK7i7PeWAkcINf+8+KfdZXnBtjXUR7zfCtA/hHOMQS YRukUSR/G1plKNPQI/oj81jfwgETYXWxsOadxUGY328WgHkumKwrWVvUmKMY0FHidRyv TIBfMbPr0XnA9f31ffSieuc90CMWl/OPoKfP4AEFh/SoLvhw9YfWl8V7i1xrhdSRdrpq pQtwjJwRfvx0RAYjYKy+OG/68sJJ4Qo7Xb58AQyPcHu2fyWmx2tIA0Zb6DLDap17Hcd0 pbSqfcPQ8kCeyLF4efpGLR+doEKU9rkloTMj1CW4VMUITZ45Puspff73sufq4Ibjgzm9 ipkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=28xTjItZNk8xmIKVtdFAjCqOM3U8CMWMQgK9dL8uH64=; b=tnna+KoKXhMJ0AKqhl8vbHlO4yB6MVgH0c6y+SApR4n6clDkIizNqc2vf1aVjSnftA wDXPuzICT1RUZ/1hwGLO7d7OmRsmuerVVzFO/U/smGrvNAW1xGVnjr15wB1iTTdzPTd+ SYwIHYSldzypqDlvtJ8Bn+J2DiD7BCLWasb9k2lt0KFXDIX0FsuD9mIiExe2VcrcOzal UylPyMyBVF8egrNWWlpIDfZoTH1NcHRoa/Xicb8YmbVgij7cqc/ueBBkAVIVTCkFsyFw AOIZ82RhZMWXUfYdHh9HZjcavhJDNmjA08Qvf02F7FM9nx1PKbi95ZphzIKjeAV9jR77 eeWw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id q8si24066889pgf.3.2019.05.08.07.44.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656569" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id BF156D4A; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 41/62] keys/mktme: Support memory hotplug for MKTME keys Date: Wed, 8 May 2019 17:44:01 +0300 Message-Id: <20190508144422.13171-42-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Newly added memory may mean that there is a newly added physical package. Intel platforms supporting MKTME need to know about the new physical packages that may appear during MEM_GOING_ONLINE events. Add a memory notifier for MEM_GOING_ONLINE events where MKTME can evaluate this new memory before it goes online. MKTME will quickly NOTIFY_OK in MEM_GOING_ONLINE events if no MKTME keys are currently programmed. If the newly added memory presents an unsafe MKTME topology, that will be found and reported during the next key creation attempt. (User can repair and retry.) When MKTME keys are currently programmed, MKTME will evaluate the platform topology, detect if a new PCONFIG target has been added, and program that new pconfig target if allowable. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 57 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 489dddb8c623..904748b540c6 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -626,6 +627,56 @@ static int mktme_program_new_pconfig_target(int new_pkg) return ret; } +static int mktme_memory_callback(struct notifier_block *nb, + unsigned long action, void *arg) +{ + unsigned long flags; + int ret, new_target; + + /* MEM_GOING_ONLINE is the only mem event of interest to MKTME */ + if (action != MEM_GOING_ONLINE) + return NOTIFY_OK; + + /* Do not allow key programming during hotplug event */ + spin_lock_irqsave(&mktme_lock, flags); + + /* + * If no keys are actually programmed let this event proceed. + * The topology will be checked on the next key creation attempt. + */ + if (!mktme_map->mapped_keyids) { + mktme_allow_keys = false; + ret = NOTIFY_OK; + goto out; + } + /* Do not allow this event if it creates an unsafe MKTME topology */ + if (!mktme_hmat_evaluate()) { + ret = NOTIFY_BAD; + goto out; + } + /* Topology is safe. Is there a new pconfig target? */ + new_target = mktme_get_new_pconfig_target(); + + /* No new target to program */ + if (new_target < 0) { + ret = NOTIFY_OK; + goto out; + } + if (mktme_program_new_pconfig_target(new_target)) + ret = NOTIFY_BAD; + else + ret = NOTIFY_OK; + +out: + spin_unlock_irqrestore(&mktme_lock, flags); + return ret; +} + +static struct notifier_block mktme_memory_nb = { + .notifier_call = mktme_memory_callback, + .priority = 99, /* priority ? */ +}; + static int __init init_mktme(void) { int ret, cpuhp; @@ -679,10 +730,16 @@ static int __init init_mktme(void) if (cpuhp < 0) goto free_store; + /* Memory hotplug */ + if (register_memory_notifier(&mktme_memory_nb)) + goto remove_cpuhp; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + unregister_memory_notifier(&mktme_memory_nb); +remove_cpuhp: cpuhp_remove_state_nocalls(cpuhp); free_store: kfree(mktme_key_store); From patchwork Wed May 8 14:44:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935857 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7CC2A1515 for ; Wed, 8 May 2019 14:46:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AF142844B for ; Wed, 8 May 2019 14:46:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5EA2D28485; Wed, 8 May 2019 14:46:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD6042844B for ; Wed, 8 May 2019 14:46:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F7906B0299; Wed, 8 May 2019 10:44:51 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 831106B029C; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1EA466B0294; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id CC5886B0294 for ; Wed, 8 May 2019 10:44:50 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id i8so10360108pfo.21 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=63N4Scvmymr/HxGljrqFhwEljj66qpjYxN4DGuSs010=; b=nc8FEzIBK8FOtYvN4mfSVrZAz57PHOUvETi4qMhEq2lDmyOn/Wqhgr1Iu/3EUbI/GT jkqlO0QosBRFPpoFEKoXOR/8sAc5+VxSMBQWJEUPj9KvoTifKvVbvcDqElHreoiFvvi3 q3hd3q5dYfUXKiuWy/tkANhQWn1YYKfAQOjuLLKCkOhwLbqV202eYYhE5P/XgIhuF/kU teISMZ7GsUsZyqyeQoVWhgMNGvrwatqZiPMsCVdcB/fcYah35joFkG6Hbq3GqNhrQc63 MaaFT4zt/sPwHDwUdblWr62ZqVzvXUKuOhYTTtXr0nNHW4rUG+3xrrl1JzOcNuDlo5cO LChQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVdSE6lzXvyb3Llmch9YtQzeHaiYjlGsWjLBNpH/2DKXEHngPyO eWJIFiE0o5xgRVCoPTn6A0IUja6aGQmPldADNBeLwMVx/0LnsGKBk8qhKWuLfTtErptpNRIWvz/ kbG3k40BwuiCI5Q/rVdGrV3h/WtsoXe23z1JwuKJzyWowgfWonm5OBrilnGLBhNn4xg== X-Received: by 2002:a62:2a55:: with SMTP id q82mr46765316pfq.90.1557326690485; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqz/isOGu4GN31NysvdwC67asqbOrY7gZ0WFYaJBIFMHpftDnFYiTpAIHeqjv/gtb5Gfnjph X-Received: by 2002:a62:2a55:: with SMTP id q82mr46765228pfq.90.1557326689713; Wed, 08 May 2019 07:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326689; cv=none; d=google.com; s=arc-20160816; b=dj3MP9sMMREOurQ4QbeeeplosUAqH3IvX0izx9vIwBSewNw1kDNe3xxf3Bvx4wRAnH zTqgLeeEK+w0Nht98NuAkx9oMMwWHP4uWZKJkPt1YTw5yQykPtJRhWI4RNf2GDwEfRzy rfFS0luSQpGX5ldCkLqLmJV8jRmaoInRoXk+idTLTOVNjNb6h7oQfyGOGS6Y5zBT91L1 FeSz/TF8NKpbGeY7/tTS3HTxHab5TUnUqO81EGP74hvsS/Jyod4p9GUgZwBMU8q5x340 E/SnyurKWbGaOcjqOfSS/XzZMsI7bN1B9iZHQZOT9Ml9fGvDbAW3v3PkQi57Mv2ADNf6 He2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=63N4Scvmymr/HxGljrqFhwEljj66qpjYxN4DGuSs010=; b=qUlcAJVaWCMh/BmJfFh34R21V+4rk/0H9ata3Sp4eN3siGc/7IBauQF856lmJ8FPD7 koPRfpjBWjf8FnrjN6UuzoWegXAawVH9uEPa7Ivk6bJLC+JV4ICU/j1nOwrl3VKiI3Kd eD/wvcq8LHZDqdJYavvu+8pGpsGhzPEiUrVZB2OJG8ONSa4j0ZUq854fBHRIHsxz1SSJ NY7nZbxd1KCzJiPS6K3SZdLw3P+0R0JKL6JMdtIjb3MmPXrjzz7CJ6ibpt7sp7Lv6dcz +ccNxMiMQ/i5n/4J0Zddxv9UOOtI6zKhRWwFgZP+7oU6DzmyLQhE+uoXNNDtubdIQQEm yABA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga006.jf.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id CCCC7D8A; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 42/62] mm: Generalize the mprotect implementation to support extensions Date: Wed, 8 May 2019 17:44:02 +0300 Message-Id: <20190508144422.13171-43-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Today mprotect is implemented to support legacy mprotect behavior plus an extension for memory protection keys. Make it more generic so that it can support additional extensions in the future. This is done is preparation for adding a new system call for memory encyption keys. The intent is that the new encrypted mprotect will be another extension to legacy mprotect. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- mm/mprotect.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index e768cd656a48..23e680f4b1d5 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -35,6 +35,8 @@ #include "internal.h" +#define NO_KEY -1 + static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd, unsigned long addr, unsigned long end, pgprot_t newprot, int dirty_accountable, int prot_numa) @@ -452,9 +454,9 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } /* - * pkey==-1 when doing a legacy mprotect() + * When pkey==NO_KEY we get legacy mprotect behavior here. */ -static int do_mprotect_pkey(unsigned long start, size_t len, +static int do_mprotect_ext(unsigned long start, size_t len, unsigned long prot, int pkey) { unsigned long nstart, end, tmp, reqprot; @@ -578,7 +580,7 @@ static int do_mprotect_pkey(unsigned long start, size_t len, SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, unsigned long, prot) { - return do_mprotect_pkey(start, len, prot, -1); + return do_mprotect_ext(start, len, prot, NO_KEY); } #ifdef CONFIG_ARCH_HAS_PKEYS @@ -586,7 +588,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len, unsigned long, prot, int, pkey) { - return do_mprotect_pkey(start, len, prot, pkey); + return do_mprotect_ext(start, len, prot, pkey); } SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val) From patchwork Wed May 8 14:44:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 919921515 for ; Wed, 8 May 2019 14:46:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8038D2844B for ; Wed, 8 May 2019 14:46:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7455E28485; Wed, 8 May 2019 14:46:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC4892844B for ; Wed, 8 May 2019 14:46:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CC5666B02A3; Wed, 8 May 2019 10:44:51 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 93F046B029B; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 370F66B029E; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id D8CBC6B029B for ; Wed, 8 May 2019 10:44:50 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id y9so1892301plt.11 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=VRvO8oqMppxOnEWDEBuBzBCYC9+uFK55kDaEpE2UVds=; b=LaNSgB0794uWcJgI/q/MXbDiBXGIUwhZlkBsLkkjwjeN2mq9MixiQlIZIyM+HC6lFy MtVABEW4v9Qz4tZn7ZPgQ7jqYCBBKQRQjpYQQUaZ36XsBE17DfC5sWlHaZf4AJ6uc+1k sXlWURL1Vhdj/jY7zEsAD0lILl9IUd+9fLL2DukwONvwFqe2SVxqHl2JdljX1Yt3X3zO eSJfCJjGWdubevS0HT62XmBG+qx4xkDJGczcqjQvQzPmPpo7CmUFFT6AUkTH03oqEpdF hRKqTE51T+/mm+KVYHtDTNheGETPiBopMCyEUbYKXleWJ2XjrNYhF43LhjUVHsSXZ1i4 Fhuw== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVkcdEyyzJFznFA9mz/ZFe6KWzaLXExf/1udLVK6WjNwsN/qL3z kPtCkeVh8Wk3y8ryfOQuEUDuqGQD3ekSInyX4NYo1VcnutckLmjkpxDXEKWy4OcKm8IA9rQSDgz ZaSpdqrVeQD3uG7gBrH2PXGG9EagB/GohCO6oyh4Hi6WlOFDltlW+6hPSGRKNSNQvVg== X-Received: by 2002:a65:62c4:: with SMTP id m4mr46915904pgv.308.1557326690541; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqxNbE7AElQJVofKQykoVh4ogRP4oU0Y8BnV/uFrhGYqO0tZohsG8oU7RUYoEgmfkO/F7vXS X-Received: by 2002:a65:62c4:: with SMTP id m4mr46915775pgv.308.1557326689244; Wed, 08 May 2019 07:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326689; cv=none; d=google.com; s=arc-20160816; b=xE4OKP4iM7e6s1MhOQp7RjiU6ozOeFQ3J1WnR9zS55FZhdRIB2uBVG4uEADCXGqpoq MTyXrBzKzBt2jQNHG9dIXyHCgQDZFeBLaOyUHUssIaQuxl6dny+3j7kWPkPWttLCtKmn DbbTElXMZcCgqx9HrfmpQFJMdHATnVhhS/ZSKDb0lmkZBdbTmW53/CbmroSXeEF1D43A GGHvHLi0IVs2GCi4pDWNMyQn62QAAGJMWVM+133R56cCxwhKJPwtuZj8pPw/HoCUW4ak r3qtrUELpbXIAI2OOdhbf1t8lDotgVn8U1bVz71AKVOU/Z+oZbKXANMcRB0pXTNiOIKY 1vMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=VRvO8oqMppxOnEWDEBuBzBCYC9+uFK55kDaEpE2UVds=; b=NDNHc3LZ+wm231uUn0Q+mmRtoqDuhslpYm1Ea11aJre20lO3LZwmr697RSelKPv6dZ 0r1oCzsNfdxWOkZrVGMSE7GyfA32ayPGTCaYC1JOuvYXifBo/FNLpUcqKpIh9tyQhIqE JeO0dlXUYf+aNP/8uCoUlfByCbTqFu26oj8LveElpqNuCwR8u7OQQlhB82iQDi5QyYQe tvd2vN0u1yFRNRpg8rgYO1zYIbH2AQOviwmUxfpWIKqof4aVjiHl9RTq0wapRebf+fWY +GuOLI3Qg4UFtcKwzgJJQ9A1cZZnyZaxcV6GVS/W4LgYCz953dj/dE/ojowt190HOPn+ yLAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:48 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id D81CDEA8; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 43/62] syscall/x86: Wire up a system call for MKTME encryption keys Date: Wed, 8 May 2019 17:44:03 +0300 Message-Id: <20190508144422.13171-44-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield encrypt_mprotect() is a new system call to support memory encryption. It takes the same parameters as legacy mprotect, plus an additional key serial number that is mapped to an encryption keyid. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + include/linux/syscalls.h | 2 ++ include/uapi/asm-generic/unistd.h | 4 +++- kernel/sys_ni.c | 2 ++ 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 1f9607ed087c..dbcd4c28d743 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -433,3 +433,4 @@ 425 i386 io_uring_setup sys_io_uring_setup __ia32_sys_io_uring_setup 426 i386 io_uring_enter sys_io_uring_enter __ia32_sys_io_uring_enter 427 i386 io_uring_register sys_io_uring_register __ia32_sys_io_uring_register +428 i386 encrypt_mprotect sys_encrypt_mprotect __ia32_sys_encrypt_mprotect diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 92ee0b4378d4..d01bd132e9ee 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -349,6 +349,7 @@ 425 common io_uring_setup __x64_sys_io_uring_setup 426 common io_uring_enter __x64_sys_io_uring_enter 427 common io_uring_register __x64_sys_io_uring_register +428 common encrypt_mprotect __x64_sys_encrypt_mprotect # # x32-specific system call numbers start at 512 to avoid cache impact diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index e446806a561f..38a2d7b95397 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -988,6 +988,8 @@ asmlinkage long sys_rseq(struct rseq __user *rseq, uint32_t rseq_len, asmlinkage long sys_pidfd_send_signal(int pidfd, int sig, siginfo_t __user *info, unsigned int flags); +asmlinkage long sys_encrypt_mprotect(unsigned long start, size_t len, + unsigned long prot, key_serial_t serial); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index dee7292e1df6..86f942f54b1b 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -832,9 +832,11 @@ __SYSCALL(__NR_io_uring_setup, sys_io_uring_setup) __SYSCALL(__NR_io_uring_enter, sys_io_uring_enter) #define __NR_io_uring_register 427 __SYSCALL(__NR_io_uring_register, sys_io_uring_register) +#define __NR_encrypt_mprotect 428 +__SYSCALL(__NR_encrypt_mprotect, sys_encrypt_mprotect) #undef __NR_syscalls -#define __NR_syscalls 428 +#define __NR_syscalls 429 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index d21f4befaea4..80da8d9ac8b1 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -350,6 +350,8 @@ COND_SYSCALL(pkey_mprotect); COND_SYSCALL(pkey_alloc); COND_SYSCALL(pkey_free); +/* multi-key total memory encryption keys */ +COND_SYSCALL(encrypt_mprotect); /* * Architecture specific weak syscall entries. From patchwork Wed May 8 14:44:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935867 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 17883924 for ; Wed, 8 May 2019 14:46:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 065912844B for ; Wed, 8 May 2019 14:46:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE65228485; Wed, 8 May 2019 14:46:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 022082844B for ; Wed, 8 May 2019 14:46:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3C5F26B02A1; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 173256B02A0; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E92E86B029C; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id A43906B02A1 for ; Wed, 8 May 2019 10:44:51 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id s26so12730844pfm.18 for ; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BbRKBk6FDhssMTthMgesHoFT8llPZqMEa6iuWKGU9/Q=; b=RBIEit0RNNNQSImofE9kI5uyAg/f8N+/dkLhWP1IutPVskQ/Ki8uVkArfIIOIfsPBx +gBitre6yIT/mkpGaCKV6gDfa01kkPybHEKLFaMyqnjMkSTJ3yYIXeV734BuVIqZMhUA XpU3taJPjombXny/jHQW7MuioycN5Vb75Pr/mrS/Dn3k+1AD+h66dGS6nPqcF9tDRnwp IckzdEN4dGbBTxayDRC9N48zJAorL8Ykl+b6tL5AdBwityS42q1ym3xs07OanhvF0VjC vBGBPA8NWbbmOHTowCavfhPoiq1Tdxxcb3r2fnyLPzr3Y1IK3HpFIGigJaFrobKeqQ6D LFUg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXPY1+tYMffRvVpfjMH2X1OlTSCs9qZyLoMnC/XxFhMuhzKrMIB rgtHvaD18ETc50TVZWt1XmVZx6DhZ/kFih2n37575DkpYbqGckZUaFdqgU7Y+iuY8BS+r+AbPsg LI2/WJ2dnGH44qXPS+uo2nX7P2JryWHQpC4sNPQUYdQB7nlpFo1YgstoRsEyr/PtnGw== X-Received: by 2002:a17:902:1e3:: with SMTP id b90mr28139124plb.182.1557326691305; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqw+8S54XKq7/Xq+tmshq6qtnT7XP3gM/iTwf8irD6j4xEPjXUmdqQ43WZNWNvuXhp/mu5M7 X-Received: by 2002:a17:902:1e3:: with SMTP id b90mr28139011plb.182.1557326690100; Wed, 08 May 2019 07:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326690; cv=none; d=google.com; s=arc-20160816; b=praNAy6Yikr9OJP74VF7KYarMQ0Wpwqy/c7cMaaJLDHA3/ziAbywpGiz0kR9uhV31b aaZyBdNnjtl2oH5UbOPG64bC67kVMNLmDMQXgEWxPLeKUhhf2C7QzmUI+kAEmSUFD7sH JeP+TuZe2u6vd6g6h7tifdwjHD844xO7C6TXTwwg5h1ViAK7VUMoXzDeyIcMD2XSktRK I6De1z8hUt6MBWV0qqG/gdAehpfWZcrSlva0jQrd/mk9W0kVqviyZBvnJ66ke7GI8OaO whmO0bSrsD5j0CdiztTDz7zEOWOi3cmLZA7wbmV/4NqZyONU53rGAgVz/WUl532xmRk2 eUJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=BbRKBk6FDhssMTthMgesHoFT8llPZqMEa6iuWKGU9/Q=; b=Od5cW9xySNoa7fCVY1Lnm0FimO4x20RFAlp+ok9MePmjE0ke9Crcughv0p4Yw0IZ3J S58cZxbUViP2aO+O12NYxejs02kZzDzMAOY9Xsxyoja8xQ2mpud/875N+IPwRMC2HzGc S12xIDuUVAZBI7+atRBbkcuT6zikUp+HGWHE5pPGWEPoiUoj5bXf3xdWkwcTXFjn7bSQ nhJHgyOPbUd6ELMwAUPMEtPps9dS0toReB3uBD1ByNHCsv+79hUQZi6bRPDNWfpIwXBj xMjmvSpNmUQnN6u5FlSe960oWqAqQPgSCIGKFxsU7q9aoxwqumwQ9NCEUrBzjG8ofr9o OsNw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id E5DBEEAA; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 44/62] x86/mm: Set KeyIDs in encrypted VMAs for MKTME Date: Wed, 8 May 2019 17:44:04 +0300 Message-Id: <20190508144422.13171-45-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME architecture requires the KeyID to be placed in PTE bits 51:46. To create an encrypted VMA, place the KeyID in the upper bits of vm_page_prot that matches the position of those PTE bits. When the VMA is assigned a KeyID it is always considered a KeyID change. The VMA is either going from not encrypted to encrypted, or from encrypted with any KeyID to encrypted with any other KeyID. To make the change safely, remove the user pages held by the VMA and unlink the VMA's anonymous chain. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 4 ++++ arch/x86/mm/mktme.c | 26 ++++++++++++++++++++++++++ include/linux/mm.h | 6 ++++++ 3 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index bd6707e73219..0e6df07f1921 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -12,6 +12,10 @@ extern phys_addr_t mktme_keyid_mask; extern int mktme_nr_keyids; extern int mktme_keyid_shift; +/* Set the encryption keyid bits in a VMA */ +extern void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, + unsigned long start, unsigned long end); + DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); static inline bool mktme_enabled(void) { diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 024165c9c7f3..91b49e88ca3f 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,5 +1,6 @@ #include #include +#include #include #include #include @@ -53,6 +54,31 @@ int __vma_keyid(struct vm_area_struct *vma) return (prot & mktme_keyid_mask) >> mktme_keyid_shift; } +/* Set the encryption keyid bits in a VMA */ +void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, + unsigned long start, unsigned long end) +{ + int oldkeyid = vma_keyid(vma); + pgprotval_t newprot; + + /* Unmap pages with old KeyID if there's any. */ + zap_page_range(vma, start, end - start); + + if (oldkeyid == newkeyid) + return; + + newprot = pgprot_val(vma->vm_page_prot); + newprot &= ~mktme_keyid_mask; + newprot |= (unsigned long)newkeyid << mktme_keyid_shift; + vma->vm_page_prot = __pgprot(newprot); + + /* + * The VMA doesn't have any inherited pages. + * Start anon VMA tree from scratch. + */ + unlink_anon_vmas(vma); +} + /* Prepare page to be used for encryption. Called from page allocator. */ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { diff --git a/include/linux/mm.h b/include/linux/mm.h index 2684245f8503..c027044de9bf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2825,5 +2825,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif +#ifndef CONFIG_X86_INTEL_MKTME +static inline void mprotect_set_encrypt(struct vm_area_struct *vma, + int newkeyid, + unsigned long start, + unsigned long end) {} +#endif /* CONFIG_X86_INTEL_MKTME */ #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ From patchwork Wed May 8 14:44:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935869 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 370031515 for ; Wed, 8 May 2019 14:46:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 25F872844C for ; Wed, 8 May 2019 14:46:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17C97288F8; Wed, 8 May 2019 14:46:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 52C8028485 for ; Wed, 8 May 2019 14:46:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5EA6C6B029F; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 3BB5D6B02A4; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B0766B02A1; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id C04376B029E for ; Wed, 8 May 2019 10:44:51 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id j36so8022716pgb.20 for ; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=kydsvhYmtwP97NfX0czsEbvBzrcWYd7w+jQjY0TdfJU=; b=eEXKtQI65aT/zKQCHT+yalChe7CQDA/OL5Qnq9L5mhYjzXjc+uU1Qa6kF9cUlINNzg eGb2EPTIf2sVu6pQ8uGMPB4wJCdtneEEexKe/r4w2pHYQPV9K1VKNdbBL4YQvAM8j9Xp ucJhDJnbiQdygUhCo0VSFBO1No7cobXktEgqMY2wTiMARamJM6D05NTugu0AK+mn/WY/ CNICjeluSKQxTRPCYiaVjINW+uBtjQUQI7XuEoZJ70+U4PqL4MTXv6Ww/eArAA2xbjCm 67BSQg3MgGJvDCA+p8BmF1/L01whMQrJE14+AKUW6DElOWvdoE8nyGSSbrnpqWSICay+ CV5A== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWPzypFaPjB24sv11uAzaE7F+ZwxrLW9PqVnwzL1XlKIvMedPoC 6MJTxsa9rWcAuB9mGSWhebkCxxSVP//ap1t++oCCUD0q+aE99+Hks5s6ALenMPcwUcSk9U7u4f8 DZ/gJLdKHfIYpdb9z0xZw7VSCNPrGZP8XSPCWw8GI+t4ebqHPRyvyty60xEVYtvLavg== X-Received: by 2002:a17:902:b20f:: with SMTP id t15mr48326012plr.341.1557326691430; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqzJejpCx5i9K3B0CPswE3h47FN6t/MfRZJCDnTbQwTRz5+4ieYNYzsYJqK/YIB68DIMm7hH X-Received: by 2002:a17:902:b20f:: with SMTP id t15mr48325890plr.341.1557326690349; Wed, 08 May 2019 07:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326690; cv=none; d=google.com; s=arc-20160816; b=fR/mKVEpPYUtBS1AOh36MFBsc5Z6nz2LQ/R6WvfC5H8Ynrr3gt5tLa4F84jjiZdD9g WReCtRhLkNHg9knYeAoGyQxUgU8F5mbGSOAl+jJrCgHUOrhlgLN/mSVMyrrNsosU2lM7 1ounjIdgejQJf211trT48mQ3PRTtDU3e+9XUG4WiOSoF07Cw5lO9RwyIh3PIP6wlJ+ap UQ252Vh4e47dA9LBSKEsZUKGH/7UoTIKDNmhRMHKXm+UR9VElY46nYywzhSotrp7aDrA 3rCV8nH4CNKsoh42AyjzXS/xuWRfFd+IG/e5o4cCl1JqaFhKBuXo5EH+FHAP+BEzB7cw 9KrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=kydsvhYmtwP97NfX0czsEbvBzrcWYd7w+jQjY0TdfJU=; b=XXM5Jn71lOTHQy4NaHw+Ujx68eTl9JueLsoxRE5EkCqKITmRJfDegMqrd5KPuJbjmU wBwoNBcvbYLc+xgL/XGIdJEbuwuEyvGx3OQLTQZUP3BemG6650yXNieRJHW8wH/HKjGs pZ6eoX5/tN8g9ObH/6trLwmwzElJrXF1bxwC+b2FtsF12otCP8nxDRa1WfbagukkXzZ6 IXB8a7q7vyAqb6gMlBO+lWUDlcQyMQ/Wtzcd6K9LyhT8+aKoiLM02NtF0LzrRy6GG3fj UbLmjS9ieCUrmba1XlTM6KkgLdwteLaLbirtTmwL3KEKOpzAdjkwRpNcsbsbTSM7QVTe NkTA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d3si22507173pfc.278.2019.05.08.07.44.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga008.jf.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id F254AF65; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call for MKTME Date: Wed, 8 May 2019 17:44:05 +0300 Message-Id: <20190508144422.13171-46-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Implement memory encryption for MKTME (Multi-Key Total Memory Encryption) with a new system call that is an extension of the legacy mprotect() system call. In encrypt_mprotect the caller must pass a handle to a previously allocated and programmed MKTME encryption key. The key can be obtained through the kernel key service type "mktme". The caller must have KEY_NEED_VIEW permission on the key. MKTME places an additional restriction on the protected data: The length of the data must be page aligned. This is in addition to the existing mprotect restriction that the addr must be page aligned. encrypt_mprotect() will lookup the hardware keyid for the given userspace key. It will use previously defined helpers to insert that keyid in the VMAs during legacy mprotect() execution. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- fs/exec.c | 4 +-- include/linux/mm.h | 3 +- mm/mprotect.c | 68 +++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 65 insertions(+), 10 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 2e0033348d8e..695c121b34b3 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -755,8 +755,8 @@ int setup_arg_pages(struct linux_binprm *bprm, vm_flags |= mm->def_flags; vm_flags |= VM_STACK_INCOMPLETE_SETUP; - ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end, - vm_flags); + ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end, vm_flags, + -1); if (ret) goto out_unlock; BUG_ON(prev != vma); diff --git a/include/linux/mm.h b/include/linux/mm.h index c027044de9bf..a7f52d053826 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1634,7 +1634,8 @@ extern unsigned long change_protection(struct vm_area_struct *vma, unsigned long int dirty_accountable, int prot_numa); extern int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, - unsigned long end, unsigned long newflags); + unsigned long end, unsigned long newflags, + int newkeyid); /* * doesn't attempt to fault and will return short. diff --git a/mm/mprotect.c b/mm/mprotect.c index 23e680f4b1d5..38d766b5cc20 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -347,7 +348,8 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, - unsigned long start, unsigned long end, unsigned long newflags) + unsigned long start, unsigned long end, unsigned long newflags, + int newkeyid) { struct mm_struct *mm = vma->vm_mm; unsigned long oldflags = vma->vm_flags; @@ -357,7 +359,14 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; - if (newflags == oldflags) { + /* + * Flags match and Keyids match or we have NO_KEY. + * This _fixup is usually called from do_mprotect_ext() except + * for one special case: caller fs/exec.c/setup_arg_pages() + * In that case, newkeyid is passed as -1 (NO_KEY). + */ + if (newflags == oldflags && + (newkeyid == vma_keyid(vma) || newkeyid == NO_KEY)) { *pprev = vma; return 0; } @@ -423,6 +432,8 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } success: + if (newkeyid != NO_KEY) + mprotect_set_encrypt(vma, newkeyid, start, end); /* * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. @@ -454,10 +465,15 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } /* - * When pkey==NO_KEY we get legacy mprotect behavior here. + * do_mprotect_ext() supports the legacy mprotect behavior plus extensions + * for Protection Keys and Memory Encryption Keys. These extensions are + * mutually exclusive and the behavior is: + * (pkey==NO_KEY && keyid==NO_KEY) ==> legacy mprotect + * (pkey is valid) ==> legacy mprotect plus Protection Key extensions + * (keyid is valid) ==> legacy mprotect plus Encryption Key extensions */ static int do_mprotect_ext(unsigned long start, size_t len, - unsigned long prot, int pkey) + unsigned long prot, int pkey, int keyid) { unsigned long nstart, end, tmp, reqprot; struct vm_area_struct *vma, *prev; @@ -555,7 +571,8 @@ static int do_mprotect_ext(unsigned long start, size_t len, tmp = vma->vm_end; if (tmp > end) tmp = end; - error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); + error = mprotect_fixup(vma, &prev, nstart, tmp, newflags, + keyid); if (error) goto out; nstart = tmp; @@ -580,7 +597,7 @@ static int do_mprotect_ext(unsigned long start, size_t len, SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, unsigned long, prot) { - return do_mprotect_ext(start, len, prot, NO_KEY); + return do_mprotect_ext(start, len, prot, NO_KEY, NO_KEY); } #ifdef CONFIG_ARCH_HAS_PKEYS @@ -588,7 +605,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len, unsigned long, prot, int, pkey) { - return do_mprotect_ext(start, len, prot, pkey); + return do_mprotect_ext(start, len, prot, pkey, NO_KEY); } SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val) @@ -637,3 +654,40 @@ SYSCALL_DEFINE1(pkey_free, int, pkey) } #endif /* CONFIG_ARCH_HAS_PKEYS */ + +#ifdef CONFIG_X86_INTEL_MKTME + +extern int mktme_keyid_from_key(struct key *key); + +SYSCALL_DEFINE4(encrypt_mprotect, unsigned long, start, size_t, len, + unsigned long, prot, key_serial_t, serial) +{ + key_ref_t key_ref; + struct key *key; + int ret, keyid; + + /* MKTME restriction */ + if (!PAGE_ALIGNED(len)) + return -EINVAL; + + /* + * key_ref prevents the destruction of the key + * while the memory encryption is being set up. + */ + + key_ref = lookup_user_key(serial, 0, KEY_NEED_VIEW); + if (IS_ERR(key_ref)) + return PTR_ERR(key_ref); + + key = key_ref_to_ptr(key_ref); + keyid = mktme_keyid_from_key(key); + if (!keyid) { + key_ref_put(key_ref); + return -EINVAL; + } + ret = do_mprotect_ext(start, len, prot, NO_KEY, keyid); + key_ref_put(key_ref); + return ret; +} + +#endif /* CONFIG_X86_INTEL_MKTME */ From patchwork Wed May 8 14:44:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935863 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A6AC0924 for ; Wed, 8 May 2019 14:46:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94EA62844B for ; Wed, 8 May 2019 14:46:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8896D2844C; Wed, 8 May 2019 14:46:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E4D0F288F8 for ; Wed, 8 May 2019 14:46:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E9C156B029B; Wed, 8 May 2019 10:44:51 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id AE6C36B0297; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6559D6B02A0; Wed, 8 May 2019 10:44:51 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 010386B0297 for ; Wed, 8 May 2019 10:44:51 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id a17so7477115pls.5 for ; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=iWsGKZByUQDlHk7Hz7enXJpmECuVWnapQVrzWNnNSAM=; b=Do6Dyk23Gcr+Td5flw4MxVB+Ekrikd9rKxEELlakRK8f4+XYn79/+dGLHorI7dU8CK Ai6XLTm1AoyNbcnooizJWUp1/cxJ/kP1JovyzRom3zyunWXd70usMNAZuV8xRrXR3EbA p6Gzb/yJTQAmuWJHR0A2iAGgdCVST3uHvOVJ1bEDVdzCaw7tkkGe1oR82BvhNmfvyosD lU6xYLlCBD1Jj9e15Gkvd4JNmRZmIvNjwCGLadBuRGXR9BOPfMAEmAR2IEhdxYsYe/2t YKmAw72DTvRPCkdSDPXl0NBmPXf4taQVbDPF3esnp7alG0pYYFXtUGhOesaXvoIZJibH DReA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAUiFEJnIVbgd8LZt3WfvD51KWypi/rPobJQ2qJve4fno/TdaWHq wTFQwvsKGYEwQ76DcyTcjrcfXHppWwOtQAIdlAY6Ujzl3I7PNOnjelp2IZwoRBgxvCDOiL4/C7q S9K5QePelmerJLgWhyvzOaHnTncUz1YrIPsTeavJ3xum/Dx7uIMrJKbLIlZYNdsWl8A== X-Received: by 2002:a17:902:9007:: with SMTP id a7mr3896872plp.221.1557326690648; Wed, 08 May 2019 07:44:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqzewj+iod91hIAUdfUsxgxUrWhzoIxxwdHYbYAWIBOU0MYUBRe8iTbi88t+9S+1/R1yPYfv X-Received: by 2002:a17:902:9007:: with SMTP id a7mr3896792plp.221.1557326689735; Wed, 08 May 2019 07:44:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326689; cv=none; d=google.com; s=arc-20160816; b=d4qhO/KnyFDeartQbBHU2Ijvr11kwHuDEy/he65U7VOfsPaMlblkb19xdWm+n/XlKW +VxS42ZIiIvroa4B7tkIb967cuqQrSVlZR5W0Uj/TeWBqrz1QlckXL3QKY5kff8CogkZ bl+bKNvP5t3FiflX2UEPPSVmo9VbSPqpQDDHSYzvcBKsjfTFPake5gvTEiiVOkeZj2YX 7/pyrzbGqj6XgDowFrvTofl16qkWE89D+ddg4pMxyhS3gvZWjK3XTVmbBcQ/QhjQQ666 E3C3VooGOLOHYgNoGBbZ8Kh84QqopbfQq1e9MVTCyaSnqFczPgYMXgtIvOr69xEw4DmT yayA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=iWsGKZByUQDlHk7Hz7enXJpmECuVWnapQVrzWNnNSAM=; b=nFpCAU51PoYLhytjWPrm0NQChXZaIJwqP/WjwGh8/xA0N3sbZztv+1sXr29cq8FsRi gnd4y1vFIgBOgrgext9GJvmV1aqd75RbdJqxCfzKZfzqTJ0RdF6ditgNwepF2Ri353Uz u+nk8plCYHS8mb2K/dy7D24S3GDkbmP8dLXX01ljOzjK2mNpfbktneqSIvBU1OgVNujb 6P7EBPMVZIH6/Ai2RTspa54LbTY9NimLdx5mfdKl/Cy1D83+Li0E3BUnfACt5WQ02WNI LK/PiYld7RMTAAu/ehjByq03Mwy3mym2Ud1F2LDP006VVRNUU55x2m+IFbw090xCN9oN GFgg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:45 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 0BEE5F6B; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 46/62] x86/mm: Keep reference counts on encrypted VMAs for MKTME Date: Wed, 8 May 2019 17:44:06 +0300 Message-Id: <20190508144422.13171-47-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME (Multi-Key Total Memory Encryption) Key Service needs a reference count on encrypted VMAs. This reference count is used to determine when a hardware encryption KeyID is no longer in use and can be freed and reassigned to another Userspace Key. The MKTME Key service does the percpu_ref_init and _kill, so these gets/puts on encrypted VMA's can be considered the intermediaries in the lifetime of the key. Increment/decrement the reference count during encrypt_mprotect() system call for initial or updated encryption on a VMA. Piggy back on the vm_area_dup/free() helpers. If the VMAs being duplicated, or freed are encrypted, adjust the reference count. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 5 +++++ arch/x86/mm/mktme.c | 37 ++++++++++++++++++++++++++++++++++-- include/linux/mm.h | 2 ++ kernel/fork.c | 2 ++ 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 0e6df07f1921..14da002d2e85 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -16,6 +16,11 @@ extern int mktme_keyid_shift; extern void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unsigned long start, unsigned long end); +/* MTKME encrypt_count for VMAs */ +extern struct percpu_ref *encrypt_count; +extern void vma_get_encrypt_ref(struct vm_area_struct *vma); +extern void vma_put_encrypt_ref(struct vm_area_struct *vma); + DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); static inline bool mktme_enabled(void) { diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 91b49e88ca3f..df70651816a1 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -66,11 +66,12 @@ void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, if (oldkeyid == newkeyid) return; - + vma_put_encrypt_ref(vma); newprot = pgprot_val(vma->vm_page_prot); newprot &= ~mktme_keyid_mask; newprot |= (unsigned long)newkeyid << mktme_keyid_shift; vma->vm_page_prot = __pgprot(newprot); + vma_get_encrypt_ref(vma); /* * The VMA doesn't have any inherited pages. @@ -79,6 +80,18 @@ void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unlink_anon_vmas(vma); } +void vma_get_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + percpu_ref_get(&encrypt_count[vma_keyid(vma)]); +} + +void vma_put_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + percpu_ref_put(&encrypt_count[vma_keyid(vma)]); +} + /* Prepare page to be used for encryption. Called from page allocator. */ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { @@ -102,6 +115,22 @@ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) page++; } + + /* + * Make sure the KeyID cannot be freed until the last page that + * uses the KeyID is gone. + * + * This is required because the page may live longer than VMA it + * is mapped into (i.e. in get_user_pages() case) and having + * refcounting per-VMA is not enough. + * + * Taking a reference per-4K helps in case if the page will be + * split after the allocation. free_encrypted_page() will balance + * out the refcount even if the page was split and freed as bunch + * of 4K pages. + */ + + percpu_ref_get_many(&encrypt_count[keyid], 1 << order); } /* @@ -110,7 +139,9 @@ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) */ void free_encrypted_page(struct page *page, int order) { - int i; + int i, keyid; + + keyid = page_keyid(page); /* * The hardware/CPU does not enforce coherency between mappings @@ -125,6 +156,8 @@ void free_encrypted_page(struct page *page, int order) lookup_page_ext(page)->keyid = 0; page++; } + + percpu_ref_put_many(&encrypt_count[keyid], 1 << order); } static int sync_direct_mapping_pte(unsigned long keyid, diff --git a/include/linux/mm.h b/include/linux/mm.h index a7f52d053826..00c0fd70816b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2831,6 +2831,8 @@ static inline void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unsigned long start, unsigned long end) {} +static inline void vma_get_encrypt_ref(struct vm_area_struct *vma) {} +static inline void vma_put_encrypt_ref(struct vm_area_struct *vma) {} #endif /* CONFIG_X86_INTEL_MKTME */ #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/kernel/fork.c b/kernel/fork.c index 9dcd18aa210b..f0e35ed76f5a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -342,12 +342,14 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig) if (new) { *new = *orig; INIT_LIST_HEAD(&new->anon_vma_chain); + vma_get_encrypt_ref(new); } return new; } void vm_area_free(struct vm_area_struct *vma) { + vma_put_encrypt_ref(vma); kmem_cache_free(vm_area_cachep, vma); } From patchwork Wed May 8 14:44:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935955 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 72BB21515 for ; Wed, 8 May 2019 14:47:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 60AC92844C for ; Wed, 8 May 2019 14:47:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5497E2890F; Wed, 8 May 2019 14:47:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D89782844C for ; Wed, 8 May 2019 14:47:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 73F156B02D7; Wed, 8 May 2019 10:46:53 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6A0426B02D9; Wed, 8 May 2019 10:46:53 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 58F576B02DA; Wed, 8 May 2019 10:46:53 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id 1DED26B02D9 for ; Wed, 8 May 2019 10:46:53 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id x13so12801228pgl.10 for ; Wed, 08 May 2019 07:46:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=gHNz/kCOwnG9rzVvAEsX8yaXn6m+YaYxBKDTK443Tfo=; b=roJu3I1fhQZALzobxatXivVk5DXtENL6ph4Ld+SflGmYMpscY6jw2ucDZINaCVuuYP zaEFWGHnIFEKIauVQ6gEEgLA7LIDh6XPS0+MkpW5So75EJUhYaPUzAtrlr9/qObsRykp Nrhrcheyhk6/RKrd4KoQrH9WhSoasCRaDS9hTioJevLIbGyNRXVozw+X1nHvk5SLBWdc 4D4KejGdbAew06YNPxc8rJqM145KVZ9qbv/an1/9m7g/fBw20q3HbkhVNwLrGKk1aZy/ UfstEauIVhpQZRlrGfp+O54SzLbS/aiWyGj64baXbnlpMlNjMQG6yao6DOU0Gwx95+Fw Wykg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWLNcaDJA4veeK+G0c7k5d+CgComHaSreQjQADJxbCPkX26gyip E8sNHzNa08zoAcvewkNL23/DO/hrdIo3CCvqMiq9/Pv3JEtvc37XJeqsSGqZVHgk/aSqKfhwua1 3MTqYOMvyHbmt5dCWMltUQ7tW5/YcvSCNYdcPBVlUXxzNC3Of/MGoiD6SZLelUL6yZQ== X-Received: by 2002:a62:6842:: with SMTP id d63mr50169246pfc.9.1557326812737; Wed, 08 May 2019 07:46:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqwlhj7TiXaO8N9P0eS2kBNAfgCYTU/NTGFb7DhAbPfFcvR2B6EfmHroHRPST02N3ZYFcZVJ X-Received: by 2002:a62:6842:: with SMTP id d63mr50154277pfc.9.1557326690597; Wed, 08 May 2019 07:44:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326690; cv=none; d=google.com; s=arc-20160816; b=M2Sk7WqkvnQCxBXfYtVF4CS+AFq8o5P6mjrnsFpepUlZpFdw2tWcw0Z41Ekdtv/FxW t0pR6STt+J1ew6W9Cba4mN1DiAy70o7i86LNROnQo3qV7fiRdrAU4fDjmqNg8GZ+xXwC VlIIBy/hUvPCW6n7c4v/3oCvqDN92vO5tpKZeexslLgXe+h7luuawmCzs0KuyUfWmIJO 5VA/+c5DY8qTfATM+xHK37jsSjjYFlcbSBtOXFolr/TDfLbz8hW+xIwPP3E5bhF2sZ9z Se06ngCfb9zukAX4mGe+h2fAAoK81jQFk2rMp07s8BYr6NjpDxLu6qgUJG4XUto4m5hJ 6bVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=gHNz/kCOwnG9rzVvAEsX8yaXn6m+YaYxBKDTK443Tfo=; b=oqENP1aetGDV+TsYmu5kzFgDtQtLsmtF2CZ7h7VNdca8sXojcDC5giVivah/CS6MO9 Gwu+pry0vZbpgRR1GATbLt8nlwkAFDySxh0E2Ap3s3gpHJ9xd6YBVaivRbfqsUfXE63q PeCMn6TokyNRKIzmNdKiVqUxgopggeP/P3wip7lCGwlIpXz0AfyADTIbsl7yPcj0fl2n vKBxiwcUCfz1FuNT2V18tFDmlUE5Zu0xyUqr9jg7q4NZcS84PzuO8uTi53o7japlBKO+ p2SHV5pqT9UiOe3XaoauRQjVdxzjrXtpWvD7Az3LeQay0KUQjyBlhs5WU8NXTqZNFoz0 gG3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id q8si24066889pgf.3.2019.05.08.07.44.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:50 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:45 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 19F92F6E; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 47/62] mm: Restrict MKTME memory encryption to anonymous VMAs Date: Wed, 8 May 2019 17:44:07 +0300 Message-Id: <20190508144422.13171-48-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Memory encryption is only supported for mappings that are ANONYMOUS. Test the VMA's in an encrypt_mprotect() request to make sure they all meet that requirement before encrypting any. The encrypt_mprotect syscall will return -EINVAL and will not encrypt any VMA's if this check fails. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- mm/mprotect.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/mm/mprotect.c b/mm/mprotect.c index 38d766b5cc20..53bd41f99a67 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -346,6 +346,24 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, return walk_page_range(start, end, &prot_none_walk); } +/* + * Encrypted mprotect is only supported on anonymous mappings. + * If this test fails on any single VMA, the entire mprotect + * request fails. + */ +static bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) +{ + struct vm_area_struct *test_vma = vma; + + do { + if (!vma_is_anonymous(test_vma)) + return false; + + test_vma = test_vma->vm_next; + } while (test_vma && test_vma->vm_start < end); + return true; +} + int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags, @@ -532,6 +550,12 @@ static int do_mprotect_ext(unsigned long start, size_t len, goto out; } } + + if (keyid > 0 && !mem_supports_encryption(vma, end)) { + error = -EINVAL; + goto out; + } + if (start > vma->vm_start) prev = vma; From patchwork Wed May 8 14:44:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935901 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1894C1515 for ; Wed, 8 May 2019 14:46:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 017C92844B for ; Wed, 8 May 2019 14:46:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E978628485; Wed, 8 May 2019 14:46:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D0AE2844B for ; Wed, 8 May 2019 14:46:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CCF086B02A9; Wed, 8 May 2019 10:44:55 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id A747C6B02A6; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 826006B02AC; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by kanga.kvack.org (Postfix) with ESMTP id 147AC6B02A6 for ; Wed, 8 May 2019 10:44:55 -0400 (EDT) Received: by mail-pl1-f200.google.com with SMTP id x2so11627685plr.21 for ; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=gJqBFkShEyKFvv3S8vdmuaduI4wABw5IIGrn5d8PtRg=; b=YhxSakvAhAkoFzeEwCd+khJtcmJYj2/AAW8Hu5TJqnCU7zLP6ux43+VmKmxyPh6g3o 6kVb/TOUbY/OhZf+dRIIQrIjhXwRNihxx4n94I2BmBNgHlnpAcM1mQ7XFc/zRajvtSRf 8avlVV27oJsZmZqVWZDv5ozyIUzEQzgteJOaeA+62XymBgcmRFxTP5SSgFgKGMp1DLY3 9fbLis4+Vj4qFqBVU/FJSb1+v3tfJCe92E61rzpc7ibRLlOxVEFz7FI07K3lRgqmbVPi S5WD8SNy5NoKJUOxl5Ld0Zr87BEz4ErTTso7HC6iLYRlGSZKnm+qqoGWeXDwcm1gsT3D xQVg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU17QPk6zVwDnyPc2edDwhP4yuuKGP1bc6QhNCHNasve5dnz+lb 0SryHPn8d82XN2NemagsUJDmoAZ5wi76nKNFcKfTgG0+y1fkfOO7C18xhOdqXO0E5Gkw06zkoqP qFEHpY3ZLLTepLp3m3+aps4L9pLGWGu6Pbiqaf36Z7A72GO8FKw8+Jqa+BHjXw2oPJg== X-Received: by 2002:a62:414a:: with SMTP id o71mr48905358pfa.240.1557326694625; Wed, 08 May 2019 07:44:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqw1/zC5menLIRd2Svks8JIyjgZg/JldrRrjD0o6woxMtYDCQxs2AyaW00VCLpo6PWUzRYOs X-Received: by 2002:a62:414a:: with SMTP id o71mr48905000pfa.240.1557326691622; Wed, 08 May 2019 07:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326691; cv=none; d=google.com; s=arc-20160816; b=uhon3EeoUNlRuXyEwhpvDermxOCB2gLKMHXluqlgy6+D8azk8uCTJCoLJ0iRy71GJ9 ep3mFs4xfkZsaUSEzkt3v1SrRixC5slXmoCmnVsJNBDmFbc6Q25Klep0+ZoUETm0/RaD +NkpScJDIrzn1oXwi0QSz64CbrYrNVIYb8zK5URtrJ1SA/ak8Sk+8+eMBsknIbkv9uEL 2DA/BFoSd5IgANFvH8bNJmVrS5F9SS8W3xA4NxjUZ6nH6Bbq7R7NJPKcF8ondDjNJhV7 6ty0XomOE/yN6Tx0w6hXYrRLqc4pzLsUAxkP+Q9SmlfpoA/szJXjyVHqIpAdwzjiUl3R 6l3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=gJqBFkShEyKFvv3S8vdmuaduI4wABw5IIGrn5d8PtRg=; b=xSRIIPT7Sq9NdbLutBnxbIsHx7tXV3SwFNwhKtISUn3Rj9DmoK5ypX+jDYV+yqxpLk yL/vTaVvNNE9lFf7CxCGVFdI0QOFrr6R4kYq+u6QMDgkRmOCCrtncJVNLg3Xcuw8U+K+ AIV7j/DLzzyZ3W8+rIJ3ByplvK2ZF04UFWcXB+uXQm9iY7yvnD1TQxfS9oKZ5uSENeSn +yKQ0HatbO6Et7OIA1pWv/QVj+nn40N7SJMDu8rWEpaw01KwCAG6H8sEBV+Aq9dGGC+8 K+N0SmNJy8UOytEW/I8eIs3xquPmIbcm/Nitw8mhFmHrS5Xsuzhz5iiyhmjXUNTNxm3V k4Xg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id q8si24066889pgf.3.2019.05.08.07.44.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:51 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga002.jf.intel.com with ESMTP; 08 May 2019 07:44:45 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 269641075; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 48/62] selftests/x86/mktme: Test the MKTME APIs Date: Wed, 8 May 2019 17:44:08 +0300 Message-Id: <20190508144422.13171-49-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield This is a draft for poweron testing. I'm assuming it needs to be in Intel-next to be available for poweron. It is not in the selftest Makefiles. COMPILE w keyutils library ==> cc -o mktest mktme_test.c -lkeyutils Usage: mktme_test [options]... -a Run ALL tests -t Run one test -l List available tests -h, -? Show this help mktest -l [ 1] Keys: Add each type key [ 2] Flow: One simple roundtrip [ 3] Keys: Valid Payload Options [ 4] Keys: Invalid Payload Options [ 5] Keys: Add Key Descriptor Field [ 6] Keys: Add Multiple Same [ 7] Keys: Change payload, auto update [ 8] Keys: Update, explicit update [ 9] Keys: Update, Clear [10] Keys: Add, Invalidate Keys [11] Keys: Add, Revoke Keys [12] Keys: Keyctl Describe [13] Keys: Clear [14] Keys: No Encrypt [15] Keys: Unique KeyIDs [16] Keys: Get Max KeyIDs [17] Encrypt: Parameter Alignment [18] Encrypt: Change Protections [19] Encrypt: Swap Keys [20] Encrypt: Counters Same Key [21] Encrypt: Counters Diff Key [22] Encrypt: Counters Holes [23] Flow: Switch key no data [24] Flow: Switch key multi VMAs [25] Flow: Switch No Key to Any Key [26] Flow: madvise [27] Flow: Invalidate In Use Key Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- .../selftests/x86/mktme/encrypt_tests.c | 433 ++++++++++++++ .../testing/selftests/x86/mktme/flow_tests.c | 266 +++++++++ tools/testing/selftests/x86/mktme/key_tests.c | 526 ++++++++++++++++++ .../testing/selftests/x86/mktme/mktme_test.c | 300 ++++++++++ 4 files changed, 1525 insertions(+) create mode 100644 tools/testing/selftests/x86/mktme/encrypt_tests.c create mode 100644 tools/testing/selftests/x86/mktme/flow_tests.c create mode 100644 tools/testing/selftests/x86/mktme/key_tests.c create mode 100644 tools/testing/selftests/x86/mktme/mktme_test.c diff --git a/tools/testing/selftests/x86/mktme/encrypt_tests.c b/tools/testing/selftests/x86/mktme/encrypt_tests.c new file mode 100644 index 000000000000..735d5da89d29 --- /dev/null +++ b/tools/testing/selftests/x86/mktme/encrypt_tests.c @@ -0,0 +1,433 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* x86 MKTME Encrypt API Tests */ + +/* Address & length parameters to encrypt_mprotect() must be page aligned */ +void test_param_alignment(void) +{ + size_t datalen = PAGE_SIZE * 2; + key_serial_t key; + int ret, i; + char *buf; + + key = add_key("mktme", "keyname", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + perror("test_param_alignment"); + return; + } + buf = (char *)mmap(NULL, datalen, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + + /* Fail if addr is not page aligned */ + ret = syscall(sys_encrypt_mprotect, buf + 100, datalen / 2, PROT_NONE, + key); + if (!ret) + fprintf(stderr, "Error: addr is not page aligned\n"); + + /* Fail if len is not page aligned */ + ret = syscall(sys_encrypt_mprotect, buf, 9, PROT_NONE, key); + if (!ret) + fprintf(stderr, "Error: len is not page aligned."); + + /* Fail if both addr and len are not page aligned */ + ret = syscall(sys_encrypt_mprotect, buf + 100, datalen + 100, + PROT_READ | PROT_WRITE, key); + if (!ret) + fprintf(stderr, "Error: addr and len are not page aligned\n"); + + /* Success if both addr and len are page aligned */ + ret = syscall(sys_encrypt_mprotect, buf, datalen, + PROT_READ | PROT_WRITE, key); + + if (ret) + fprintf(stderr, "Fail: addr and len are both page aligned\n"); + + ret = munmap(buf, datalen); + + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed on key [%d]\n", key); +} + +/* + * Do encrypt_mprotect and follow with classic mprotects. + * KeyID should remain unchanged. + */ +void test_change_protections(void) +{ + unsigned int keyid, check_keyid; + key_serial_t key; + void *ptra; + int ret, i; + + const int prots[] = { + PROT_NONE, PROT_READ, PROT_WRITE, PROT_EXEC, + PROT_READ | PROT_WRITE, PROT_READ | PROT_EXEC, + }; + + key = add_key("mktme", "testkey", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + if (key == -1) { + perror(__func__); + return; + } + ptra = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + if (!ptra) { + fprintf(stderr, "Error: mmap failed."); + goto revoke_key; + } + /* Encrypt Memory */ + ret = syscall(sys_encrypt_mprotect, ptra, PAGE_SIZE, PROT_NONE, key); + if (ret) + fprintf(stderr, "Error: encrypt_mprotect [%d]\n", ret); + + /* Remember the assigned KeyID */ + keyid = find_smaps_keyid((unsigned long)ptra); + + /* Classic mprotects() should not change KeyID. */ + for (i = 0; i < ARRAY_SIZE(prots); i++) { + ret = mprotect(ptra, PAGE_SIZE, prots[i]); + if (ret) + fprintf(stderr, "Error: encrypt_mprotect [%d]\n", ret); + + check_keyid = find_smaps_keyid((unsigned long)ptra); + if (keyid != check_keyid) + fprintf(stderr, "Error: keyid change not expected\n"); + }; +free_memory: + ret = munmap(ptra, PAGE_SIZE); +revoke_key: + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed. [%d]\n", key); +} + +/* + * Make one mapping and create a bunch of keys. + * Encrypt that one mapping repeatedly with different keys. + * Verify the KeyID changes in smaps. + */ +void test_key_swap(void) +{ + unsigned int prev_keyid, next_keyid; + int maxswaps = max_keyids / 2; /* Not too many swaps */ + key_serial_t key[maxswaps]; + long size = PAGE_SIZE; + int keys_available = 0; + char name[12]; + void *ptra; + int i, ret; + + for (i = 0; i < maxswaps; i++) { + sprintf(name, "mk_swap_%d", i); + key[i] = add_key("mktme", name, options_CPU_long, + strlen(options_CPU_long), + KEY_SPEC_THREAD_KEYRING); + if (key[i] == -1) { + perror(__func__); + goto free_keys; + } else { + keys_available++; + } + } + + printf(" Info: created %d keys\n", keys_available); + ptra = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (!ptra) { + perror("mmap"); + goto free_keys; + } + prev_keyid = 0; + + for (i = 0; i < keys_available; i++) { + ret = syscall(sys_encrypt_mprotect, ptra, size, + PROT_NONE, key[i]); + if (ret) { + perror("encrypt_mprotect"); + goto free_memory; + } + + next_keyid = find_smaps_keyid((unsigned long)ptra); + if (prev_keyid == next_keyid) + fprintf(stderr, "Error %s: expected new keyid\n", + __func__); + prev_keyid = next_keyid; + } +free_memory: + ret = munmap(ptra, size); + +free_keys: + for (i = 0; i < keys_available; i++) { + if (keyctl(KEYCTL_INVALIDATE, key[i]) == -1) + perror(__func__); + } +} + +/* + * These may not be doing as orig planned. Need to check that key is + * invalidated and then gets destroyed when last map is removed. + */ +void test_counters_same(void) +{ + key_serial_t key; + int count = 4; + void *ptr[count]; + int ret, i; + + /* Get 4 pieces of memory */ + i = count; + while (i--) { + ptr[i] = mmap(NULL, PAGE_SIZE, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (!ptr[i]) + perror("mmap"); + } + /* Protect with same key */ + key = add_key("mktme", "mk_same", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + perror("add_key"); + goto free_mem; + } + i = count; + while (i--) { + ret = syscall(sys_encrypt_mprotect, ptr[i], PAGE_SIZE, + PROT_NONE, key); + if (ret) + perror("encrypt_mprotect"); + } + /* Discard Key & Unmap Memory (order irrelevant) */ + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed.\n"); +free_mem: + i = count; + while (i--) + ret = munmap(ptr[i], PAGE_SIZE); +} + +void test_counters_diff(void) +{ + int prot = PROT_READ | PROT_WRITE; + long size = PAGE_SIZE; + int ret, i; + int loop = 4; + char name[12]; + void *ptr[loop]; + key_serial_t diffkey[loop]; + + i = loop; + while (i--) + ptr[i] = mmap(NULL, size, prot, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + i = loop; + while (i--) { + sprintf(name, "cheese_%d", i); + diffkey[i] = add_key("mktme", name, options_USER, + strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + ret = syscall(sys_encrypt_mprotect, ptr[i], size, prot, + diffkey[i]); + if (ret) + perror("encrypt_mprotect"); + } + + i = loop; + while (i--) + ret = munmap(ptr[i], PAGE_SIZE); + + i = loop; + while (i--) { + if (keyctl(KEYCTL_INVALIDATE, diffkey[i]) == -1) + fprintf(stderr, "Error: invalidate failed key:%d\n", + diffkey[i]); + } +} + +void test_counters_holes(void) +{ + int prot = PROT_READ | PROT_WRITE; + long size = PAGE_SIZE; + int ret, i; + int loop = 6; + void *ptr[loop]; + key_serial_t samekey; + + samekey = add_key("mktme", "gouda", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + + i = loop; + while (i--) { + ptr[i] = mmap(NULL, size, prot, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + if (i % 2) { + ret = syscall(sys_encrypt_mprotect, ptr[i], size, prot, + samekey); + if (ret) + perror("mprotect error"); + } + } + + i = loop; + while (i--) + ret = munmap(ptr[i], size); + + if (keyctl(KEYCTL_INVALIDATE, samekey) == -1) + fprintf(stderr, "Error: invalidate failed\n"); +} + +/* + * Try on SIMICs. See is SIMICs 'a1a1' thing does the trick. + * May need real hardware. + * One buffer -> encrypt entirety w one key + * Same buffer -> encrypt in pieces w different keys + */ +void test_split(void) +{ + int prot = PROT_READ | PROT_WRITE; + int ret, i; + int pieces = 10; + size_t len = PAGE_SIZE; + char name[12]; + char *buf; + key_serial_t firstkey; + key_serial_t diffkey[pieces]; + + /* get one piece of memory, protect it, memset it */ + buf = (char *)mmap(NULL, len, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + + firstkey = add_key("mktme", "firstkey", options_CPU_long, + strlen(options_CPU_long), + KEY_SPEC_THREAD_KEYRING); + + ret = syscall(sys_encrypt_mprotect, buf, len, PROT_READ | PROT_WRITE, + firstkey); + + if (ret) { + printf("firstkey mprotect error:%d\n", ret); + goto free_mem; + } + + memset(buf, 9, len); + /* + * Encrypt pieces of buf with different encryption keys. + * Expect to see the data in those pieces zero'd + */ + for (i = 0; i < pieces; i++) { + sprintf(name, "cheese_%d", i); + diffkey[i] = add_key("mktme", name, options_CPU_long, + strlen(options_CPU_long), + KEY_SPEC_THREAD_KEYRING); + ret = syscall(sys_encrypt_mprotect, (buf + (i * len)), len, + PROT_READ | PROT_WRITE, diffkey[i]); + if (ret) + printf("diff key mprotect error:%d\n", ret); + else + printf("done protecting w i:%d key[%d]\n", i, + diffkey[i]); + } + printf("SIMICs - this should NOT be all 'f's.\n"); + for (i = 0; i < len; i++) + printf("-%x", buf[i]); + printf("\n"); + + getchar(); + i = pieces; + for (i = 0; i < pieces; i++) { + if (keyctl(KEYCTL_INVALIDATE, diffkey[i]) == -1) + fprintf(stderr, "invalidate failed key:%d\n", + diffkey[i]); + } + if (keyctl(KEYCTL_INVALIDATE, firstkey) == -1) + fprintf(stderr, "invalidate failed on key:%d\n", firstkey); +free_mem: + ret = munmap(buf, len); +} + +void test_well_suited(void) +{ + int prot; + long size = PAGE_SIZE; + int ret, i; + int loop = 6; + void *ptr[loop]; + key_serial_t key; + void *addr, *first; + + /* mmap alternating protections so that we get loop# of vma's */ + i = loop; + /* map the first one */ + first = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + + addr = first + PAGE_SIZE; + i--; + while (i--) { + prot = (i % 2) ? PROT_READ : PROT_WRITE; + ptr[i] = mmap(addr, size, prot, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + addr = addr + PAGE_SIZE; + } + /* Protect with same key */ + key = add_key("mktme", "mk_suited954", options_USER, + strlen(options_USER), KEY_SPEC_THREAD_KEYRING); + + /* Changing FLAGS and adding KEY */ + ret = syscall(sys_encrypt_mprotect, ptr[0], (loop * PAGE_SIZE), + PROT_EXEC, key); + if (ret) + fprintf(stderr, "Error: encrypt_mprotect [%d]\n", ret); + + i = loop; + while (i--) + ret = munmap(ptr[i], size); + + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed\n"); +} + +void test_not_suited(int argc, char *argv[]) +{ + int prot; + int protA = PROT_READ; + int protB = PROT_WRITE; + int flagsA = MAP_ANONYMOUS | MAP_PRIVATE; + int flagsB = MAP_SHARED | MAP_ANONYMOUS; + int flags; + int ret, i; + int loop = 6; + void *ptr[loop]; + key_serial_t key; + + printf("loop count [%d]\n", loop); + + /* mmap alternating protections so that we get loop# of vma's */ + i = loop; + while (i--) { + prot = (i % 2) ? PROT_READ : PROT_WRITE; + if (i == 2) + flags = flagsB; + else + flags = flagsA; + ptr[i] = mmap(NULL, PAGE_SIZE, prot, flags, -1, 0); + } + + /* protect with same key */ + key = add_key("mktme", "mk_notsuited", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + + /* Changing FLAGS and adding KEY */ + ret = syscall(sys_encrypt_mprotect, ptr[0], (loop * PAGE_SIZE), + PROT_EXEC, key); + if (!ret) + fprintf(stderr, "Error: expected encrypt_mprotect to fail.\n"); + + i = loop; + while (i--) + ret = munmap(ptr[i], PAGE_SIZE); + + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed.\n"); +} + diff --git a/tools/testing/selftests/x86/mktme/flow_tests.c b/tools/testing/selftests/x86/mktme/flow_tests.c new file mode 100644 index 000000000000..87b17d3bf142 --- /dev/null +++ b/tools/testing/selftests/x86/mktme/flow_tests.c @@ -0,0 +1,266 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * x86 MKTME: API Tests + * + * Flow Tests either + * 1) Validate some interaction between the 2 API's: Key & Encrypt + * 2) or, Validate code flows, scenarios, known/fixed issues. + */ + +/* + * Userspace Keys with outstanding memory mappings can be discarded, + * (discarded == revoke, invalidate, expire, unlink) + * The paired KeyID will not be freed for reuse until the last memory + * mapping is unmapped. + */ +void test_discard_in_use_key(void) +{ + key_serial_t key; + void *ptra; + int ret; + + key = add_key("mktme", "discard-test", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + perror("add key"); + return; + } + ptra = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + if (!ptra) { + fprintf(stderr, "Error: mmap failed. "); + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Error: invalidate failed. Key:%d\n", + key); + return; + } + ret = syscall(sys_encrypt_mprotect, ptra, PAGE_SIZE, PROT_NONE, key); + if (ret) { + fprintf(stderr, "Error: encrypt_mprotect: %d\n", ret); + goto free_memory; + } + if (keyctl(KEYCTL_INVALIDATE, key) != 0) + fprintf(stderr, "Error: test_revoke_in_use_key\n"); +free_memory: + ret = munmap(ptra, PAGE_SIZE); +} + +/* TODO: Can this be made useful? Used to reproduce a trace in Kai's setup. */ +void test_kai_madvise(void) +{ + key_serial_t key; + void *ptra; + int ret; + + key = add_key("mktme", "testkey", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + perror("add_key"); + return; + } + + /* TODO wanted MAP_FIXED here - but kept failing to mmap */ + ptra = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (!ptra) { + perror("failed to mmap"); + goto revoke_key; + } + + ret = madvise(ptra, PAGE_SIZE, MADV_MERGEABLE); + if (ret) + perror("madvise err mergeable"); + + if ((madvise(ptra, PAGE_SIZE, MADV_HUGEPAGE)) != 0) + perror("madvise err hugepage"); + + if ((madvise(ptra, PAGE_SIZE, MADV_DONTFORK)) != 0) + perror("madvise err dontfork"); + + ret = syscall(sys_encrypt_mprotect, ptra, PAGE_SIZE, PROT_NONE, key); + if (ret) + perror("mprotect error"); + + ret = munmap(ptra, PAGE_SIZE); +revoke_key: + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "invalidate failed on key [%d]\n", key); +} + +void test_one_simple_round_trip(void) +{ + long size = PAGE_SIZE * 10; + key_serial_t key; + void *ptra; + int ret; + + key = add_key("mktme", "testkey", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + perror("add_key"); + return; + } + + ptra = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (!ptra) { + perror("failed to mmap"); + goto revoke_key; + } + + ret = syscall(sys_encrypt_mprotect, ptra, size, PROT_NONE, key); + if (ret) + perror("mprotect error"); + + ret = munmap(ptra, size); +revoke_key: + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "revoke failed on key [%d]\n", key); +} + +void test_switch_key_no_data(void) +{ + key_serial_t keyA, keyB; + int ret, i; + void *buf; + + /* + * Program 2 keys: Protect with one, protect with other + */ + keyA = add_key("mktme", "keyA", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + if (keyA == -1) { + perror("add_key"); + return; + } + keyB = add_key("mktme", "keyB", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + if (keyB == -1) { + perror("add_key"); + return; + } + buf = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, + -1, 0); + if (!buf) { + perror("mmap error"); + goto revoke_key; + } + ret = syscall(sys_encrypt_mprotect, buf, PAGE_SIZE, PROT_NONE, keyA); + if (ret) + perror("mprotect error"); + + ret = syscall(sys_encrypt_mprotect, buf, PAGE_SIZE, PROT_NONE, keyB); + if (ret) + perror("mprotect error"); + +free_memory: + ret = munmap(buf, PAGE_SIZE); +revoke_key: + if (keyctl(KEYCTL_INVALIDATE, keyA) == -1) + printf("revoke failed on key [%d]\n", keyA); + if (keyctl(KEYCTL_INVALIDATE, keyB) == -1) + printf("revoke failed on key [%d]\n", keyB); +} + +void test_switch_key_mult_vmas(void) +{ + int prot = PROT_READ | PROT_WRITE; + long size = PAGE_SIZE; + int ret, i; + int loop = 12; + void *ptr[loop]; + key_serial_t firstkey; + key_serial_t nextkey; + + firstkey = add_key("mktme", "gouda", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + nextkey = add_key("mktme", "ricotta", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + + i = loop; + while (i--) { + ptr[i] = mmap(NULL, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (i % 2) { + ret = syscall(sys_encrypt_mprotect, ptr[i], + size, prot, firstkey); + if (ret) + perror("mprotect error"); + } + } + i = loop; + while (i--) { + if (i % 2) { + ret = syscall(sys_encrypt_mprotect, ptr[i], size, prot, + nextkey); + if (ret) + perror("mprotect error"); + } + } + i = loop; + while (i--) + ret = munmap(ptr[i], size); + + if (keyctl(KEYCTL_INVALIDATE, nextkey) == -1) + fprintf(stderr, "invalidate failed key %d\n", nextkey); + if (keyctl(KEYCTL_INVALIDATE, firstkey) == -1) + fprintf(stderr, "invalidate failed key %d\n", firstkey); +} + +/* Write to buf with no encrypt key, then encrypt buf */ +void test_switch_key0_to_key(void) +{ + key_serial_t key; + size_t datalen = PAGE_SIZE; + char *buf_1, *buf_2; + int ret, i; + + key = add_key("mktme", "keyA", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + if (key == -1) { + perror("add_key"); + return; + } + buf_1 = (char *)mmap(NULL, datalen, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (!buf_1) { + perror("failed to mmap"); + goto inval_key; + } + buf_2 = (char *)mmap(NULL, datalen, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + if (!buf_2) { + perror("failed to mmap"); + goto inval_key; + } + memset(buf_1, 9, datalen); + memset(buf_2, 9, datalen); + + ret = syscall(sys_encrypt_mprotect, buf_1, datalen, + PROT_READ | PROT_WRITE, key); + if (ret) + perror("mprotect error"); + + if (!memcmp(buf_1, buf_2, sizeof(buf_1))) + fprintf(stderr, "Error: bufs should not have matched\n"); + +free_memory: + ret = munmap(buf_1, datalen); + ret = munmap(buf_2, datalen); +inval_key: + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "invalidate failed on key [%d]\n", key); +} + +void test_zero_page(void) +{ + /* + * write access to the zero page, gets replaced with a newly + * allocated page. + * Can this be seen in smaps? + */ +} + diff --git a/tools/testing/selftests/x86/mktme/key_tests.c b/tools/testing/selftests/x86/mktme/key_tests.c new file mode 100644 index 000000000000..ff4c18dbf533 --- /dev/null +++ b/tools/testing/selftests/x86/mktme/key_tests.c @@ -0,0 +1,526 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Testing payload options + * + * Invalid options should return -EINVAL, not a Key. + * TODO This is just checking for the Key. + * Add a check for the actual -EINVAL return. + * + * Invalid option cases are grouped based on why they are invalid. + * Valid option cases are one large array of expected goodness + * + */ +const char *bad_type_tail = "algorithm=aes-xts-128 key=12345678123456781234567812345678 tweak=12345678123456781234567812345678"; +const char *bad_type[] = { + "type=", /* missing */ + "type=cpu, type=cpu", /* duplicate good */ + "type=cpu, type=user", + "type=user, type=user", + "type=user, type=cpu", + "type=cp", /* spelling */ + "type=cpus", + "type=pu", + "type=cpucpu", + "type=useruser", + "type=use", + "type=users", + "type=used", + "type=User", /* case */ + "type=USER", + "type=UsEr", + "type=CPU", + "type=Cpu", +}; + +const char *bad_alg_tail = "type=cpu"; +const char *bad_algorithm[] = { + "algorithm=", + "algorithm=aes-xts-12", + "algorithm=aes-xts-128aes-xts-128", + "algorithm=es-xts-128", + "algorithm=bad", + "algorithm=aes-xts-128-xxxx", + "algorithm=xxx-aes-xts-128", +}; + +const char *bad_key_tail = "type=cpu algorithm=aes-xts-128 tweak=12345678123456781234567812345678"; +const char *bad_key[] = { + "key=", + "key=0", + "key=ababababababab", + "key=blah", + "key=0123333456789abcdef", + "key=abracadabra", + "key=-1", +}; + +const char *bad_tweak_tail = "type=cpu algorithm=aes-xts-128 key=12345678123456781234567812345678"; +const char *bad_tweak[] = { + "tweak=", + "tweak=ab", + "tweak=bad", + "tweak=-1", + "tweak=000000000000000", +}; + +/* Bad, missing, repeating tokens and bad overall payload length */ +const char *bad_other[] = { + "", + " ", + "a ", + "algorithm= tweak= type= key=", + "key=aaaaaaaaaaaaaaaa tweak=aaaaaaaaaaaaaaaa type=cpu", + "algorithm=aes-xts-128 tweak=0000000000000000 tweak=aaaaaaaaaaaaaaaa key=0000000000000000 type=cpu", + "algorithm=aes-xts-128 tweak=0000000000000000 key=0000000000000000 key=0000000000000000 type=cpu", + "algorithm=aes-xts-128 tweak=0000000000000000 key=0000000000000000 type=cpu type=cpu", + "algorithm=aes-xts-128 tweak=0000000000000000 key=0000000000000000 type=cpu type=user", + "tweak=0000000000000000011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", +}; + +void test_invalid_options(const char *bad_options[], unsigned int size, + const char *good_tail, char *descrip) +{ + key_serial_t key[size]; + char options[512]; + char name[15]; + int i, ret; + + for (i = 0; i < size; i++) { + sprintf(name, "mk_inv_%d", i); + sprintf(options, "%s %s", bad_options[i], good_tail); + + key[i] = add_key("mktme", name, options, + strlen(options), + KEY_SPEC_THREAD_KEYRING); + if (key[i] > 0) + fprintf(stderr, "Error %s: [%s] accepted.\n", + descrip, bad_options[i]); + } + for (i = 0; i < size; i++) { + if (key[i] > 0) { + ret = keyctl(KEYCTL_INVALIDATE, key[i]); + if (ret == -1) + fprintf(stderr, "Key invalidate failed: [%d]\n", + key[i]); + } + } +} + +void test_keys_invalid_options(void) +{ + test_invalid_options(bad_type, ARRAY_SIZE(bad_type), + bad_type_tail, "Invalid Type Option"); + test_invalid_options(bad_algorithm, ARRAY_SIZE(bad_algorithm), + bad_alg_tail, "Invalid Algorithm Option"); + test_invalid_options(bad_key, ARRAY_SIZE(bad_key), + bad_key_tail, "Invalid Key Option"); + test_invalid_options(bad_tweak, ARRAY_SIZE(bad_tweak), + bad_tweak_tail, "Invalid Tweak Option"); + test_invalid_options(bad_other, ARRAY_SIZE(bad_other), + NULL, "Invalid Option"); +} + +const char *valid_options[] = { + "algorithm=aes-xts-128 type=user key=0123456789abcdef0123456789abcdef tweak=abababababababababababababababab", + "algorithm=aes-xts-128 type=user tweak=0123456789abcdef0123456789abcdef key=abababababababababababababababab", + "algorithm=aes-xts-128 type=user key=01010101010101010101010101010101 tweak=0123456789abcdef0123456789abcdef", + "algorithm=aes-xts-128 tweak=01010101010101010101010101010101 type=user key=0123456789abcdef0123456789abcdef", + "algorithm=aes-xts-128 key=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa tweak=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa type=user", + "algorithm=aes-xts-128 tweak=aaaaaaaaaaaaaaaa0000000000000000 key=aaaaaaaaaaaaaaaa0000000000000000 type=user", + "algorithm=aes-xts-128 type=cpu key=aaaaaaaaaaaaaaaa0123456789abcdef tweak=abababaaaaaaaaaaaaaaaaababababab", + "algorithm=aes-xts-128 type=cpu tweak=0123456aaaaaaaaaaaaaaaa789abcdef key=abababaaaaaaaaaaaaaaaaababababab", + "algorithm=aes-xts-128 type=cpu key=010101aaaaaaaaaaaaaaaa0101010101 tweak=01234567aaaaaaaaaaaaaaaa89abcdef", + "algorithm=aes-xts-128 tweak=01010101aaaaaaaaaaaaaaaa01010101 type=cpu key=012345aaaaaaaaaaaaaaaa6789abcdef", + "algorithm=aes-xts-128 key=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa tweak=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa type=cpu", + "algorithm=aes-xts-128 tweak=00000000000000000000000000000000 type=cpu", + "algorithm=aes-xts-128 key=00000000000000000000000000000000 type=cpu", + "algorithm=aes-xts-128 type=cpu", + "algorithm=aes-xts-128 tweak=00000000000000000000000000000000 key=00000000000000000000000000000000 type=cpu", + "algorithm=aes-xts-128 tweak=00000000000000000000000000000000 key=00000000000000000000000000000000 type=cpu", +}; + +void test_keys_valid_options(void) +{ + char name[15]; + int i, ret; + key_serial_t key[ARRAY_SIZE(valid_options)]; + + for (i = 0; i < ARRAY_SIZE(valid_options); i++) { + sprintf(name, "mk_val_%d", i); + key[i] = add_key("mktme", name, valid_options[i], + strlen(valid_options[i]), + KEY_SPEC_THREAD_KEYRING); + if (key[i] <= 0) + fprintf(stderr, "Fail valid option: [%s]\n", + valid_options[i]); + } + for (i = 0; i < ARRAY_SIZE(valid_options); i++) { + if (key[i] > 0) { + ret = keyctl(KEYCTL_INVALIDATE, key[i]); + if (ret) + fprintf(stderr, "Invalidate failed key[%d]\n", + key[i]); + } + } +} + +/* + * key_serial_t add_key(const char *type, const char *description, + * const void *payload, size_t plen, + * key_serial_t keyring); + * + * The Kernel Key Service should validate this. But, let's validate + * some basic syntax. MKTME Keys does NOT propose a description based + * on type and payload if no description is provided. (Some other key + * types do make that 'proposal'.) + */ + +void test_keys_descriptor(void) +{ + key_serial_t key; + + key = add_key("mktme", NULL, options_CPU_long, strlen(options_CPU_long), + KEY_SPEC_THREAD_KEYRING); + + if (errno != EINVAL) + fprintf(stderr, "Fail: expected EINVAL with NULL descriptor\n"); + + if (key > 0) + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", + strerror(errno)); + + key = add_key("mktme", "", options_CPU_long, strlen(options_CPU_long), + KEY_SPEC_THREAD_KEYRING); + + if (errno != EINVAL) + fprintf(stderr, + "Fail: expected EINVAL with empty descriptor\n"); + + if (key > 0) + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", + strerror(errno)); +} + +/* + * Test: Add multiple keys with with same descriptor + * + * Expect that the same Key Handle (key_serial_t) will be returned + * on each subsequent request for the same key. This is treated like + * a key update. + */ + +void test_keys_add_mult_same(void) +{ + int i, inval, num_keys = 5; + key_serial_t key[num_keys]; + + for (i = 1; i <= num_keys; i++) { + key[i] = add_key("mktme", "multiple_keys", + options_USER, + strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + + if (i > 1) + if (key[i] != key[i - 1]) { + fprintf(stderr, "Fail: expected same key.\n"); + inval = i; /* maybe i keys to invalidate */ + goto out; + } + } + inval = 1; /* if all works correctly, only 1 key to invalidate */ +out: + for (i = 1; i <= inval; i++) { + if (keyctl(KEYCTL_INVALIDATE, key[i]) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", + strerror(errno)); + } +} + +/* + * Add two keys with the same descriptor but different payloads. + * The result should be one key with the payload from the second + * add_key() request. Key Service recognizes the duplicate + * descriptor and allows the payload to be updated. + * + * mktme key type chooses not to support the keyctl read command. + * This means we cannot read the key payloads back to compare. + * That piece can only be verified in debug mode. + */ +void test_keys_change_payload(void) +{ + key_serial_t key_a, key_b; + + key_a = add_key("mktme", "changepay", options_USER, + strlen(options_USER), KEY_SPEC_THREAD_KEYRING); + if (key_a == -1) { + fprintf(stderr, "Failed to add test key_a: %s\n", + strerror(errno)); + return; + } + key_b = add_key("mktme", "changepay", options_CPU_long, + strlen(options_CPU_long), KEY_SPEC_THREAD_KEYRING); + if (key_b == -1) { + fprintf(stderr, "Failed to add test key_b: %s\n", + strerror(errno)); + goto out; + } + if (key_a != key_b) { + fprintf(stderr, "Fail: expected same key, got new key.\n"); + if (keyctl(KEYCTL_INVALIDATE, key_b) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", + strerror(errno)); + } +out: + if (keyctl(KEYCTL_INVALIDATE, key_a) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", strerror(errno)); +} + +/* Add a key, then discard via method parameter: revoke or invalidate */ +void test_keys_add_discard(int method) +{ + key_serial_t key; + int i; + + key = add_key("mktme", "mtest_add_discard", options_USER, + strlen(options_USER), KEY_SPEC_THREAD_KEYRING); + if (key < 0) + perror("add_key"); + + if (keyctl(method, key) == -1) + fprintf(stderr, "Key %s failed: %s\n", + ((method == KEYCTL_INVALIDATE) ? "invalidate" + : "revoke"), strerror(errno)); +} + +void test_keys_add_invalidate(void) +{ + test_keys_add_discard(KEYCTL_INVALIDATE); +} + +void test_keys_add_revoke(void) +{ + if (remove_gc_delay()) { + fprintf(stderr, "Skipping REVOKE test. Cannot set gc_delay.\n"); + return; + } + test_keys_add_discard(KEYCTL_REVOKE); + restore_gc_delay(); +} + +void test_keys_describe(void) +{ + key_serial_t key; + char buf[256]; + int ret; + + key = add_key("mktme", "describe_this_key", options_USER, + strlen(options_USER), KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + fprintf(stderr, "Add_key failed.\n"); + return; + } + if (keyctl(KEYCTL_DESCRIBE, key, buf, sizeof(buf)) == -1) { + fprintf(stderr, "%s: KEYCTL_DESCRIBE failed\n", __func__); + goto revoke_key; + } + if (strncmp(buf, "mktme", 5)) + fprintf(stderr, "Error: mktme descriptor missing.\n"); + +revoke_key: + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", strerror(errno)); +} + +void test_keys_update_explicit(void) +{ + key_serial_t key; + + key = add_key("mktme", "testkey", options_USER, strlen(options_USER), + KEY_SPEC_SESSION_KEYRING); + + if (key == -1) { + perror("add_key"); + return; + } + if (keyctl(KEYCTL_UPDATE, key, options_CPU_long, + strlen(options_CPU_long)) == -1) + fprintf(stderr, "Error: Update key failed\n"); + + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", strerror(errno)); +} + +void test_keys_update_clear(void) +{ + key_serial_t key; + + key = add_key("mktme", "testkey", options_USER, strlen(options_USER), + KEY_SPEC_SESSION_KEYRING); + + if (keyctl(KEYCTL_UPDATE, key, options_CLEAR, + strlen(options_CLEAR)) == -1) + fprintf(stderr, "update: clear key failed\n"); + + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", strerror(errno)); +} + +void test_keys_no_encrypt(void) +{ + key_serial_t key; + + key = add_key("mktme", "no_encrypt_key", options_NOENCRYPT, + strlen(options_USER), KEY_SPEC_SESSION_KEYRING); + + if (key == -1) { + fprintf(stderr, "Error: add_key type=no_encrypt failed.\n"); + return; + } + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %s\n", strerror(errno)); +} + +void test_keys_unique_keyid(void) +{ + /* + * exists[] array must be of mktme_nr_keyids + 1 size, else the + * uniqueness test will fail. OK for max_keyids under test to be + * less than mktme_nr_keyids. + */ + unsigned int exists[max_keyids + 1]; + unsigned int keyids[max_keyids + 1]; + key_serial_t key[max_keyids + 1]; + void *ptr[max_keyids + 1]; + int keys_available = 0; + char name[12]; + int i, ret; + + /* Get as many keys as possible */ + for (i = 1; i <= max_keyids; i++) { + sprintf(name, "mk_unique_%d", i); + key[i] = add_key("mktme", name, options_CPU_short, + strlen(options_CPU_short), + KEY_SPEC_THREAD_KEYRING); + if (key[i] > 0) + keys_available++; + } + /* Create mappings, encrypt them, and find the assigned KeyIDs */ + for (i = 1; i <= keys_available; i++) { + ptr[i] = mmap(NULL, PAGE_SIZE, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ret = syscall(sys_encrypt_mprotect, ptr[i], PAGE_SIZE, + PROT_NONE, key[i]); + keyids[i] = find_smaps_keyid((unsigned long)ptr[i]); + } + /* Verify the KeyID's are unique */ + memset(exists, 0, sizeof(exists)); + for (i = 1; i <= keys_available; i++) { + if (exists[keyids[i]]) + fprintf(stderr, "Error: duplicate keyid %d\n", + keyids[i]); + exists[keyids[i]] = 1; + } + + /* Clean up */ + for (i = 1; i <= keys_available; i++) { + ret = munmap(ptr[i], PAGE_SIZE); + if (keyctl(KEYCTL_INVALIDATE, key[i]) == -1) + fprintf(stderr, "Invalidate failed Serial:%d\n", + key[i]); + } + sleep(1); /* Rest a bit while keys get freed. */ +} + +void test_keys_get_max_keyids(void) +{ + key_serial_t key[max_keyids + 1]; + int keys_available = 0; + char name[12]; + int i, ret; + + for (i = 1; i <= max_keyids; i++) { + sprintf(name, "mk_get63_%d", i); + key[i] = add_key("mktme", name, options_CPU_short, + strlen(options_CPU_short), + KEY_SPEC_THREAD_KEYRING); + if (key[i] > 0) + keys_available++; + } + + fprintf(stderr, " Info: got %d of %d system keys\n", + keys_available, max_keyids); + + for (i = 1; i <= keys_available; i++) { + if (keyctl(KEYCTL_INVALIDATE, key[i]) == -1) + fprintf(stderr, "Invalidate failed Serial:%d\n", + key[i]); + } + sleep(1); /* Rest a bit while keys get freed. */ +} + +/* + * TODO: Run out of keys, release 1, grab it, repeat + * This test in not completed and is not in the run list. + */ +void test_keys_max_out(void) +{ + key_serial_t key[max_keyids + 1]; + int keys_available; + char name[12]; + int i, ret; + + /* Get all the keys or as many as possible: keys_available */ + for (i = 1; i <= max_keyids; i++) { + sprintf(name, "mk_max_%d", i); + key[i] = add_key("mktme", name, options_CPU_short, + strlen(options_CPU_short), + KEY_SPEC_THREAD_KEYRING); + if (key[i] < 0) { + fprintf(stderr, "failed to get key[%d]\n", i); + continue; + } + } + keys_available = i - 1; + if (keys_available < max_keyids) + printf("Error: only got %d keys, expected %d\n", + keys_available, max_keyids); + + for (i = 1; i <= keys_available; i++) { + if (keyctl(KEYCTL_INVALIDATE, key[i]) == -1) + fprintf(stderr, "Invalidate failed key:%d\n", key[i]); + } +} + +/* Add each type of key */ +void test_keys_add_each_type(void) +{ + key_serial_t key; + int i; + + const char *options[] = { + options_CPU_short, options_CPU_long, options_USER, + options_CLEAR, options_NOENCRYPT + }; + static const char *opt_name[] = { + "add_key cpu_short", "add_key cpu_long", "add_key user", + "add_key clear", "add_key no-encrypt" + }; + + for (i = 0; i < ARRAY_SIZE(options); i++) { + key = add_key("mktme", opt_name[i], options[i], + strlen(options[i]), KEY_SPEC_SESSION_KEYRING); + + if (key == -1) { + perror(opt_name[i]); + } else { + perror(opt_name[i]); + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + fprintf(stderr, "Key invalidate failed: %d\n", + key); + } + } +} diff --git a/tools/testing/selftests/x86/mktme/mktme_test.c b/tools/testing/selftests/x86/mktme/mktme_test.c new file mode 100644 index 000000000000..6409ccf94d4a --- /dev/null +++ b/tools/testing/selftests/x86/mktme/mktme_test.c @@ -0,0 +1,300 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Tests x86 MKTME Multi-Key Memory Protection + * + * COMPILE w keyutils library ==> cc -o mktest mktme_test.c -lkeyutils + * + * Test requires capability of CAP_SYS_RESOURCE, or CAP_SYS_ADMIN. + * $ sudo setcap 'CAP_SYS_RESOURCE+ep' mktest + * + * Some tests may require root privileges because the test needs to + * remove the garbage collection delay /proc/sys/kernel/keys/gc_delay + * while testing. This keeps the tests (and system) from appearing to + * be out of keys when keys are simply awaiting the next scheduled + * garbage collection. + * + * Documentation/x86/mktme.rst + * + * There are examples in here of: + * * how to use the Kernel Key Service MKTME API to allocate keys + * * how to use the MKTME Memory Encryption API to encrypt memory + * + * Adding Tests: + * o Each test should run independently and clean up after itself. + * o There are no dependencies among tests. + * o Tests that use a lot of keys, should consider adding sleep(), + * so that the next test isn't key-starved. + * o Make no assumptions about the order in which tests will run. + * o There are shared defines that can be used for setting + * payload options. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) +#define PAGE_SIZE sysconf(_SC_PAGE_SIZE) +#define sys_encrypt_mprotect 335 + +/* TODO get this from kernel. Add to /proc/sys/kernel/keys/ */ +int max_keyids = 63; + +/* Use these pre-defined options to simplify the add_key() setup */ +char *options_CPU_short = "algorithm=aes-xts-128 type=cpu"; +char *options_CPU_long = "algorithm=aes-xts-128 type=cpu key=12345678912345671234567891234567 tweak=12345678912345671234567891234567"; +char *options_USER = "algorithm=aes-xts-128 type=user key=12345678912345671234567891234567 tweak=12345678912345671234567891234567"; +char *options_CLEAR = "type=clear"; +char *options_NOENCRYPT = "type=no-encrypt"; + +/* Helper to check Encryption_KeyID in proc/self/smaps */ +static FILE *seek_to_smaps_entry(unsigned long addr) +{ + FILE *file; + char *line = NULL; + size_t size = 0; + unsigned long start, end; + char perms[5]; + unsigned long offset; + char dev[32]; + unsigned long inode; + char path[BUFSIZ]; + + file = fopen("/proc/self/smaps", "r"); + if (!file) { + perror("fopen smaps"); + _exit(1); + } + while (getline(&line, &size, file) > 0) { + if (sscanf(line, "%lx-%lx %s %lx %s %lu %s\n", + &start, &end, perms, &offset, dev, &inode, path) < 6) + goto next; + + if (start <= addr && addr < end) + goto out; +next: + free(line); + line = NULL; + size = 0; + } + fclose(file); + file = NULL; +out: + free(line); + return file; +} + +/* Find the KeyID for this addr from /proc/self/smaps */ +unsigned int find_smaps_keyid(unsigned long addr) +{ + unsigned int keyid = 0; + char *line = NULL; + size_t size = 0; + FILE *smaps; + + smaps = seek_to_smaps_entry(addr); + if (!smaps) { + printf("Unable to parse /proc/self/smaps\n"); + goto out; + } + while (getline(&line, &size, smaps) > 0) { + if (!strstr(line, "KeyID:")) { + free(line); + line = NULL; + size = 0; + continue; + } + if (sscanf(line, "KeyID: %5u\n", &keyid) < 1) + printf("Unable to parse smaps for KeyID:%s\n", line); + break; + } +out: + free(line); + fclose(smaps); + return keyid; +} + +/* + * Set the garbage collection delay to 0, so that keys are quickly + * available for re-use while running the selftests. + * + * Most tests use INVALIDATE to remove a key, which has no delay by + * design. But, revoke, unlink, and timeout still have a delay, so + * they should use this. + */ +char current_gc_delay[10] = {0}; +static inline int remove_gc_delay(void) +{ + int fd; + + fd = open("/proc/sys/kernel/keys/gc_delay", O_RDWR | O_NONBLOCK); + if (fd < 0) { + perror("Failed to open /proc/sys/kernel/keys/gc_delay"); + return -1; + } + if (read(fd, current_gc_delay, sizeof(current_gc_delay)) <= 0) { + perror("Failed to read /proc/sys/kernel/keys/gc_delay"); + close(fd); + return -1; + } + lseek(fd, 0, SEEK_SET); + if (write(fd, "0", sizeof(char)) != sizeof(char)) { + perror("Failed to write temp_gc_delay to gc_delay\n"); + close(fd); + return -1; + } + close(fd); + return 0; +} + +static inline void restore_gc_delay(void) +{ + int fd; + + fd = open("/proc/sys/kernel/keys/gc_delay", O_RDWR | O_NONBLOCK); + if (fd < 0) { + perror("Failed to open /proc/sys/kernel/keys/gc_delay"); + return; + } + if (write(fd, current_gc_delay, strlen(current_gc_delay)) != + strlen(current_gc_delay)) { + perror("Failed to restore gc_delay\n"); + close(fd); + return; + } + close(fd); +} + +/* + * The tests are sorted into 3 categories: + * key_test encrypt_test focus on their specific API + * flow_tests are special flows and regression tests of prior issue. + */ + +#include "key_tests.c" +#include "encrypt_tests.c" +#include "flow_tests.c" + +struct tlist { + const char *name; + void (*func)(); +}; + +static const struct tlist mktme_tests[] = { +{"Keys: Add each type key", test_keys_add_each_type }, +{"Flow: One simple roundtrip", test_one_simple_round_trip }, +{"Keys: Valid Payload Options", test_keys_valid_options }, +{"Keys: Invalid Payload Options", test_keys_invalid_options }, +{"Keys: Add Key Descriptor Field", test_keys_descriptor }, +{"Keys: Add Multiple Same", test_keys_add_mult_same }, +{"Keys: Change payload, auto update", test_keys_change_payload }, +{"Keys: Update, explicit update", test_keys_update_explicit }, +{"Keys: Update, Clear", test_keys_update_clear }, +{"Keys: Add, Invalidate Keys", test_keys_add_invalidate }, +{"Keys: Add, Revoke Keys", test_keys_add_revoke }, +{"Keys: Keyctl Describe", test_keys_describe }, +{"Keys: Clear", test_keys_update_clear }, +{"Keys: No Encrypt", test_keys_no_encrypt }, +{"Keys: Unique KeyIDs", test_keys_unique_keyid }, +{"Keys: Get Max KeyIDs", test_keys_get_max_keyids }, +{"Encrypt: Parameter Alignment", test_param_alignment }, +{"Encrypt: Change Protections", test_change_protections }, +{"Encrypt: Swap Keys", test_key_swap }, +{"Encrypt: Counters Same Key", test_counters_same }, +{"Encrypt: Counters Diff Key", test_counters_diff }, +{"Encrypt: Counters Holes", test_counters_holes }, +/* +{"Encrypt: Split", test_split }, +{"Encrypt: Well Suited", test_well_suited }, +{"Encrypt: Not Suited", test_not_suited }, +*/ +{"Flow: Switch key no data", test_switch_key_no_data }, +{"Flow: Switch key multi VMAs", test_switch_key_mult_vmas }, +{"Flow: Switch No Key to Any Key", test_switch_key0_to_key }, +{"Flow: madvise", test_kai_madvise }, +{"Flow: Invalidate In Use Key", test_discard_in_use_key }, +}; + +void print_usage(void) +{ + fprintf(stderr, "Usage: mktme_test [options]...\n" + " -a Run ALL tests\n" + " -t Run one test\n" + " -l List available tests\n" + " -h, -? Show this help\n" + ); +} + +int main(int argc, char *argv[]) +{ + int test_selected = -1; + char printtest[12]; + int trace = 0; + int i, c, err; + char *temp; + + /* + * TODO: Default case needs to run 'selftests' - a + * curated set of tests that validate functionality but + * don't hog resources. + */ + c = getopt(argc, argv, "at:lph?"); + switch (c) { + case 'a': + test_selected = -1; + printf("Test Selected [ALL]\n"); + break; + case 't': + test_selected = strtoul(optarg, &temp, 10); + printf("Test Selected [%d]\n", test_selected); + break; + case 'l': + for (i = 0; i < ARRAY_SIZE(mktme_tests); i++) + printf("[%2d] %s\n", i + 1, + mktme_tests[i].name); + exit(0); + break; + case 'p': + trace = 1; + case 'h': + case '?': + default: + print_usage(); + exit(0); + } + +/* + * if (!cpu_has_mktme()) { + * printf("MKTME not supported on this system.\n"); + * exit(0); + * } + */ + if (trace) { + printf("Pausing: start trace on PID[%d]\n", (int)getpid()); + getchar(); + } + + if (test_selected == -1) { + for (i = 0; i < ARRAY_SIZE(mktme_tests); i++) { + printf("[%2d] %s\n", i + 1, mktme_tests[i].name); + mktme_tests[i].func(); + } + printf("\nTests Completed\n"); + + } else { + if (test_selected <= ARRAY_SIZE(mktme_tests)) { + printf("[%2d] %s\n", test_selected, + mktme_tests[test_selected - 1].name); + mktme_tests[test_selected - 1].func(); + printf("\nTest Completed\n"); + } + } + exit(0); +} From patchwork Wed May 8 14:44:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935879 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 29FFE1515 for ; Wed, 8 May 2019 14:46:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1990D2844B for ; Wed, 8 May 2019 14:46:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0D8C028485; Wed, 8 May 2019 14:46:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A2D162844B for ; Wed, 8 May 2019 14:46:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BFEA46B02A4; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id B348C6B02A2; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 939836B02A4; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by kanga.kvack.org (Postfix) with ESMTP id 400006B02A2 for ; Wed, 8 May 2019 10:44:52 -0400 (EDT) Received: by mail-pf1-f200.google.com with SMTP id s26so12730857pfm.18 for ; Wed, 08 May 2019 07:44:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BHo/eOy6j5v3nHf6Oc55nLYyTszWbv+NzSETY59La88=; b=pq+0H3+SDr5Maog8jzrAbihAmzqDOsn4dirCTEUinRGbMTZgy7muiivmJl7rzDlied DLUK2C27Qo5yxxmTrCTayuml5uKkQQCqgHFkoyWKJTIog+qA7DDsh79vYd4p6ZwB8PeT t3rURqcc8/fIwg42Anbupz+lWK6zrz3oz+3H3a3iLa7L1TidhKwM+2SDoMYmYQFd1iUG R4wIGhoAF29sa8bC/XPV5xbwtAodsXIj2/Cc5EwVPkhMFOaIjxmpU7/yv6f6VpDKZyOp Pe51MlhxId3Bo3L+Jz131FotYv3o/xqvG1SPWG+jJxbgIVdbDL4Oxu28uWwsPBGOLVXM +cWA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWAOHLVMF7kD4d5HQ2+/LcXrhR7JU7NYX7ZMhlR4ai13hGqwC3g +wEsLpWqo9/Ip2B/WzqocZ693NCpCLm3dZNlWyeZhOiA/pqJTinsqu63NalHLc4vIWtnYGgs815 fIfkYAge+MIdyBjqv108CRO2ErvEmThImsYtQ8seT+ZZmtoWY/EzqFE8NWoVdBFJXZg== X-Received: by 2002:a62:5ec2:: with SMTP id s185mr50460135pfb.16.1557326691939; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqycz4KnoVxDZLEXTLFbY97oXMnlumfb9T5VOXock4iMMlng6l0Ij6LE85SoQyqFKnOqA/bL X-Received: by 2002:a62:5ec2:: with SMTP id s185mr50460031pfb.16.1557326691045; Wed, 08 May 2019 07:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326691; cv=none; d=google.com; s=arc-20160816; b=pmh3TxKAwIaYf4Xs3xlB/SgAz8Rdmyvs3At7dE43ypbi1HHkTaozBj2vBdLO9jpl0i BJlJLHrfYEV8q3RoI5aK8yq38WqHP4KGUDYoAtCKtZeBtTElJ/5JA6F5sRPO2EpWVv28 XZgevs3+O8uu6uq0avLObfgT+beinW+V23eCzCeL/hseNl3/GOkftNUvNYUW02QVQh7A QuvCclFAH8Phk7grtjCfRUVD6i8hWqZ6Ppllamw+61OkSJnOwsssIOL6mwSAVsmXIddr IInmyZFwTQymeQOU4pRJE3cDM+qfjWwUpoOLrusZojn1ZA9JfRJ2HL6raehp0oUaBoq6 L1Vg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=BHo/eOy6j5v3nHf6Oc55nLYyTszWbv+NzSETY59La88=; b=l4BmFJNi6ujpwVLHd4iP/AudR0PyLBJhgK4dZ94QBgFYt86uH4oqFCrVZqfsAsIXs7 tCk2rJupb2vupNWyR3VngZg2C++SZHNFFLHNuzblHmoiY3U03vPt41Yb9dl5pasCk3zE 8Ph+55eU4nXKmInXgHD+7fB1R9vbNU9BISgnTttIDmLCy6356SCFf2fPBx8u+vPdH9O3 bcF/Ys30JvJFNWLxcceW5swXkFxMwotQXkhv7c6b55i5ldhrAYksLCtQ9QfKeJPMGxt3 nQ/cL7DCzTXHxHlFbge/2PJdTLMF5rqTJO/ujorSO6thNbTXd2iszpq2JbJrDFFBncVS OO0g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga14.intel.com (mga14.intel.com. [192.55.52.115]) by mx.google.com with ESMTPS id d3si22507173pfc.278.2019.05.08.07.44.50 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) client-ip=192.55.52.115; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:50 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga001.jf.intel.com with ESMTP; 08 May 2019 07:44:45 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 311E210A5; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 49/62] mm, x86: export several MKTME variables Date: Wed, 8 May 2019 17:44:09 +0300 Message-Id: <20190508144422.13171-50-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Kai Huang KVM needs those variables to get/set memory encryption mask. Signed-off-by: Kai Huang Signed-off-by: Kirill A. Shutemov --- arch/x86/mm/mktme.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index df70651816a1..12f4266cf7ea 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -7,13 +7,16 @@ /* Mask to extract KeyID from physical address. */ phys_addr_t mktme_keyid_mask; +EXPORT_SYMBOL_GPL(mktme_keyid_mask); /* * Number of KeyIDs available for MKTME. * Excludes KeyID-0 which used by TME. MKTME KeyIDs start from 1. */ int mktme_nr_keyids; +EXPORT_SYMBOL_GPL(mktme_nr_keyids); /* Shift of KeyID within physical address. */ int mktme_keyid_shift; +EXPORT_SYMBOL_GPL(mktme_keyid_shift); DEFINE_STATIC_KEY_FALSE(mktme_enabled_key); EXPORT_SYMBOL_GPL(mktme_enabled_key); From patchwork Wed May 8 14:44:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935883 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6AA74924 for ; Wed, 8 May 2019 14:46:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 599A02844B for ; Wed, 8 May 2019 14:46:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4CCF628485; Wed, 8 May 2019 14:46:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D0A342844B for ; Wed, 8 May 2019 14:46:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F08B86B029E; Wed, 8 May 2019 10:44:52 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E93246B02A5; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9D7866B02A0; Wed, 8 May 2019 10:44:52 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id 3B6BC6B029E for ; Wed, 8 May 2019 10:44:52 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id c7so6537792pfp.14 for ; Wed, 08 May 2019 07:44:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=JpFf7qOa/lilxcHmFkzrT9z3goapRz8s5p1AyEi8zXs=; b=KTBKYD+jhJXYTStgAJKQ2srSCRGiDyud+tUlySCFpXMGYFMsci66EZqoK5sXhvT21/ odwlipFnaURuDTV2NCarIyXypmD9kViz5ex1UPtzKb/dqtgKN6sX0tA17kZuUKu2EctH vSPbXRTgIc8IQsFgvHxESg65AJ85RA8henD6VQCclmd/001KbZx8wjiYdAdNU90q6nRg yRSYiVtVFiCUC6+4oDLKyFr0E2y6cwiRpZ5+9+oFEvpcE0ZV4W3IDPmVewaGFjhVVlGH 0LFbWIx/bGE203NQ+s5w4nOvgSZ8ZYImr5Ger1KDB5RGBtWXKGn8wyJRt0rXKUbGIahH nw7Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVskAd+qQey+f8KJFRpNOHdmwnT3Ze9lQFPAyw5l4g6kqwwd/Ai y5bjUQbCdgkOCmwldilxQYT2guCPiP4ODm2s+mEOtdusWP3Pyg913qJKHEf/kGx8Ex3zyrjXGTz 2NZpOimRYKEfSHTrhWcR53mWVE3Y8hjbes2f/4SiLQioz9s5RXXFxNYRy25c0TKzPnQ== X-Received: by 2002:a63:2b4c:: with SMTP id r73mr48619338pgr.181.1557326691892; Wed, 08 May 2019 07:44:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqyncGI0Ea/wIdNQkV3npGq2GtEyDXPkl8TR2suFN3Sg7qoLBbNPMD0mhuWeO12Vb3wu6mJS X-Received: by 2002:a63:2b4c:: with SMTP id r73mr48619263pgr.181.1557326691235; Wed, 08 May 2019 07:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326691; cv=none; d=google.com; s=arc-20160816; b=H2wPKdBEj//zYLpIJ2xrHGuCZoyQ0pdeROaJrD31NTYBtZvRtO3g9LGwBGXfhFGvbA etVhmseRLmBxqML5SLv80M7vB0ADHmShzNPybB+1J2bitu+4E4uweoUYLbSOTd3aHJzn B7N3tu1pN3vCUkMRAksrGYb5v8KVHz1b45MHxWEOK2e/RgiaMgUU1aTdFhzftF7ATWJT V6Bfz2eXqutdAjjLouf81G76VqrG0f21mlvA20qJHpEnZxTSBwM0UUXEqvy2KCI6MbYD WNRKIIZhnpsyJP4VOorl1cS7d65TdIR16MVlcS2uWKtA63RkCCiECyfkSJ0nd/AUbK3c gkng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=JpFf7qOa/lilxcHmFkzrT9z3goapRz8s5p1AyEi8zXs=; b=k8MLdP88oGmBY8VU+UytIzwH5XDZ6LvdxDnYwvlzLVdHiIP1XE5aZF+rzJ1wsCbNUs 30XsSyMfSZm5UbEdUhwOXBq9CHF2NCyLbDaGQzzDOStBfk8PLK164LLj+NcQVVe1csmR gJq/zCH53I4DoOle2veL/l2wDDBeCeDKUlXIt+ksyLK2UAGJNjHk+myEOae7MPNM/1EB +oUx/bjHOwz02mrlePXQ0wnUbb/Bw0kMUOx2gMusAbLw7U9oPQ/QiBLqQiWkeF6EiggT rgZoXpDCugAhKlSt0ldi2yKhNQ2AuJVcCKn2rlDZq2X2k/Iw7JPpNGXKifF2rchNhtiI +93g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:50 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 08 May 2019 07:44:46 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 3BB8410AA; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 50/62] kvm, x86, mmu: setup MKTME keyID to spte for given PFN Date: Wed, 8 May 2019 17:44:10 +0300 Message-Id: <20190508144422.13171-51-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Kai Huang Setup keyID to SPTE, which will be eventually programmed to shadow MMU or EPT table, according to page's associated keyID, so that guest is able to use correct keyID to access guest memory. Note current shadow_me_mask doesn't suit MKTME's needs, since for MKTME there's no fixed memory encryption mask, but can vary from keyID 1 to maximum keyID, therefore shadow_me_mask remains 0 for MKTME. Signed-off-by: Kai Huang Signed-off-by: Kirill A. Shutemov --- arch/x86/kvm/mmu.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index d9c7b45d231f..bfee0c194161 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2899,6 +2899,22 @@ static bool kvm_is_mmio_pfn(kvm_pfn_t pfn) #define SET_SPTE_WRITE_PROTECTED_PT BIT(0) #define SET_SPTE_NEED_REMOTE_TLB_FLUSH BIT(1) +static u64 get_phys_encryption_mask(kvm_pfn_t pfn) +{ +#ifdef CONFIG_X86_INTEL_MKTME + struct page *page; + + if (!pfn_valid(pfn)) + return 0; + + page = pfn_to_page(pfn); + + return ((u64)page_keyid(page)) << mktme_keyid_shift; +#else + return shadow_me_mask; +#endif +} + static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, unsigned pte_access, int level, gfn_t gfn, kvm_pfn_t pfn, bool speculative, @@ -2945,7 +2961,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, pte_access &= ~ACC_WRITE_MASK; if (!kvm_is_mmio_pfn(pfn)) - spte |= shadow_me_mask; + spte |= get_phys_encryption_mask(pfn); spte |= (u64)pfn << PAGE_SHIFT; From patchwork Wed May 8 14:44:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935941 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 11E241515 for ; Wed, 8 May 2019 14:47:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 00BDF28485 for ; Wed, 8 May 2019 14:47:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E938D28958; Wed, 8 May 2019 14:47:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62D3728485 for ; Wed, 8 May 2019 14:47:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 84EDC6B02C7; Wed, 8 May 2019 10:46:28 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 802E16B02CA; Wed, 8 May 2019 10:46:28 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 56E6C6B02CB; Wed, 8 May 2019 10:46:28 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by kanga.kvack.org (Postfix) with ESMTP id 0AEEC6B02C7 for ; Wed, 8 May 2019 10:46:28 -0400 (EDT) Received: by mail-pf1-f197.google.com with SMTP id a141so12786431pfa.13 for ; Wed, 08 May 2019 07:46:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=C6+rU85YmF2u5coeebI+WWQ+A0Fr/0PqCfQHlswCpow=; b=fvVOpemxZrEmGlr8ArKJqalL2m6QZmxNyvrVrKuPQvR/Rb4LRbXw60NOzUYUivx7Ab nae934/73lOX5W+CogOSvR+oevp2D9JVvaJJ/cwViAcOrevy/AzV4h6YvxNYRQZZ40+5 etsspuj6IDILWz0sbZygmsGfZr4TQCqf8HhGSVJjpZKx+ghSmOyY+whcKHivE7UPgqrX YOzIXsggfqO9wfWtdNcy+oYse2jcCfsRnTZq6HMQ6v2S0XX5uOEg5e2vr6dNU/l1t0h6 ggG7jyvLYzukWc75w8alSJfjOdEqK3JLN/1Sa+APGv5yPzIz+IQQfp5YUg7xjxKBq/8Y VMvQ== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXONRsDheCGefHxTLE+8FsMCTwEUlhnEKjtyVK/B1cdjaAEKSPO TLpkGwDW3Rat9poMhJo9MmK+D/3tIzvpU/nZjK3cW5Q+AlPJQDcujQ07mAneJtqi5iqTLqRytAx nCUa1iTH8DNb4RzKvb+jAgC6zh9dls3ekqT7n4U2ObyZGjA3cG65gGGtYjE0eGePxsg== X-Received: by 2002:aa7:8190:: with SMTP id g16mr49303179pfi.92.1557326787713; Wed, 08 May 2019 07:46:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqzFSIlF/x2yrxTV5f2DesZxZR2qpouZzzYlXEGeX1GbNWC8BuGZhftM9Aw3vtKGa0r+Wy5e X-Received: by 2002:aa7:8190:: with SMTP id g16mr49291599pfi.92.1557326691967; Wed, 08 May 2019 07:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326691; cv=none; d=google.com; s=arc-20160816; b=IF1AZ6jwYyfPmHNxFIIuqrbjbw4/p9YXhSlYhIWCIkMdsy//YcdqBjnvJtmDFwNbtA BMhSq3UfghVCFBJHK5LNsuFwGDaLvO4+GNAc3ZIpBeavtfbgg3RrB2iG/KExN8keLp5G k9cS/Z15k5sUqKL9sCkGq23Mb9LUIQIg2QG9DncuzbuK+9QnxJFqDRSjzDdGLXRq6Iye kVimzbSV9uMkJxMtNREKx7eBxURophl+9qgVgKIz1vLpghJqe/piNCbrhWEzTkyFdsye O7vM4zKPSs8an28nwGxC6ykz4erF3pP3x/LjXMkjl7jV3+UEsxh8A+bXBAOOFWHZa/iF eM2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=C6+rU85YmF2u5coeebI+WWQ+A0Fr/0PqCfQHlswCpow=; b=ds2EyNm6ABc9QwHipVcsQiLyHSAP9Kh/oFGU67Ju5+9jE1jlQ5GcxXkLTV6qxKSATN /8wksPMSirvJVydxXoXr5Vw/57mBwdgCd+g2qTzdaQRHxD0Fq78A4ABt0D6wJpskJxDv 5f7oxvz3Vvlo1Z2Il9gQrVfLsUKdNrdGKnlyUwzd7Wlq6M0RP69jwLZ2O1xd09LgYLS0 I1MZYTWtoL8xzMLr8QY+870mEi+BCRygTGkLq2ZtK6zEgddlp5/Ix7MMYY3aU8ns5uvW +JqpvDeE2IqBIAnZOtUqnFJ73YHvWqS1aoxKbYqEBd3WaoBz8zpAaopY/MhGMACBaIU5 4Fuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga17.intel.com (mga17.intel.com. [192.55.52.151]) by mx.google.com with ESMTPS id b63si24289903plb.146.2019.05.08.07.44.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) client-ip=192.55.52.151; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.151 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:51 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga003.jf.intel.com with ESMTP; 08 May 2019 07:44:46 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 474571101; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 51/62] iommu/vt-d: Support MKTME in DMA remapping Date: Wed, 8 May 2019 17:44:11 +0300 Message-Id: <20190508144422.13171-52-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan When MKTME is enabled, keyid is stored in the high order bits of physical address. For DMA transactions targeting encrypted physical memory, keyid must be included in the IOVA to physical address translation. This patch appends page keyid when setting up the IOMMU PTEs. On the reverse direction, keyid bits are cleared in the physical address lookup. Mapping functions of both DMA ops and IOMMU ops are covered. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- drivers/iommu/intel-iommu.c | 29 +++++++++++++++++++++++++++-- include/linux/intel-iommu.h | 9 ++++++++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 28cb713d728c..1ff7e87e25f1 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -862,6 +862,28 @@ static void free_context_table(struct intel_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } +static inline void set_pte_mktme_keyid(unsigned long phys_pfn, + phys_addr_t *pteval) +{ + unsigned long keyid; + + if (!pfn_valid(phys_pfn)) + return; + + keyid = page_keyid(pfn_to_page(phys_pfn)); + +#ifdef CONFIG_X86_INTEL_MKTME + /* + * When MKTME is enabled, set keyid in PTE such that DMA + * remapping will include keyid in the translation from IOVA + * to physical address. This applies to both user and kernel + * allocated DMA memory. + */ + *pteval &= ~mktme_keyid_mask; + *pteval |= keyid << mktme_keyid_shift; +#endif +} + static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, unsigned long pfn, int *target_level) { @@ -888,7 +910,7 @@ static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, break; if (!dma_pte_present(pte)) { - uint64_t pteval; + phys_addr_t pteval; tmp_page = alloc_pgtable_page(domain->nid); @@ -896,7 +918,8 @@ static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, return NULL; domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE); - pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE; + pteval = (virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE; + set_pte_mktme_keyid(virt_to_dma_pfn(tmp_page), &pteval); if (cmpxchg64(&pte->val, 0ULL, pteval)) /* Someone else set it while we were thinking; use theirs. */ free_pgtable_page(tmp_page); @@ -2289,6 +2312,8 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, } } + set_pte_mktme_keyid(phys_pfn, &pteval); + /* We don't need lock here, nobody else * touches the iova range */ diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h index fa364de9db18..48a377a2b896 100644 --- a/include/linux/intel-iommu.h +++ b/include/linux/intel-iommu.h @@ -34,6 +34,8 @@ #include #include +#include + /* * VT-d hardware uses 4KiB page size regardless of host page size. @@ -603,7 +605,12 @@ static inline void dma_clear_pte(struct dma_pte *pte) static inline u64 dma_pte_addr(struct dma_pte *pte) { #ifdef CONFIG_64BIT - return pte->val & VTD_PAGE_MASK; + u64 addr = pte->val; + addr &= VTD_PAGE_MASK; +#ifdef CONFIG_X86_INTEL_MKTME + addr &= ~mktme_keyid_mask; +#endif + return addr; #else /* Must have a full atomic 64-bit read */ return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK; From patchwork Wed May 8 14:44:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935893 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D58871515 for ; Wed, 8 May 2019 14:46:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C44622844C for ; Wed, 8 May 2019 14:46:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B7F26288F8; Wed, 8 May 2019 14:46:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BAE82844C for ; Wed, 8 May 2019 14:46:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 474F16B02A2; Wed, 8 May 2019 10:44:54 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 434416B02A5; Wed, 8 May 2019 10:44:54 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 088536B02A6; Wed, 8 May 2019 10:44:54 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id B94266B02A5 for ; Wed, 8 May 2019 10:44:53 -0400 (EDT) Received: by mail-pl1-f198.google.com with SMTP id s22so11662505plq.1 for ; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=WDFDEcXg+f/4xOnB0EiSvj+2Wa4G0QK/3j1Q+39oVvk=; b=rBQWNifsWvcTks83Xfu9FzFnOpDvBlhK6iJVOnf8EX2NK6yPjKChMT9WK/psAxsEVz mYwYkJ+xfaGxPH4wRYI7TT0XIRe4gM9Sgm9qsyIs0TubSQqCBuPcgI+LYMuEfnccpEuB ullQUqL25Hn1UwLq45imkFJCmNTJBKf63P1UckxVOiuRIr7oFj1hd28loK2pJJHWgkN6 ile+1eQpbYJys+zxcjANPb8NlWjaizVN6knjdn66YTo0tWaORqXFw5G3essCqWrnv5w6 Y80ykoUH2srFsITSADJABVjmRIx3REpt1yC68Z5d1CkHlhFJsByCm2KvMIYOhgMSGZRc LWIA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAV3ai4HHZFUdF57gZ7dyuR5xzZPjdocSlymVBkVm+1KB3GhGnr6 J90op62tPZS+Bl8k3cqbmpAcMweJH/m0M5ItRymyoMp4XaVrdPtrJkYnDxF3rzPFfKNEUTWI0UD ETBslodq9QSubHlT+hVTmN8JI/Ch6Xtvx/FYFS6hQR8F5+H9xt8SKlRoVRgNLjJWd7w== X-Received: by 2002:aa7:928b:: with SMTP id j11mr49326101pfa.200.1557326693424; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqw/wMPFJGajzafW4hJmUNBiTYhjwiVjX5uroXXVc7zRWc/3VOFofsEfbByZYvnkSwkxgwJ6 X-Received: by 2002:aa7:928b:: with SMTP id j11mr49325958pfa.200.1557326692173; Wed, 08 May 2019 07:44:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326692; cv=none; d=google.com; s=arc-20160816; b=BOSPNteRkDFMi121k48cr6R6DhJ6X5ROx4IX6InSpqAWhzfyEwQzw7Gahv3gIX3uTh ifeUE/QsBmCcn3gzF4M2X8qxeWdkFyniTut3s1nPQu8p1XB1N+RALpL3BWV3JVlnuLT5 vzprdnKgb9Cb2oG0+CGep1WznhGpOgWYLVHxf0LnWxPzNejW8Ov+PIJzHtJ9WA+4e09R 4A59T77sluaeJJ9b/YJK43/3pAspZDVoN5hN9FcXC69bWMg0Aek89KAxBzSvcGxtWuyf FGPHMI9c9JamMHZ5wTclJPUeD7vZGCTlKe589QnSDC5++cqKq25G1ZeZKKmxj2IiZPFw 0AJQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=WDFDEcXg+f/4xOnB0EiSvj+2Wa4G0QK/3j1Q+39oVvk=; b=z8c6BdrSWiFZdIqkYKcPONxVfiU9gy1gUlb7QMlDMjubqNyNgoV0xEvUdy95v0LcbW fJX8bXOAcRkrUBmrbLljpIrUiczqBmNLAc8j8vBVgbS2DxieABppA8LpFiT8U3+Qg5Sc iDWsJqNTZSos/RxL+sNBmm7Z20bhs3M3eQZlTqevg3R7bHQ/H9N67n36IWQ5eGGeqjxB XLTr9/FqpwrRnDqJtXemEzgD9qDUpUaCb282I+33sjYmZAu+T/Zb9RaG3pg2taMn8VgL gwf176VLMNGRpVADCLlyMNQdObVJX9UNazPH6sa7cInxBmLYNDWAqN3GsjKWvfaPHA/x CZkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id i4si16013585pfa.218.2019.05.08.07.44.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:51 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 08 May 2019 07:44:46 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 51F061123; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 52/62] x86/mm: introduce common code for mem encryption Date: Wed, 8 May 2019 17:44:12 +0300 Message-Id: <20190508144422.13171-53-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan Both Intel MKTME and AMD SME have needs to support DMA address translation with encryption related bits. Common functions are introduced in this patch to keep DMA generic code abstracted. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 4 ++++ arch/x86/mm/Makefile | 1 + arch/x86/mm/mem_encrypt_common.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 arch/x86/mm/mem_encrypt_common.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 62cfb381fee3..ce9642e2c31b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1505,11 +1505,15 @@ config X86_CPA_STATISTICS config ARCH_HAS_MEM_ENCRYPT def_bool y +config X86_MEM_ENCRYPT_COMMON + def_bool n + config AMD_MEM_ENCRYPT bool "AMD Secure Memory Encryption (SME) support" depends on X86_64 && CPU_SUP_AMD select DYNAMIC_PHYSICAL_MASK select ARCH_USE_MEMREMAP_PROT + select X86_MEM_ENCRYPT_COMMON ---help--- Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 4ebee899c363..89dddbc01b1b 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -55,3 +55,4 @@ obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o obj-$(CONFIG_X86_INTEL_MKTME) += mktme.o +obj-$(CONFIG_X86_MEM_ENCRYPT_COMMON) += mem_encrypt_common.o diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c new file mode 100644 index 000000000000..2adee65eec46 --- /dev/null +++ b/arch/x86/mm/mem_encrypt_common.c @@ -0,0 +1,28 @@ +#include +#include +#include + +/* + * Encryption bits need to be set and cleared for both Intel MKTME and + * AMD SME when converting between DMA address and physical address. + */ +dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + unsigned long keyid; + + if (sme_active()) + return __sme_set(daddr); + keyid = page_keyid(pfn_to_page(__phys_to_pfn(paddr))); + + return (daddr & ~mktme_keyid_mask) | (keyid << mktme_keyid_shift); +} +EXPORT_SYMBOL_GPL(__mem_encrypt_dma_set); + +phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + if (sme_active()) + return __sme_clr(paddr); + + return paddr & ~mktme_keyid_mask; +} +EXPORT_SYMBOL_GPL(__mem_encrypt_dma_clear); From patchwork Wed May 8 14:44:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935885 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 41414924 for ; Wed, 8 May 2019 14:46:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 310D32844C for ; Wed, 8 May 2019 14:46:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 246E1288F8; Wed, 8 May 2019 14:46:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B96F2844C for ; Wed, 8 May 2019 14:46:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id F0D5A6B02A8; Wed, 8 May 2019 10:44:53 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id DF6526B02A2; Wed, 8 May 2019 10:44:53 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CBCB76B02A7; Wed, 8 May 2019 10:44:53 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by kanga.kvack.org (Postfix) with ESMTP id 89C5A6B02A0 for ; Wed, 8 May 2019 10:44:53 -0400 (EDT) Received: by mail-pf1-f199.google.com with SMTP id c7so6537816pfp.14 for ; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BgUXVgL6FkazvI2b18Syn+j1NwXwqEISW+VcLEk+rCs=; b=Twu3UflJlEBd8twumZQUvJe2qD+9geNMS/Ux2K2zKmJS85NPGaXEfyoOgWJ8qV9iEB FenD4VW5z3hNJeo9aXbB8H3t3WY7eFbwfndxl27uLueRcPdnG3itx6Z40+FM2Tyq2M4R qgn8+U3bObmYmEgWfW6fPMbdJsIvqQpxBnLKnztwlqtrJe/nLhyriA38tiwCG8MkrYLN XcFVTsCto2nYjglGnlNs9s2q5tqMNarKJkNyqF4s3lAt21Y4blDkdlFNZ6e2/WR/kL+W NCnFOjj1mickG0okTary1DgVl7zhXVWQ4vr4TrXvzs3ubm0Z93hd1TwjnicqjqWfCBeB 3Rww== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU71/jc1OctkimambMZ3IYCIucbBQNr8huYpJ+HQ7Ew/rJapxVL vFw2d9QZH7fzyVKi/6CFZmE+v6q6fm1BoB+usm2gqkTjXLZM7vb7fV7WsW56CgqYYQpQZq2DRBN C/yrpofw8l+wsmCgO7dbFrI07G1n4cyiE0/n85uuTSvLE8qxh79muwSB5JPtHbceucA== X-Received: by 2002:a62:5b81:: with SMTP id p123mr26533217pfb.158.1557326693196; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqzlFVsWyYZXfr5seLf21ay7CZTHeVxg66yL1fe789A6go9Fb8R9GD65JJcN4Rw0NBvyihWf X-Received: by 2002:a62:5b81:: with SMTP id p123mr26533057pfb.158.1557326691800; Wed, 08 May 2019 07:44:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326691; cv=none; d=google.com; s=arc-20160816; b=zK6Icywny79LnCRO6pPgb5oH8dOGjaIYr2KUeKzd0brvkQ+qxLAy86zTzRSAZxH3bP mupn7chlDXiIBNVQ04TSR1VVx6C45ZZQ0NIqM8o0eGot3H+edcghXkUz9gmEzV5BBXIt 5meRFUIEdedff+Zs3DfwFvZbWaz0el9OxhnfGyVbxLAfSpX2P+0As1whYfKYPLRPZjkR dcF80uPbB+djRh3IyGjHxnXDYbcggt8nuez3X5wCJiWFL/BaBi8SCd8gbehMhfDk8Qjg 0gy56SJ1RHwxTMAXQlGv5oqF9dANqsnvKvNR3zuzFt3NagTf3P+NRJ1rt1Vmik6t2gHR D/vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=BgUXVgL6FkazvI2b18Syn+j1NwXwqEISW+VcLEk+rCs=; b=HH7NWf6bX09TdYdMzAKxj63KbzX81aeBhVLdEKxhVRhM2Le4QPJGOyzB6Xft8hIQii Hh7olXT1WZiBm4Wye4VNWvGvHJdMwPsoHjREzvFl5349s18vDnpCQcI70oJRjZ56Ic2m tHu2ky96Irex7yIlvRe52skfOBa2+Vix9Vb9rBetTog7Za9QI1E1NdudioSRnQvsdyXq dE3PXZ9oIHZCWFHQhi+OP9tv69LoFqO5fXGPBqx5KiLf72oIH9DDbGFyJjcPNpOeQvug kppE1Mi5rn8zDr51/S6mRFjRfZ6lol0s2jT8ASHg2DBeXWWrSavacNe26TVcd0d1rDGw skgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga12.intel.com (mga12.intel.com. [192.55.52.136]) by mx.google.com with ESMTPS id s184si23372828pfs.275.2019.05.08.07.44.51 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) client-ip=192.55.52.136; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:51 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga007.jf.intel.com with ESMTP; 08 May 2019 07:44:46 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 5D8901124; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 53/62] x86/mm: Use common code for DMA memory encryption Date: Wed, 8 May 2019 17:44:13 +0300 Message-Id: <20190508144422.13171-54-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan Replace sme_ code with x86 memory encryption common code such that Intel MKTME can be supported underneath generic DMA code. dma_to_phys() & phys_to_dma() results will be runtime modified by memory encryption code. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mem_encrypt.h | 29 +++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt_common.c | 2 +- include/linux/dma-direct.h | 4 ++-- include/linux/mem_encrypt.h | 23 ++++++++++------------- 4 files changed, 42 insertions(+), 16 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 616f8e637bc3..a2b69cbb0e41 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -55,8 +55,19 @@ bool sev_active(void); #define __bss_decrypted __attribute__((__section__(".bss..decrypted"))) +/* + * The __sme_set() and __sme_clr() macros are useful for adding or removing + * the encryption mask from a value (e.g. when dealing with pagetable + * entries). + */ +#define __sme_set(x) ((x) | sme_me_mask) +#define __sme_clr(x) ((x) & ~sme_me_mask) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ +#define __sme_set(x) (x) +#define __sme_clr(x) (x) + #define sme_me_mask 0ULL static inline void __init sme_early_encrypt(resource_size_t paddr, @@ -97,4 +108,22 @@ extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypte #endif /* __ASSEMBLY__ */ +#ifdef CONFIG_X86_MEM_ENCRYPT_COMMON + +extern dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr); +extern phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr); + +#else +static inline dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + return daddr; +} + +static inline phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + return paddr; +} +#endif /* CONFIG_X86_MEM_ENCRYPT_COMMON */ + + #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c index 2adee65eec46..dcc5c710a235 100644 --- a/arch/x86/mm/mem_encrypt_common.c +++ b/arch/x86/mm/mem_encrypt_common.c @@ -1,5 +1,5 @@ #include -#include +#include #include /* diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index b7338702592a..a949adeb6558 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -40,12 +40,12 @@ static inline bool dma_capable(struct device *dev, dma_addr_t addr, size_t size) */ static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr) { - return __sme_set(__phys_to_dma(dev, paddr)); + return __mem_encrypt_dma_set(__phys_to_dma(dev, paddr), paddr); } static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t daddr) { - return __sme_clr(__dma_to_phys(dev, daddr)); + return __mem_encrypt_dma_clear(__dma_to_phys(dev, daddr)); } u64 dma_direct_get_required_mask(struct device *dev); diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h index b310a9c18113..ce8ff0ead16c 100644 --- a/include/linux/mem_encrypt.h +++ b/include/linux/mem_encrypt.h @@ -26,6 +26,16 @@ static inline bool sme_active(void) { return false; } static inline bool sev_active(void) { return false; } +static inline dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + return daddr; +} + +static inline phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + return paddr; +} + #endif /* CONFIG_ARCH_HAS_MEM_ENCRYPT */ static inline bool mem_encrypt_active(void) @@ -38,19 +48,6 @@ static inline u64 sme_get_me_mask(void) return sme_me_mask; } -#ifdef CONFIG_AMD_MEM_ENCRYPT -/* - * The __sme_set() and __sme_clr() macros are useful for adding or removing - * the encryption mask from a value (e.g. when dealing with pagetable - * entries). - */ -#define __sme_set(x) ((x) | sme_me_mask) -#define __sme_clr(x) ((x) & ~sme_me_mask) -#else -#define __sme_set(x) (x) -#define __sme_clr(x) (x) -#endif - #endif /* __ASSEMBLY__ */ #endif /* __MEM_ENCRYPT_H__ */ From patchwork Wed May 8 14:44:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935889 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 27ED71515 for ; Wed, 8 May 2019 14:46:41 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 173262844C for ; Wed, 8 May 2019 14:46:41 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0B1A3288F8; Wed, 8 May 2019 14:46:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7A6DB2844C for ; Wed, 8 May 2019 14:46:40 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C1FD6B02A0; Wed, 8 May 2019 10:44:54 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id F09626B02A7; Wed, 8 May 2019 10:44:53 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D0AE16B02A6; Wed, 8 May 2019 10:44:53 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f198.google.com (mail-pg1-f198.google.com [209.85.215.198]) by kanga.kvack.org (Postfix) with ESMTP id 9236F6B02A2 for ; Wed, 8 May 2019 10:44:53 -0400 (EDT) Received: by mail-pg1-f198.google.com with SMTP id x13so12797793pgl.10 for ; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ErLNP2t/2r70xowRLHa6YSi8qQGCcGwICK6NMrzI+98=; b=lHShVbSJ0HCxugr6lj2t5xSBuTzjjGbwuMnTyhw0KDWtda2kioLrUizaz5wTw0LHlS G1FkXJ0oUygopW6bLIfXpRQGXyyKCtOG7OGEryEv0XUD8Ch6ozSZ/f8dTVU+o0UC83Vu /S7JZf2bANNpIcClT62O5nrz4AZG4vxIpVK0Q9k40iY0Vi53HiTxTugM6ZUhDKJDR/vA 4/Dqhz6bxQm1DJJPDGzJAaLBmckZHhwaj953DhQyaEMaTmO1ZHfhhP1jkcuGMVmYTcz/ u1qtV0jw111NIv3qjE4AwYwP2jotgQgZ/iaTjXoJFdXnjkNOXafvRmSpx2AvcAs0fiP8 c0BA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVQVohXvwkyNhhAl8Bcmueh9nIDo6GZn6PxvlMaDJ6xiwoQM4S6 hsZsAqN9HmWjGEhoNShyTYAjKdcpDBJhqNF0sVfOivfRTxqO7sxEzHEQ2yDzM6EK8baTDqQH6QD REl9FMG8BwuOj7BQpxNwdJ7mYHGMpOPNJwxbsrbPQW2ljN9heB7xcUW6bRrDYdD87kA== X-Received: by 2002:a65:610a:: with SMTP id z10mr47537143pgu.54.1557326693229; Wed, 08 May 2019 07:44:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqxfyDDV7cXYZ/fpZVUOKKD1p0jt35533WG7+5ZbrLIbm7gUEWOYCQcfs/lJjY5M62PAYzfY X-Received: by 2002:a65:610a:: with SMTP id z10mr47537050pgu.54.1557326692415; Wed, 08 May 2019 07:44:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326692; cv=none; d=google.com; s=arc-20160816; b=K31RUxQR2lu6/TW9kHtZKkDqRgHr9FHLvKyvz7fsaQsvRmXst5qxZjkYTV340Qo9UY 86W4qr3mGfKTMc6HKNQHOE1sFAG5GpaVnrijHTNncdcOfkFTXg8+iDZWR9bhQFarM2xV 9OH4zcKI0cmBZ97KbKv5nhrQI0PJD2U+kkAcC55Vzjxt036yUHv36J5jtsmWUSAufPMu COgoNVzcrI1wFbznTHSz97BTdFvE54/yF5V7oxDn3FLc1fiCkrzCK8m0ZeCKHggldzaX uL6O+tJmo28YLKknLcUEy3uvXhKFOW+xsltMyaTKnJkE9MVEL+5oNIAKGeS0rgWQ/Vb2 jftQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=ErLNP2t/2r70xowRLHa6YSi8qQGCcGwICK6NMrzI+98=; b=0mdYpUmqgH+/kY6rLcbLnJ862paGJ53USmppB5tS1P0IAUD3fBIBczbbhbTWDYOLUm Oq5RobpzvQ/Am3dozPWJAy4bWkVKELpUj1qhitwqbFi5G9312GE2CcXBsI2oyxk6FHg1 zAe7w615xrpFkeNK5KVI42AlDJKKljiNZzr5ERdaLSdCOjKssnI1BjvRRBUxbk9OaZ9c z6T/huGDan0YZwm+FRgUiDF94g893NAyBQmChvrelIo7fTYV0LpANWVVemW7WC3RAKku pbMiQluw9TZxJqi/NNNRv1MTC4Xmu3exbU8YCGV9rR6bIQ2IBSRDqSJbJn93j9RrOU7D r2Gw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id i4si16013585pfa.218.2019.05.08.07.44.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:51 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga005.jf.intel.com with ESMTP; 08 May 2019 07:44:46 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 672C3116A; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 54/62] x86/mm: Disable MKTME on incompatible platform configurations Date: Wed, 8 May 2019 17:44:14 +0300 Message-Id: <20190508144422.13171-55-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Icelake Server requires additional check to make sure that MKTME usage is safe on Linux. Kernel needs a way to access encrypted memory. There can be different approaches to this: create a temporary mapping to access the page (using kmap() interface), modify kernel's direct mapping on allocation of encrypted page. In order to minimize runtime overhead, the Linux MKTME implementation uses multiple direct mappings, one per-KeyID. Kernel uses the direct mapping that is relevant for the page at the moment. Icelake Server in some configurations doesn't allow a page to be mapped with multiple KeyIDs at the same time. Even if only one of KeyIDs is actively used. It conflicts with the Linux MKTME implementation. OS can check if it's safe to map the same with multiple KeyIDs by examining bit 8 of MSR 0x6F. If the bit is set we cannot safely use MKTME on Linux. The user can disable the Directory Mode in BIOS setup to get the platform into Linux-compatible mode. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/intel-family.h | 2 ++ arch/x86/kernel/cpu/intel.c | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h index 9f15384c504a..6a633af144aa 100644 --- a/arch/x86/include/asm/intel-family.h +++ b/arch/x86/include/asm/intel-family.h @@ -53,6 +53,8 @@ #define INTEL_FAM6_CANNONLAKE_MOBILE 0x66 #define INTEL_FAM6_ICELAKE_MOBILE 0x7E +#define INTEL_FAM6_ICELAKE_X 0x6A +#define INTEL_FAM6_ICELAKE_XEON_D 0x6C /* "Small Core" Processors (Atom) */ diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index f402a74c00a1..3fc318f699d3 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -19,6 +19,7 @@ #include #include #include +#include #ifdef CONFIG_X86_64 #include @@ -531,6 +532,16 @@ static void detect_vmx_virtcap(struct cpuinfo_x86 *c) #define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ #define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 +#define MSR_ICX_MKTME_STATUS 0x6F +#define MKTME_ALIASES_FORBIDDEN(x) (x & BIT(8)) + +/* Need to check MSR_ICX_MKTME_STATUS for these CPUs */ +static const struct x86_cpu_id mktme_status_msr_ids[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ICELAKE_X }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ICELAKE_XEON_D }, + {} +}; + /* Values for mktme_status (SW only construct) */ #define MKTME_ENABLED 0 #define MKTME_DISABLED 1 @@ -564,6 +575,17 @@ static void detect_tme(struct cpuinfo_x86 *c) return; } + /* Icelake Server quirk: do not enable MKTME if aliases are forbidden */ + if (x86_match_cpu(mktme_status_msr_ids)) { + u64 mktme_status; + rdmsrl(MSR_ICX_MKTME_STATUS, mktme_status); + + if (MKTME_ALIASES_FORBIDDEN(mktme_status)) { + pr_err_once("x86/tme: Directory Mode is enabled in BIOS\n"); + mktme_status = MKTME_DISABLED; + } + } + if (mktme_status != MKTME_UNINITIALIZED) goto detect_keyid_bits; From patchwork Wed May 8 14:44:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935949 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D9F25924 for ; Wed, 8 May 2019 14:47:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CA2B42844C for ; Wed, 8 May 2019 14:47:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BD8EF2890F; Wed, 8 May 2019 14:47:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42BE02844C for ; Wed, 8 May 2019 14:47:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 542376B02CE; Wed, 8 May 2019 10:46:40 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4F3726B02D0; Wed, 8 May 2019 10:46:40 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F78E6B02D1; Wed, 8 May 2019 10:46:40 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id ECA326B02CE for ; Wed, 8 May 2019 10:46:39 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id a8so12756163pgq.22 for ; Wed, 08 May 2019 07:46:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=X9QkOLXl8U4kOl6hj7oonvayj1eU917miOT+8zfFaek=; b=jIzWQRS8+QFHCBQLRudGMq96QzdIBRsUIrX52FSz7VJQiySeDh6P/eQmI8jNRMajDC /UEKMsZI5ZgbgC6SpRbRRxbajBIp/71Ml017O39aBjV+JceDQOmkYCi3JbGBHhq6s8xY a1VL6sPy6fLGuZM3udIu1kaS4vjhpnbmZctQj91k+V7HmvC4gK88NOrHNcXtIjhAVI9T ufT5USxFX9Iy4aHPfYufijgJ7YrMVryTlOAWHjSp2Euwk3lB2EM5EJKoNVjdKYliHJfG vZIJd5W9L2WboVPrYryg66jH57FhZG0Uuo+xZbaPw6BPhU29ALfG2coMeEx0Xo7bro4L 97Qg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXtN+QqSTaEFkkM5Mr2Fsa7/8OCVwth4wc+/c0q5H3wcsWQtWAX 6hgwHKqG317VDC5O2YQB85Ts83CrEKJXxYZ3zhXvopt4TkUbmSzTCX7n28o1VNQL32FkZ/L9Bgm 1XuEVnpa+aCoAYyZBLt1ceP6ueNpjWJ4BunnoOaENAGnPG4Vlpd2h7n8RUvCxHUaKFA== X-Received: by 2002:a63:5041:: with SMTP id q1mr47708733pgl.386.1557326799613; Wed, 08 May 2019 07:46:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqxjugaw7kVdR4h8rravtx3RIbF8E1V4it2giQ7Rt0X4RsCX5l3KJWNO3x5EZKi3AzbrneyN X-Received: by 2002:a63:5041:: with SMTP id q1mr47696417pgl.386.1557326693817; Wed, 08 May 2019 07:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326693; cv=none; d=google.com; s=arc-20160816; b=g7um2pu0rIEqNyouRp3lGMFyBWb5e+0gqoEHcs5lcx6jH3azG4i08OMndTnau+j5kC vLUd4Wi7u43yWF5jkl+QwNKc569THM/FJNd62ScDgi9dAZ81wqKeV3MhPuAfh/D0sYZ8 7S6tlqCY5Bgsy7WChbNhF0CrfKBtUwLcRuSq2TPIHt/6FEj8IuL5WwUgmCXwrArN0HYR 0grjP0pghXcGXN06kbjly4OFetdPH7P3hVw0pZa5UxBXnGmI4q5MuaMJ7LfOIFg7vUxw G/tMqop+QolXxQm8+IHlXPRQ0YLUwjkJhCZGEfbxJw9VaJ0Cfze+BK6S6GhdfyOJ12++ VFYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=X9QkOLXl8U4kOl6hj7oonvayj1eU917miOT+8zfFaek=; b=VKhYOnp5PkMtILTnTZDmiDxjhshd6uD87mSXm7KcH3xAOxfBX3RwLnSsmSKposkcLZ w1I0j9Gdz+v8s1I0NlLiGSDYcAYTMxmF7KmAMK4qvqD7joJmufbvGg8Ze46qOhfaRd2G IklqqvEbYZNwfCwpPM+1EQYDQqVvzc6I8UMv1C0dxHYOf52aQXAB7fdtCAvtjp5ObgkW RAOY/MNVMzB1taflAVPVuL+jUHUDIiiJcS4NMyBAZJhpM5QP1rD5U8FpJw9Gdw3k6FXZ kd8Ku/3eeoH2Ay7+rpZQZLMZxyzD0ZDzvqflOuV54NomAB9fT7mfKSa/WASoLuSKMAEl HE4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga09.intel.com (mga09.intel.com. [134.134.136.24]) by mx.google.com with ESMTPS id d11si23177393pgj.84.2019.05.08.07.44.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) client-ip=134.134.136.24; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 08 May 2019 07:44:48 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 721A41175; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 55/62] x86/mm: Disable MKTME if not all system memory supports encryption Date: Wed, 8 May 2019 17:44:15 +0300 Message-Id: <20190508144422.13171-56-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP UEFI memory attribute EFI_MEMORY_CPU_CRYPTO indicates whether the memory region supports encryption. Kernel doesn't handle situation when only part of the system memory supports encryption. Disable MKTME if not all system memory supports encryption. Signed-off-by: Kirill A. Shutemov --- arch/x86/mm/mktme.c | 29 +++++++++++++++++++++++++++++ drivers/firmware/efi/efi.c | 25 +++++++++++++------------ include/linux/efi.h | 1 + 3 files changed, 43 insertions(+), 12 deletions(-) diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 12f4266cf7ea..60b479686ea5 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,6 +1,7 @@ #include #include #include +#include #include #include #include @@ -33,9 +34,37 @@ void mktme_disable(void) static bool need_page_mktme(void) { + int nid; + /* Make sure keyid doesn't collide with extended page flags */ BUILD_BUG_ON(__NR_PAGE_EXT_FLAGS > 16); + for_each_node_state(nid, N_MEMORY) { + const efi_memory_desc_t *md; + unsigned long node_start, node_end; + + node_start = node_start_pfn(nid) << PAGE_SHIFT; + node_end = node_end_pfn(nid) << PAGE_SHIFT; + + for_each_efi_memory_desc(md) { + u64 efi_start = md->phys_addr; + u64 efi_end = md->phys_addr + PAGE_SIZE * md->num_pages; + + if (md->attribute & EFI_MEMORY_CPU_CRYPTO) + continue; + if (efi_start > node_end) + continue; + if (efi_end < node_start) + continue; + + printk("Memory range %#llx-%#llx: doesn't support encryption\n", + efi_start, efi_end); + printk("Disable MKTME\n"); + mktme_disable(); + break; + } + } + return !!mktme_nr_keyids; } diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index 55b77c576c42..239b2edc78d3 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -848,25 +848,26 @@ char * __init efi_md_typeattr_format(char *buf, size_t size, if (attr & ~(EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT | EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_RO | EFI_MEMORY_WP | EFI_MEMORY_RP | EFI_MEMORY_XP | - EFI_MEMORY_NV | + EFI_MEMORY_NV | EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_RUNTIME | EFI_MEMORY_MORE_RELIABLE)) snprintf(pos, size, "|attr=0x%016llx]", (unsigned long long)attr); else snprintf(pos, size, - "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]", + "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]", attr & EFI_MEMORY_RUNTIME ? "RUN" : "", attr & EFI_MEMORY_MORE_RELIABLE ? "MR" : "", - attr & EFI_MEMORY_NV ? "NV" : "", - attr & EFI_MEMORY_XP ? "XP" : "", - attr & EFI_MEMORY_RP ? "RP" : "", - attr & EFI_MEMORY_WP ? "WP" : "", - attr & EFI_MEMORY_RO ? "RO" : "", - attr & EFI_MEMORY_UCE ? "UCE" : "", - attr & EFI_MEMORY_WB ? "WB" : "", - attr & EFI_MEMORY_WT ? "WT" : "", - attr & EFI_MEMORY_WC ? "WC" : "", - attr & EFI_MEMORY_UC ? "UC" : ""); + attr & EFI_MEMORY_NV ? "NV" : "", + attr & EFI_MEMORY_CPU_CRYPTO ? "CR" : "", + attr & EFI_MEMORY_XP ? "XP" : "", + attr & EFI_MEMORY_RP ? "RP" : "", + attr & EFI_MEMORY_WP ? "WP" : "", + attr & EFI_MEMORY_RO ? "RO" : "", + attr & EFI_MEMORY_UCE ? "UCE" : "", + attr & EFI_MEMORY_WB ? "WB" : "", + attr & EFI_MEMORY_WT ? "WT" : "", + attr & EFI_MEMORY_WC ? "WC" : "", + attr & EFI_MEMORY_UC ? "UC" : ""); return buf; } diff --git a/include/linux/efi.h b/include/linux/efi.h index 6ebc2098cfe1..4b2d0b1a75dc 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -112,6 +112,7 @@ typedef struct { #define EFI_MEMORY_MORE_RELIABLE \ ((u64)0x0000000000010000ULL) /* higher reliability */ #define EFI_MEMORY_RO ((u64)0x0000000000020000ULL) /* read-only */ +#define EFI_MEMORY_CPU_CRYPTO ((u64)0x0000000000080000ULL) /* memory encryption supported */ #define EFI_MEMORY_RUNTIME ((u64)0x8000000000000000ULL) /* range requires runtime mapping */ #define EFI_MEMORY_DESCRIPTOR_VERSION 1 From patchwork Wed May 8 14:44:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935895 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F39361515 for ; Wed, 8 May 2019 14:46:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E44372844B for ; Wed, 8 May 2019 14:46:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D852928485; Wed, 8 May 2019 14:46:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 73F822844B for ; Wed, 8 May 2019 14:46:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4F7466B02A5; Wed, 8 May 2019 10:44:55 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 4D9326B02A9; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F8456B02AA; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id E9DEC6B02A5 for ; Wed, 8 May 2019 10:44:54 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id m35so12801984pgl.6 for ; Wed, 08 May 2019 07:44:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=o5KW25YTExVeHUad5j7wl2zSQfDlvno755Y/jyretlU=; b=YjMpnczf1sj3r9WwDsppEcRWlJ34EWjHWhih/McREgald07K5phgzr7jyhK0Uxbd81 29YMZuLZQWc404I8bWN487eL4UzDczfQF1GvhK/gEvW25XYhZklOLsyetDyKfY8R32tp omP0It0oMbLILV3LHhtsuEUJNmtQWwMGbr2o6b1aIo/IAnx5nMsLU88oKdCUA7E6soBV C99wCznrRadQx+26e81MOsSVTHfaC3XfoYiK9kiOHhvxWaxowzehTxySE2RGv3cwOj0L yXL5RD+qCSYoe+CAQrwPNrH2OqlOtBDEPNoavCkvEGG0xn2xZ9DXVMCEcpt4JYHEnfZc 385Q== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAU5VyTg6641an1GsbRF3pY0pwefgLJqeCJu3H7+A5RlY50JhgtR gAHQBzXWwPv9dssBWGnIGmzrVBjfBOwddMRgmPfzqzxlPESRJf3skhDpyqGckSm2+fgMpUUy1US H3xijnHRWuUWsayd8u7yi4sf8JSgqYvaZFWBTErfyNw83s1ObAIRCM0H9mUJ1AicExQ== X-Received: by 2002:aa7:8383:: with SMTP id u3mr48407387pfm.245.1557326694620; Wed, 08 May 2019 07:44:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqxpUIi65AOZpDSCDOqLyynHRdEE8GyBRXsxcm3SFw1O8WMgQRSxBE/pQA/Ln7IPzJFNWnUj X-Received: by 2002:aa7:8383:: with SMTP id u3mr48407267pfm.245.1557326693434; Wed, 08 May 2019 07:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326693; cv=none; d=google.com; s=arc-20160816; b=owe/5F09UUIrtXPYh4H14KVqL4Q3j621/RNH4oXFoTMKVRcu6RWsKj9KQ7IVXHEfnS HuMabXI05U0p6Qb4bDW/4ugTyAs7b1PjW/kUalbzGAIBRx/4mNdDAjS0XTU2zhXK8q7c 2mcM3Yxct8OiEHUDyyHFn0IGzuYT2J/Koqapb9B9XKdO8myBVGIXWhgU1CpKfp9XO/LL K0wYh1uYz/ZxZ7Wasi4bh119GKnqcs3jYib3Vh0RyK+pJowkqXJ/NpNNIDwL3Pns2Bby ia6cNz/9ul9ZqE5oqTXi3/DF6wEQZ0+K7OkftziCfHVWIrBRIf4bnk8nORshi4dGgDBv J/Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=o5KW25YTExVeHUad5j7wl2zSQfDlvno755Y/jyretlU=; b=E850BiV0bxzgEE8B9eTL/4FOE4+N0VH98cBAFvDUC0xzLvHplJTZ0mkX+UbmEnSvnv mwP2bgkOGOjcRMZHZTnqx9H9viaFzt+tOsP3JJJOpns69hhrIsgug+G6tmqGiMxk2dnW Buzlw1yfl1QBWL3773isKf7d3Rlq1mYeTftDz6nlp6t7dzJMTxWMKipn3zKTvtgbdHxQ o9PwB+sxlmrJv952/UVgbWH2rIv2PhwnEaVYOBMYNGF370m9bq9865vqn1HrPMu8R1+F QaZqHMX0xWTyiIw0HBSchX0tDWBJoM4xDV8j5wpqRqxHCVeR/ZuW3pP7FS8L/Vuh0/UP WzDg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga01.intel.com (mga01.intel.com. [192.55.52.88]) by mx.google.com with ESMTPS id g13si12322802pgs.161.2019.05.08.07.44.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) client-ip=192.55.52.88; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.88 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga004.fm.intel.com with ESMTP; 08 May 2019 07:44:48 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 7CDA2117C; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 56/62] x86: Introduce CONFIG_X86_INTEL_MKTME Date: Wed, 8 May 2019 17:44:16 +0300 Message-Id: <20190508144422.13171-57-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Add new config option to enabled/disable Multi-Key Total Memory Encryption support. Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index ce9642e2c31b..4d2cfee50102 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1533,6 +1533,27 @@ config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT If set to N, then the encryption of system memory can be activated with the mem_encrypt=on command line option. +config X86_INTEL_MKTME + bool "Intel Multi-Key Total Memory Encryption" + select DYNAMIC_PHYSICAL_MASK + select PAGE_EXTENSION + select X86_MEM_ENCRYPT_COMMON + depends on X86_64 && CPU_SUP_INTEL && !KASAN + depends on KEYS + depends on !MEMORY_HOTPLUG_DEFAULT_ONLINE + depends on ACPI_HMAT + ---help--- + Say yes to enable support for Multi-Key Total Memory Encryption. + This requires an Intel processor that has support of the feature. + + Multikey Total Memory Encryption (MKTME) is a technology that allows + transparent memory encryption in upcoming Intel platforms. + + MKTME is built on top of TME. TME allows encryption of the entirety + of system memory using a single key. MKTME allows having multiple + encryption domains, each having own key -- different memory pages can + be encrypted with different keys. + # Common NUMA Features config NUMA bool "Numa Memory Allocation and Scheduler Support" @@ -2207,7 +2228,7 @@ config RANDOMIZE_MEMORY config MEMORY_PHYSICAL_PADDING hex "Physical memory mapping padding" if EXPERT - depends on RANDOMIZE_MEMORY + depends on RANDOMIZE_MEMORY || X86_INTEL_MKTME default "0xa" if MEMORY_HOTPLUG default "0x0" range 0x1 0x40 if MEMORY_HOTPLUG From patchwork Wed May 8 14:44:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935897 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F726924 for ; Wed, 8 May 2019 14:46:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 21A952844B for ; Wed, 8 May 2019 14:46:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 153AA28485; Wed, 8 May 2019 14:46:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8EAE92844B for ; Wed, 8 May 2019 14:46:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AEDC96B02AB; Wed, 8 May 2019 10:44:55 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 8EAE16B02AA; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 78D076B02AB; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id 2B2F06B02A7 for ; Wed, 8 May 2019 10:44:55 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id s22so11662538plq.1 for ; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=72v4HftBYPH4NaCNX9vTABhQSfIMTjcr1FoRiXpK0K8=; b=rXQjiUNmouapF+n3IczMbmVkQ00JgGjXD8x8cqx1gWBt0gPWJTVsnKfylnXaPrg+U5 3fJ+91jA4Amio+Q7mwPOyK+Tv4o7qqGj8DwCoinK4R7jKZtmNo8sRpAksQIChXSahcXt eE5pS36pWbRGfa9ZUN1oZljekUNw6Dz1GrCjpfyf+mcFYCiKJUk4MnVHqVK93i7yhBqG U/YxNID+1P6NawSRRpHKuzVrYb2kXU+c6XBS1NNSWm2vzK2CdWs3Cn3QfnimvyJ7K773 yTJu9Mbt8jQXTXr5xn+0YrcApdtTgjtKASL7dKY00QKW2/hxykBC/E400yCDv4HN/ST8 kwPg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAW9HsVzn/XtSLPsna9uB5/X82WJ0AVIyetxleGy922HVm0wkQ6/ m6xoAJ6rd1hqfRHd2fgSq3eilBY1ZDfYM6qXRLMg0KsPK0oS3OmjcaojiEWjwR2V7ZpOByT78UJ mqkjswdHt8RrxBlMBLGZF9nXC9BS2RXH7ColCcnLvbo9/M4AjohvmBZ0lSIvjRMU1DA== X-Received: by 2002:a63:4c54:: with SMTP id m20mr39401911pgl.316.1557326694815; Wed, 08 May 2019 07:44:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqzU6eoteZwUYinLCAXqW5dts/ClWM/EvbpdiZ1VbG5vwLktDR9qYHjrepjBQAS2GWL+yk+j X-Received: by 2002:a63:4c54:: with SMTP id m20mr39401796pgl.316.1557326693746; Wed, 08 May 2019 07:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326693; cv=none; d=google.com; s=arc-20160816; b=b1nI1Iy8WberKBBvsZrcZsx+uZgROGzcYvpY0UHk+grg6svJhUE0IZZGGS4cZY/JQj PpHvad/Y8st1aYivOnoKfpWC2FmOEUZQAfAxBfNyaZ6mitat59PVzBR2Yh5VgqjQy4wd P2PZTGUYeXNc/41aVfQQ/RvOir9yiaAYmYIoQHseMx9aKjwDHCiP3I7srMAixj+/6If3 HGGvA3zR8XGrAoCaL3czT/cXkgjq/Ag0AqVdNlZb61IIiohfgu+dQ2poNHfbfzq5ompm z+Pj9V7BDSxmZoZeHlKeQOBmXtseGoxPFX+Zrl2yVp8YZaeXJxCcYZLkSk8Bp6m55bEQ uC6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=72v4HftBYPH4NaCNX9vTABhQSfIMTjcr1FoRiXpK0K8=; b=aIK4B2/4E75RmIIFE1ChAGlnNbCEDTOcY2GQ3zWoaIACA0EERQZqlsNlHHItcdaX+q E0BGzOiLlLUrMyy+Cx1XbEDdYRpPZrozC62YdUulSffxrlOPSt4pz8IfBBcWFYQ37NbL nH8HFnqwUwHMQmJnyD57iOEt41u+2qzIDh9NtTMI0zzwMjyp32uAUqxTQfMYPdz7BweO reGqh0ACX1wRYo3gNgagnnAnE+2vfCk9d8k/LZtCtZ+IBbRLAmXtPXHVx51vHH8VH8Z7 +VryVY7AfNKFzrERnI3zWk17SDFr5B9PuhiIYMbkH5lK9iCsNZa51AurzpxxfjQ/m0je m0+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id q8si24066889pgf.3.2019.05.08.07.44.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656575" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 88BA31186; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 57/62] x86/mktme: Overview of Multi-Key Total Memory Encryption Date: Wed, 8 May 2019 17:44:17 +0300 Message-Id: <20190508144422.13171-58-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Provide an overview of MKTME on Intel Platforms. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 8 +++ Documentation/x86/mktme/mktme_overview.rst | 57 ++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 Documentation/x86/mktme/index.rst create mode 100644 Documentation/x86/mktme/mktme_overview.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst new file mode 100644 index 000000000000..1614b52dd3e9 --- /dev/null +++ b/Documentation/x86/mktme/index.rst @@ -0,0 +1,8 @@ + +========================================= +Multi-Key Total Memory Encryption (MKTME) +========================================= + +.. toctree:: + + mktme_overview diff --git a/Documentation/x86/mktme/mktme_overview.rst b/Documentation/x86/mktme/mktme_overview.rst new file mode 100644 index 000000000000..59c023965554 --- /dev/null +++ b/Documentation/x86/mktme/mktme_overview.rst @@ -0,0 +1,57 @@ +Overview +========= +Multi-Key Total Memory Encryption (MKTME)[1] is a technology that +allows transparent memory encryption in upcoming Intel platforms. +It uses a new instruction (PCONFIG) for key setup and selects a +key for individual pages by repurposing physical address bits in +the page tables. + +Support for MKTME is added to the existing kernel keyring subsystem +and via a new mprotect_encrypt() system call that can be used by +applications to encrypt anonymous memory with keys obtained from +the keyring. + +This architecture supports encrypting both normal, volatile DRAM +and persistent memory. However, persistent memory support is +not included in the Linux kernel implementation at this time. +(We anticipate adding that support next.) + +Hardware Background +=================== + +MKTME is built on top of an existing single-key technology called +TME. TME encrypts all system memory using a single key generated +by the CPU on every boot of the system. TME provides mitigation +against physical attacks, such as physically removing a DIMM or +watching memory bus traffic. + +MKTME enables the use of multiple encryption keys[2], allowing +selection of the encryption key per-page using the page tables. +Encryption keys are programmed into each memory controller and +the same set of keys is available to all entities on the system +with access to that memory (all cores, DMA engines, etc...). + +MKTME inherits many of the mitigations against hardware attacks +from TME. Like TME, MKTME does not mitigate vulnerable or +malicious operating systems or virtual machine managers. MKTME +offers additional mitigations when compared to TME. + +TME and MKTME use the AES encryption algorithm in the AES-XTS +mode. This mode, typically used for block-based storage devices, +takes the physical address of the data into account when +encrypting each block. This ensures that the effective key is +different for each block of memory. Moving encrypted content +across physical address results in garbage on read, mitigating +block-relocation attacks. This property is the reason many of +the discussed attacks require control of a shared physical page +to be handed from the victim to the attacker. + +-- +1. https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf +2. The MKTME architecture supports up to 16 bits of KeyIDs, so a + maximum of 65535 keys on top of the “TME key” at KeyID-0. The + first implementation is expected to support 5 bits, making 63 + keys available to applications. However, this is not guaranteed. + The number of available keys could be reduced if, for instance, + additional physical address space is desired over additional + KeyIDs. From patchwork Wed May 8 14:44:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935905 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 472A1924 for ; Wed, 8 May 2019 14:46:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37E672844B for ; Wed, 8 May 2019 14:46:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C21728485; Wed, 8 May 2019 14:46:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BA942844C for ; Wed, 8 May 2019 14:46:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1290F6B02AD; Wed, 8 May 2019 10:44:56 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id F30016B02AA; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CC0DE6B02AD; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 759626B02A9 for ; Wed, 8 May 2019 10:44:55 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id e69so12783560pgc.7 for ; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=AW1rtcZMENayWyGETowtPPF05jxozdNxFkdf3q0ABbw=; b=X2QbUpmeD+TIvbCwyS/jzdM3qAW+8XdO8ivgBzaSmE0KXxLP79ToTEtZpqArbHRtO0 hDUxmzZkG72OTQsehfOw+dnTPv5rcg8ELEsIpnIj5y26gIQSEkaeiezv08kqPsDdZwPy kwarRlBjdM/lIP+NuIdItuq9aG+WB6zFguWuyYvrv5UR4deuBg9lii53wuSlFCwnNSyy IA/qzVTJopGhkCytCNkCoWrBvd3MYF4sOC/yebRBGAsUocnsH5Wzbd1H4YpwB6JOaC/P a5CAF0nYVnVDWJfx7rCvUfU/knTAwd+BxfXs8qPR57wrTaH7y68ehVnQvEPZO1jQSWsK 3a1w== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXnmaQJS+kmPC/+eFJ6XJJRN5lgGxpXlGT40TznHK+AJzPiuUjr tPrxlJ9kD2uSHEwX/rFF7GlsKK91jhzzrldoXc/jP1VEdfMz4BqiXuYlKEz3gHK83DMjFKO1TWy XrIPYnpOGgo6itXFocToEzRxbMVYFMBBre2YQlLodvYYWuShn20U15y6RE8ceWU7+Iw== X-Received: by 2002:a63:ed12:: with SMTP id d18mr48550532pgi.248.1557326695076; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqwrQ/VAEv9FduJmcMyxSmhe1g0dxmXsKkJ2rYdIRaj1hF5MTkZrcRVPc0F9aLcgWvLVbaO9 X-Received: by 2002:a63:ed12:: with SMTP id d18mr48550428pgi.248.1557326694109; Wed, 08 May 2019 07:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326694; cv=none; d=google.com; s=arc-20160816; b=klADXujkGH3U9F3kRbra8KT4WX+JLtWpuggXeHw4jIs4lR4qd/Xjfg5OasHcE3jXfa /+S/9VsctyZ38luAK6Zd/dBNxXLYfqmOYL12b7zuBp+uUxJaha8LLsiLrdD+wNzYzDej f64r/9RjCuJPV7mMiBfNfFvHmfgyJ1TpmW3U1c6GHBMOpWumtQ73AGcnLH6lkDVdRUu4 D4QnN5MioAqtshcqHpabI7yvvGAeqI6aCtXFp8qwbye7fKZBtXOIU8fG3W5x6oEIe1n5 YrpOw5lx3y5S3BG3S6e4QAYSFy4GfXWgMahHCKQiVxhvkFENvmWittZLqIjxni7j0n/F zH7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=AW1rtcZMENayWyGETowtPPF05jxozdNxFkdf3q0ABbw=; b=UBVNYnBTyyv41/VHP8iIz+Ipvojhz7DdDVAkvwF2h0sj5jXuYAThfOcuUK1Vi4s2WX wW0AaNKH1YwRd83dnTxTUjVBQ5zxuFlBk+Lf4v9pCkgHMZwTjDfsVd0otCmuChVHox6s IsDPI44NQ6kyyfuwxO4DAhnJiwdrmnRx4ab9osOOr6owJ+sbmS1cIlEk5Lkr7v/Kpbg9 DwudKrOu25zGL8+//6i9ChZHD9wJ9hwJ0bgaHuakc1MkOtzZBHaPU0g50T091AhRvJvQ Az2gXCIlOA5NqwAXsJZVQvTCDImlAvQgi6uCKuUz/GDwoAIybYkLjNRha7k7LSOtoDAU Wm2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20]) by mx.google.com with ESMTPS id q8si24066889pgf.3.2019.05.08.07.44.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) client-ip=134.134.136.20; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.20 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656578" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 9448E11B3; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 58/62] x86/mktme: Document the MKTME provided security mitigations Date: Wed, 8 May 2019 17:44:18 +0300 Message-Id: <20190508144422.13171-59-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Describe the security benefits of Multi-Key Total Memory Encryption (MKTME) over Total Memory Encryption (TME) alone. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_mitigations.rst | 150 ++++++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_mitigations.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 1614b52dd3e9..a3a29577b013 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -6,3 +6,4 @@ Multi-Key Total Memory Encryption (MKTME) .. toctree:: mktme_overview + mktme_mitigations diff --git a/Documentation/x86/mktme/mktme_mitigations.rst b/Documentation/x86/mktme/mktme_mitigations.rst new file mode 100644 index 000000000000..90699c38750a --- /dev/null +++ b/Documentation/x86/mktme/mktme_mitigations.rst @@ -0,0 +1,150 @@ +MKTME-Provided Mitigations +========================== + +MKTME adds a few mitigations against attacks that are not +mitigated when using TME alone. The first set are mitigations +against software attacks that are familiar today: + + * Kernel Mapping Attacks: information disclosures that leverage + the kernel direct map are mitigated against disclosing user + data. + * Freed Data Leak Attacks: removing an encryption key from the + hardware mitigates future user information disclosure. + +The next set are attacks that depend on specialized hardware, +such as an “evil DIMM” or a DDR interposer: + + * Cross-Domain Replay Attack: data is captured from one domain +(guest) and replayed to another at a later time. + * Cross-Domain Capture and Delayed Compare Attack: data is + captured and later analyzed to discover secrets. + * Key Wear-out Attack: data is captured and analyzed in order + to Weaken the AES encryption itself. + +More details on these attacks are below. + +Kernel Mapping Attacks +---------------------- +Information disclosure vulnerabilities leverage the kernel direct +map because many vulnerabilities involve manipulation of kernel +data structures (examples: CVE-2017-7277, CVE-2017-9605). We +normally think of these bugs as leaking valuable *kernel* data, +but they can leak application data when application pages are +recycled for kernel use. + +With this MKTME implementation, there is a direct map created for +each MKTME KeyID which is used whenever the kernel needs to +access plaintext. But, all kernel data structures are accessed +via the direct map for KeyID-0. Thus, memory reads which are not +coordinated with the KeyID get garbage (for example, accessing +KeyID-4 data with the KeyID-0 mapping). + +This means that if sensitive data encrypted using MKTME is leaked +via the KeyID-0 direct map, ciphertext decrypted with the wrong +key will be disclosed. To disclose plaintext, an attacker must +“pivot” to the correct direct mapping, which is non-trivial +because there are no kernel data structures in the KeyID!=0 +direct mapping. + +Freed Data Leak Attack +---------------------- +The kernel has a history of bugs around uninitialized data. +Usually, we think of these bugs as leaking sensitive kernel data, +but they can also be used to leak application secrets. + +MKTME can help mitigate the case where application secrets are +leaked: + + * App (or VM) places a secret in a page * App exits or frees +memory to kernel allocator * Page added to allocator free list * +Attacker reallocates page to a purpose where it can read the page + +Now, imagine MKTME was in use on the memory being leaked. The +data can only be leaked as long as the key is programmed in the +hardware. If the key is de-programmed, like after all pages are +freed after a guest is shut down, any future reads will just see +ciphertext. + +Basically, the key is a convenient choke-point: you can be more +confident that data encrypted with it is inaccessible once the +key is removed. + +Cross-Domain Replay Attack +-------------------------- +MKTME mitigates cross-domain replay attacks where an attacker +replaces an encrypted block owned by one domain with a block +owned by another domain. MKTME does not prevent this replacement +from occurring, but it does mitigate plaintext from being +disclosed if the domains use different keys. + +With TME, the attack could be executed by: + * A victim places secret in memory, at a given physical address. + Note: AES-XTS is what restricts the attack to being performed + at a single physical address instead of across different + physical addresses + * Attacker captures victim secret’s ciphertext * Later on, after + victim frees the physical address, attacker gains ownership + * Attacker puts the ciphertext at the address and get the secret + plaintext + +But, due to the presumably different keys used by the attacker +and the victim, the attacker can not successfully decrypt old +ciphertext. + +Cross-Domain Capture and Delayed Compare Attack +----------------------------------------------- +This is also referred to as a kind of dictionary attack. + +Similarly, MKTME protects against cross-domain capture-and-compare +attacks. Consider the following scenario: + * A victim places a secret in memory, at a known physical address + * Attacker captures victim’s ciphertext + * Attacker gains control of the target physical address, perhaps + after the victim’s VM is shut down or its memory reclaimed. + * Attacker computes and writes many possible plaintexts until new + ciphertext matches content captured previously. + +Secrets which have low (plaintext) entropy are more vulnerable to +this attack because they reduce the number of possible plaintexts +an attacker has to compute and write. + +The attack will not work if attacker and victim uses different +keys. + +Key Wear-out Attack +------------------- +Repeated use of an encryption key might be used by an attacker to +infer information about the key or the plaintext, weakening the +encryption. The higher the bandwidth of the encryption engine, +the more vulnerable the key is to wear-out. The MKTME memory +encryption hardware works at the speed of the memory bus, which +has high bandwidth. + +Such a weakness has been demonstrated[1] on a theoretical cipher +with similar properties as AES-XTS. + +An attack would take the following steps: + * Victim system is using TME with AES-XTS-128 + * Attacker repeatedly captures ciphertext/plaintext pairs (can + be Performed with online hardware attack like an interposer). + * Attacker compels repeated use of the key under attack for a + sustained time period without a system reboot[2]. + * Attacker discovers a cipertext collision (two plaintexts + translating to the same ciphertext) + * Attacker can induce controlled modifications to the targeted + plaintext by modifying the colliding ciphertext + +MKTME mitigates key wear-out in two ways: + * Keys can be rotated periodically to mitigate wear-out. Since + TME keys are generated at boot, rotation of TME keys requires a + reboot. In contrast, MKTME allows rotation while the system is + booted. An application could implement a policy to rotate keys + at a frequency which is not feasible to attack. + * In the case that MKTME is used to encrypt two guests’ memory + with two different keys, an attack on one guest’s key would not + weaken the key used in the second guest. + +-- +1. http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf +2. This sustained time required for an attack could vary from days + to years depending on the attacker’s goals. From patchwork Wed May 8 14:44:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935911 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BDBD5924 for ; Wed, 8 May 2019 14:47:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE7F12844B for ; Wed, 8 May 2019 14:47:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A290428485; Wed, 8 May 2019 14:47:05 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 421392844B for ; Wed, 8 May 2019 14:47:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7188D6B02A7; Wed, 8 May 2019 10:44:56 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 6CA6C6B02AA; Wed, 8 May 2019 10:44:56 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3E34D6B02AC; Wed, 8 May 2019 10:44:56 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f199.google.com (mail-pl1-f199.google.com [209.85.214.199]) by kanga.kvack.org (Postfix) with ESMTP id F37516B02AE for ; Wed, 8 May 2019 10:44:55 -0400 (EDT) Received: by mail-pl1-f199.google.com with SMTP id x5so11673793pll.2 for ; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=YaEUfUd5VoDz+D3t/tMnMmtVbfr/7wfrUagdOS99llw=; b=ToNCawtoYgp8Zm4OvHDJC5jj0RKOi9oy5KUJhzx/KNyZnml5j6y2lFq3cHytigpnbB 5sl+7j5epazBoSomQ3RsrKRO5rr3UvxT5TzqJf7AydE9SEqOsdlleYl/GziNeLZABgrU M12X23lkWOBDvd/5P9JoAwNZKaOK3H2uLC0icMkQxD/Pa2Ykyxmg14E77yzJUK5NnsYw 6vCZqwy9jH5bDT6W4xgBQDLtnPSv66rAB5tIw8pVCrNpArrwv39y7FxpAgy+zIxdGToh 8mnR6ETflb70cjJcgoj4sJkDRTz/XQEvbfbuBtO3wWBTNJjiKE+PdNrjwbKS1jo4oyxf iYOA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVzzDAd4kWtjj65zKqM4F0axihe5rcQVgN3lhOU09NCyQwZWrcc +mE6fDKUpxe2VawjvXDupXBO0m0dTbR1XZdgyURZRdyA5WP3Mh8xMCoZzVXWVfIWKs3XF2KtmYG 9QAmWEJ0gjvmJJxzXorG31gqp7AJOluVrFktUZkHr6tS3ex2lobBvXpqPnLrrE9WKZQ== X-Received: by 2002:a17:902:7797:: with SMTP id o23mr15676458pll.147.1557326695656; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqz42zjHxqR6sPA8w9dDWq6219x4ZJ3VitxwoHgyPh+hUDtcjpsfy8OMUukz23Hw02C4t/Je X-Received: by 2002:a17:902:7797:: with SMTP id o23mr15676246pll.147.1557326693604; Wed, 08 May 2019 07:44:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326693; cv=none; d=google.com; s=arc-20160816; b=id2hoIGodRL6MQxj3dT/ew2F5daWd/hraJGA111TnveYzspx73+fuGoWy/rq2hj2tw ogezj6P6SxqQ5l25nlAN4phIMvOVeIfICSoMGGVHwN38n4YD6TpUHipXzN3y0Jdh3JEo W++mqveuv8CBGkhno8JGoIvs5isbkyk/1loBk4LcLead8OX7Ntt3MR+TiyyjAQx4Cjgr hyr+yZi8CuQ9DpLmTcP0I/myDdlGEozROiskvSxIpvvvKVKNFfsr7rl8/gLL1NgLyu1k Q9w3cRobo9kQQsOliQxj5uqHUSVAf0hqV+oUTuB+S932QMs5SZ69gDmgHLlfNRHJzA94 S8Pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=YaEUfUd5VoDz+D3t/tMnMmtVbfr/7wfrUagdOS99llw=; b=pfMKJI1bkPvmbkG2jRrtOSdL6uNhgyM0XJRjAk/5kIHIFF8QPT5d/g3E6EpTBR3gT7 OKZ3l8EY3N3a0YQSV+1femotZ+HMbTPo+WHlJaR0ynf/aPOEHLBWN60WFDsufr2uw4rd 2XlNYmc6qKt5Bzhwjt2rhf8+bka0uQmrRjwUmZ1xlk4g8F/lURuxsMIdeOYQ4sd3HObD 1WRPElXw9Y9c/1S61b2GptmqGacgNAavhBMdxP0utP+1avTxACxg1EIvQVdxamCAlfhc F3+vd2BNBvr7tx7kjukwbsQAOVQDknDCDoZGXwsice6Jpoz2gD+i6oShyhVhv1B/eAuS 6MYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id A1F3611C1; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 59/62] x86/mktme: Document the MKTME kernel configuration requirements Date: Wed, 8 May 2019 17:44:19 +0300 Message-Id: <20190508144422.13171-60-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_configuration.rst | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_configuration.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index a3a29577b013..0f021cc4a2db 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -7,3 +7,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_overview mktme_mitigations + mktme_configuration diff --git a/Documentation/x86/mktme/mktme_configuration.rst b/Documentation/x86/mktme/mktme_configuration.rst new file mode 100644 index 000000000000..91d2f80c736e --- /dev/null +++ b/Documentation/x86/mktme/mktme_configuration.rst @@ -0,0 +1,17 @@ +MKTME Configuration +=================== + +CONFIG_X86_INTEL_MKTME + MKTME is enabled by selecting CONFIG_X86_INTEL_MKTME on Intel + platforms supporting the MKTME feature. + +mktme_storekeys + mktme_storekeys is a kernel cmdline parameter. + + This parameter allows the kernel to store the user specified + MKTME key payload. Storing this payload means that the MKTME + Key Service can always allow the addition of new physical + packages. If the mktme_storekeys parameter is not present, + users key data will not be stored, and new physical packages + may only be added to the system if no user type MKTME keys + are programmed. From patchwork Wed May 8 14:44:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935907 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 52D0F1515 for ; Wed, 8 May 2019 14:47:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43E332844B for ; Wed, 8 May 2019 14:47:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 375EA28485; Wed, 8 May 2019 14:47:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AF0412844B for ; Wed, 8 May 2019 14:47:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 34E656B02A6; Wed, 8 May 2019 10:44:56 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 125A46B02A7; Wed, 8 May 2019 10:44:56 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E00796B02AC; Wed, 8 May 2019 10:44:55 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by kanga.kvack.org (Postfix) with ESMTP id 7B8756B02A7 for ; Wed, 8 May 2019 10:44:55 -0400 (EDT) Received: by mail-pf1-f198.google.com with SMTP id a141so12783476pfa.13 for ; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zPmtLVMnvlVnxE7UxQaP7LRcAClmbAOM+DFTsaab/Sk=; b=dyaejQRy7XQWK8zQLWLQzr+i+3Acm4GhUsMLNWOXmHAyaGlCIkl27uYZjjy/tAD4md 3PDPCik90CQFg/zGaukPf6iOQw3KOvynJO+CThJFr8eNueDGlL3khKbszRUu5+cEOCRw oWQs2vOIkCTU6EUGyysVV3NHr2lvFm3H4TF0ygIjvMQNq/nVy725BEMXPaLUcRZ66+64 Lo0a5jYTM4pCxY8WEC4ERbyzGkedXlsIR35exhCqVzKqBtQZwxL407G91kP1Cz1jQRsI yFOp3W4RfjMgpsQ5ni9VHcAyx4mQUcOxKPAikFigOawofuIfGoWlLQYarLDTL1z/q+il 20wA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAVWSx2pWC0GHhMS68VNdcT+8iAoVE76jTcfra4CrU7kRcFU0mM3 KIty0r6HGZrwL3SiWXJY46IGmcZ1IWUIdk0Dy/zT+VJdJ0jpjm20UwfqspqyutrfKxfsyFju/ky XawIvnISdJ+bBJEJQZFS5JfKPN2h3qoX29PrEFmjW1RBhHCcwIkKqbhqwGpYshRbi2A== X-Received: by 2002:a17:902:76c5:: with SMTP id j5mr48381466plt.337.1557326695162; Wed, 08 May 2019 07:44:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqxXaJmC+Yn+BEu9bBqsHAo1GxOxEnUSpCGJh1SuV28KPPmffXBAXxE/vgEWExLDBxalBsK+ X-Received: by 2002:a17:902:76c5:: with SMTP id j5mr48381374plt.337.1557326694291; Wed, 08 May 2019 07:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326694; cv=none; d=google.com; s=arc-20160816; b=VzejrkfZv3Y4wyBSoKl/M5rVQajhn/rjdM3qQDhxsmxY5ke0M8pbtc8TJgerbTcJx8 YHO/8XGxQU/Pl/zHvtm+fi2o/uaHGJbwtLek0llOWEedtGqMcfojirWHS4upgtNs1QMO aNOM6AQb+LbuK1TBr/kranQFFOcwEzB5Lz8NhOmaUcaFc0Hfieu0TkzbgaDMCygAaNhh umyxjabPzJuoeUYmnkqFm3uJ+h5jysW9ICUkNAuDQ8nlRs5LjxoTaCL14Ti1eLHN62f8 r4IhapJIPeu/ZgQNTnlv9iAKf2KVc94lRjfRQjNyeNokIr3Pmj3cMK24K0MBkVBB98gj mmhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=zPmtLVMnvlVnxE7UxQaP7LRcAClmbAOM+DFTsaab/Sk=; b=vpgU2IXUy/tGmailh6DIoaN11s1ykny1vyh9r2eB0Fqm+Q1n5KB11UHPwWazbMn0F/ Mxey22l68G82QJyw0G5b3RfUfYwke/nn4eZeKO+DKf5QLo+SQvuV/4xAwRXvGNleB3KR txCKw10p8uZgPi2bgssE5LXleWfans9z6VJffUmNFWXmmA0TvyCYVo1d5RXAvcdhQGKR PZebmIyvxe2ArUjVTHk2ggR7CVAs/NaPZh1fkrzbFvdtQNTno4Pvm1neN9v998e7Ok65 sWZmjxQm4wAYHoavJMTCnl7b7OTk5L2+9N2BmyRT6pjDm35t8aVL3bIcsBCmhVzlMrqR 9hfA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga06.intel.com (mga06.intel.com. [134.134.136.31]) by mx.google.com with ESMTPS id h128si4938pgc.499.2019.05.08.07.44.54 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) client-ip=134.134.136.31; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 134.134.136.31 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:53 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by FMSMGA003.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id AF33E11CE; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 60/62] x86/mktme: Document the MKTME Key Service API Date: Wed, 8 May 2019 17:44:20 +0300 Message-Id: <20190508144422.13171-61-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_keys.rst | 96 ++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_keys.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 0f021cc4a2db..8cf2b7d62091 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -8,3 +8,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_overview mktme_mitigations mktme_configuration + mktme_keys diff --git a/Documentation/x86/mktme/mktme_keys.rst b/Documentation/x86/mktme/mktme_keys.rst new file mode 100644 index 000000000000..161871dee0dc --- /dev/null +++ b/Documentation/x86/mktme/mktme_keys.rst @@ -0,0 +1,96 @@ +MKTME Key Service API +===================== +MKTME is a new key service type added to the Linux Kernel Key Service. + +The MKTME Key Service type is available when CONFIG_X86_INTEL_MKTME is +turned on in Intel platforms that support the MKTME feature. + +The MKTME Key Service type manages the allocation of hardware encryption +keys. Users can request an MKTME type key and then use that key to +encrypt memory with the encrypt_mprotect() system call. + +Usage +----- + When using the Kernel Key Service to request an *mktme* key, + specify the *payload* as follows: + + type= + *user* User will supply the encryption key data. Use this + type to directly program a hardware encryption key. + + *cpu* User requests a CPU generated encryption key. + The CPU generates and assigns an ephemeral key. + + *no-encrypt* + User requests that hardware does not encrypt + memory when this key is in use. + + algorithm= + When type=user or type=cpu the algorithm field must be + *aes-xts-128* + + When type=clear or type=no-encrypt the algorithm field + must not be present in the payload. + + key= + When type=user the user must supply a 128 bit encryption + key as exactly 32 ASCII hexadecimal characters. + + When type=cpu the user may optionally supply 128 bits of + entropy for the CPU generated encryption key in this field. + It must be exactly 32 ASCII hexadecimal characters. + + When type=no-encrypt this key field must not be present + in the payload. + + tweak= + When type=user the user must supply a 128 bit tweak key + as exactly 32 ASCII hexadecimal characters. + + When type=cpu the user may optionally supply 128 bits of + entropy for the CPU generated tweak key in this field. + It must be exactly 32 ASCII hexadecimal characters. + + When type=no-encrypt the tweak field must not be present + in the payload. + +ERRORS +------ + In addition to the Errors returned from the Kernel Key Service, + add_key(2) or keyctl(1) commands, the MKTME Key Service type may + return the following errors: + + EINVAL for any payload specification that does not match the + MKTME type payload as defined above. + + EACCES for access denied. The MKTME key type uses capabilities + to restrict the allocation of keys to privileged users. + CAP_SYS_RESOURCE is required, but it will accept the + broader capability of CAP_SYS_ADMIN. See capabilities(7). + + ENOKEY if a hardware key cannot be allocated. Additional error + messages will describe the hardware programming errors. + +EXAMPLES +-------- + Add a 'user' type key:: + + char \*options_USER = "type=user + algorithm=aes-xts-128 + key=12345678912345671234567891234567 + tweak=12345678912345671234567891234567"; + + key = add_key("mktme", "name", options_USER, strlen(options_USER), + KEY_SPEC_THREAD_KEYRING); + + Add a 'cpu' type key:: + + char \*options_USER = "type=cpu algorithm=aes-xts-128"; + + key = add_key("mktme", "name", options_CPU, strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); + + Add a "no-encrypt' type key:: + + key = add_key("mktme", "name", "no-encrypt", strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); From patchwork Wed May 8 14:44:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935913 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 741051515 for ; Wed, 8 May 2019 14:47:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 655762844B for ; Wed, 8 May 2019 14:47:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 596F4288F8; Wed, 8 May 2019 14:47:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DFA4E2844B for ; Wed, 8 May 2019 14:47:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D4C56B02AA; Wed, 8 May 2019 10:44:57 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 2AC006B02AC; Wed, 8 May 2019 10:44:57 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 19CA56B02AE; Wed, 8 May 2019 10:44:57 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f200.google.com (mail-pg1-f200.google.com [209.85.215.200]) by kanga.kvack.org (Postfix) with ESMTP id D51006B02AA for ; Wed, 8 May 2019 10:44:56 -0400 (EDT) Received: by mail-pg1-f200.google.com with SMTP id 14so12804865pgo.14 for ; Wed, 08 May 2019 07:44:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=0Q0yXtZW5uGIkggk/JKR2b6AmJ5y5De3E5tHqrEiJuk=; b=n1wxyoN/V4OARiw2x4Wdaaivf1AAYZnmFhXopNXu6LiKHOoqjqW6GmBOlK8DfUvee2 EuGcJvapznX+m622SliCqsMRVMbICXg0e/IXF3AJuGYAsfja+TD4n8W9L3gZCePpLTQe 9c5FL/0OMygXNj5nRzO3WBJ+kI3lXCZs4mdndzOvGW+2/MmrIWqoLnfZVmQVjBTpHBnu lKHwuozk9rkqNrD7YKMBdF3wgtA5C+xXuxRTjcn+irP6zbdUe4SXYfQONzHRg/N9XtRH cJ+5099U6rQUuq4g56uV36pTf0+pflfdXS6gEiQL/Zf2DuRtItyGxNZsm716yh/19scD BtvA== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAXLfwHfnO658ocZr0CNItJ87ewVdg1wX1CmeektQTBAIy8OaTwB 5f+d2t3bk5oHr+zUmsX/s13a2UfAQQLVjpmYLeBVz6RGA1vq8cfB6pjriEBO3+7rlRPQWxUrqOy k9YBESggAcjFi36J34SnmXHIK1qAXiBq06nmDGGKUkzQlZcdiVDQ1A/+3IA5TP2Ga1w== X-Received: by 2002:a63:4621:: with SMTP id t33mr44541403pga.246.1557326696511; Wed, 08 May 2019 07:44:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqzIDkgBOrYtoDrQiRYnqj3u4WG0jXfFIsWKf/lvncoY9kziqooct/HZ7chOIUWDDybZJTsp X-Received: by 2002:a63:4621:: with SMTP id t33mr44541259pga.246.1557326695210; Wed, 08 May 2019 07:44:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326695; cv=none; d=google.com; s=arc-20160816; b=fHdPTUfHdAFY4e8GWiKfVftqBd97dp1tvJMdxezlm5UZ/ZUBgTuFoYQs4EJw8FhRJe RpDp/Bh80SnSFjWDRyBPcufE5RFqa4UwV8xcz5FD8kftBgZTvGcWXSYHWMwNWCvYVX4M aFQ/Y1xLd0lBNfVbT8nMab2WeaUq9IisrGJo7/FIe+79HI/gVapfZWUZNSPPMFDXITkF 8fDkiBScLWSrhytcIhk6J3Fi5cmnI+fQDZswqatyluyxMLTIKVNtePdtJuX+lNDep+3/ 1pFJ7pyHMsaKDH2qGn28b2LhDpXvC8DHBLbK0n17o6pYWEas2fcnCPkgiWirEZMPZH7D EAVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=0Q0yXtZW5uGIkggk/JKR2b6AmJ5y5De3E5tHqrEiJuk=; b=CpR7f3z9xuyN/VrRGsKo82DFhqNoRbWPVX+VzvMO1FEniWVEE1tkaTSYlWHwdyppV9 4AxBKhjKrzNF4bhSFHb6Ca5uZtA5qFLGhSj2MprZGfwznfsb1OjnCg7MkW9qg+pxef72 J9ieZWd9bfDABZ5TVENJ9WL6bAevrL6IFXaoSX/+KpB324Pl9RizHTI+v/EGVdSeNGRJ fTSfhCVhvXaDDkh+JmcORb3RFiSaEj4cOqJmDNiSJ2I/u/KU9xj89v28E+5ispgxp9iQ Tgx+gPP6QREYTONdxkmFgYdh7u3AHzozvvlwnUCpagejrm16VSXGYbOEMbJohhYQOZGT mtlw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:54 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by orsmga006.jf.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id BCB7F11CF; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 61/62] x86/mktme: Document the MKTME API for anonymous memory encryption Date: Wed, 8 May 2019 17:44:21 +0300 Message-Id: <20190508144422.13171-62-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_encrypt.rst | 57 +++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_encrypt.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 8cf2b7d62091..ca3c76adc596 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -9,3 +9,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_mitigations mktme_configuration mktme_keys + mktme_encrypt diff --git a/Documentation/x86/mktme/mktme_encrypt.rst b/Documentation/x86/mktme/mktme_encrypt.rst new file mode 100644 index 000000000000..5cdffabc610f --- /dev/null +++ b/Documentation/x86/mktme/mktme_encrypt.rst @@ -0,0 +1,57 @@ +MKTME API: system call encrypt_mprotect() +========================================= + +Synopsis +-------- +int encrypt_mprotect(void \*addr, size_t len, int prot, key_serial_t serial); + +Where *key_serial_t serial* is the serial number of a key allocated +using the MKTME Key Service. + +Description +----------- + encrypt_mprotect() encrypts the memory pages containing any part + of the address range in the interval specified by addr and len. + + encrypt_mprotect() supports the legacy mprotect() behavior plus + the enabling of memory encryption. That means that in addition + to encrypting the memory, the protection flags will be updated + as requested in the call. + + The *addr* and *len* must be aligned to a page boundary. + + The caller must have *KEY_NEED_VIEW* permission on the key. + + The range of memory that is to be protected must be mapped as + *ANONYMOUS*. + +Errors +------ + In addition to the Errors returned from legacy mprotect() + encrypt_mprotect will return: + + ENOKEY *serial* parameter does not represent a valid key. + + EINVAL *len* parameter is not page aligned. + + EACCES Caller does not have *KEY_NEED_VIEW* permission on the key. + +EXAMPLE +-------- + Allocate an MKTME Key:: + serial = add_key("mktme", "name", "type=cpu algorithm=aes-xts-128" @u + + Map ANONYMOUS memory:: + ptr = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); + + Protect memory:: + ret = syscall(SYS_encrypt_mprotect, ptr, size, PROT_READ|PROT_WRITE, + serial); + + Use the encrypted memory + + Free memory:: + ret = munmap(ptr, size); + + Free the key resource:: + ret = keyctl(KEYCTL_INVALIDATE, serial); From patchwork Wed May 8 14:44:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "kirill.shutemov@linux.intel.com" X-Patchwork-Id: 10935935 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 37EFD924 for ; Wed, 8 May 2019 14:47:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2945C28485 for ; Wed, 8 May 2019 14:47:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1CB3B28958; Wed, 8 May 2019 14:47:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A99FA28485 for ; Wed, 8 May 2019 14:47:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EDDFA6B02C3; Wed, 8 May 2019 10:46:22 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E8F9C6B02C4; Wed, 8 May 2019 10:46:22 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C93EF6B02C5; Wed, 8 May 2019 10:46:22 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pg1-f199.google.com (mail-pg1-f199.google.com [209.85.215.199]) by kanga.kvack.org (Postfix) with ESMTP id 880086B02C3 for ; Wed, 8 May 2019 10:46:22 -0400 (EDT) Received: by mail-pg1-f199.google.com with SMTP id 33so12763026pgv.17 for ; Wed, 08 May 2019 07:46:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=oOVtF7P9+CwpY068vQsyDP170eNCHboFWW4/MZfPk2k=; b=DDkUJ7SNxQieQ4qy0s9Wu3TXBCeAxFeOfMM+8L7AJ5XRutvJM3omJ9fNW36hkd8sD/ JHVrYBUxlf1fhvGhh83j6pYcRBKm5/RvYZo4n5YfBf+24cauTE/6n0jg9IOoH6bQxPg5 4HJh2UQey6DO/ubFuXbdmpYm/7G/Q0Kb5zHp5jGrkiM2K0A0PlS8z/8YQevuBj8+DeuN I+djqZn0C//eAkQBGpWzoUcRvNi6oj8HdXdmeoF74nF3sR+QTUUPCAJpUVrjxehawGSW EP9bmME6SXoNOWK5fU88A81litJCJbRexo72C298WpCaxKSwyii++P+N2FI9Mp7F86+O v6mg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: APjAAAWrPyDwvr3zGX44SEPN3uXx8swM/CQFxWkEUUffrWf4Ny51BxSJ 9R8dK4KOgaKUmnBh/ZcEuexmPLTzKegRCxqen6lk+VIs+XyAxO0TGXZDSPifoNDGst9HAkmSKD2 E02N1cNeE44FlhXz2Vt8CamaQ/1YvL7FYL8Z9QL37OOcmqaW2SQe6prGhCjPAEDcNhA== X-Received: by 2002:a17:902:8507:: with SMTP id bj7mr26466567plb.214.1557326782220; Wed, 08 May 2019 07:46:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqyuHyLDJFsPdBKYUsSizIznaUsnKNlFjRADN0qJ1UWU5NcZs8kYOlip11qYO/oIB09V+9eh X-Received: by 2002:a17:902:8507:: with SMTP id bj7mr26456281plb.214.1557326694298; Wed, 08 May 2019 07:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557326694; cv=none; d=google.com; s=arc-20160816; b=eGFBNyWOqpgdobXFY0dx4y3kPuZh/ycPnBKpTLzaHHM/S8BJ6lSoMrQPfDjj3thW2l x3rBmAxr0MYo555Gi4JWxu7lNjiW95mkF8As36shiXCnRSvTOZ7c4TdZSZ4+o4ZF+UWx WLLipuvyC/N9NmgMrp+8OlFTzB4c+tZUcsCR8pJ+RFTNIABGK4vvka/SZBb6NlE9YTjE nmYTSo5jBtw29mRW4vjC3N2IlTRaFJ9kDecK9SQpKYy6XJ5pGkq7tqeGjkJKvO7U9O21 qmD/h2Uf/pX7vBprlK1w1Z8e6cXXCQnjN7jIQKlPcNnjmp+mlprtHOgQS5RhuC7uMf5U ePTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=oOVtF7P9+CwpY068vQsyDP170eNCHboFWW4/MZfPk2k=; b=KcJ4u1/SarZK07SZwELahqw5O2k8E1FtD1gBI2rn26T3yil6L5OeS+GpmlC4+u4xCw piBEwxrZwlnD2SlNLu0GlHS2U7mry+FHoIltVr2+jgULsVD8XsDTx9cVQDyboO3f7/cJ /GYAjlFAMbSQdNR+xPOMs74LK3Y6LlYV9PLtNvQPLpvwanvW7jQlNjefbwclPTdWd8oc MAiiN0T5NsEbGbuvoxifTrH7YQeukZeAdcqrxYLbjSnYOBpHkD+c2s6wSgO3KtZ1WpTa s8Ck6TXWMa/+N/uAKO0OmLCRowPktaBUH2PV55bhrWsJm3MjJamJ/lAqtCdPsyzCD01C 6Zcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga05.intel.com (mga05.intel.com. [192.55.52.43]) by mx.google.com with ESMTPS id t16si6593003plm.65.2019.05.08.07.44.54 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 May 2019 07:44:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) client-ip=192.55.52.43; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of kirill.shutemov@linux.intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kirill.shutemov@linux.intel.com; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:54 -0700 X-ExtLoop1: 1 Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga005.fm.intel.com with ESMTP; 08 May 2019 07:44:49 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id CA21811F7; Wed, 8 May 2019 17:44:31 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 62/62] x86/mktme: Demonstration program using the MKTME APIs Date: Wed, 8 May 2019 17:44:22 +0300 Message-Id: <20190508144422.13171-63-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_demo.rst | 53 ++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_demo.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index ca3c76adc596..3af322d13225 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -10,3 +10,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_configuration mktme_keys mktme_encrypt + mktme_demo diff --git a/Documentation/x86/mktme/mktme_demo.rst b/Documentation/x86/mktme/mktme_demo.rst new file mode 100644 index 000000000000..49377ad648e7 --- /dev/null +++ b/Documentation/x86/mktme/mktme_demo.rst @@ -0,0 +1,53 @@ +Demonstration Program using MKTME API's +======================================= + +/* Compile with the keyutils library: cc -o mdemo mdemo.c -lkeyutils */ + +#include +#include +#include +#include +#include +#include +#include + +#define PAGE_SIZE sysconf(_SC_PAGE_SIZE) +#define sys_encrypt_mprotect 428 + +void main(void) +{ + char *options_CPU = "algorithm=aes-xts-128 type=cpu"; + long size = PAGE_SIZE; + key_serial_t key; + void *ptra; + int ret; + + /* Allocate an MKTME Key */ + key = add_key("mktme", "testkey", options_CPU, strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + printf("addkey FAILED\n"); + return; + } + /* Map a page of ANONYMOUS memory */ + ptra = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); + if (!ptra) { + printf("failed to mmap"); + goto inval_key; + } + /* Encrypt that page of memory with the MKTME Key */ + ret = syscall(sys_encrypt_mprotect, ptra, size, PROT_NONE, key); + if (ret) + printf("mprotect error [%d]\n", ret); + + /* Enjoy that page of encrypted memory */ + + /* Free the memory */ + ret = munmap(ptra, size); + +inval_key: + /* Free the Key */ + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + printf("invalidate failed on key [%d]\n", key); +}