From patchwork Wed Jul 31 15:07:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5160A746 for ; Wed, 31 Jul 2019 15:10:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 350D0205A4 for ; Wed, 31 Jul 2019 15:10:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 28343205F8; Wed, 31 Jul 2019 15:10:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 706D420502 for ; Wed, 31 Jul 2019 15:10:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388500AbfGaPIX (ORCPT ); Wed, 31 Jul 2019 11:08:23 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:37820 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388444AbfGaPIV (ORCPT ); Wed, 31 Jul 2019 11:08:21 -0400 Received: by mail-ed1-f67.google.com with SMTP id w13so66060651eds.4 for ; Wed, 31 Jul 2019 08:08:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=QvM6TLsHLaIUsQxiIrLtgZTAl4nwA/abKY84Ix9c1AI=; b=PQMMzYAtdHNIXrG1QMzmJkDEaLAkNcffdKITKNKyMHWPazgNFp8a/KgMG6jpyOPy6L z1/tpsyUip94xQ6akPtE8MoQmmIrADbPePw9ZUJIhjeGaokm0qqY+eEe5uAHTxdaDFOl uTxZlQ2SlbbEr+TXSFQKh3v/lXXZgYGil15BJYjAEoy1ygXMXRc7taLkzxUFswX6evY7 kDJdbo1gZxmJV0MtpSm9FnWdgOp9x//J+1DDAJcBl4SLlPClFdePa4j2HyjR2ElgASHb gjubDLRAPzaX0drp9tMCjDRDUkP7/F4q4ORRnXyI3hNiWitoyht+3ai6WwR4M8j+AqBZ 0UOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=QvM6TLsHLaIUsQxiIrLtgZTAl4nwA/abKY84Ix9c1AI=; b=Dpsz4Ph5kY0AOurMnNq2YA9dMDl24dOhJ53TpVytSdvQJW/4R5RBM0emJrkNVyOnb7 JgKgi5LJh7LYV26sTQDwUKgDKzNeOrL/okxCnwbb4iMt0/nr5ze4woPJaTIz90FfHlNd zZjD25J/4f6w9C5/X6NWbloLERovPOrI4gy/Lxb1xEy1Mp+LzmgJ0zGTRDmdDpzJBeQ7 Yepk2JXRVVBc4sVsKK9kvW29rsOjbFmyEK6sKwbO4FHkJpOZuHhBdRIJCGFKxJAPjcFO JnXJVMoh4CbLMxdP/O+hUM8su7KGxeiibD3RFz9VJCDWGdqPQY2BpGiVhS+g3LoyEjvX MHDw== X-Gm-Message-State: APjAAAWrJS4WsuGqpoWvdEpPauo7e713vXZsojtcJg1bWRKNTyNWH3MQ lnbrLS5MGc3DRilj9Wt8nwY= X-Google-Smtp-Source: APXvYqxfIQGkRhrMQl5o3NEbLiMVXnwZsc3hm4rHg9K6Idq9C1pqBjRFAwNsZKfTGo4tqfavOiaY7g== X-Received: by 2002:a50:9107:: with SMTP id e7mr108538225eda.280.1564585699281; Wed, 31 Jul 2019 08:08:19 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id f21sm16902175edj.36.2019.07.31.08.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:15 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id EA80E101316; Wed, 31 Jul 2019 18:08:15 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 01/59] mm: Do no merge VMAs with different encryption KeyIDs Date: Wed, 31 Jul 2019 18:07:15 +0300 Message-Id: <20190731150813.26289-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP VMAs with different KeyID do not mix together. Only VMAs with the same KeyID are compatible. Signed-off-by: Kirill A. Shutemov --- fs/userfaultfd.c | 7 ++++--- include/linux/mm.h | 9 ++++++++- mm/madvise.c | 2 +- mm/mempolicy.c | 3 ++- mm/mlock.c | 2 +- mm/mmap.c | 31 +++++++++++++++++++------------ mm/mprotect.c | 2 +- 7 files changed, 36 insertions(+), 20 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index ccbdbd62f0d8..3b845a6a44d0 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -911,7 +911,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file) new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, vma_keyid(vma)); if (prev) vma = prev; else @@ -1461,7 +1461,8 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, prev = vma_merge(mm, prev, start, vma_end, new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - ((struct vm_userfaultfd_ctx){ ctx })); + ((struct vm_userfaultfd_ctx){ ctx }), + vma_keyid(vma)); if (prev) { vma = prev; goto next; @@ -1623,7 +1624,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, prev = vma_merge(mm, prev, start, vma_end, new_flags, vma->anon_vma, vma->vm_file, vma->vm_pgoff, vma_policy(vma), - NULL_VM_UFFD_CTX); + NULL_VM_UFFD_CTX, vma_keyid(vma)); if (prev) { vma = prev; goto next; diff --git a/include/linux/mm.h b/include/linux/mm.h index 0334ca97c584..5bfd3dd121c1 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1637,6 +1637,13 @@ int clear_page_dirty_for_io(struct page *page); int get_cmdline(struct task_struct *task, char *buffer, int buflen); +#ifndef vma_keyid +static inline int vma_keyid(struct vm_area_struct *vma) +{ + return 0; +} +#endif + extern unsigned long move_page_tables(struct vm_area_struct *vma, unsigned long old_addr, struct vm_area_struct *new_vma, unsigned long new_addr, unsigned long len, @@ -2301,7 +2308,7 @@ static inline int vma_adjust(struct vm_area_struct *vma, unsigned long start, extern struct vm_area_struct *vma_merge(struct mm_struct *, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, struct anon_vma *, struct file *, pgoff_t, - struct mempolicy *, struct vm_userfaultfd_ctx); + struct mempolicy *, struct vm_userfaultfd_ctx, int keyid); extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); extern int __split_vma(struct mm_struct *, struct vm_area_struct *, unsigned long addr, int new_below); diff --git a/mm/madvise.c b/mm/madvise.c index 968df3aa069f..00216780a630 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -138,7 +138,7 @@ static long madvise_behavior(struct vm_area_struct *vma, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *prev = vma_merge(mm, *prev, start, end, new_flags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*prev) { vma = *prev; goto success; diff --git a/mm/mempolicy.c b/mm/mempolicy.c index f48693f75b37..14ee933b1ff7 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -731,7 +731,8 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, ((vmstart - vma->vm_start) >> PAGE_SHIFT); prev = vma_merge(mm, prev, vmstart, vmend, vma->vm_flags, vma->anon_vma, vma->vm_file, pgoff, - new_pol, vma->vm_userfaultfd_ctx); + new_pol, vma->vm_userfaultfd_ctx, + vma_keyid(vma)); if (prev) { vma = prev; next = vma->vm_next; diff --git a/mm/mlock.c b/mm/mlock.c index a90099da4fb4..3d0a31bf214c 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -535,7 +535,7 @@ static int mlock_fixup(struct vm_area_struct *vma, struct vm_area_struct **prev, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *prev = vma_merge(mm, *prev, start, end, newflags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*prev) { vma = *prev; goto success; diff --git a/mm/mmap.c b/mm/mmap.c index 7e8c3e8ae75f..715438a1fb93 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1008,7 +1008,8 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start, */ static inline int is_mergeable_vma(struct vm_area_struct *vma, struct file *file, unsigned long vm_flags, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { /* * VM_SOFTDIRTY should not prevent from VMA merging, if we @@ -1022,6 +1023,8 @@ static inline int is_mergeable_vma(struct vm_area_struct *vma, return 0; if (vma->vm_file != file) return 0; + if (vma_keyid(vma) != keyid) + return 0; if (vma->vm_ops && vma->vm_ops->close) return 0; if (!is_mergeable_vm_userfaultfd_ctx(vma, vm_userfaultfd_ctx)) @@ -1058,9 +1061,10 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { - if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && + if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx, keyid) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) return 1; @@ -1079,9 +1083,10 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { - if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx) && + if (is_mergeable_vma(vma, file, vm_flags, vm_userfaultfd_ctx, keyid) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; vm_pglen = vma_pages(vma); @@ -1136,7 +1141,8 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, unsigned long end, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t pgoff, struct mempolicy *policy, - struct vm_userfaultfd_ctx vm_userfaultfd_ctx) + struct vm_userfaultfd_ctx vm_userfaultfd_ctx, + int keyid) { pgoff_t pglen = (end - addr) >> PAGE_SHIFT; struct vm_area_struct *area, *next; @@ -1169,7 +1175,7 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(vma_policy(prev), policy) && can_vma_merge_after(prev, vm_flags, anon_vma, file, pgoff, - vm_userfaultfd_ctx)) { + vm_userfaultfd_ctx, keyid)) { /* * OK, it can. Can we now merge in the successor as well? */ @@ -1178,7 +1184,8 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen, - vm_userfaultfd_ctx) && + vm_userfaultfd_ctx, + keyid) && is_mergeable_anon_vma(prev->anon_vma, next->anon_vma, NULL)) { /* cases 1, 6 */ @@ -1201,7 +1208,7 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen, - vm_userfaultfd_ctx)) { + vm_userfaultfd_ctx, keyid)) { if (prev && addr < prev->vm_end) /* case 4 */ err = __vma_adjust(prev, prev->vm_start, addr, prev->vm_pgoff, NULL, next); @@ -1746,7 +1753,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, * Can we just expand an old mapping? */ vma = vma_merge(mm, prev, addr, addr + len, vm_flags, - NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX); + NULL, file, pgoff, NULL, NULL_VM_UFFD_CTX, 0); if (vma) goto out; @@ -3025,7 +3032,7 @@ static int do_brk_flags(unsigned long addr, unsigned long len, unsigned long fla /* Can we just expand an old private anonymous mapping? */ vma = vma_merge(mm, prev, addr, addr + len, flags, - NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX); + NULL, NULL, pgoff, NULL, NULL_VM_UFFD_CTX, 0); if (vma) goto out; @@ -3223,7 +3230,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; /* should never get here */ new_vma = vma_merge(mm, prev, addr, addr + len, vma->vm_flags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (new_vma) { /* * Source vma may have been merged into new_vma diff --git a/mm/mprotect.c b/mm/mprotect.c index bf38dfbbb4b4..82d7b194a918 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -400,7 +400,7 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, pgoff = vma->vm_pgoff + ((start - vma->vm_start) >> PAGE_SHIFT); *pprev = vma_merge(mm, *pprev, start, end, newflags, vma->anon_vma, vma->vm_file, pgoff, vma_policy(vma), - vma->vm_userfaultfd_ctx); + vma->vm_userfaultfd_ctx, vma_keyid(vma)); if (*pprev) { vma = *pprev; VM_WARN_ON((vma->vm_flags ^ newflags) & ~VM_SOFTDIRTY); From patchwork Wed Jul 31 15:07:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068057 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 925E7174A for ; Wed, 31 Jul 2019 15:08:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 803CC1FFD8 for ; Wed, 31 Jul 2019 15:08:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 695A6201BC; Wed, 31 Jul 2019 15:08:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E27F8201B0 for ; Wed, 31 Jul 2019 15:08:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388440AbfGaPIT (ORCPT ); Wed, 31 Jul 2019 11:08:19 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:35904 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387662AbfGaPIT (ORCPT ); Wed, 31 Jul 2019 11:08:19 -0400 Received: by mail-ed1-f67.google.com with SMTP id k21so66032612edq.3 for ; Wed, 31 Jul 2019 08:08:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wLPXwl8hvJobXFCl++g4aCvf+npUzZ0QqPbdONmdAQc=; b=R36gYrhWPE65DAN624GOKj6Zcvo/ac/skfKDjJ3xcAQFiNmr7dX573jmLVCRaNG72Z xcMGnyIs1LpXnhGK5JxEboIEAPxR/EeGcod/4MYW/A0bbBy9yBKnmU2CF6SqodBq1bbG 2et49Q8QeC0Gi2N/dOFWHDkpO2qo6+z6lshk3KNGVbQlqNYxKAMnCnpgag0jzwh5HEUj dMc4Sem5sBJAfoYBQzfFvzczhmipMrh7ObYbRCqFmv9xdDuVsiGlTB/dwRP9co2iZadV LxdeXO4uRP+DUWTuqbPXM46fxWLgXQuCInUrkr1thUYy5i2Mt2bnKrQGqLbEspEV6MTU W2og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wLPXwl8hvJobXFCl++g4aCvf+npUzZ0QqPbdONmdAQc=; b=lY5/alwe8gc+UCmQ5oqlljtb+MJqoeEV34v3Sw8XWGuxJYo9OQRq6aV4iX1cg2Q8z9 IQEhz2HvsuJ4B+K5SNfRUB4v5aMzPUJWP29YhPcaF7tOrm0gMkpxMMwfWgDdCWTG5MGB 3wiGJnLC/YHZWi5J3ZLr0GeMIDu4RT/8HrL+FwA4lRj6uFBhVHTlQSns67F9sHGRLsBK AcCueidsK8n6josAuNmh23PbUW2gtVbOk7MtU8MXVnCTxpyzHOMu7y7jBFKU9lQW719z tzWBPjrHJtR/tKD508QxAaQB5/qj90LexF5qJkHe2jjfxkgxxJxukNr8VPIIMp3Z43i0 AItg== X-Gm-Message-State: APjAAAWLGMas3ATmwHXPx9soBGOr7b3pf1vJNzY2LZm4Xr4dByakGzQo Id9ugxhF++87Yp5YBd23/J0= X-Google-Smtp-Source: APXvYqw0oWdSxi7D+H/1P5QUyRaVYREdYgbW7LIf4XE4H22UAM6yie49PO/SDUQu/e/ngKqwbq3xkA== X-Received: by 2002:a17:906:430a:: with SMTP id j10mr10514767ejm.92.1564585696918; Wed, 31 Jul 2019 08:08:16 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id y11sm12444493ejb.54.2019.07.31.08.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:15 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id F174F101319; Wed, 31 Jul 2019 18:08:15 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 02/59] mm: Add helpers to setup zero page mappings Date: Wed, 31 Jul 2019 18:07:16 +0300 Message-Id: <20190731150813.26289-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When kernel sets up an encrypted page mapping, encryption KeyID is derived from a VMA. KeyID is going to be part of vma->vm_page_prot and it will be propagated transparently to page table entry on mk_pte(). But there is an exception: zero page is never encrypted and its mapping must use KeyID-0, regardless VMA's KeyID. Introduce helpers that create a page table entry for zero page. The generic implementation will be overridden by architecture-specific code that takes care about using correct KeyID. Signed-off-by: Kirill A. Shutemov --- fs/dax.c | 3 +-- include/asm-generic/pgtable.h | 8 ++++++++ mm/huge_memory.c | 6 ++---- mm/memory.c | 3 +-- mm/userfaultfd.c | 3 +-- 5 files changed, 13 insertions(+), 10 deletions(-) diff --git a/fs/dax.c b/fs/dax.c index a237141d8787..6ecc9c560e62 100644 --- a/fs/dax.c +++ b/fs/dax.c @@ -1445,8 +1445,7 @@ static vm_fault_t dax_pmd_load_hole(struct xa_state *xas, struct vm_fault *vmf, pgtable_trans_huge_deposit(vma->vm_mm, vmf->pmd, pgtable); mm_inc_nr_ptes(vma->vm_mm); } - pmd_entry = mk_pmd(zero_page, vmf->vma->vm_page_prot); - pmd_entry = pmd_mkhuge(pmd_entry); + pmd_entry = mk_zero_pmd(zero_page, vmf->vma->vm_page_prot); set_pmd_at(vmf->vma->vm_mm, pmd_addr, vmf->pmd, pmd_entry); spin_unlock(ptl); trace_dax_pmd_load_hole(inode, vmf, zero_page, *entry); diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h index 75d9d68a6de7..afcfbb4af4b2 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h @@ -879,8 +879,16 @@ static inline unsigned long my_zero_pfn(unsigned long addr) } #endif +#ifndef mk_zero_pte +#define mk_zero_pte(addr, prot) pte_mkspecial(pfn_pte(my_zero_pfn(addr), prot)) +#endif + #ifdef CONFIG_MMU +#ifndef mk_zero_pmd +#define mk_zero_pmd(zero_page, prot) pmd_mkhuge(mk_pmd(zero_page, prot)) +#endif + #ifndef CONFIG_TRANSPARENT_HUGEPAGE static inline int pmd_trans_huge(pmd_t pmd) { diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 1334ede667a8..e9a791413730 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -678,8 +678,7 @@ static bool set_huge_zero_page(pgtable_t pgtable, struct mm_struct *mm, pmd_t entry; if (!pmd_none(*pmd)) return false; - entry = mk_pmd(zero_page, vma->vm_page_prot); - entry = pmd_mkhuge(entry); + entry = mk_zero_pmd(zero_page, vma->vm_page_prot); if (pgtable) pgtable_trans_huge_deposit(mm, pmd, pgtable); set_pmd_at(mm, haddr, pmd, entry); @@ -2109,8 +2108,7 @@ static void __split_huge_zero_page_pmd(struct vm_area_struct *vma, for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { pte_t *pte, entry; - entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot); - entry = pte_mkspecial(entry); + entry = mk_zero_pte(haddr, vma->vm_page_prot); pte = pte_offset_map(&_pmd, haddr); VM_BUG_ON(!pte_none(*pte)); set_pte_at(mm, haddr, pte, entry); diff --git a/mm/memory.c b/mm/memory.c index e2bb51b6242e..81ae8c39f75b 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2970,8 +2970,7 @@ static vm_fault_t do_anonymous_page(struct vm_fault *vmf) /* Use the zero-page for reads */ if (!(vmf->flags & FAULT_FLAG_WRITE) && !mm_forbids_zeropage(vma->vm_mm)) { - entry = pte_mkspecial(pfn_pte(my_zero_pfn(vmf->address), - vma->vm_page_prot)); + entry = mk_zero_pte(vmf->address, vma->vm_page_prot); vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, vmf->address, &vmf->ptl); if (!pte_none(*vmf->pte)) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index c7ae74ce5ff3..06bf4ea3ee05 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -120,8 +120,7 @@ static int mfill_zeropage_pte(struct mm_struct *dst_mm, pgoff_t offset, max_off; struct inode *inode; - _dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr), - dst_vma->vm_page_prot)); + _dst_pte = mk_zero_pte(dst_addr, dst_vma->vm_page_prot); dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); if (dst_vma->vm_file) { /* the shmem MAP_PRIVATE case requires checking the i_size */ From patchwork Wed Jul 31 15:07:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068159 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DBFAC746 for ; Wed, 31 Jul 2019 15:10:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8DFB20499 for ; Wed, 31 Jul 2019 15:10:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BD108200E7; Wed, 31 Jul 2019 15:10:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 53ECA2023F for ; Wed, 31 Jul 2019 15:10:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729575AbfGaPKy (ORCPT ); Wed, 31 Jul 2019 11:10:54 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:39949 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388441AbfGaPIU (ORCPT ); Wed, 31 Jul 2019 11:08:20 -0400 Received: by mail-ed1-f67.google.com with SMTP id k8so65997603eds.7 for ; Wed, 31 Jul 2019 08:08:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uRHR4JyNhqg33njeUSvVGNylXkFyo7B3QnIKSQpCDwk=; b=Adcw5GPsJkn83YXVJKj7Wqwm6NwWDC1hAYaUolv28wXp+8oH0VtnaENGQuZ/0K5+Nb 4ttVuTcBuWW62tdKiOabj/bghgVhdlTVmNRPbQ83nxcV2pN29l6uGQo0wyZ/lAlhkLv5 uu88EBPXw3XRRpwEaUjPB0g7WmxNmdd7QzlE0G/0MbaOwDTTzRhC9WWYSRAeSeO7X5bx QFUzmQ84OBFGl0JYzwuDQQLD8dx+iNms4LZ5CMlKmpkkFg5rsp7bDTsd+CepoXc38t5t U6hOGTcOi/3klKmjqufRITIY89IhP2ybvsPkGFX/lxa/yb3zD0rrCBZO9eKTlKALJ6M+ k80A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uRHR4JyNhqg33njeUSvVGNylXkFyo7B3QnIKSQpCDwk=; b=GvFAvg5GPJkDuD/YEUqY4E4jGxUf77MlIPM/vo9b0MNQJJENvQKZewFwWsEjnny5wF lC8oOR4FGQrzlqOZdBBo6PPIkHNNBcYHfp6JMt3MYIGg0GHPPzrILr866b/mgl6/stys nBiJ/WcNx5w0ykPIsjC9NR7SaTwCEmbHogiKN435lF2VEdpZZyAd/fBEyTT+wabe13Pq AvCR2dWEJ6s//uIyzZKKdB0sCQqevSbJD1gI/KWqRuItBK4+mj02KZjW3wK2SlIZpnGG PdhfWh6h4LevbsQHve6NWRXAdNm7bl3KhoTnDOvK5RK4M2KTMpbBmyZ5dWLHavVPl7TM WYNw== X-Gm-Message-State: APjAAAW9zUbr9IgTN28fdsNS7n3N0FwqDfrN5T4ZZUeRGngQRsEeEN0Y GgqPY5vn+oAsfurXoCwc82s= X-Google-Smtp-Source: APXvYqwgh75LQw16lfxHmAAueOtxiQIAT7Hemys++oZtGs9IrW8hC3dJ4CKW+gKV4lDeffYtzg8cig== X-Received: by 2002:a17:906:6a87:: with SMTP id p7mr23487746ejr.277.1564585698812; Wed, 31 Jul 2019 08:08:18 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id o22sm17282769edc.37.2019.07.31.08.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:15 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 03F8F10131A; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 03/59] mm/ksm: Do not merge pages with different KeyIDs Date: Wed, 31 Jul 2019 18:07:17 +0300 Message-Id: <20190731150813.26289-4-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP KSM compares plain text. It might try to merge two pages that have the same plain text but different ciphertext and possibly different encryption keys. When the kernel encrypted the page, it promised that it would keep it encrypted with _that_ key. That makes it impossible to merge two pages encrypted with different keys. Never merge encrypted pages with different KeyIDs. Signed-off-by: Kirill A. Shutemov --- include/linux/mm.h | 7 +++++++ mm/ksm.c | 17 +++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 5bfd3dd121c1..af1a56ff6764 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1644,6 +1644,13 @@ static inline int vma_keyid(struct vm_area_struct *vma) } #endif +#ifndef page_keyid +static inline int page_keyid(struct page *page) +{ + return 0; +} +#endif + extern unsigned long move_page_tables(struct vm_area_struct *vma, unsigned long old_addr, struct vm_area_struct *new_vma, unsigned long new_addr, unsigned long len, diff --git a/mm/ksm.c b/mm/ksm.c index 3dc4346411e4..7d4ef634f38e 100644 --- a/mm/ksm.c +++ b/mm/ksm.c @@ -1228,6 +1228,23 @@ static int try_to_merge_one_page(struct vm_area_struct *vma, if (!PageAnon(page)) goto out; + /* + * KeyID indicates what key to use to encrypt and decrypt page's + * content. + * + * KSM compares plain text instead (transparently to KSM code). + * + * But we still need to make sure that pages with identical plain + * text will not be merged together if they are encrypted with + * different keys. + * + * To make it work kernel only allows merging pages with the same KeyID. + * The approach guarantees that the merged page can be read by all + * users. + */ + if (kpage && page_keyid(page) != page_keyid(kpage)) + goto out; + /* * We need the page lock to read a stable PageSwapCache in * write_protect_page(). We use trylock_page() instead of From patchwork Wed Jul 31 15:07:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9D56E746 for ; Wed, 31 Jul 2019 15:08:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 87CC01FFD8 for ; Wed, 31 Jul 2019 15:08:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7AE36201B0; Wed, 31 Jul 2019 15:08:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1A63E201B1 for ; Wed, 31 Jul 2019 15:08:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388449AbfGaPIU (ORCPT ); Wed, 31 Jul 2019 11:08:20 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:38774 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388437AbfGaPIT (ORCPT ); Wed, 31 Jul 2019 11:08:19 -0400 Received: by mail-ed1-f65.google.com with SMTP id r12so31220125edo.5 for ; Wed, 31 Jul 2019 08:08:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=884ZxbzpLr443iBBzOV7VNSITHGDDguNP5NA41SiPjs=; b=uapI7QfQSFWrfufVSM7HiFX646OQeLiAul30+HPzHGLTEAyE1mlyQ4cfs8/lAJGW3W Tt7zm3MH7qjRyENcy8PkWhrnxtdtI8iaTGgI0/PL1v/DggmhR6NhObJkOFT00YyzaOrj Take1nVpfJ2NoPUc7KjzORoYT7UbY7JlN5HKiuzokOrb0OjCCFMEeDyXY9EOjEuhNnPf T/XVysxTCW8DaKpzjRLUEONeAMippaQbGF+ajea1j5fV5uemWPA4VqQFGgccNvC53hLa leX/D6UzbHLOHMfJMnrjKWDFygclW04/fSZvcc53kO9nqx0C1i5cnaESX8bXsXcjoUoD JtDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=884ZxbzpLr443iBBzOV7VNSITHGDDguNP5NA41SiPjs=; b=cHEzDPQPj502v06tF6oSJrDKJ1zppDm31upK2bAjiVxTM4eptFGXHYaqTaV742WnhQ xn+9Z5EyWqZ2HSLglfpINYat/gQR6mUvQwh6J5Tz1bPUgBdJ0xu+wpZt98Sf3vov8WVy UxSNXdIxvEx928h+IuPblKuyt6O9KXRjiM+yNrzGv+DhQu94qm6egrm+xctk1YKkqJhY bT0x4C9vORvnKYhtWEz2SAtfifrJVwMddk9wjIxRzAq4mHBIqR60+CZkuu7nWfktuCZ4 TkZRTLV8Y4BjgHSqQQPDiUs2zieE9rSiv7foJBX5qjmBiYha9YlrPn+yvFqHh5uPTTcw 6gEA== X-Gm-Message-State: APjAAAUTJRrcgFPXewQz+dYtv+n+6mLQ2nrLO2buFpVgbQPrnAPyOE1f GACHw71z2MoMET63hsjEmyU= X-Google-Smtp-Source: APXvYqzJuBbLlWsZbHVSwq33uygKwm+4dMWF6225mCqR1QI8GR+My+vRb8mmhCMTG8y6ZThSvSiS7A== X-Received: by 2002:aa7:da14:: with SMTP id r20mr107153958eds.65.1564585698000; Wed, 31 Jul 2019 08:08:18 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id by12sm12375107ejb.37.2019.07.31.08.08.15 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:15 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 0B25210131B; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 04/59] mm/page_alloc: Unify alloc_hugepage_vma() Date: Wed, 31 Jul 2019 18:07:18 +0300 Message-Id: <20190731150813.26289-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We don't need to have separate implementations of alloc_hugepage_vma() for NUMA and non-NUMA. Using variant based on alloc_pages_vma() we would cover both cases. This is preparation patch for allocation encrypted pages. alloc_pages_vma() will handle allocation of encrypted pages. With this change we don' t need to cover alloc_hugepage_vma() separately. The change makes typo in Alpha's implementation of __alloc_zeroed_user_highpage() visible. Fix it too. Signed-off-by: Kirill A. Shutemov --- arch/alpha/include/asm/page.h | 2 +- include/linux/gfp.h | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/alpha/include/asm/page.h b/arch/alpha/include/asm/page.h index f3fb2848470a..9a6fbb5269f3 100644 --- a/arch/alpha/include/asm/page.h +++ b/arch/alpha/include/asm/page.h @@ -18,7 +18,7 @@ extern void clear_page(void *page); #define clear_user_page(page, vaddr, pg) clear_page(page) #define __alloc_zeroed_user_highpage(movableflags, vma, vaddr) \ - alloc_page_vma(GFP_HIGHUSER | __GFP_ZERO | movableflags, vma, vmaddr) + alloc_page_vma(GFP_HIGHUSER | __GFP_ZERO | movableflags, vma, vaddr) #define __HAVE_ARCH_ALLOC_ZEROED_USER_HIGHPAGE extern void copy_page(void * _to, void * _from); diff --git a/include/linux/gfp.h b/include/linux/gfp.h index fb07b503dc45..3d4cb9fea417 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -511,21 +511,19 @@ alloc_pages(gfp_t gfp_mask, unsigned int order) extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, struct vm_area_struct *vma, unsigned long addr, int node, bool hugepage); -#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ - alloc_pages_vma(gfp_mask, order, vma, addr, numa_node_id(), true) #else #define alloc_pages(gfp_mask, order) \ alloc_pages_node(numa_node_id(), gfp_mask, order) #define alloc_pages_vma(gfp_mask, order, vma, addr, node, false)\ alloc_pages(gfp_mask, order) -#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ - alloc_pages(gfp_mask, order) #endif #define alloc_page(gfp_mask) alloc_pages(gfp_mask, 0) #define alloc_page_vma(gfp_mask, vma, addr) \ alloc_pages_vma(gfp_mask, 0, vma, addr, numa_node_id(), false) #define alloc_page_vma_node(gfp_mask, vma, addr, node) \ alloc_pages_vma(gfp_mask, 0, vma, addr, node, false) +#define alloc_hugepage_vma(gfp_mask, vma, addr, order) \ + alloc_pages_vma(gfp_mask, order, vma, addr, numa_node_id(), true) extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order); extern unsigned long get_zeroed_page(gfp_t gfp_mask); From patchwork Wed Jul 31 15:07:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068145 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C62A746 for ; Wed, 31 Jul 2019 15:10:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 00A2220564 for ; Wed, 31 Jul 2019 15:10:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E886E205E9; Wed, 31 Jul 2019 15:10:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E989520500 for ; Wed, 31 Jul 2019 15:10:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388509AbfGaPIX (ORCPT ); Wed, 31 Jul 2019 11:08:23 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:44786 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388460AbfGaPIW (ORCPT ); Wed, 31 Jul 2019 11:08:22 -0400 Received: by mail-ed1-f67.google.com with SMTP id k8so65977852edr.11 for ; Wed, 31 Jul 2019 08:08:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=iUFTIkzD0AEWQDnWiQSmBU6zhO1n8aNV0ScoY6j3b3g=; b=HrgukcbYAcj6z3TpaDjKhK1/cgEcnxMbqeCU6Z/toHInRTYK6v2mWxxYMVteRX1xIk H1k6zrMLrZvNf3OAcKFKHshR34yCCmm8hkHbTXc/YrWwnbcihOhBQ0QeMMCucKpTXxpJ SJC4bsE6hnX5Rp4f6xYDboqRRzvNcWl/MiRQZXEUpfajjat/tIUHsWvIPZyG+FaU+HAd 1t5RRpHWiXhY/ui/+qO7VOSTp4HsT+a5HDJIKwBC/BlgUgnjNplUOJAe8hTaTHztfKP/ QXniR7rebS1A+SHJF4GOUe6R1UGSYs9thlag8rbM3PX/uQL9LPZT7zM4jHRHS0tsN4XL rrDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=iUFTIkzD0AEWQDnWiQSmBU6zhO1n8aNV0ScoY6j3b3g=; b=O778+fKBFoJIwuh4Dkw2KqVvKRu1lXkSm/Thaa5RHLEIW/wl20QJTvblXafrUALY9F i4myX3Ov9eDtYi0CDn2glqLA/u4y8IFmUx9Mfnrp2FHDW9V2J+uNPanHE6rYkF0pqwWo NIQ0zJ297l9e0P6/VjBSUMfs1yQc3AXObpMIMPQ8bWyr+07jtDzX0PUqg4sEhCmI0kVH Nv9ENcG80kLGhowV/cLVKexEKpBdPtwaCF3ZdcLF7FpDJXyrf04h3amU/pr8t/o9huh3 Xcz6BaWl3o8likKtpOZc0ZHXIhQtFVncLBcB33lauqm62MiTfAgS85O9bDqe8NlYRjrq iWzQ== X-Gm-Message-State: APjAAAV8TGjIO4YqOlUd2h28Ysf6zNn9bAgu3LbA+s8O7k0ipYr61mEG szgVEiThGihmxtNLcabHn/A= X-Google-Smtp-Source: APXvYqzYj85HAgTooG0QaW9NsjqZtZHRdbLp9Q2J1lz2TGQD3rqCjiCzCypUPluaUdrMl5P/zGF3dA== X-Received: by 2002:a50:b6ce:: with SMTP id f14mr103054546ede.236.1564585700501; Wed, 31 Jul 2019 08:08:20 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id fk15sm12674271ejb.42.2019.07.31.08.08.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 1246910131C; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 05/59] mm/page_alloc: Handle allocation for encrypted memory Date: Wed, 31 Jul 2019 18:07:19 +0300 Message-Id: <20190731150813.26289-6-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For encrypted memory, we need to allocate pages for a specific encryption KeyID. There are two cases when we need to allocate a page for encryption: - Allocation for an encrypted VMA; - Allocation for migration of encrypted page; The first case can be covered within alloc_page_vma(). We know KeyID from the VMA. The second case requires few new page allocation routines that would allocate the page for a specific KeyID. An encrypted page has to be cleared after KeyID set. This is handled in prep_encrypted_page() that will be provided by arch-specific code. Any custom allocator that deals with encrypted pages has to call prep_encrypted_page() too. See compaction_alloc() for instance. Signed-off-by: Kirill A. Shutemov --- include/linux/gfp.h | 50 +++++++++++++++++++++++++--- include/linux/migrate.h | 14 ++++++-- mm/compaction.c | 3 ++ mm/mempolicy.c | 27 +++++++++++---- mm/migrate.c | 4 +-- mm/page_alloc.c | 74 +++++++++++++++++++++++++++++++++++++++++ 6 files changed, 155 insertions(+), 17 deletions(-) diff --git a/include/linux/gfp.h b/include/linux/gfp.h index 3d4cb9fea417..014aef082821 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -463,16 +463,48 @@ static inline void arch_free_page(struct page *page, int order) { } static inline void arch_alloc_page(struct page *page, int order) { } #endif +#ifndef prep_encrypted_page +/* + * An architecture may override the helper to prepare the page + * to be used for with specific KeyID. To be called on encrypted + * page allocation. + */ +static inline void prep_encrypted_page(struct page *page, int order, + int keyid, bool zero) +{ +} +#endif + +/* + * Encrypted page has to be cleared once keyid is set, not on allocation. + */ +static inline bool deferred_page_zero(int keyid, gfp_t *gfp_mask) +{ + if (keyid && (*gfp_mask & __GFP_ZERO)) { + *gfp_mask &= ~__GFP_ZERO; + return true; + } + + return false; +} + struct page * __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order, int preferred_nid, nodemask_t *nodemask); +struct page * +__alloc_pages_nodemask_keyid(gfp_t gfp_mask, unsigned int order, + int preferred_nid, nodemask_t *nodemask, int keyid); + static inline struct page * __alloc_pages(gfp_t gfp_mask, unsigned int order, int preferred_nid) { return __alloc_pages_nodemask(gfp_mask, order, preferred_nid, NULL); } +struct page *__alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order); + /* * Allocate pages, preferring the node given as nid. The node must be valid and * online. For more general interface, see alloc_pages_node(). @@ -500,6 +532,19 @@ static inline struct page *alloc_pages_node(int nid, gfp_t gfp_mask, return __alloc_pages_node(nid, gfp_mask, order); } +static inline struct page *alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order) +{ + if (nid == NUMA_NO_NODE) + nid = numa_mem_id(); + + return __alloc_pages_node_keyid(nid, keyid, gfp_mask, order); +} + +extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + struct vm_area_struct *vma, unsigned long addr, + int node, bool hugepage); + #ifdef CONFIG_NUMA extern struct page *alloc_pages_current(gfp_t gfp_mask, unsigned order); @@ -508,14 +553,9 @@ alloc_pages(gfp_t gfp_mask, unsigned int order) { return alloc_pages_current(gfp_mask, order); } -extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order, - struct vm_area_struct *vma, unsigned long addr, - int node, bool hugepage); #else #define alloc_pages(gfp_mask, order) \ alloc_pages_node(numa_node_id(), gfp_mask, order) -#define alloc_pages_vma(gfp_mask, order, vma, addr, node, false)\ - alloc_pages(gfp_mask, order) #endif #define alloc_page(gfp_mask) alloc_pages(gfp_mask, 0) #define alloc_page_vma(gfp_mask, vma, addr) \ diff --git a/include/linux/migrate.h b/include/linux/migrate.h index 7f04754c7f2b..a68516271c40 100644 --- a/include/linux/migrate.h +++ b/include/linux/migrate.h @@ -38,9 +38,16 @@ static inline struct page *new_page_nodemask(struct page *page, unsigned int order = 0; struct page *new_page = NULL; - if (PageHuge(page)) + if (PageHuge(page)) { + /* + * HugeTLB doesn't support encryption. We shouldn't see + * such pages. + */ + if (WARN_ON_ONCE(page_keyid(page))) + return NULL; return alloc_huge_page_nodemask(page_hstate(compound_head(page)), preferred_nid, nodemask); + } if (PageTransHuge(page)) { gfp_mask |= GFP_TRANSHUGE; @@ -50,8 +57,9 @@ static inline struct page *new_page_nodemask(struct page *page, if (PageHighMem(page) || (zone_idx(page_zone(page)) == ZONE_MOVABLE)) gfp_mask |= __GFP_HIGHMEM; - new_page = __alloc_pages_nodemask(gfp_mask, order, - preferred_nid, nodemask); + /* Allocate a page with the same KeyID as the source page */ + new_page = __alloc_pages_nodemask_keyid(gfp_mask, order, + preferred_nid, nodemask, page_keyid(page)); if (new_page && PageTransHuge(new_page)) prep_transhuge_page(new_page); diff --git a/mm/compaction.c b/mm/compaction.c index 9e1b9acb116b..874af83214b7 100644 --- a/mm/compaction.c +++ b/mm/compaction.c @@ -1559,6 +1559,9 @@ static struct page *compaction_alloc(struct page *migratepage, list_del(&freepage->lru); cc->nr_freepages--; + /* Prepare the page using the same KeyID as the source page */ + if (freepage) + prep_encrypted_page(freepage, 0, page_keyid(migratepage), false); return freepage; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 14ee933b1ff7..f79b4fa08c30 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -961,22 +961,29 @@ static void migrate_page_add(struct page *page, struct list_head *pagelist, /* page allocation callback for NUMA node migration */ struct page *alloc_new_node_page(struct page *page, unsigned long node) { - if (PageHuge(page)) + if (PageHuge(page)) { + /* + * HugeTLB doesn't support encryption. We shouldn't see + * such pages. + */ + if (WARN_ON_ONCE(page_keyid(page))) + return NULL; return alloc_huge_page_node(page_hstate(compound_head(page)), node); - else if (PageTransHuge(page)) { + } else if (PageTransHuge(page)) { struct page *thp; - thp = alloc_pages_node(node, + thp = alloc_pages_node_keyid(node, page_keyid(page), (GFP_TRANSHUGE | __GFP_THISNODE), HPAGE_PMD_ORDER); if (!thp) return NULL; prep_transhuge_page(thp); return thp; - } else - return __alloc_pages_node(node, GFP_HIGHUSER_MOVABLE | - __GFP_THISNODE, 0); + } else { + return __alloc_pages_node_keyid(node, page_keyid(page), + GFP_HIGHUSER_MOVABLE | __GFP_THISNODE, 0); + } } /* @@ -2053,9 +2060,13 @@ alloc_pages_vma(gfp_t gfp, int order, struct vm_area_struct *vma, { struct mempolicy *pol; struct page *page; - int preferred_nid; + bool deferred_zero; + int keyid, preferred_nid; nodemask_t *nmask; + keyid = vma_keyid(vma); + deferred_zero = deferred_page_zero(keyid, &gfp); + pol = get_vma_policy(vma, addr); if (pol->mode == MPOL_INTERLEAVE) { @@ -2097,6 +2108,8 @@ alloc_pages_vma(gfp_t gfp, int order, struct vm_area_struct *vma, page = __alloc_pages_nodemask(gfp, order, preferred_nid, nmask); mpol_cond_put(pol); out: + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); return page; } EXPORT_SYMBOL(alloc_pages_vma); diff --git a/mm/migrate.c b/mm/migrate.c index 8992741f10aa..c1b88eae71d8 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -1873,7 +1873,7 @@ static struct page *alloc_misplaced_dst_page(struct page *page, int nid = (int) data; struct page *newpage; - newpage = __alloc_pages_node(nid, + newpage = __alloc_pages_node_keyid(nid, page_keyid(page), (GFP_HIGHUSER_MOVABLE | __GFP_THISNODE | __GFP_NOMEMALLOC | __GFP_NORETRY | __GFP_NOWARN) & @@ -1999,7 +1999,7 @@ int migrate_misplaced_transhuge_page(struct mm_struct *mm, int page_lru = page_is_file_cache(page); unsigned long start = address & HPAGE_PMD_MASK; - new_page = alloc_pages_node(node, + new_page = alloc_pages_node_keyid(node, page_keyid(page), (GFP_TRANSHUGE_LIGHT | __GFP_THISNODE), HPAGE_PMD_ORDER); if (!new_page) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 272c6de1bf4e..963f959350e4 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4046,6 +4046,53 @@ should_compact_retry(struct alloc_context *ac, unsigned int order, int alloc_fla } #endif /* CONFIG_COMPACTION */ +#ifndef CONFIG_NUMA +struct page *alloc_pages_vma(gfp_t gfp_mask, int order, + struct vm_area_struct *vma, unsigned long addr, + int node, bool hugepage) +{ + struct page *page; + bool deferred_zero; + int keyid = vma_keyid(vma); + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = alloc_pages(gfp_mask, order); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + + return page; +} +#endif + +/** + * __alloc_pages_node_keyid - allocate a page for a specific KeyID with + * preferred allocation node. + * @nid: the preferred node ID where memory should be allocated + * @keyid: KeyID to use + * @gfp_mask: GFP flags for the allocation + * @order: the page order + * + * Like __alloc_pages_node(), but prepares the page for a specific KeyID. + * + * Return: pointer to the allocated page or %NULL in case of error. + */ +struct page * __alloc_pages_node_keyid(int nid, int keyid, + gfp_t gfp_mask, unsigned int order) +{ + struct page *page; + bool deferred_zero; + + VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES); + VM_WARN_ON(!node_online(nid)); + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = __alloc_pages(gfp_mask, order, nid); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + + return page; +} + #ifdef CONFIG_LOCKDEP static struct lockdep_map __fs_reclaim_map = STATIC_LOCKDEP_MAP_INIT("fs_reclaim", &__fs_reclaim_map); @@ -4757,6 +4804,33 @@ __alloc_pages_nodemask(gfp_t gfp_mask, unsigned int order, int preferred_nid, } EXPORT_SYMBOL(__alloc_pages_nodemask); +/** + * __alloc_pages_nodemask_keyid - allocate a page for a specific KeyID. + * @gfp_mask: GFP flags for the allocation + * @order: the page order + * @preferred_nid: the preferred node ID where memory should be allocated + * @nodemask: allowed nodemask + * @keyid: KeyID to use + * + * Like __alloc_pages_nodemask(), but prepares the page for a specific KeyID. + * + * Return: pointer to the allocated page or %NULL in case of error. + */ +struct page * +__alloc_pages_nodemask_keyid(gfp_t gfp_mask, unsigned int order, + int preferred_nid, nodemask_t *nodemask, int keyid) +{ + struct page *page; + bool deferred_zero; + + deferred_zero = deferred_page_zero(keyid, &gfp_mask); + page = __alloc_pages_nodemask(gfp_mask, order, preferred_nid, nodemask); + if (page) + prep_encrypted_page(page, order, keyid, deferred_zero); + return page; +} +EXPORT_SYMBOL(__alloc_pages_nodemask_keyid); + /* * Common helper functions. Never use with __GFP_HIGHMEM because the returned * address cannot represent highmem pages. Use alloc_pages and then kmap if From patchwork Wed Jul 31 15:07:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068153 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1B80913A4 for ; Wed, 31 Jul 2019 15:10:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 06993204FA for ; Wed, 31 Jul 2019 15:10:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EEB1A20587; Wed, 31 Jul 2019 15:10:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A7962205FC for ; Wed, 31 Jul 2019 15:10:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388476AbfGaPIW (ORCPT ); Wed, 31 Jul 2019 11:08:22 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:42270 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388437AbfGaPIV (ORCPT ); Wed, 31 Jul 2019 11:08:21 -0400 Received: by mail-ed1-f66.google.com with SMTP id v15so66043757eds.9 for ; Wed, 31 Jul 2019 08:08:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AJU4EYtP5Ndll/OqHeAitrNwzvbF49Nst5sv0orja/w=; b=kKXhGbR2JDGE9bSyvxgjKsfR1EooQVCxUWsDBiB/ov2JhR22a80ZVWH6hsoT5t60hW ReQlX2VuPnyHZm+ht43QCRrwOTR4FXEx8N9KLDx8PA4ydWKsR2BIUMxIijk5qFFyJWJR 2f083LoqCGdskXIuleu/ah0wA10Rm17n5y2ig4+kPBzijtTL3lkIw8/27JLPaHybuORM pzMd9bI4PnPnmBKajAUKL8D2paFeEh9jjqZZbZStBfag1gDyfG8bBCKhuARqXP5nW2Pq L1ZhDiLr0HWi2NeMxbyWk+wgHvu/5r9izvPURcblDhh/5L3ApkkaOd6gdu9AGvFSIsuM bwfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AJU4EYtP5Ndll/OqHeAitrNwzvbF49Nst5sv0orja/w=; b=QKgAKg9OCjnqKFNocG7A5569PIFqBzvloqzT4MM3aTtfKRPdOEsfn8JTtKlPpDMgSw IpoycE7h3jc3/YO5eJkF5JLybkmymIT4atvxxY+nib7U9iAIn/kkUIfM5db/LCvDQfsD qT/2EXFGqbT5RfBC8Lge7B7WlIm3d0LLFkZLW6pzCFzYccz7ankDkezrz7KzQubls945 yshZtDi+1CKqAqbq1Co/jxzYlbn/WsCRJzSb/u+1QrUBtz4Z1zZBODZJv6X2de2TXTO2 FOMCXIXpTjwbGzioBywDKvntNSm6KRqXrC7qBJGxqcTg1HFkFgbbHUKjewO24qoBd7QI qVdQ== X-Gm-Message-State: APjAAAU0xafCNExGBl8IZeF08af+KASLAEItx4lhyc9IPqc3OWfj5DH9 uDrFADQhSoC0ythxoyVxlTY= X-Google-Smtp-Source: APXvYqwybSsBXdcn4hH+cdquBQ7naCJOKUH1HBc36wrC3gr3IAtOhb7lLrFtZj0CqBrWNvtjPSNrNw== X-Received: by 2002:aa7:da14:: with SMTP id r20mr107154184eds.65.1564585699886; Wed, 31 Jul 2019 08:08:19 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id o22sm17282787edc.37.2019.07.31.08.08.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 17B6310131D; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 06/59] mm/khugepaged: Handle encrypted pages Date: Wed, 31 Jul 2019 18:07:20 +0300 Message-Id: <20190731150813.26289-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For !NUMA khugepaged allocates page in advance, before we found a VMA for collapse. We don't yet know which KeyID to use for the allocation. The page is allocated with KeyID-0. Once we know that the VMA is suitable for collapsing, we prepare the page for KeyID we need, based on vma_keyid(). Signed-off-by: Kirill A. Shutemov --- mm/khugepaged.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mm/khugepaged.c b/mm/khugepaged.c index eaaa21b23215..ae9bd3b18aa1 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -1059,6 +1059,16 @@ static void collapse_huge_page(struct mm_struct *mm, */ anon_vma_unlock_write(vma->anon_vma); + /* + * At this point new_page is allocated as non-encrypted. + * If VMA's KeyID is non-zero, we need to prepare it to be encrypted + * before coping data. + */ + if (vma_keyid(vma)) { + prep_encrypted_page(new_page, HPAGE_PMD_ORDER, + vma_keyid(vma), false); + } + __collapse_huge_page_copy(pte, new_page, vma, address, pte_ptl); pte_unmap(pte); __SetPageUptodate(new_page); From patchwork Wed Jul 31 15:07:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068155 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A7D52746 for ; Wed, 31 Jul 2019 15:10:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 94EC2201B1 for ; Wed, 31 Jul 2019 15:10:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 87CF1204C1; Wed, 31 Jul 2019 15:10:40 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3919720415 for ; Wed, 31 Jul 2019 15:10:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729529AbfGaPKb (ORCPT ); Wed, 31 Jul 2019 11:10:31 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:39061 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388467AbfGaPIW (ORCPT ); Wed, 31 Jul 2019 11:08:22 -0400 Received: by mail-ed1-f66.google.com with SMTP id m10so66010750edv.6 for ; Wed, 31 Jul 2019 08:08:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=mtVfWkAA6f5+WVvylDNJC/YjX6VpSH295mUWXLakGJs=; b=F6Gayf2vpoXGYJV1uYsSi1oz9m/Dzpd5ss3IOuggi2htSc6htYXpy88IVTNHrSo5Kq hWpzEyAGHC2mXZ2wjIjArOS3WPtQuYHcn8nT+/O5W6T39U8KBhjxYitFwEIaU42F/UUZ MNDJaDmYDJ2rhvFYveEcpSA76sB3cuT4BXBPtSCQ2kN740Cc3sAloiWNwrNa1DM5fuLc QNavgnJR+irD1X17yEJ886mr2816CG2BFT/M05u0Cg9IRy9uHdqMz7DhseDkDzn7Vz3t VhUu8iRxDz4AskPYJARFdivUJOn42HuHlC1NNjkGej7JPSPdAEioY0xwz3pfTdTU9bkn rRzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mtVfWkAA6f5+WVvylDNJC/YjX6VpSH295mUWXLakGJs=; b=M3B9iZXkxJSSVbpCgBqh7+tCZPtfgEPkWCTjBD/4Vvepz9scwrE2GAs37CumIgluHO 4+FJed4YAtnSPJ3gq3D6Xxqrr3udiRomv6H4TLwTOZVpyGCASsgXujhMcCmbxhMbUeek n9cst8gaJc4UHdglYcyWmie24RpHE0QVSwalYJoM/gz9TN8nW9o6/NyY4mdfofj9vgUC Km/o9HA4KdV1vZYbNqSG0RaZggUMN9cFwZJcPXPKJo+e7aWAsMbTJIg7Ak7YUKN9vQaV UjOWAWCfX02u+MDqFPjN05N7RsFfKdhvpxebFZ5p9MA9Jq/QSXH1HrqCKzZMN2Jo4YrT 6y/g== X-Gm-Message-State: APjAAAUgy72kDL47Zh3n9cLzxiZ30fMjWBbAEDNMqrKDlPVq9aC3dBMS e8NKgogSCd8Nv0z3wIwFrqI= X-Google-Smtp-Source: APXvYqxpbVO0IZEgbCImRCWNwH0wevZHXyUPfYVpywOy9u0W0e5mFEX3kiMgbftkDicJ8087eYkuCA== X-Received: by 2002:a17:906:7f16:: with SMTP id d22mr95105774ejr.17.1564585700959; Wed, 31 Jul 2019 08:08:20 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id d7sm16505352edr.39.2019.07.31.08.08.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 1E8B210131E; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 07/59] x86/mm: Mask out KeyID bits from page table entry pfn Date: Wed, 31 Jul 2019 18:07:21 +0300 Message-Id: <20190731150813.26289-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP MKTME claims several upper bits of the physical address in a page table entry to encode KeyID. It effectively shrinks number of bits for physical address. We should exclude KeyID bits from physical addresses. For instance, if CPU enumerates 52 physical address bits and number of bits claimed for KeyID is 6, bits 51:46 must not be threated as part physical address. This patch adjusts __PHYSICAL_MASK during MKTME enumeration. Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 8d6d92ebeb54..f03eee666761 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -616,6 +616,29 @@ static void detect_tme(struct cpuinfo_x86 *c) mktme_status = MKTME_ENABLED; } +#ifdef CONFIG_X86_INTEL_MKTME + if (mktme_status == MKTME_ENABLED && nr_keyids) { + /* + * Mask out bits claimed from KeyID from physical address mask. + * + * For instance, if a CPU enumerates 52 physical address bits + * and number of bits claimed for KeyID is 6, bits 51:46 of + * physical address is unusable. + */ + phys_addr_t keyid_mask; + + keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, c->x86_phys_bits - keyid_bits); + physical_mask &= ~keyid_mask; + } else { + /* + * Reset __PHYSICAL_MASK. + * Maybe needed if there's inconsistent configuation + * between CPUs. + */ + physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + } +#endif + /* * KeyID bits effectively lower the number of physical address * bits. Update cpuinfo_x86::x86_phys_bits accordingly. From patchwork Wed Jul 31 15:07:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068143 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 68924746 for ; Wed, 31 Jul 2019 15:10:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 54109201F5 for ; Wed, 31 Jul 2019 15:10:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 47392204FA; Wed, 31 Jul 2019 15:10:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5DB5F20246 for ; Wed, 31 Jul 2019 15:10:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728567AbfGaPKI (ORCPT ); Wed, 31 Jul 2019 11:10:08 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:43828 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388498AbfGaPIY (ORCPT ); Wed, 31 Jul 2019 11:08:24 -0400 Received: by mail-ed1-f65.google.com with SMTP id e3so66030788edr.10 for ; Wed, 31 Jul 2019 08:08:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2O79cZSevj0fRjj98yOOKrmJ0HJlarDgQ5rQqTlE+Vc=; b=owT4iRH22mETHlgcegYuhOK9u2nliY5q2VeZyUqXWoHHX/n19x6syg9GnDrIywB6W7 APi/TtXQtb/nyf25clrFAdZFZGzagMUnv2Z+2cnjWF04cbPyOCM49Gksu1AvQeUUnvR7 XUl2UNWMozLrrjHv201FJREyJgY9narxPLb1H5CawrRm8y//HMtVsyE9d/mxsDfkAKPA enOpyJ4Rl3qA1WMr8I6NZp5PsirfuPoIKC32e6w353HdSR4LEILwTFl4IFSdfBVVRSfh STKHa9Io28Fnozh/5ryrT10P9Qc9Ssl4F2PLmi5mOWUpEijdd0/vEnnTb2ET+50iJgoQ 809g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2O79cZSevj0fRjj98yOOKrmJ0HJlarDgQ5rQqTlE+Vc=; b=uBd7xyGOL/tsVfErAKuT56j9v0u33K7ll/k4vuUTvORIBrnVAguX5rwrtBfEcxNqn0 VnkvdKSj+0F4q0PMJx9ZaKuKPZNtCfmsKfJYy6a8K8tj8rg3RQNg5j29wowEH1WWnCLO Txize2aErIoQp8GVQMRQ2Nh0pccGjqIyAJOv5Zl61wpDTWucsT/giPjZ7OdyWaSjC/Ib T8iHjDzsWUEl6kyRMGq/Z8Pu4rGUItckNei/krAfUi0yH682o4NR01oliF97ZF7njPit O2CFsxCMYYIjzZKZ+4s2jZngM23MA6FZbHSQYnFNMrV1mKjm9/Q7C+PDz33VEFePw+Br 2J7w== X-Gm-Message-State: APjAAAU0buFf+V6H31bp4cImvPvo8WAJ5IkRSww7hmjFOv6YhE7FqyaM +fMYXnSB4a83V4UtoMXP4ns= X-Google-Smtp-Source: APXvYqwVNuaD30wHzFTa+Rk9wdAadH3VZ+X69/JVMMK7ntSPJ0Jg/TWgZwrRyyNLslnPzeWxXrLqGw== X-Received: by 2002:a17:906:1105:: with SMTP id h5mr26111047eja.53.1564585702584; Wed, 31 Jul 2019 08:08:22 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id k11sm16516389edq.54.2019.07.31.08.08.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 25CB810131F; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 08/59] x86/mm: Introduce helpers to read number, shift and mask of KeyIDs Date: Wed, 31 Jul 2019 18:07:22 +0300 Message-Id: <20190731150813.26289-9-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP mktme_nr_keyids() returns the number of KeyIDs available for MKTME, excluding KeyID zero which used by TME. MKTME KeyIDs start from 1. mktme_keyid_shift() returns the shift of KeyID within physical address. mktme_keyid_mask() returns the mask to extract KeyID from physical address. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 19 +++++++++++++++++++ arch/x86/kernel/cpu/intel.c | 15 ++++++++++++--- arch/x86/mm/Makefile | 2 ++ arch/x86/mm/mktme.c | 27 +++++++++++++++++++++++++++ 4 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 arch/x86/include/asm/mktme.h create mode 100644 arch/x86/mm/mktme.c diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h new file mode 100644 index 000000000000..b9ba2ea5b600 --- /dev/null +++ b/arch/x86/include/asm/mktme.h @@ -0,0 +1,19 @@ +#ifndef _ASM_X86_MKTME_H +#define _ASM_X86_MKTME_H + +#include + +#ifdef CONFIG_X86_INTEL_MKTME +extern phys_addr_t __mktme_keyid_mask; +extern phys_addr_t mktme_keyid_mask(void); +extern int __mktme_keyid_shift; +extern int mktme_keyid_shift(void); +extern int __mktme_nr_keyids; +extern int mktme_nr_keyids(void); +#else +#define mktme_keyid_mask() ((phys_addr_t)0) +#define mktme_nr_keyids() 0 +#define mktme_keyid_shift() 0 +#endif + +#endif diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index f03eee666761..7ba44825be42 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -618,6 +618,9 @@ static void detect_tme(struct cpuinfo_x86 *c) #ifdef CONFIG_X86_INTEL_MKTME if (mktme_status == MKTME_ENABLED && nr_keyids) { + __mktme_nr_keyids = nr_keyids; + __mktme_keyid_shift = c->x86_phys_bits - keyid_bits; + /* * Mask out bits claimed from KeyID from physical address mask. * @@ -625,17 +628,23 @@ static void detect_tme(struct cpuinfo_x86 *c) * and number of bits claimed for KeyID is 6, bits 51:46 of * physical address is unusable. */ - phys_addr_t keyid_mask; + __mktme_keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, mktme_keyid_shift()); + physical_mask &= ~mktme_keyid_mask(); - keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, c->x86_phys_bits - keyid_bits); - physical_mask &= ~keyid_mask; } else { /* * Reset __PHYSICAL_MASK. * Maybe needed if there's inconsistent configuation * between CPUs. + * + * FIXME: broken for hotplug. + * We must not allow onlining secondary CPUs with non-matching + * configuration. */ physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + __mktme_keyid_mask = 0; + __mktme_keyid_shift = 0; + __mktme_nr_keyids = 0; } #endif diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 84373dc9b341..600d18691876 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -53,3 +53,5 @@ obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o + +obj-$(CONFIG_X86_INTEL_MKTME) += mktme.o diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c new file mode 100644 index 000000000000..0f48ef2720cc --- /dev/null +++ b/arch/x86/mm/mktme.c @@ -0,0 +1,27 @@ +#include + +/* Mask to extract KeyID from physical address. */ +phys_addr_t __mktme_keyid_mask; +phys_addr_t mktme_keyid_mask(void) +{ + return __mktme_keyid_mask; +} +EXPORT_SYMBOL_GPL(mktme_keyid_mask); + +/* Shift of KeyID within physical address. */ +int __mktme_keyid_shift; +int mktme_keyid_shift(void) +{ + return __mktme_keyid_shift; +} +EXPORT_SYMBOL_GPL(mktme_keyid_shift); + +/* + * Number of KeyIDs available for MKTME. + * Excludes KeyID-0 which used by TME. MKTME KeyIDs start from 1. + */ +int __mktme_nr_keyids; +int mktme_nr_keyids(void) +{ + return __mktme_nr_keyids; +} From patchwork Wed Jul 31 15:07:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068141 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 167FD13A4 for ; Wed, 31 Jul 2019 15:10:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EEE9020416 for ; Wed, 31 Jul 2019 15:10:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E2BD22023F; Wed, 31 Jul 2019 15:10:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 75B3B20416 for ; Wed, 31 Jul 2019 15:10:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388525AbfGaPIY (ORCPT ); Wed, 31 Jul 2019 11:08:24 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:44789 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388437AbfGaPIY (ORCPT ); Wed, 31 Jul 2019 11:08:24 -0400 Received: by mail-ed1-f66.google.com with SMTP id k8so65977937edr.11 for ; Wed, 31 Jul 2019 08:08:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=L4ZEjLjovYwhlc3sfcyK0re0l8xj15Oya4gREJZsXus=; b=V5rpp3X2+p+VVm7FssSRodlU6DS9SwQLhXjimNRTkFMkTWsFbd7HkizFtVyE1zIrzy fPAuOPVVJeqlsLEhPRbCqOeRCbvW4JadhbicVgcow8yaygfiy6y17rqCfH03Rty6YhXj 6s+mjRzfpE3alGhAXjgL2hhfWjPdDRz/hcRhXF1/iJC59vgvEz7fzn3mLdZt0saq8R+2 YGro+1SRX76SodqfwZnA/6i9jWHWw9pBsAVy22+H2tRm7Z7bX/jkLZMKy9nrKbtBjbdn RE6jWJDgv80mFQO3CN2q3IrNNli2rX+pB/Xw9tJK/WnQpL2UfFVX1jHzcoNvANMfNeEh hhxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=L4ZEjLjovYwhlc3sfcyK0re0l8xj15Oya4gREJZsXus=; b=bHz3Msq2JCFeYkV8ShGNzYeDhBG4JWgLYmYx0r9O6vOaH83uAG8t5tcZkRD5vvJYlB g8XB5H/v26098GCGt9YTLykhpMYYY5N6WNJDtYP3kIDnbCi7BK8jcVnsvaF6iWeFDA1W g2TH0UZnR22P+L0aMhV0+7YWvgMdAWZhh1UfBfFcoEzn7Xx55QOistk/0yKjYJLFxU9x R0lt+t/EXHFPlSKfxKTB/FtYVvqd1row939Mv8wxyRWnML07AZd8sJaJK1WqYnCYeXT8 VIMUBTi1HFiyUGXks0cLiWSlejozv9zNWkWE3BfDX2I13lqGOYbHsMnMaUwUzSpGbMnz J4NA== X-Gm-Message-State: APjAAAUf6I7lkcNhdyzt5uvTzywBW7gxmO3NzOqgRuXPsLPU9uML8t+G I+OL2ss/+t1CX/gd6AJOXKE= X-Google-Smtp-Source: APXvYqxJ9S0tGP2IpyXLxIjktlIQlFGvLsty4aUseBEocKbxQZsdfbX5PxHe1B3ZlzdQoz5XJNRh9g== X-Received: by 2002:a17:906:4d88:: with SMTP id s8mr92464687eju.225.1564585702235; Wed, 31 Jul 2019 08:08:22 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id q11sm268380ejt.74.2019.07.31.08.08.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 2CA2A101320; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 09/59] x86/mm: Store bitmask of the encryption algorithms supported by MKTME Date: Wed, 31 Jul 2019 18:07:23 +0300 Message-Id: <20190731150813.26289-10-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Store bitmask of the supported encryption algorithms in 'mktme_algs'. This will be used by key management service. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 2 ++ arch/x86/kernel/cpu/intel.c | 6 +++++- arch/x86/mm/mktme.c | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index b9ba2ea5b600..42a3b1b44669 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -10,6 +10,8 @@ extern int __mktme_keyid_shift; extern int mktme_keyid_shift(void); extern int __mktme_nr_keyids; extern int mktme_nr_keyids(void); +extern unsigned int mktme_algs; + #else #define mktme_keyid_mask() ((phys_addr_t)0) #define mktme_nr_keyids() 0 diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 7ba44825be42..991bdcb2a55a 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -553,6 +553,8 @@ static void detect_vmx_virtcap(struct cpuinfo_x86 *c) #define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ #define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 +#define TME_ACTIVATE_CRYPTO_KNOWN_ALGS TME_ACTIVATE_CRYPTO_AES_XTS_128 + /* Values for mktme_status (SW only construct) */ #define MKTME_ENABLED 0 #define MKTME_DISABLED 1 @@ -596,7 +598,7 @@ static void detect_tme(struct cpuinfo_x86 *c) pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_KNOWN_ALGS)) { pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", tme_crypto_algs); mktme_status = MKTME_DISABLED; @@ -631,6 +633,8 @@ static void detect_tme(struct cpuinfo_x86 *c) __mktme_keyid_mask = GENMASK_ULL(c->x86_phys_bits - 1, mktme_keyid_shift()); physical_mask &= ~mktme_keyid_mask(); + tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); + mktme_algs = tme_crypto_algs & TME_ACTIVATE_CRYPTO_KNOWN_ALGS; } else { /* * Reset __PHYSICAL_MASK. diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 0f48ef2720cc..755afc6935b5 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -25,3 +25,5 @@ int mktme_nr_keyids(void) { return __mktme_nr_keyids; } + +unsigned int mktme_algs; From patchwork Wed Jul 31 15:07:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068151 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9F25174A for ; Wed, 31 Jul 2019 15:10:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A64A8205A4 for ; Wed, 31 Jul 2019 15:10:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9A185205FD; Wed, 31 Jul 2019 15:10:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3EB7B205A4 for ; Wed, 31 Jul 2019 15:10:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729363AbfGaPKV (ORCPT ); Wed, 31 Jul 2019 11:10:21 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:38786 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388482AbfGaPIX (ORCPT ); Wed, 31 Jul 2019 11:08:23 -0400 Received: by mail-ed1-f68.google.com with SMTP id r12so31220329edo.5 for ; Wed, 31 Jul 2019 08:08:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UEVrEENQF6GgqskaCpeVIXbw1wxW9ZHP7LEfmwaIX1Y=; b=McRooZfyR/RpXN5XMwhhQ4fnXOkpn46XyCphce8PhxPou3dx2i+zeEUPZwHp8TipgC BGI1enXNjaRfPWABi/58N/CnaStzBfe7I/sVoHLEwUVWO5RPpvbMnQlhUk+vrP5KitP0 xlN7apakZ23IIc8QM67elrLhwzfh8ZdwIfgG4AOrbh58L2rHumcrLS2HKAJ0RvRNAs4E tHD5vqNYW5h49SvrGSAt/0No/7IhX7t7K59+y1G7hgFuma9uWtGUIV6MdVueE6BaPNDj +qOFDedI65e57Y1anrGxh7x7TSxMfmTc9skU5uDbNPifz28H6hTWzz2877Q1hXd1xky2 0RXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UEVrEENQF6GgqskaCpeVIXbw1wxW9ZHP7LEfmwaIX1Y=; b=G1RHbHL7VwF7RUBrmRqzL7TxVKVgd7pGOrC0ANwvFRDZR0Dx5349NR2vd/O1Ke3UAS PYCQ4d35KylqT4cCyJnge0NmmEJTrMaO2c3HWK6uacgkqrj9qhlE7KVOHRlgdPpYFf8F km/ZoaF2qkPHKpW1BuuZqSPSgLJtnL73KX8svLSYsZACL39MpJ6tChSCd0fojNj0UvSa JdaASEjnXAkNcrPaYECz6fDpHQ6Mc53uZSUCvimLpkBeLu01WeXMwjJLTAfhgjgovvlb COgyXphsrbTauVz0/ddlPvNIvj73fopB+exSoMkj05PeXQSBDPot928xWXlWhsPE0mzR HoOA== X-Gm-Message-State: APjAAAWvRdoHyZ+fjtp+mpkQ2luNFdLOy1WsJbMliALGUTcujBJ8dj/0 XNSfOp6So1gH4XCrIF66uxQ= X-Google-Smtp-Source: APXvYqz0kJ4Lqf/rOwIPdDm01UGfUWsjDSwUjlM7k6Av4cmEuFi6nnooAYqixqH6Nb/ho2xl1lQryA== X-Received: by 2002:a50:a3ec:: with SMTP id t41mr107352548edb.43.1564585701601; Wed, 31 Jul 2019 08:08:21 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id a9sm17507685edc.44.2019.07.31.08.08.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:19 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 33AC2101321; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 10/59] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() Date: Wed, 31 Jul 2019 18:07:24 +0300 Message-Id: <20190731150813.26289-11-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP An encrypted VMA will have KeyID stored in vma->vm_page_prot. This way we don't need to do anything special to setup encrypted page table entries and don't need to reserve space for KeyID in a VMA. This patch changes _PAGE_CHG_MASK to include KeyID bits. Otherwise they are going to be stripped from vm_page_prot on the first pgprot_modify(). Define PTE_PFN_MASK_MAX similar to PTE_PFN_MASK but based on __PHYSICAL_MASK_SHIFT. This way we include whole range of bits architecturally available for PFN without referencing physical_mask and mktme_keyid_mask variables. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/pgtable_types.h | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index b5e49e6bac63..c23793146759 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -116,12 +116,25 @@ _PAGE_ACCESSED | _PAGE_DIRTY) /* - * Set of bits not changed in pte_modify. The pte's - * protection key is treated like _PAGE_RW, for - * instance, and is *not* included in this mask since - * pte_modify() does modify it. + * Set of bits not changed in pte_modify. + * + * The pte's protection key is treated like _PAGE_RW, for instance, and is + * *not* included in this mask since pte_modify() does modify it. + * + * They include the physical address and the memory encryption keyID. + * The paddr and the keyID never occupy the same bits at the same time. + * But, a given bit might be used for the keyID on one system and used for + * the physical address on another. As an optimization, we manage them in + * one unit here since their combination always occupies the same hardware + * bits. PTE_PFN_MASK_MAX stores combined mask. + * + * Cast PAGE_MASK to a signed type so that it is sign-extended if + * virtual addresses are 32-bits but physical addresses are larger + * (ie, 32-bit PAE). */ -#define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ +#define PTE_PFN_MASK_MAX \ + (((signed long)PAGE_MASK) & ((1ULL << __PHYSICAL_MASK_SHIFT) - 1)) +#define _PAGE_CHG_MASK (PTE_PFN_MASK_MAX | _PAGE_PCD | _PAGE_PWT | \ _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ _PAGE_SOFT_DIRTY | _PAGE_DEVMAP) #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE) From patchwork Wed Jul 31 15:07:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068137 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2AB3813A4 for ; Wed, 31 Jul 2019 15:09:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1467E201BD for ; Wed, 31 Jul 2019 15:09:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 05632201F3; Wed, 31 Jul 2019 15:09:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AD8D4201B0 for ; Wed, 31 Jul 2019 15:09:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388335AbfGaPJt (ORCPT ); Wed, 31 Jul 2019 11:09:49 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:42283 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388544AbfGaPI1 (ORCPT ); Wed, 31 Jul 2019 11:08:27 -0400 Received: by mail-ed1-f67.google.com with SMTP id v15so66044045eds.9 for ; Wed, 31 Jul 2019 08:08:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D3iLJ7KF8Vm9odDmu+BTFZ/KOQRQtwHyPsHUVXUW2iI=; b=kM1i0F40FYXfEMcdQiR9VUZLV2aBUr0DIlco9iB3hlWgYlqGoH3YhFqThyiuG3GlhU MICJOrT8oqR+53hRqgv3cF8csRqL1xVpyX6tD/ZJaUBHXHN9slodEDUAQFc2ndeYmsWR WW3A0qapPQ7CP1xULEMwz3e4zS5z/Rmun6q/0nEmdJiaXIJHY6yN81AnytapRernvBrE raTbz2gJS/FTTNoeLLnIs+MXpv+7iucyiiIu1zFPo09iRbaEfSGAfhH+M11KFAhMEC6e NwTMUxuK0IGQ7DtfynJRVOV/piQIKxKjIlGe+MhgETY+7kSa+fXty72q0sWznKXB/EmX L2Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D3iLJ7KF8Vm9odDmu+BTFZ/KOQRQtwHyPsHUVXUW2iI=; b=cENcpnH0/vNWyRkB7u9oKKGW5qGe4ie6NdlnbHCMSqmxOaccEnMnv/Y6BHSMMlXhqH G4ht3SEjm6bGdf1r2vbzdhkLC1gEdO+cKmEeucf+PbSiTCVfSkTKNVoufHUsee6/ZHV3 mIiq6ROG1vGgxglJ2ktQuCzd/uBmekcyIzLn+MthiZwmPuEshzCujq3jvP2xc3nSyfjG BzfHjD4n0WNFpmbxUx8pcPezdHnOxWm/lsJYbLm4UB9rpFGYhAQHjpk6r9ICF3lvabgO l7iZnt0D+ty0046LaD7Uc+DF8UMMgx+dprvpMpXjU4QJbU/NeJJTPNJV81CmZnZDAptB Rl/Q== X-Gm-Message-State: APjAAAXwYJF7214eAlHizFuIQJe1E7babTngEv7UNWCasCr1Rf6FB7n5 t6cssv7Rx0wEaSGGEsf7g7w= X-Google-Smtp-Source: APXvYqzHXFkffBxAenDjJHEoVzdmjQiN5+u8mCxxAUf8k5rkMpqzlIwg7G5dir5Kcyl0q83T3wGkPw== X-Received: by 2002:a17:906:1496:: with SMTP id x22mr96005472ejc.191.1564585705643; Wed, 31 Jul 2019 08:08:25 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id u7sm12521820ejm.48.2019.07.31.08.08.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 3A8CF101322; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 11/59] x86/mm: Detect MKTME early Date: Wed, 31 Jul 2019 18:07:25 +0300 Message-Id: <20190731150813.26289-12-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We need to know the number of KeyIDs before page_ext is initialized. We are going to use page_ext to store KeyID and it would be handly to avoid page_ext allocation if there's no MKMTE in the system. page_ext initialization happens before full CPU initizliation is complete. Move detect_tme() call to early_init_intel(). Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 991bdcb2a55a..4c2d70287eb4 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -187,6 +187,8 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) return false; } +static void detect_tme(struct cpuinfo_x86 *c); + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -338,6 +340,9 @@ static void early_init_intel(struct cpuinfo_x86 *c) */ if (detect_extended_topology_early(c) < 0) detect_ht_early(c); + + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme(c); } #ifdef CONFIG_X86_32 @@ -793,9 +798,6 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_VMX)) detect_vmx_virtcap(c); - if (cpu_has(c, X86_FEATURE_TME)) - detect_tme(c); - init_intel_misc_features(c); } From patchwork Wed Jul 31 15:07:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068135 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 19CD913A4 for ; Wed, 31 Jul 2019 15:09:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 04095201B0 for ; Wed, 31 Jul 2019 15:09:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EBA49201BC; Wed, 31 Jul 2019 15:09:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7721F201B0 for ; Wed, 31 Jul 2019 15:09:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388568AbfGaPI1 (ORCPT ); Wed, 31 Jul 2019 11:08:27 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:33626 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388539AbfGaPI0 (ORCPT ); Wed, 31 Jul 2019 11:08:26 -0400 Received: by mail-ed1-f66.google.com with SMTP id i11so2524704edq.0 for ; Wed, 31 Jul 2019 08:08:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=q8h8DuVZ5xqSTX4iLf3cQ6iXDhp5mBASA+A6l/JBLBE=; b=xxeSkAF5F8BawgLqggNa1C7KQakAR8Gv8h1EsF9xRhmGHNoCGehH3y2hhSqsXfI5VJ 3IilhUftK/xfQ1BnFLgLdvpKCmJ3WwNKEewuA5okNvH6OWLT4DheVpmjwRezMEp1EoLb cEOJRnsObjp7GY+LhQc917g8k4Smbt70KSqtn9oRD2tQKIfdLXGCKJvqAZsVJ9RWw2dO ThOpF2m3RrB6lsEasxt939gWNpmK3KvPm+ql5vM7ySNsmqzc+R1EUB7t2y4I3fIGrrXW rrTV6R88NJzTEBXXBTrSYqX77BfI78EbIRJPLpACwzuWGMppXW6XpW/8jy6s4yZRv03P xuRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=q8h8DuVZ5xqSTX4iLf3cQ6iXDhp5mBASA+A6l/JBLBE=; b=rh/JKJEcqzjz6vSocmDcYj6hDSpMvPfXi/QzDm3BU4VTp9MZX8q10WcThksyqDs48f tTETJ9lRDoFzjiyFasWpzeeAXy3whClI1LAiwHqFq5X+J7vDts+xmVtkGDFeamOBXEVs OXxkz4ZyLvmSk9Z+5gbXxmcbqiogXf9Urn5l9Ho6GdXRt+b28OQwy7Fo23TBW3cgegb7 jG4aI8o4WSUQkj1gXp35SjIuVjtj46tEIZEkbumY11p0qde6jEbt9ys5FKxKtwdInVBd Q2OB4SYH6Dwy39n9fxVhbP7PHhQiDJXbXARrQIRrqMCJGrWWHB/HfdgnA04+4b2cBmnO XDRQ== X-Gm-Message-State: APjAAAV6LiN+K4Bs4rzaahB93XWtrJR/nzhSaaneC6REiVMHBGowyoy1 Z2Q9Y0PlxeGLPf/TnbyMRTw= X-Google-Smtp-Source: APXvYqykMoqa/jurqmu5qCOTL3FrslOXZsy/cIIViiTktYJvWElboFgFu3JaIVvQUCRpd7Slsk2q4Q== X-Received: by 2002:aa7:ce91:: with SMTP id y17mr36108223edv.56.1564585705169; Wed, 31 Jul 2019 08:08:25 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id z40sm17288443edb.61.2019.07.31.08.08.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 41A93101323; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 12/59] x86/mm: Add a helper to retrieve KeyID for a page Date: Wed, 31 Jul 2019 18:07:26 +0300 Message-Id: <20190731150813.26289-13-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP page_ext allows to store additional per-page information without growing main struct page. The additional space can be requested at boot time. Store KeyID in bits 31:16 of extended page flags. These bits are unused. page_keyid() returns zero until page_ext is ready. page_ext initializer enables a static branch to indicate that page_keyid() can use page_ext. The same static branch will gate MKTME readiness in general. We don't yet set KeyID for the page. It will come in the following patch that implements prep_encrypted_page(). All pages have KeyID-0 for now. page_keyid() will be used by KVM which can be built as a module. We need to export mktme_enabled_key to be able to inline page_keyid(). Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 26 ++++++++++++++++++++++++++ arch/x86/include/asm/page.h | 1 + arch/x86/mm/mktme.c | 21 +++++++++++++++++++++ include/linux/mm.h | 2 +- include/linux/page_ext.h | 11 ++++++++++- mm/page_ext.c | 3 +++ 6 files changed, 62 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 42a3b1b44669..46041075f617 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -2,6 +2,8 @@ #define _ASM_X86_MKTME_H #include +#include +#include #ifdef CONFIG_X86_INTEL_MKTME extern phys_addr_t __mktme_keyid_mask; @@ -12,10 +14,34 @@ extern int __mktme_nr_keyids; extern int mktme_nr_keyids(void); extern unsigned int mktme_algs; +DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); +static inline bool mktme_enabled(void) +{ + return static_branch_unlikely(&mktme_enabled_key); +} + +extern struct page_ext_operations page_mktme_ops; + +#define page_keyid page_keyid +static inline int page_keyid(const struct page *page) +{ + if (!mktme_enabled()) + return 0; + + return lookup_page_ext(page)->keyid; +} + #else #define mktme_keyid_mask() ((phys_addr_t)0) #define mktme_nr_keyids() 0 #define mktme_keyid_shift() 0 + +#define page_keyid(page) 0 + +static inline bool mktme_enabled(void) +{ + return false; +} #endif #endif diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h index 7555b48803a8..39af59487d5f 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -19,6 +19,7 @@ struct page; #include +#include extern struct range pfn_mapped[]; extern int nr_pfn_mapped; diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 755afc6935b5..48c2d4c97356 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -27,3 +27,24 @@ int mktme_nr_keyids(void) } unsigned int mktme_algs; + +DEFINE_STATIC_KEY_FALSE(mktme_enabled_key); +EXPORT_SYMBOL_GPL(mktme_enabled_key); + +static bool need_page_mktme(void) +{ + /* Make sure keyid doesn't collide with extended page flags */ + BUILD_BUG_ON(__NR_PAGE_EXT_FLAGS > 16); + + return !!mktme_nr_keyids(); +} + +static void init_page_mktme(void) +{ + static_branch_enable(&mktme_enabled_key); +} + +struct page_ext_operations page_mktme_ops = { + .need = need_page_mktme, + .init = init_page_mktme, +}; diff --git a/include/linux/mm.h b/include/linux/mm.h index af1a56ff6764..3f9640f388ac 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1645,7 +1645,7 @@ static inline int vma_keyid(struct vm_area_struct *vma) #endif #ifndef page_keyid -static inline int page_keyid(struct page *page) +static inline int page_keyid(const struct page *page) { return 0; } diff --git a/include/linux/page_ext.h b/include/linux/page_ext.h index 09592951725c..a9fa95ae9847 100644 --- a/include/linux/page_ext.h +++ b/include/linux/page_ext.h @@ -22,6 +22,7 @@ enum page_ext_flags { PAGE_EXT_YOUNG, PAGE_EXT_IDLE, #endif + __NR_PAGE_EXT_FLAGS }; /* @@ -32,7 +33,15 @@ enum page_ext_flags { * then the page_ext for pfn always exists. */ struct page_ext { - unsigned long flags; + union { + unsigned long flags; +#ifdef CONFIG_X86_INTEL_MKTME + struct { + unsigned short __pad; + unsigned short keyid; + }; +#endif + }; }; extern void pgdat_page_ext_init(struct pglist_data *pgdat); diff --git a/mm/page_ext.c b/mm/page_ext.c index 5f5769c7db3b..c52b77c13cd9 100644 --- a/mm/page_ext.c +++ b/mm/page_ext.c @@ -65,6 +65,9 @@ static struct page_ext_operations *page_ext_ops[] = { #if defined(CONFIG_IDLE_PAGE_TRACKING) && !defined(CONFIG_64BIT) &page_idle_ops, #endif +#ifdef CONFIG_X86_INTEL_MKTME + &page_mktme_ops, +#endif }; static unsigned long total_usage; From patchwork Wed Jul 31 15:07:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068139 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 06E3D746 for ; Wed, 31 Jul 2019 15:09:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6F2A201B1 for ; Wed, 31 Jul 2019 15:09:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DADB2201F3; Wed, 31 Jul 2019 15:09:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B7B5201B1 for ; Wed, 31 Jul 2019 15:09:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388558AbfGaPI1 (ORCPT ); Wed, 31 Jul 2019 11:08:27 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:35726 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388534AbfGaPI0 (ORCPT ); Wed, 31 Jul 2019 11:08:26 -0400 Received: by mail-ed1-f66.google.com with SMTP id w20so65995401edd.2 for ; Wed, 31 Jul 2019 08:08:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JEZNWwFcWS55jw+6SIN48eCAvZTaxQLDv71jatzDjOE=; b=BHAeXd7gVXgBxYu3UUq38JWfB9LxZIY8nRNcqLidTcyniNbN1kGL7m8gr0DYCgHyfo bYCkEUg7twHqYl9//YYyF3oRucuIzp6d8krWu5AXZuwBtWBWqFWBt/UfnX3pxSNussqT vPwPX9shBW0HElOKWXJF5lb9bZsc1LRrg5iG4cMsZyUylv9NMvgzxJC+ak2MqH41uDGx kDLz4WiHVp5dMULHZ0AJck/7y17op+S1LY4RIr4iUP8aw3l+KaMe13SwSVOBLq30rQZD RxmVZou3sCnH16cwB+iAELC3TlHF1bUMdJfNLvVlBfrQL9P/s9szyRTBQ5Oj+oYcjPpJ mDPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JEZNWwFcWS55jw+6SIN48eCAvZTaxQLDv71jatzDjOE=; b=UXp7Y/j9aKAjfj4U6SSru08t+8msmBSaFSyyXPoDB0ZLkJ3t91RZrwB37BY0fE/zrj qsC7jdHkNLtCT+9lrNLcljel2TERx31wnlu08OEH3gQM8yBxyih1muQ4MP2Op2qC/T5j +e6emtzvjouflFtAj+8+nVPc5n7bCB+6I9oil61s5/ArLQ7tb/dCRfCrfX248p0p1CzK erR+9hKCh7plPLFRkNdhSPjZhvtGYXiNVPtZMGUTBkvsPVKos7L0Vwoyy8l/YBp5UNmY x8QTlFMuEDClXHXL/UOQyGmfPpNZFeladxDgZ+a7IOuRpSQXwjBt6RkLunNPJUAycWPb XAQw== X-Gm-Message-State: APjAAAUs16zqiV7T/3wcqsr51oaq+T+LIe8bWn2jZX55okZalynYkERy L700I24OUuIiKrSxBlUg14E= X-Google-Smtp-Source: APXvYqwrlyk+jtOIzcQNAVf6976bJtJVVuXE4BPNEUU4FrC1EBQZ1KrsVfR+sDVvD7XGNJvKjIp/UA== X-Received: by 2002:a05:6402:1212:: with SMTP id c18mr108401816edw.7.1564585704701; Wed, 31 Jul 2019 08:08:24 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id w14sm17419509eda.69.2019.07.31.08.08.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 48F28101324; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 13/59] x86/mm: Add a helper to retrieve KeyID for a VMA Date: Wed, 31 Jul 2019 18:07:27 +0300 Message-Id: <20190731150813.26289-14-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We store KeyID in upper bits for vm_page_prot that match position of KeyID in PTE. vma_keyid() extracts KeyID from vm_page_prot. With KeyID in vm_page_prot we don't need to modify any page table helper to propagate the KeyID to page table entires. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 12 ++++++++++++ arch/x86/mm/mktme.c | 7 +++++++ 2 files changed, 19 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 46041075f617..52b115b30a42 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -5,6 +5,8 @@ #include #include +struct vm_area_struct; + #ifdef CONFIG_X86_INTEL_MKTME extern phys_addr_t __mktme_keyid_mask; extern phys_addr_t mktme_keyid_mask(void); @@ -31,6 +33,16 @@ static inline int page_keyid(const struct page *page) return lookup_page_ext(page)->keyid; } +#define vma_keyid vma_keyid +int __vma_keyid(struct vm_area_struct *vma); +static inline int vma_keyid(struct vm_area_struct *vma) +{ + if (!mktme_enabled()) + return 0; + + return __vma_keyid(vma); +} + #else #define mktme_keyid_mask() ((phys_addr_t)0) #define mktme_nr_keyids() 0 diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 48c2d4c97356..d02867212e33 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,3 +1,4 @@ +#include #include /* Mask to extract KeyID from physical address. */ @@ -48,3 +49,9 @@ struct page_ext_operations page_mktme_ops = { .need = need_page_mktme, .init = init_page_mktme, }; + +int __vma_keyid(struct vm_area_struct *vma) +{ + pgprotval_t prot = pgprot_val(vma->vm_page_prot); + return (prot & mktme_keyid_mask()) >> mktme_keyid_shift(); +} From patchwork Wed Jul 31 15:07:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068125 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA42D174A for ; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A6F67201B0 for ; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 98897201B1; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1A95C201BD for ; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388608AbfGaPIa (ORCPT ); Wed, 31 Jul 2019 11:08:30 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:44798 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388562AbfGaPI3 (ORCPT ); Wed, 31 Jul 2019 11:08:29 -0400 Received: by mail-ed1-f65.google.com with SMTP id k8so65978169edr.11 for ; Wed, 31 Jul 2019 08:08:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BL5Bv5lW/jYayEJoRe2+9QezMkCC+60ESskc5jI43rc=; b=Z+QZrz8RxaQVkEmqQR+P3He1RAcsz276GYydPQCrBvVFzTQKhJYu7NE41afsSGcW6+ PEkJHs8N+UZO3AYfKlsxwVJLTOvBwiOb7PnAjByNuwdd5U2faK6XX8qM7PxvuCxO/mbu tGAo18iJgYPJ1Ot5DSRbXJIlTHuucTq2ZxCKM1dP5WZHTSE1FnneQRwt/g0J7LAxwo9y 1kEtDf3Gtz6f8i1Dcl7z5jwv2Di5k2T62pCpUzzd1Hc8x6HKFWlkGzFRwJd9NLtmsaB8 eZcrNUzOtJQwWsRlLRsolI/HegBB7F8KhoBR5T1awdNiOE/MGBOV2CCucAo20gDECZFx G0pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BL5Bv5lW/jYayEJoRe2+9QezMkCC+60ESskc5jI43rc=; b=DiqUuJORnXV5wTxbcryPZl6uks5jlyuHQ08soyCqlBWIyKn9GKIHkzVPAcGTpiTj0d XhrKoHVK8pR1azIrk8jNmfkjo3I+3WxRn3fC4O9e43YGynNT3N6FMFvhjwm/zOpT/t0s pLGXKrLrbOTGPe66aTdOMKZc7h1oM2UXYQq2W/x0zkq9cGu4rNGMYUxQQy4V8IJwVYKi xuEJ0Kqa9kKjjFnZ0O83jRMrAhsg2TZYmivMSKvhvaeNHzti1OfNY8mNfjfoYG1mnwan KRiPqXyDINFFoba86o9owNe3YdrQHlKz7HQgnNF/c/KfKqHBZi57EqDYsQXQAqB79lb3 GECw== X-Gm-Message-State: APjAAAVh37Uaq317GI3wqClYmR2+WRSBEbsVreuSVqzuirCzXTsab2bH XcQ8WBkywsp7khS3arOyDqw= X-Google-Smtp-Source: APXvYqznZSrsxmfkB4pexMYFvT9i/MDUnejlA2skN/Nit1TPuevFqcmrEwStP937D+YpXbOTCbclHw== X-Received: by 2002:a17:906:604c:: with SMTP id p12mr94494193ejj.26.1564585706687; Wed, 31 Jul 2019 08:08:26 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id t16sm8546953ejr.83.2019.07.31.08.08.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 5011C101C44; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 14/59] x86/mm: Add hooks to allocate and free encrypted pages Date: Wed, 31 Jul 2019 18:07:28 +0300 Message-Id: <20190731150813.26289-15-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hook up into page allocator to allocate and free encrypted page properly. The hardware/CPU does not enforce coherency between mappings of the same physical page with different KeyIDs or encryption keys. We are responsible for cache management. Flush cache on allocating encrypted page and on returning the page to the free pool. prep_encrypted_page() also takes care about zeroing the page. We have to do this after KeyID is set for the page. The patch relies on page_address() to return virtual address of the page mapping with the current KeyID. It will be implemented later in the patchset. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 17 ++++++++ arch/x86/mm/mktme.c | 83 ++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 52b115b30a42..a61b45fca4b1 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -43,6 +43,23 @@ static inline int vma_keyid(struct vm_area_struct *vma) return __vma_keyid(vma); } +#define prep_encrypted_page prep_encrypted_page +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero); +static inline void prep_encrypted_page(struct page *page, int order, + int keyid, bool zero) +{ + if (keyid) + __prep_encrypted_page(page, order, keyid, zero); +} + +#define HAVE_ARCH_FREE_PAGE +void free_encrypted_page(struct page *page, int order); +static inline void arch_free_page(struct page *page, int order) +{ + if (page_keyid(page)) + free_encrypted_page(page, order); +} + #else #define mktme_keyid_mask() ((phys_addr_t)0) #define mktme_nr_keyids() 0 diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index d02867212e33..8015e7822c9b 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,4 +1,5 @@ #include +#include #include /* Mask to extract KeyID from physical address. */ @@ -55,3 +56,85 @@ int __vma_keyid(struct vm_area_struct *vma) pgprotval_t prot = pgprot_val(vma->vm_page_prot); return (prot & mktme_keyid_mask()) >> mktme_keyid_shift(); } + +/* Prepare page to be used for encryption. Called from page allocator. */ +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + * + * Flush cache lines with KeyID-0. page_address() returns virtual + * address of the page mapping with the current (zero) KeyID. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* All pages coming out of the allocator should have KeyID 0 */ + WARN_ON_ONCE(lookup_page_ext(page)->keyid); + + /* + * Change KeyID. From now on page_address() will return address + * of the page mapping with the new KeyID. + * + * We don't need barrier() before the KeyID change because + * clflush_cache_range() above stops compiler from reordring + * past the point with mb(). + * + * And we don't need a barrier() after the assignment because + * any future reference of KeyID (i.e. from page_address()) + * will create address dependency and compiler is not allow to + * mess with this. + */ + lookup_page_ext(page)->keyid = keyid; + + /* Clear the page after the KeyID is set. */ + if (zero) + clear_highpage(page); + + page++; + } +} + +/* + * Handles freeing of encrypted page. + * Called from page allocator on freeing encrypted page. + */ +void free_encrypted_page(struct page *page, int order) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + * + * Flush cache lines with non-0 KeyID. page_address() returns virtual + * address of the page mapping with the current (non-zero) KeyID. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* Check if the page has reasonable KeyID */ + WARN_ON_ONCE(!lookup_page_ext(page)->keyid); + WARN_ON_ONCE(lookup_page_ext(page)->keyid > mktme_nr_keyids()); + + /* + * Switch the page back to zero KeyID. + * + * We don't need barrier() before the KeyID change because + * clflush_cache_range() above stops compiler from reordring + * past the point with mb(). + * + * And we don't need a barrier() after the assignment because + * any future reference of KeyID (i.e. from page_address()) + * will create address dependency and compiler is not allow to + * mess with this. + */ + lookup_page_ext(page)->keyid = 0; + page++; + } +} From patchwork Wed Jul 31 15:07:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068129 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3125E13A4 for ; Wed, 31 Jul 2019 15:09:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1D8DC201F3 for ; Wed, 31 Jul 2019 15:09:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 11B8C201BC; Wed, 31 Jul 2019 15:09:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B5F72201B1 for ; Wed, 31 Jul 2019 15:09:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388598AbfGaPI3 (ORCPT ); Wed, 31 Jul 2019 11:08:29 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:42289 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388573AbfGaPI3 (ORCPT ); Wed, 31 Jul 2019 11:08:29 -0400 Received: by mail-ed1-f67.google.com with SMTP id v15so66044143eds.9 for ; Wed, 31 Jul 2019 08:08:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3Khe0ucVPgmVgmnJxVPmTI2qFbR46a/XU3GbaeIl9uc=; b=gQI/TJw+wOqQw6LekNivfnNF6fibSqE/4WRzpwQ/xFvdfdzWIOKXpHhUn1bQVL5jdd s8R19Qps0QXcAPV0lO52UPBPITRDjAjDh/SdNDwu3XRjm5lsTT8qIamQcIZguTQYJIiB yIDfiSG+yNKGj0VjCG1RwhE4MWsax7zVXdKlnNwaiqDH/+nGjkdysfv6DFMPxlgpyJ3M o4jOiLhIl2Dn3zA6LPYDjCqNEtUQXPdGkN8q+07zTnoXPf13J7sXjetyVxHr4kSOq0fX pfmdMsUgm3rA6XWvbZ6saiZTASDDzRaVlogKfpNeKQARtiXGKhBjMKlIiR+9TtiOMwHK UhzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3Khe0ucVPgmVgmnJxVPmTI2qFbR46a/XU3GbaeIl9uc=; b=NVUGWyNimqY52RnZmIr+lFd7nBzFjTaHS01KIPq663kwh2ohm64NkYXigmcqc9/PHh gpPtW4IvYIbVzWvm0CM1vJA9/fnNHuvb577gohvgrlmsraqKV45VK/gIxY2zILnJGnE7 Fdt2EcPCscE+Gg+tMIFjDPPxNYsX878mR2ZqSfqjkNRDsDUa3Ih5FNuOM5YRMUJkBff3 WYwwMG7ooJih27U80Us6tSLs9bn3bLJg2YimpoQv9dfMbwOSe+h+ksExkSYbLDWcrfSb tMFyzvLnhykkNv+PEcOl+OfaOLLinRzB8xQrqtSzeR1oM91oVfeKW/50BKhcsrhLsXx2 dqOQ== X-Gm-Message-State: APjAAAUcvItF/eped5vhljbOxG/iNIM+LRFHogv1Oid+BN+TvF3sG8MG J9cpnuKTdrihcRYefRvWy94= X-Google-Smtp-Source: APXvYqyYETJB0gBc/rsdzF8ujwDgg52+44KLAYVNOsjGpZelFLVDgZMEkF6ZatMWv69FcpZwOd/juw== X-Received: by 2002:a50:ad2c:: with SMTP id y41mr105394092edc.300.1564585707403; Wed, 31 Jul 2019 08:08:27 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id b30sm17643661ede.88.2019.07.31.08.08.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 56F3C1023AA; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 15/59] x86/mm: Map zero pages into encrypted mappings correctly Date: Wed, 31 Jul 2019 18:07:29 +0300 Message-Id: <20190731150813.26289-16-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Zero pages are never encrypted. Keep KeyID-0 for them. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/pgtable.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h index 0bc530c4eb13..f0dd80a920a9 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -820,6 +820,19 @@ static inline unsigned long pmd_index(unsigned long address) */ #define mk_pte(page, pgprot) pfn_pte(page_to_pfn(page), (pgprot)) +#define mk_zero_pte mk_zero_pte +static inline pte_t mk_zero_pte(unsigned long addr, pgprot_t prot) +{ + extern unsigned long zero_pfn; + pte_t entry; + + prot.pgprot &= ~mktme_keyid_mask(); + entry = pfn_pte(zero_pfn, prot); + entry = pte_mkspecial(entry); + + return entry; +} + /* * the pte page can be thought of an array like this: pte_t[PTRS_PER_PTE] * @@ -1153,6 +1166,12 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, #define mk_pmd(page, pgprot) pfn_pmd(page_to_pfn(page), (pgprot)) +#define mk_zero_pmd(zero_page, prot) \ +({ \ + prot.pgprot &= ~mktme_keyid_mask(); \ + pmd_mkhuge(mk_pmd(zero_page, prot)); \ +}) + #define __HAVE_ARCH_PMDP_SET_ACCESS_FLAGS extern int pmdp_set_access_flags(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp, From patchwork Wed Jul 31 15:07:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068111 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 28F7B746 for ; Wed, 31 Jul 2019 15:09:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1480C1FFD8 for ; Wed, 31 Jul 2019 15:09:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 07DCD201B1; Wed, 31 Jul 2019 15:09:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0381F1FFD8 for ; Wed, 31 Jul 2019 15:09:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388621AbfGaPIb (ORCPT ); Wed, 31 Jul 2019 11:08:31 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:37841 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388588AbfGaPI3 (ORCPT ); Wed, 31 Jul 2019 11:08:29 -0400 Received: by mail-ed1-f66.google.com with SMTP id w13so66061076eds.4 for ; Wed, 31 Jul 2019 08:08:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=h0//8b8JhmDYiWR+Ncdp81M8YpF3RR/HYJneA6rLbBE=; b=kpoM7/czG2vuCwsXq98nirdJYBOwr8KtzxM9+afNHenqhKIfVEFjDG3vbbM89v9hU6 YMAzAAX30FdCqCWqUZzuyEQfYHEZ5SGXYXGaTc/RfM7vFtD/yULcwWNLageDoX/8krFH n4QKoyHVqCbs14roQ7VJaujfaJiV2Mk09sz0OeErJzlvISCfVQW2kNTXy8w9Gxm3/IwU dcejxnmJWBrLcdeNajBBaL1AUmO1liY5yMiINB1/ytr9VKZzK36rf3vWWCycIhQ15tIE DSLnTwriWXZKdOs1A4sQUyGiM4P5PvUWt23VhEqgSeYDF0Ha/yNAfcCo2u0r6R6Yiip8 wAXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=h0//8b8JhmDYiWR+Ncdp81M8YpF3RR/HYJneA6rLbBE=; b=UW49JfJRU7+AZ5+UlQFKheooGo8JTfbb+4ZZZLMYOroQNLr4hB1ul/g1sN00tyVARL 0sjyd2OTzmeBHmFdVS8jghD2Cg3y+8+qK5OLiusC8SrmyRuXm2eS3GnOI0ZsnQ812ao5 a4NVfx9dabD6xoLH2VjnuWY8Q1Cu2WEWHWatm1clNFFnhxA4afhQBZQoh68GESniBKjh dF9j5NhUFireLSObQT7Bc0z6NECoU+pAdj+T0NrZKioCrsx1QOnubTWZ61lpbgiF58U4 C+wbv4xI3IfUW1qO2GK3QtfPFnnbJbQ5yoI8B8p/3D+mUBVIzbaE1ORsYeglaMfksrlV A9TA== X-Gm-Message-State: APjAAAXv/9LLTwGcOWmEqjSgyKholhLWtQb4kIEMlHxxWR3o1g1fMdzR P/+q6h01oExio06qRT/umfc= X-Google-Smtp-Source: APXvYqxzkJr6sogcwi+BoQU+16q789SLZB/aHhQhjukCfnhAW3wOEpwRSp2oNCYJ50Xj+teIukdhFg== X-Received: by 2002:a17:906:c315:: with SMTP id s21mr93121050ejz.238.1564585708018; Wed, 31 Jul 2019 08:08:28 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id q56sm17019541eda.28.2019.07.31.08.08.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 5DF9E102772; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 16/59] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING Date: Wed, 31 Jul 2019 18:07:30 +0300 Message-Id: <20190731150813.26289-17-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Rename the option to CONFIG_MEMORY_PHYSICAL_PADDING. It will be used not only for KASLR. Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 2 +- arch/x86/mm/kaslr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 222855cc0158..2eb2867db5fa 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2214,7 +2214,7 @@ config RANDOMIZE_MEMORY If unsure, say Y. -config RANDOMIZE_MEMORY_PHYSICAL_PADDING +config MEMORY_PHYSICAL_PADDING hex "Physical memory mapping padding" if EXPERT depends on RANDOMIZE_MEMORY default "0xa" if MEMORY_HOTPLUG diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index dc6182eecefa..580b82c2621b 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -104,7 +104,7 @@ void __init kernel_randomize_memory(void) */ BUG_ON(kaslr_regions[0].base != &page_offset_base); memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + - CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING; + CONFIG_MEMORY_PHYSICAL_PADDING; /* Adapt phyiscal memory region size based on available memory */ if (memory_tb < kaslr_regions[0].size_tb) From patchwork Wed Jul 31 15:07:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068343 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0A7CB13A4 for ; Wed, 31 Jul 2019 15:24:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC78A201BD for ; Wed, 31 Jul 2019 15:24:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E0CEC212DA; Wed, 31 Jul 2019 15:24:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C0E62094F for ; Wed, 31 Jul 2019 15:24:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729312AbfGaPXw (ORCPT ); Wed, 31 Jul 2019 11:23:52 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:38834 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728737AbfGaPXv (ORCPT ); Wed, 31 Jul 2019 11:23:51 -0400 Received: by mail-ed1-f68.google.com with SMTP id r12so31268316edo.5 for ; Wed, 31 Jul 2019 08:23:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XA7E5KeaJUbYeM2K2rhZVp4Ezd7kZRGT8yUA9YU5Vno=; b=JWeiHziHkn6XUi3iIplmGfT52a/0zxqWGFzXmszrNQRkV2LwyrAs/kin1BCvzl8D2g yPo5Vx4EKfuDM4BYN6yW2Wq+cCpZxizYwv7iwcWbuGnSIxyXHRUGoae6uIuCDrK7mVIH xzTngkApmdVD8IRLep9RK8d9L9t//qm1rGPEilmeOZ4y8P3K0gF5VP3e4kA4nP4Iu/SI H3wU+PfBV2o5YEK4noOFw3jff/xt6DObnFczx9D9SKtfMQvKeaTS3TZeAEnh1z2iouOI znt+q/4tcd/EsPVDW/3K93NZpgDh60EwOqhnnuSAuZpsWbtKZkMkfICwoaZYcdqaS/CB gGRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XA7E5KeaJUbYeM2K2rhZVp4Ezd7kZRGT8yUA9YU5Vno=; b=CFQJRyEezIPktCNMKmx4B2P21TkruMF4IUJt4YXDrdLZdAH+DivAAQRBCyKLNAnxPY mJx7vrZMewsNyBdXeY+RhWdG+r8PMF/zRVhwNNSnn47vVQdJkCHRchEEcuLgpNhSUiUD iiAnqVXTuQzperH5+bTvKtifdJXyEpNPPWFz49IM6s9P8RqH+vYkf6olE0IR5RrW0pgp WqHtlNhk/dmM83f/h20+so3NrCdiM1zFm6JROUlTPj/naxA1eqXe+dbS4awOpUI7G+NZ Cpwg2pmJy2+50sBHXpL2xyHF4G1Dkq/ETkoi3QFnKwimT7W2+q4RtNQdFBptuJDdyqZN aY/A== X-Gm-Message-State: APjAAAWXyfYIphSOCmpz/utllgvTvEM/nyAQwvftH6Wi1vHB7aEYW5Vi YDbOUtsjyhk2YS3NgY+3dO4= X-Google-Smtp-Source: APXvYqygZ5MBpQtdpZUq0Kg4NNTneIlpIbVYF7hlIaO8yQtO6FOtK69pmeSCoz1g6SVwfQ5huucSCQ== X-Received: by 2002:a50:b1db:: with SMTP id n27mr108755394edd.62.1564586630295; Wed, 31 Jul 2019 08:23:50 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j7sm17555887eda.97.2019.07.31.08.23.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:49 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 64D3C1028A2; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 17/59] x86/mm: Allow to disable MKTME after enumeration Date: Wed, 31 Jul 2019 18:07:31 +0300 Message-Id: <20190731150813.26289-18-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The new helper mktme_disable() allows to disable MKTME even if it's enumerated successfully. MKTME initialization may fail and this functionality allows system to boot regardless of the failure. MKTME needs per-KeyID direct mapping. It requires a lot more virtual address space which may be a problem in 4-level paging mode. If the system has more physical memory than we can handle with MKTME the feature allows to fail MKTME, but boot the system successfully. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 5 +++++ arch/x86/kernel/cpu/intel.c | 5 +---- arch/x86/mm/mktme.c | 10 ++++++++++ 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index a61b45fca4b1..3fc246acc279 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -22,6 +22,8 @@ static inline bool mktme_enabled(void) return static_branch_unlikely(&mktme_enabled_key); } +void mktme_disable(void); + extern struct page_ext_operations page_mktme_ops; #define page_keyid page_keyid @@ -71,6 +73,9 @@ static inline bool mktme_enabled(void) { return false; } + +static inline void mktme_disable(void) {} + #endif #endif diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 4c2d70287eb4..9852580340b9 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -650,10 +650,7 @@ static void detect_tme(struct cpuinfo_x86 *c) * We must not allow onlining secondary CPUs with non-matching * configuration. */ - physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; - __mktme_keyid_mask = 0; - __mktme_keyid_shift = 0; - __mktme_nr_keyids = 0; + mktme_disable(); } #endif diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 8015e7822c9b..1e8d662e5bff 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -33,6 +33,16 @@ unsigned int mktme_algs; DEFINE_STATIC_KEY_FALSE(mktme_enabled_key); EXPORT_SYMBOL_GPL(mktme_enabled_key); +void mktme_disable(void) +{ + physical_mask = (1ULL << __PHYSICAL_MASK_SHIFT) - 1; + __mktme_keyid_mask = 0; + __mktme_keyid_shift = 0; + __mktme_nr_keyids = 0; + if (mktme_enabled()) + static_branch_disable(&mktme_enabled_key); +} + static bool need_page_mktme(void) { /* Make sure keyid doesn't collide with extended page flags */ From patchwork Wed Jul 31 15:07:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068133 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 70036746 for ; Wed, 31 Jul 2019 15:09:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58D88201B0 for ; Wed, 31 Jul 2019 15:09:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4CA2C201BC; Wed, 31 Jul 2019 15:09:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 74CB8201B0 for ; Wed, 31 Jul 2019 15:09:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388061AbfGaPJp (ORCPT ); Wed, 31 Jul 2019 11:09:45 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:41222 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388551AbfGaPI2 (ORCPT ); Wed, 31 Jul 2019 11:08:28 -0400 Received: by mail-ed1-f67.google.com with SMTP id p15so65977582eds.8 for ; Wed, 31 Jul 2019 08:08:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=lUZ5o3KyzJhrWdCGYLPb2yVyWjyFss5E3sxw1k1xFj4=; b=f87cDXaJ8tGVJamu+eP2PyzCUG+ZqKOVZGcAGMCXDWHjkJRyvJrzvQl3kbA74mRwxX OqfZG5qQ+bo+nU4FmQUQEfW8xtRk3mQqCOhXO4ONCK2ETh94d3kePxhHQni0xuu74lB4 Y20jFqWjk03QJHsbAjUW4+PFAHLmrv0r6qgsbOO6Jd3/C5xW3cbTj34qRDlJTmRtO5jx RWRM2zh83FmKCv2tiLddj/gDtFIbBkm3P+F0EW4xaKzZM7lJSg8hSxUFcFFMufgrsNgt eaUf+JW89LkyPwaNnhVGpOMNBErtkA5zeIGuiR/MLONHF6hagKmRxYvFL5eQn9P8H2G7 0/oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lUZ5o3KyzJhrWdCGYLPb2yVyWjyFss5E3sxw1k1xFj4=; b=n8G5QqJuqAZGxcWtWNowkDqu4WQdiXSDjqdEs6q5J0vz2+tG8ncX3HclwWXeN5AdSQ vCCwYkJEGz4ssqd8egqxwknjPpkILGgZ3WyLqgQmMELs7JOnQX2wlE3QV6kg8lkKbWjf RKaZM84c9dpWQLD0Apz9AofzI5J0kUQ+3roNXaVOF5q9K1P8XoZ6dh3157GV5CjYhS2a 2CaF4ty1ep07mPWL4ANqqwPRacdrl1QOWJ+pqTwRa1S9oHFGQ2XY/Wp/fpYZRA6mRu8J xalBwSPFGh8ABcfxifTJ5CutBLj6yMvmUO1bVZnl4IdMKuA0W65dLcTRoobCwMFW3JwT 6XHg== X-Gm-Message-State: APjAAAVk8YDJRzWwxZKvU/ZCMz0ocNxTff3oaL665RLVuZPhM70oDWME LwnOUS0/fqcaewxbwVJ5V+c= X-Google-Smtp-Source: APXvYqwFfmfqoKDjr35+pHqpLUwSHQdO/AlnABQJgMuN58XW0JuVzWoIJ2kNgFPcROx7eyZq64QKqA== X-Received: by 2002:a17:906:489a:: with SMTP id v26mr95592305ejq.234.1564585706213; Wed, 31 Jul 2019 08:08:26 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id b53sm17306948edd.45.2019.07.31.08.08.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:22 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 6BDC6102993; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 18/59] x86/mm: Calculate direct mapping size Date: Wed, 31 Jul 2019 18:07:32 +0300 Message-Id: <20190731150813.26289-19-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The kernel needs to have a way to access encrypted memory. We have two option on how approach it: - Create temporary mappings every time kernel needs access to encrypted memory. That's basically brings highmem and its overhead back. - Create multiple direct mappings, one per-KeyID. In this setup we don't need to create temporary mappings on the fly -- encrypted memory is permanently available in kernel address space. We take the second approach as it has lower overhead. It's worth noting that with per-KeyID direct mappings compromised kernel would give access to decrypted data right away without additional tricks to get memory mapped with the correct KeyID. Per-KeyID mappings require a lot more virtual address space. On 4-level machine with 64 KeyIDs we max out 46-bit virtual address space dedicated for direct mapping with 1TiB of RAM. Given that we round up any calculation on direct mapping size to 1TiB, we effectively claim all 46-bit address space for direct mapping on such machine regardless of RAM size. Increased usage of virtual address space has implications for KASLR: we have less space for randomization. With 64 TiB claimed for direct mapping with 4-level we left with 27 TiB of entropy to place page_offset_base, vmalloc_base and vmemmap_base. 5-level paging provides much wider virtual address space and KASLR doesn't suffer significantly from per-KeyID direct mappings. It's preferred to run MKTME with 5-level paging. A direct mapping for each KeyID will be put next to each other in the virtual address space. We need to have a way to find boundaries of direct mapping for particular KeyID. The new variable direct_mapping_size specifies the size of direct mapping. With the value, it's trivial to find direct mapping for KeyID-N: PAGE_OFFSET + N * direct_mapping_size. Size of direct mapping is calculated during KASLR setup. If KALSR is disabled it happens during MKTME initialization. With MKTME size of direct mapping has to be power-of-2. It makes implementation of __pa() efficient. Signed-off-by: Kirill A. Shutemov --- Documentation/x86/x86_64/mm.rst | 4 +++ arch/x86/include/asm/page_32.h | 1 + arch/x86/include/asm/page_64.h | 2 ++ arch/x86/include/asm/setup.h | 6 ++++ arch/x86/kernel/head64.c | 4 +++ arch/x86/kernel/setup.c | 3 ++ arch/x86/mm/init_64.c | 58 +++++++++++++++++++++++++++++++++ arch/x86/mm/kaslr.c | 11 +++++-- 8 files changed, 86 insertions(+), 3 deletions(-) diff --git a/Documentation/x86/x86_64/mm.rst b/Documentation/x86/x86_64/mm.rst index 267fc4808945..7978afe6c396 100644 --- a/Documentation/x86/x86_64/mm.rst +++ b/Documentation/x86/x86_64/mm.rst @@ -140,6 +140,10 @@ The direct mapping covers all memory in the system up to the highest memory address (this means in some cases it can also include PCI memory holes). +With MKTME, we have multiple direct mappings. One per-KeyID. They are put +next to each other. PAGE_OFFSET + N * direct_mapping_size can be used to +find direct mapping for KeyID-N. + vmalloc space is lazily synchronized into the different PML4/PML5 pages of the processes using the page fault handler, with init_top_pgt as reference. diff --git a/arch/x86/include/asm/page_32.h b/arch/x86/include/asm/page_32.h index 94dbd51df58f..8bce788f9ca9 100644 --- a/arch/x86/include/asm/page_32.h +++ b/arch/x86/include/asm/page_32.h @@ -6,6 +6,7 @@ #ifndef __ASSEMBLY__ +#define direct_mapping_size 0 #define __phys_addr_nodebug(x) ((x) - PAGE_OFFSET) #ifdef CONFIG_DEBUG_VIRTUAL extern unsigned long __phys_addr(unsigned long); diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index 939b1cff4a7b..f57fc3cc2246 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -14,6 +14,8 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long direct_mapping_size; +extern unsigned long direct_mapping_mask; static inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h index ed8ec011a9fd..d2861074cf83 100644 --- a/arch/x86/include/asm/setup.h +++ b/arch/x86/include/asm/setup.h @@ -62,6 +62,12 @@ extern void x86_ce4100_early_setup(void); static inline void x86_ce4100_early_setup(void) { } #endif +#ifdef CONFIG_MEMORY_PHYSICAL_PADDING +void calculate_direct_mapping_size(void); +#else +static inline void calculate_direct_mapping_size(void) { } +#endif + #ifndef _SETUP #include diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 29ffa495bd1c..006d3ff46afe 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -60,6 +60,10 @@ EXPORT_SYMBOL(vmalloc_base); unsigned long vmemmap_base __ro_after_init = __VMEMMAP_BASE_L4; EXPORT_SYMBOL(vmemmap_base); #endif +unsigned long direct_mapping_size __ro_after_init = -1UL; +EXPORT_SYMBOL(direct_mapping_size); +unsigned long direct_mapping_mask __ro_after_init = -1UL; +EXPORT_SYMBOL(direct_mapping_mask); #define __head __section(.head.text) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index bbe35bf879f5..d12431e20876 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -1077,6 +1077,9 @@ void __init setup_arch(char **cmdline_p) */ init_cache_modes(); + /* direct_mapping_size has to be initialized before KASLR and MKTME */ + calculate_direct_mapping_size(); + /* * Define random base addresses for memory sections after max_pfn is * defined and before each memory section base is used. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index a6b5c653727b..4c1f93df47a5 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -1440,6 +1440,64 @@ unsigned long memory_block_size_bytes(void) return memory_block_size_probed; } +#ifdef CONFIG_MEMORY_PHYSICAL_PADDING +void __init calculate_direct_mapping_size(void) +{ + unsigned long available_va; + + /* 1/4 of virtual address space is didicated for direct mapping */ + available_va = 1UL << (__VIRTUAL_MASK_SHIFT - 1); + + /* How much memory the system has? */ + direct_mapping_size = max_pfn << PAGE_SHIFT; + direct_mapping_size = round_up(direct_mapping_size, 1UL << 40); + + if (!mktme_nr_keyids()) + goto out; + + /* + * For MKTME we need direct_mapping_size to be power-of-2. + * It makes __pa() implementation efficient. + */ + direct_mapping_size = roundup_pow_of_two(direct_mapping_size); + + /* + * Not enough virtual address space to address all physical memory with + * MKTME enabled. Even without padding. + * + * Disable MKTME instead. + */ + if (direct_mapping_size > available_va / (mktme_nr_keyids() + 1)) { + pr_err("x86/mktme: Disabled. Not enough virtual address space\n"); + pr_err("x86/mktme: Consider switching to 5-level paging\n"); + mktme_disable(); + goto out; + } + + /* + * Virtual address space is divided between per-KeyID direct mappings. + */ + available_va /= mktme_nr_keyids() + 1; +out: + /* Add padding, if there's enough virtual address space */ + direct_mapping_size += (1UL << 40) * CONFIG_MEMORY_PHYSICAL_PADDING; + if (mktme_nr_keyids()) + direct_mapping_size = roundup_pow_of_two(direct_mapping_size); + + if (direct_mapping_size > available_va) + direct_mapping_size = available_va; + + /* + * For MKTME, make sure direct_mapping_size is still power-of-2 + * after adding padding and calculate mask that is used in __pa(). + */ + if (mktme_nr_keyids()) { + direct_mapping_size = rounddown_pow_of_two(direct_mapping_size); + direct_mapping_mask = direct_mapping_size - 1; + } +} +#endif + #ifdef CONFIG_SPARSEMEM_VMEMMAP /* * Initialise the sparsemem vmemmap using huge-pages at the PMD level. diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 580b82c2621b..83af41d289ed 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -103,10 +103,15 @@ void __init kernel_randomize_memory(void) * add padding if needed (especially for memory hotplug support). */ BUG_ON(kaslr_regions[0].base != &page_offset_base); - memory_tb = DIV_ROUND_UP(max_pfn << PAGE_SHIFT, 1UL << TB_SHIFT) + - CONFIG_MEMORY_PHYSICAL_PADDING; - /* Adapt phyiscal memory region size based on available memory */ + /* + * Calculate space required to map all physical memory. + * In case of MKTME, we map physical memory multiple times, one for + * each KeyID. If MKTME is disabled mktme_nr_keyids() is 0. + */ + memory_tb = (direct_mapping_size * (mktme_nr_keyids() + 1)) >> TB_SHIFT; + + /* Adapt physical memory region size based on available memory */ if (memory_tb < kaslr_regions[0].size_tb) kaslr_regions[0].size_tb = memory_tb; From patchwork Wed Jul 31 15:07:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068293 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E9F9B14DB for ; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4E85204FF for ; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C8FF7205A4; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C388D20881 for ; Wed, 31 Jul 2019 15:21:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728774AbfGaPVt (ORCPT ); Wed, 31 Jul 2019 11:21:49 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:43610 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726849AbfGaPVt (ORCPT ); Wed, 31 Jul 2019 11:21:49 -0400 Received: by mail-ed1-f68.google.com with SMTP id e3so66071928edr.10 for ; Wed, 31 Jul 2019 08:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6dcOutisXa7w0OA/k2AObJgMHjT+CIuNqnczE3/DBrQ=; b=uMkV7dlRYvyMPJSqXwVLQaxh1SbMKWA/rm406Ydz9eGRvi8Ft4SJy+9nN22gWE9nDd ukzSoH56vPyqxpbLxjXEVQdYrRICJ3eXKLrgBvRFBms4X0n7IZ+ZkDfkegruHN6WvVvT VYHq1kwbDORHQTBggf4gpsC2HkGEb8Xme0eLM5kcOMkZ+Lj0L0oK5rV1zYjDMJNxRWjh kE59Netr4gNuDmfTCZsRVwCmyv9aL6liFd+uDsoGPs3jxtHmkwXPkxqd+N1WdLw441rw xLD919fxfFbemgAuXp6p/VFQr+63k3I4lodcy1I8OZYnfLHOvaaxOAO79aSd/92Ov9k0 Pn/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6dcOutisXa7w0OA/k2AObJgMHjT+CIuNqnczE3/DBrQ=; b=bpDLqWnSvYOGJqarozSPAfeObyXT+Dbf5FWK8vXA4Dw85QxKiO+aeb8ZvW3I8D+xw0 aG1AM0rXqkFa7fVHmv8NAkhcJRjOASe9jqb7Mm3Bs/WShb1N3d99j75EBEKqiS26tQbt MlHXu5Pjh2FNmowAduehyzXrVWBoR4G52chUWdTVxMIoul57NJv9NKAQy4hraNHPdqYD hSXVsGRVu4UTy8MmJkg7JKoU6u2uwUw6HtZQNpwwEwRjfq8RBpfavfc87CeWBJbioykg QYoED5FliJuK8kfWDNNexfJ2pNGmw2k3qpgXTIRPBf9sjom+0Z0RVXsfpW0tVGho7gGT /4jQ== X-Gm-Message-State: APjAAAUfFRwHC7S91pc0HhdzdsbIAmd5aRCtLAYR6JOWNw/oTIBy4+w4 e/D22YQJe/+IT8zrRulPO24= X-Google-Smtp-Source: APXvYqzT/aiiyEFc/2CsYYWiqLLTpjVrXs9HBollStS9amsquCg5LbgKvTyLrvlJSZnlDsAlK0g/mw== X-Received: by 2002:a50:90c5:: with SMTP id d5mr109797190eda.28.1564586032900; Wed, 31 Jul 2019 08:13:52 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id g7sm16945082eda.52.2019.07.31.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:50 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 733161030BA; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 19/59] x86/mm: Implement syncing per-KeyID direct mappings Date: Wed, 31 Jul 2019 18:07:33 +0300 Message-Id: <20190731150813.26289-20-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For MKTME we use per-KeyID direct mappings. This allows kernel to have access to encrypted memory. sync_direct_mapping() sync per-KeyID direct mappings with a canonical one -- KeyID-0. The function tracks changes in the canonical mapping: - creating or removing chunks of the translation tree; - changes in mapping flags (i.e. protection bits); - splitting huge page mapping into a page table; - replacing page table with a huge page mapping; The function need to be called on every change to the direct mapping: hotplug, hotremove, changes in permissions bits, etc. The function is nop until MKTME is enabled. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 6 + arch/x86/mm/init_64.c | 7 + arch/x86/mm/mktme.c | 439 +++++++++++++++++++++++++++++++++++ arch/x86/mm/pageattr.c | 27 +++ 4 files changed, 479 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index 3fc246acc279..d26ada6b65f7 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -62,6 +62,8 @@ static inline void arch_free_page(struct page *page, int order) free_encrypted_page(page, order); } +int sync_direct_mapping(unsigned long start, unsigned long end); + #else #define mktme_keyid_mask() ((phys_addr_t)0) #define mktme_nr_keyids() 0 @@ -76,6 +78,10 @@ static inline bool mktme_enabled(void) static inline void mktme_disable(void) {} +static inline int sync_direct_mapping(unsigned long start, unsigned long end) +{ + return 0; +} #endif #endif diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 4c1f93df47a5..6769650ad18d 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -726,6 +726,7 @@ __kernel_physical_mapping_init(unsigned long paddr_start, { bool pgd_changed = false; unsigned long vaddr, vaddr_start, vaddr_end, vaddr_next, paddr_last; + int ret; paddr_last = paddr_end; vaddr = (unsigned long)__va(paddr_start); @@ -762,6 +763,9 @@ __kernel_physical_mapping_init(unsigned long paddr_start, pgd_changed = true; } + ret = sync_direct_mapping(vaddr_start, vaddr_end); + WARN_ON(ret); + if (pgd_changed) sync_global_pgds(vaddr_start, vaddr_end - 1); @@ -1201,10 +1205,13 @@ void __ref vmemmap_free(unsigned long start, unsigned long end, static void __meminit kernel_physical_mapping_remove(unsigned long start, unsigned long end) { + int ret; start = (unsigned long)__va(start); end = (unsigned long)__va(end); remove_pagetable(start, end, true, NULL); + ret = sync_direct_mapping(start, end); + WARN_ON(ret); } void __ref arch_remove_memory(int nid, u64 start, u64 size, diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 1e8d662e5bff..ed13967bb543 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,6 +1,8 @@ #include #include #include +#include +#include /* Mask to extract KeyID from physical address. */ phys_addr_t __mktme_keyid_mask; @@ -54,6 +56,8 @@ static bool need_page_mktme(void) static void init_page_mktme(void) { static_branch_enable(&mktme_enabled_key); + + sync_direct_mapping(PAGE_OFFSET, PAGE_OFFSET + direct_mapping_size); } struct page_ext_operations page_mktme_ops = { @@ -148,3 +152,438 @@ void free_encrypted_page(struct page *page, int order) page++; } } + +static int sync_direct_mapping_pte(unsigned long keyid, + pmd_t *dst_pmd, pmd_t *src_pmd, + unsigned long addr, unsigned long end) +{ + pte_t *src_pte, *dst_pte; + pte_t *new_pte = NULL; + bool remove_pte; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pte = !src_pmd && PAGE_ALIGNED(addr) && PAGE_ALIGNED(end); + + /* + * PMD page got split into page table. + * Clear PMD mapping. Page table will be established instead. + */ + if (pmd_large(*dst_pmd)) { + spin_lock(&init_mm.page_table_lock); + pmd_clear(dst_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (pmd_none(*dst_pmd)) { + new_pte = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pte) + return -ENOMEM; + dst_pte = new_pte + pte_index(addr + keyid * direct_mapping_size); + } else { + dst_pte = pte_offset_map(dst_pmd, addr + keyid * direct_mapping_size); + } + src_pte = src_pmd ? pte_offset_map(src_pmd, addr) : NULL; + + spin_lock(&init_mm.page_table_lock); + + do { + pteval_t val; + + if (!src_pte || pte_none(*src_pte)) { + set_pte(dst_pte, __pte(0)); + goto next; + } + + if (!pte_none(*dst_pte)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pte_pfn(*dst_pte) != pte_pfn(*src_pte)); + } + + /* Copy entry, but set KeyID. */ + val = pte_val(*src_pte) | keyid << mktme_keyid_shift(); + val &= __supported_pte_mask; + set_pte(dst_pte, __pte(val)); +next: + addr += PAGE_SIZE; + dst_pte++; + if (src_pte) + src_pte++; + } while (addr != end); + + if (new_pte) + pmd_populate_kernel(&init_mm, dst_pmd, new_pte); + + if (remove_pte) { + __free_page(pmd_page(*dst_pmd)); + pmd_clear(dst_pmd); + } + + spin_unlock(&init_mm.page_table_lock); + + return 0; +} + +static int sync_direct_mapping_pmd(unsigned long keyid, + pud_t *dst_pud, pud_t *src_pud, + unsigned long addr, unsigned long end) +{ + pmd_t *src_pmd, *dst_pmd; + pmd_t *new_pmd = NULL; + bool remove_pmd = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pmd = !src_pud && IS_ALIGNED(addr, PUD_SIZE) && IS_ALIGNED(end, PUD_SIZE); + + /* + * PUD page got split into page table. + * Clear PUD mapping. Page table will be established instead. + */ + if (pud_large(*dst_pud)) { + spin_lock(&init_mm.page_table_lock); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (pud_none(*dst_pud)) { + new_pmd = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pmd) + return -ENOMEM; + dst_pmd = new_pmd + pmd_index(addr + keyid * direct_mapping_size); + } else { + dst_pmd = pmd_offset(dst_pud, addr + keyid * direct_mapping_size); + } + src_pmd = src_pud ? pmd_offset(src_pud, addr) : NULL; + + do { + pmd_t *__src_pmd = src_pmd; + + next = pmd_addr_end(addr, end); + if (!__src_pmd || pmd_none(*__src_pmd)) { + if (pmd_none(*dst_pmd)) + goto next; + if (pmd_large(*dst_pmd)) { + spin_lock(&init_mm.page_table_lock); + set_pmd(dst_pmd, __pmd(0)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + __src_pmd = NULL; + } + + if (__src_pmd && pmd_large(*__src_pmd)) { + pmdval_t val; + + if (pmd_large(*dst_pmd)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pmd_pfn(*dst_pmd) != pmd_pfn(*__src_pmd)); + } else if (!pmd_none(*dst_pmd)) { + /* + * Page table is replaced with a PMD page. + * Free and unmap the page table. + */ + __free_page(pmd_page(*dst_pmd)); + spin_lock(&init_mm.page_table_lock); + pmd_clear(dst_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + /* Copy entry, but set KeyID. */ + val = pmd_val(*__src_pmd) | keyid << mktme_keyid_shift(); + val &= __supported_pte_mask; + spin_lock(&init_mm.page_table_lock); + set_pmd(dst_pmd, __pmd(val)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + + ret = sync_direct_mapping_pte(keyid, dst_pmd, __src_pmd, + addr, next); +next: + addr = next; + dst_pmd++; + if (src_pmd) + src_pmd++; + } while (addr != end && !ret); + + if (new_pmd) { + spin_lock(&init_mm.page_table_lock); + pud_populate(&init_mm, dst_pud, new_pmd); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_pmd) { + spin_lock(&init_mm.page_table_lock); + __free_page(pud_page(*dst_pud)); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_pud(unsigned long keyid, + p4d_t *dst_p4d, p4d_t *src_p4d, + unsigned long addr, unsigned long end) +{ + pud_t *src_pud, *dst_pud; + pud_t *new_pud = NULL; + bool remove_pud = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_pud = !src_p4d && IS_ALIGNED(addr, P4D_SIZE) && IS_ALIGNED(end, P4D_SIZE); + + /* + * P4D page got split into page table. + * Clear P4D mapping. Page table will be established instead. + */ + if (p4d_large(*dst_p4d)) { + spin_lock(&init_mm.page_table_lock); + p4d_clear(dst_p4d); + spin_unlock(&init_mm.page_table_lock); + } + + /* Allocate a new page table if needed. */ + if (p4d_none(*dst_p4d)) { + new_pud = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_pud) + return -ENOMEM; + dst_pud = new_pud + pud_index(addr + keyid * direct_mapping_size); + } else { + dst_pud = pud_offset(dst_p4d, addr + keyid * direct_mapping_size); + } + src_pud = src_p4d ? pud_offset(src_p4d, addr) : NULL; + + do { + pud_t *__src_pud = src_pud; + + next = pud_addr_end(addr, end); + if (!__src_pud || pud_none(*__src_pud)) { + if (pud_none(*dst_pud)) + goto next; + if (pud_large(*dst_pud)) { + spin_lock(&init_mm.page_table_lock); + set_pud(dst_pud, __pud(0)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + __src_pud = NULL; + } + + if (__src_pud && pud_large(*__src_pud)) { + pudval_t val; + + if (pud_large(*dst_pud)) { + /* + * Sanity check: PFNs must match between source + * and destination even if the rest doesn't. + */ + BUG_ON(pud_pfn(*dst_pud) != pud_pfn(*__src_pud)); + } else if (!pud_none(*dst_pud)) { + /* + * Page table is replaced with a pud page. + * Free and unmap the page table. + */ + __free_page(pud_page(*dst_pud)); + spin_lock(&init_mm.page_table_lock); + pud_clear(dst_pud); + spin_unlock(&init_mm.page_table_lock); + } + + /* Copy entry, but set KeyID. */ + val = pud_val(*__src_pud) | keyid << mktme_keyid_shift(); + val &= __supported_pte_mask; + spin_lock(&init_mm.page_table_lock); + set_pud(dst_pud, __pud(val)); + spin_unlock(&init_mm.page_table_lock); + goto next; + } + + ret = sync_direct_mapping_pmd(keyid, dst_pud, __src_pud, + addr, next); +next: + addr = next; + dst_pud++; + if (src_pud) + src_pud++; + } while (addr != end && !ret); + + if (new_pud) { + spin_lock(&init_mm.page_table_lock); + p4d_populate(&init_mm, dst_p4d, new_pud); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_pud) { + spin_lock(&init_mm.page_table_lock); + __free_page(p4d_page(*dst_p4d)); + p4d_clear(dst_p4d); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_p4d(unsigned long keyid, + pgd_t *dst_pgd, pgd_t *src_pgd, + unsigned long addr, unsigned long end) +{ + p4d_t *src_p4d, *dst_p4d; + p4d_t *new_p4d_1 = NULL, *new_p4d_2 = NULL; + bool remove_p4d = false; + unsigned long next; + int ret = 0; + + /* + * We want to unmap and free the page table if the source is empty and + * the range covers whole page table. + */ + remove_p4d = !src_pgd && IS_ALIGNED(addr, PGDIR_SIZE) && IS_ALIGNED(end, PGDIR_SIZE); + + /* Allocate a new page table if needed. */ + if (pgd_none(*dst_pgd)) { + new_p4d_1 = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_p4d_1) + return -ENOMEM; + dst_p4d = new_p4d_1 + p4d_index(addr + keyid * direct_mapping_size); + } else { + dst_p4d = p4d_offset(dst_pgd, addr + keyid * direct_mapping_size); + } + src_p4d = src_pgd ? p4d_offset(src_pgd, addr) : NULL; + + do { + p4d_t *__src_p4d = src_p4d; + + next = p4d_addr_end(addr, end); + if (!__src_p4d || p4d_none(*__src_p4d)) { + if (p4d_none(*dst_p4d)) + goto next; + __src_p4d = NULL; + } + + ret = sync_direct_mapping_pud(keyid, dst_p4d, __src_p4d, + addr, next); +next: + addr = next; + dst_p4d++; + + /* + * Direct mappings are 1TiB-aligned. With 5-level paging it + * means that on PGD level there can be misalignment between + * source and distiantion. + * + * Allocate the new page table if dst_p4d crosses page table + * boundary. + */ + if (!((unsigned long)dst_p4d & ~PAGE_MASK) && addr != end) { + if (pgd_none(dst_pgd[1])) { + new_p4d_2 = (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!new_p4d_2) + ret = -ENOMEM; + dst_p4d = new_p4d_2; + } else { + dst_p4d = p4d_offset(dst_pgd + 1, 0); + } + } + if (src_p4d) + src_p4d++; + } while (addr != end && !ret); + + if (new_p4d_1 || new_p4d_2) { + spin_lock(&init_mm.page_table_lock); + if (new_p4d_1) + pgd_populate(&init_mm, dst_pgd, new_p4d_1); + if (new_p4d_2) + pgd_populate(&init_mm, dst_pgd + 1, new_p4d_2); + spin_unlock(&init_mm.page_table_lock); + } + + if (remove_p4d) { + spin_lock(&init_mm.page_table_lock); + __free_page(pgd_page(*dst_pgd)); + pgd_clear(dst_pgd); + spin_unlock(&init_mm.page_table_lock); + } + + return ret; +} + +static int sync_direct_mapping_keyid(unsigned long keyid, + unsigned long addr, unsigned long end) +{ + pgd_t *src_pgd, *dst_pgd; + unsigned long next; + int ret = 0; + + dst_pgd = pgd_offset_k(addr + keyid * direct_mapping_size); + src_pgd = pgd_offset_k(addr); + + do { + pgd_t *__src_pgd = src_pgd; + + next = pgd_addr_end(addr, end); + if (pgd_none(*__src_pgd)) { + if (pgd_none(*dst_pgd)) + continue; + __src_pgd = NULL; + } + + ret = sync_direct_mapping_p4d(keyid, dst_pgd, __src_pgd, + addr, next); + } while (dst_pgd++, src_pgd++, addr = next, addr != end && !ret); + + return ret; +} + +/* + * For MKTME we maintain per-KeyID direct mappings. This allows kernel to have + * access to encrypted memory. + * + * sync_direct_mapping() sync per-KeyID direct mappings with a canonical + * one -- KeyID-0. + * + * The function tracks changes in the canonical mapping: + * - creating or removing chunks of the translation tree; + * - changes in mapping flags (i.e. protection bits); + * - splitting huge page mapping into a page table; + * - replacing page table with a huge page mapping; + * + * The function need to be called on every change to the direct mapping: + * hotplug, hotremove, changes in permissions bits, etc. + * + * The function is nop until MKTME is enabled. + */ +int sync_direct_mapping(unsigned long start, unsigned long end) +{ + int i, ret = 0; + + if (!mktme_enabled()) + return 0; + + for (i = 1; !ret && i <= mktme_nr_keyids(); i++) + ret = sync_direct_mapping_keyid(i, start, end); + + flush_tlb_all(); + + return ret; +} diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c index 6a9a77a403c9..f4e3205d2cdd 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -347,6 +347,33 @@ static void cpa_flush(struct cpa_data *data, int cache) BUG_ON(irqs_disabled() && !early_boot_irqs_disabled); + if (mktme_enabled()) { + unsigned long start, end; + + start = PAGE_OFFSET + (cpa->pfn << PAGE_SHIFT); + end = start + cpa->numpages * PAGE_SIZE; + + /* Round to cover huge page possibly split by the change */ + start = round_down(start, direct_gbpages ? PUD_SIZE : PMD_SIZE); + end = round_up(end, direct_gbpages ? PUD_SIZE : PMD_SIZE); + + /* Sync all direct mapping for an array */ + if (cpa->flags & CPA_ARRAY) { + start = PAGE_OFFSET; + end = PAGE_OFFSET + direct_mapping_size; + } + + /* + * Sync per-KeyID direct mappings with the canonical one + * (KeyID-0). + * + * sync_direct_mapping() does full TLB flush. + */ + sync_direct_mapping(start, end); + if (!cache) + return; + } + if (cache && !static_cpu_has(X86_FEATURE_CLFLUSH)) { cpa_flush_all(cache); return; From patchwork Wed Jul 31 15:07:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068263 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3992B1399 for ; Wed, 31 Jul 2019 15:19:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 271CF20246 for ; Wed, 31 Jul 2019 15:19:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1B308209CD; Wed, 31 Jul 2019 15:19:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE0F120246 for ; Wed, 31 Jul 2019 15:19:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729801AbfGaPT4 (ORCPT ); Wed, 31 Jul 2019 11:19:56 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:36456 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729765AbfGaPTz (ORCPT ); Wed, 31 Jul 2019 11:19:55 -0400 Received: by mail-ed1-f66.google.com with SMTP id k21so66067565edq.3 for ; Wed, 31 Jul 2019 08:19:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Eu+g52fZa4bEGKyIAIp4EBxePC6msthuJH3Uu+nPhTw=; b=wnJQX8mAznJJYoCaujK7jTh3QOUX6PWjjuHiLLJcqeV5ss0Z+2QOjKE/V/f7i2iOiK nWVMBrRzOEuvD50CqQeMSrlLn2yn9nza0e9HYNf9Ci+gZHXztuPcnXQO8Dv/jueUicfh 7x8hxn+DoCcOemE+5xb8GVrcsoOF21pEeWL359gwrBqCcOEFkYVISmg99A9v32xeC8nY K1fXvjaKfAQ0uf1yUKgRc0FXE0a1c8GjVdeZkh9RF4YCM+ZniD98ehoTPZKfBwPrhyWd vT4LGzn8l+GiV/PrV8efZhSU7sLAmcDsKabNfPrtzDTZJ+6VtoCaBOiq1M24C/XlfUJi ySJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Eu+g52fZa4bEGKyIAIp4EBxePC6msthuJH3Uu+nPhTw=; b=kTD4wcuoEbrF6CmekhPNgN+Spx7MupCVANW9/kvD/KGyXP4kSrZi9qkMQ5jefi5Kow Fy/B5YPjTlrAwRBdKkwVMRUOIS97bYhsEvJj9aaFboxsbpQxnH2+cY479Jjo+rVsIKBi LA0cn3e7VeWPl867OyycCGDoGeGTUW02qqgojZs1Hw6/SZKLjWJK7O9ni0xTsoZCIwOz tqEKK62pAuyavKApJqDQc8wpgdu29GO9OqmhrSu8sPZDIQp4LHzu8s7XUFsPUtNgGCzs 3jpbqHec122SRd8/2r8zGgifZt6esI98/NFzQkdsi9i32bbC9OZ+89y3pu4MFTv6iiy8 JVqg== X-Gm-Message-State: APjAAAXTEJXl6XVEWrfABShBVwps6KNs2LeTlGOhfdwaFHv/SK6C3t3l Fr5SbMps4BanaUtDtW8az/U= X-Google-Smtp-Source: APXvYqxAI13PpDAJZQellLR+hBXyuxC6IRUxmch2g01/3TCjBtlaolRAKh1msonh8wE/v8SwQy/t/w== X-Received: by 2002:a50:addc:: with SMTP id b28mr108191573edd.174.1564586031854; Wed, 31 Jul 2019 08:13:51 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id l2sm16613746edn.59.2019.07.31.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:50 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 7A1691030BB; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 20/59] x86/mm: Handle encrypted memory in page_to_virt() and __pa() Date: Wed, 31 Jul 2019 18:07:34 +0300 Message-Id: <20190731150813.26289-21-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Per-KeyID direct mappings require changes into how we find the right virtual address for a page and virt-to-phys address translations. page_to_virt() definition overwrites default macros provided by . Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/page.h | 3 +++ arch/x86/include/asm/page_64.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h index 39af59487d5f..aff30554f38e 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -72,6 +72,9 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr, extern bool __virt_addr_valid(unsigned long kaddr); #define virt_addr_valid(kaddr) __virt_addr_valid((unsigned long) (kaddr)) +#define page_to_virt(x) \ + (__va(PFN_PHYS(page_to_pfn(x))) + page_keyid(x) * direct_mapping_size) + #endif /* __ASSEMBLY__ */ #include diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index f57fc3cc2246..a4f394e3471d 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -24,7 +24,7 @@ static inline unsigned long __phys_addr_nodebug(unsigned long x) /* use the carry flag to determine if x was < __START_KERNEL_map */ x = y + ((x > y) ? phys_base : (__START_KERNEL_map - PAGE_OFFSET)); - return x; + return x & direct_mapping_mask; } #ifdef CONFIG_DEBUG_VIRTUAL From patchwork Wed Jul 31 15:07:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068131 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E4A87746 for ; Wed, 31 Jul 2019 15:09:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D183B201B1 for ; Wed, 31 Jul 2019 15:09:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C4BD8201BD; Wed, 31 Jul 2019 15:09:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AFE6201B1 for ; Wed, 31 Jul 2019 15:09:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729507AbfGaPJh (ORCPT ); Wed, 31 Jul 2019 11:09:37 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:45699 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388549AbfGaPI2 (ORCPT ); Wed, 31 Jul 2019 11:08:28 -0400 Received: by mail-ed1-f67.google.com with SMTP id x19so60095931eda.12 for ; Wed, 31 Jul 2019 08:08:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xZeKfM6T8HTy5YM9YTF4CgvrEAh9gYOHMqOdjRE0jKs=; b=CKwTGfqftPDIaRPn/xve4w1+BQofkrfeJaRVwasir0N2gaI86NFwFxg8DcKYfpIb/T zdNo86h2blPndRDZ0oHF3nNNsbgPZ9ud4MhkHLJUh9aosb3WLdon2l9jywmf1XS3jazD g+s2wGJDplnGgg9Qx97RNw21ATe0b/cZO3XgAZrx09sWV5aW3VlaqaOo2g4JU5CT9iwW yz2yB+EFutNa/7GS4L0SAD0v5gg+PKoI8gwxEIyl2R8ZLpFFN6/9CPEQuZXLnwQfKbfG RkPDW9JM4nmysiqjOl3J1FDnQRNyj344DXF7M/ds/1YTDGBt9yWaHdPd+cmulzWlE01x 654g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xZeKfM6T8HTy5YM9YTF4CgvrEAh9gYOHMqOdjRE0jKs=; b=Jy8FPgvNGP0+RnhPDxEx3K1wV7cclrWcNzwAuDvMdVnm3KijqxRcLdfD3cMVNNl7Ig gbf74r4IIx9BBB+twk0t4Iud6AaYbgWtaZyqjfjXnxOwmW/Z5O1LYna0Bnyu3rDS/QPh Xp3kNPyt9KJwdiDkyah9MrWAqidIOtlcIxcovbkJ1tD8O7nIOMviijXDg6n0uRyuIphE GkOr7W02GJL6JzEPnNRO4dQkKXzsM/h5ulHyUOMOXocm6qIrXbWzYmrFa8k/R95VLjlK dULHj9Vhzg0oo7+Zh0sxRjiPLzxUX1THPZsF53kOircK17hM1WI653NQ73yOUqD0YKRq DUBw== X-Gm-Message-State: APjAAAW/LMPitFNmtSxjNWOVu4aBbfRPAFA+vK1D7Lj0g32yJKrWD+tf DPYqox6RSShAbjSAZAXqMEY= X-Google-Smtp-Source: APXvYqwyxRQn953dpG335++68BakS/voatLNiC782RPJuiyRVUELnhQKN8Sxlq6UNG5ozqtqFSTkKg== X-Received: by 2002:a17:906:7013:: with SMTP id n19mr94845741ejj.65.1564585706382; Wed, 31 Jul 2019 08:08:26 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id p15sm10516388ejr.1.2019.07.31.08.08.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:26 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 80E941030BC; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 21/59] mm/page_ext: Export lookup_page_ext() symbol Date: Wed, 31 Jul 2019 18:07:35 +0300 Message-Id: <20190731150813.26289-22-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP page_keyid() is inline funcation that uses lookup_page_ext(). KVM is going to use page_keyid() and since KVM can be built as a module lookup_page_ext() has to be exported. Signed-off-by: Kirill A. Shutemov --- mm/page_ext.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/page_ext.c b/mm/page_ext.c index c52b77c13cd9..eeca218891e7 100644 --- a/mm/page_ext.c +++ b/mm/page_ext.c @@ -139,6 +139,7 @@ struct page_ext *lookup_page_ext(const struct page *page) MAX_ORDER_NR_PAGES); return get_entry(base, index); } +EXPORT_SYMBOL_GPL(lookup_page_ext); static int __init alloc_node_page_ext(int nid) { @@ -209,6 +210,7 @@ struct page_ext *lookup_page_ext(const struct page *page) return NULL; return get_entry(section->page_ext, pfn); } +EXPORT_SYMBOL_GPL(lookup_page_ext); static void *__meminit alloc_page_ext(size_t size, int nid) { From patchwork Wed Jul 31 15:07:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068249 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 40AAC13A4 for ; Wed, 31 Jul 2019 15:19:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2EF21201F5 for ; Wed, 31 Jul 2019 15:19:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2270E205AD; Wed, 31 Jul 2019 15:19:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 81073201F5 for ; Wed, 31 Jul 2019 15:19:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729440AbfGaPTO (ORCPT ); Wed, 31 Jul 2019 11:19:14 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:35165 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729444AbfGaPTN (ORCPT ); Wed, 31 Jul 2019 11:19:13 -0400 Received: by mail-ed1-f66.google.com with SMTP id w20so66028285edd.2 for ; Wed, 31 Jul 2019 08:19:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=EvEqqoCYvSiaJViGsfZgvE8wYjGeg4BQWYRIZAIdYOQ=; b=bZcGmOHwm0gi6j5t/BbUGsKtOCIZr4doGxyXBg+bAsntyv91YXoAwS8iK8gYH/2Rhd EZoLChmRluivD3XLirlmMT5W1vFicn0Th6yRJbjlvSCthP29u5r3kvQbgKOL0NnWdm5O z6WKnsGxsng9YOVJ6s+hk1x3ysUEVhPOmeDyo07xX324wqjHjFQ9yfcsBJPs6sEkZfG/ j1P95OYBR2KAtJYWJH/9fdcbulUD7i7ZdBv1U7AlRZ5qi7KMU65oMM+umaihE2hREq1N HFgl1iVKn4xa5Uwqe5PFQO1apPGzMbp3tx+aOQoTXOpVFI0CqNnOhoaQyl+Z3LmysdM7 SIkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=EvEqqoCYvSiaJViGsfZgvE8wYjGeg4BQWYRIZAIdYOQ=; b=VCS/kkX+Nh4Waqx3z0quwkzV4NEheFvKYfQsoX4Jz3sF8SlYKT23OdAiZZgarg/U4d rwi1TJ99/lr8sD9kYspDyiu8iEmUE+fBrQ36DqSHcvN2vENFx4V4YnLM0tOop1h29a8Z h1zM7+S7qnIPpK3uV7BQNGl2qXH90VQs2qi5GnIq8G8nLrFvDn2MVzKIgAWNy7f260GL PCt5i0VqVeQu6iiDZ44P8BF4V+7KExCifnaCmYFN4fTxYImGLkLe03F7fMkqP0gge44q m1nPsphkgif6hvT1V3vQnu1QHswxsKkEWTkxzHw0Iq9Sxz00ZVbKJKGPDPFvXkgkj8XA pIDA== X-Gm-Message-State: APjAAAU9M3QwaKJqXfm/5eYQu8voSVFawJtZALxgXKlo5wO3adExf74M 2qdeMMN8mfenP9Zw/8kKEbE= X-Google-Smtp-Source: APXvYqze/zmPMD1Bsfoldl9kgWqcWF2ltGwH8c0r7lo9vR1AXcu6XddkT5YuYdRgsgxlZcifb+OJkw== X-Received: by 2002:a17:906:4d19:: with SMTP id r25mr94272907eju.125.1564586035045; Wed, 31 Jul 2019 08:13:55 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id g7sm16945101eda.52.2019.07.31.08.13.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 874211030BD; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 22/59] mm/rmap: Clear vma->anon_vma on unlink_anon_vmas() Date: Wed, 31 Jul 2019 18:07:36 +0300 Message-Id: <20190731150813.26289-23-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If all pages in the VMA got unmapped there's no reason to link it into original anon VMA hierarchy: it cannot possibly share any pages with other VMA. Set vma->anon_vma to NULL on unlink_anon_vmas(). With the change VMA can be reused. The new anon VMA will be allocated on the first fault. Signed-off-by: Kirill A. Shutemov --- mm/rmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/rmap.c b/mm/rmap.c index e5dfe2ae6b0d..911367b5fb40 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -400,8 +400,10 @@ void unlink_anon_vmas(struct vm_area_struct *vma) list_del(&avc->same_vma); anon_vma_chain_free(avc); } - if (vma->anon_vma) + if (vma->anon_vma) { vma->anon_vma->degree--; + vma->anon_vma = NULL; + } unlock_anon_vma_root(root); /* From patchwork Wed Jul 31 15:07:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068113 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 04AC713A4 for ; Wed, 31 Jul 2019 15:09:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E67B81FFD8 for ; Wed, 31 Jul 2019 15:09:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA2B9201BD; Wed, 31 Jul 2019 15:09:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0EE271FFD8 for ; Wed, 31 Jul 2019 15:09:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388655AbfGaPJV (ORCPT ); Wed, 31 Jul 2019 11:09:21 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:34521 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388602AbfGaPIa (ORCPT ); Wed, 31 Jul 2019 11:08:30 -0400 Received: by mail-ed1-f65.google.com with SMTP id s49so31197763edb.1 for ; Wed, 31 Jul 2019 08:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2C449KSjT4bbSwYYn5oh0t+GvJgUUHqBrjpFSTJaVMM=; b=BRLtr4tgYn50QM+JIDHN/iYJHDA/eYrOUmJYvQptXTzwrBNdmFzt8zjJULLektK/VA AL/NZPGusMjazLlBev7xe67PdKIfQ1ifpZNsX3n6tVVOa4ud/9OwxtjEEiXleT0dww34 btnUPhOQ9ej+n+IZzfuH/c2u7wLSynBdGbkIYgwm/zx9aTR7AirSR8kauZtQI1eG36ut GrY5WSOyefYNkH38KCUyy7rpU+qfA4Tow+UQHZI/00wFfW7zf53dLyFQhYvsbF2QDkKz HwKhJkV1eHDK+DsnsDoJNeFWLsnZIxfo/PjZHwoQIcsO8/FwvmZXcMuwGCHQNeY7A0V3 GE2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2C449KSjT4bbSwYYn5oh0t+GvJgUUHqBrjpFSTJaVMM=; b=bQlRShkhCsu9aQiOX3Dtz3xyoCrWzF72bdsTsYG+7q6+ZKlYN7xCIJV61S3Ku2UIDq 5A417d1NWbRadz8BIWyfDqGxEZFAfuLN78gVUoHQqHciOPZybyiaUvr22UB46Db6Njts SWSQzwMtKFYSyHNtQxHiIM5zJUSvKukjvsWt7qbO//+i7KDpg3Q4D6Iue5MfyNZDQzeF XT5/EC5ALGuK6EHx5esxhC75IS4h0Arz3V0cnFOLEXYS2mQ7Gi61NOxkiCCdfsoCnrEx UFuzZSzlGjME1bDTi84IjqYKrxPnwZeRre5NBOn/FXZCHeehbQupEwDpbzKGGlwnQ5cy sX+g== X-Gm-Message-State: APjAAAXobCf4vxtHKh6nekIOjTnLQPWX1YHIaBU6/rqdFy99cd9ed2an tifVzY4uCU7HEQ5U0xmX9eQ= X-Google-Smtp-Source: APXvYqxMBwDpewyfIfpy++jLBpP8UloTaXPGrZ8I/eqCpEpkmrEfDx2SZR3u/YrZv24UsUCPRBrhkw== X-Received: by 2002:a05:6402:28e:: with SMTP id l14mr42072938edv.11.1564585709289; Wed, 31 Jul 2019 08:08:29 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id jt17sm12600191ejb.90.2019.07.31.08.08.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:28 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 8E3561030BE; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 23/59] x86/pconfig: Set an activated algorithm in all MKTME commands Date: Wed, 31 Jul 2019 18:07:37 +0300 Message-Id: <20190731150813.26289-24-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The Intel MKTME architecture specification requires an activated encryption algorithm for all command types. For commands that actually perform encryption, SET_KEY_DIRECT and SET_KEY_RANDOM, the user specifies the algorithm when requesting the key through the MKTME Key Service. For CLEAR_KEY and NO_ENCRYPT commands, do not require the user to specify an algorithm. Define a default algorithm, that is 'any activated algorithm' to cover those two special cases. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/intel_pconfig.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/intel_pconfig.h b/arch/x86/include/asm/intel_pconfig.h index 3cb002b1d0f9..4f27b0c532ee 100644 --- a/arch/x86/include/asm/intel_pconfig.h +++ b/arch/x86/include/asm/intel_pconfig.h @@ -21,14 +21,20 @@ enum pconfig_leaf { /* Defines and structure for MKTME_KEY_PROGRAM of PCONFIG instruction */ +/* mktme_key_program::keyid_ctrl ENC_ALG, bits [23:8] */ +#define MKTME_AES_XTS_128 (1 << 8) +#define MKTME_ANY_ACTIVATED_ALG (1 << __ffs(mktme_algs) << 8) + /* mktme_key_program::keyid_ctrl COMMAND, bits [7:0] */ #define MKTME_KEYID_SET_KEY_DIRECT 0 #define MKTME_KEYID_SET_KEY_RANDOM 1 -#define MKTME_KEYID_CLEAR_KEY 2 -#define MKTME_KEYID_NO_ENCRYPT 3 -/* mktme_key_program::keyid_ctrl ENC_ALG, bits [23:8] */ -#define MKTME_AES_XTS_128 (1 << 8) +/* + * CLEAR_KEY and NO_ENCRYPT require the COMMAND in bits [7:0] + * and any activated encryption algorithm, ENC_ALG, in bits [23:8] + */ +#define MKTME_KEYID_CLEAR_KEY (2 | MKTME_ANY_ACTIVATED_ALG) +#define MKTME_KEYID_NO_ENCRYPT (3 | MKTME_ANY_ACTIVATED_ALG) /* Return codes from the PCONFIG MKTME_KEY_PROGRAM */ #define MKTME_PROG_SUCCESS 0 From patchwork Wed Jul 31 15:07:38 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068347 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 363911399 for ; Wed, 31 Jul 2019 15:24:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 248751FF73 for ; Wed, 31 Jul 2019 15:24:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17C06219AC; Wed, 31 Jul 2019 15:24:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A81A2212D5 for ; Wed, 31 Jul 2019 15:24:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730114AbfGaPYl (ORCPT ); Wed, 31 Jul 2019 11:24:41 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:39978 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727349AbfGaPXt (ORCPT ); Wed, 31 Jul 2019 11:23:49 -0400 Received: by mail-ed1-f67.google.com with SMTP id k8so66044715eds.7 for ; Wed, 31 Jul 2019 08:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=a18UOZt3FCDvDMvgP9zldJLt6lTKwFfHbu73YInWFn4=; b=NRoJL3bi5X5MHI+UHT7B1S62Fze3JOWhyFVaj3bzy32xghKUPsGgZO7GdGj/I+MGwQ IcszjXoHkHLCYl9E9+S0TVZkBMexB6yUan+V+lOdKu1ZTL//k329IuqiUOHsMZt8zobx DpyOBiRYKgBlkPN70qU0UyV4A9sw+9NOai6RD5k+KXVTchojnkBQ/9wvCG9xsOR3lQJH 25Orq3JTmZBnhwFdJDSLbIjUUACw24Q/2V5Z/1iDJXDUwr6CPtjVVjX8EN+dRQ/iWt3F ajr2K45loyNYVlzJu2bXoVrUmjOiINR3+Zakf9U0MEFo74tWWpXOujPELeLbtPwG7Bf+ 4HTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=a18UOZt3FCDvDMvgP9zldJLt6lTKwFfHbu73YInWFn4=; b=dD/fEmf0pq7van2g4+M0veGaNjnnJjBE+Abjn9qLJqpWhe2LwRWsdpjWiwLSC4Xabx NXtQVEOt7G+efENJ0JjG+8cWTVGe4aC0j6Qb/fVV3Jcrg12wTnq1BJkuJa+cLCLW3NFh RvGwhhIHtZxrUsN7+VCUci7fYg3jbFLEpcI5EjL7dbZEPp5aDbT7MQ8zR4H90Aqlzx9B n4oNEPgwTNfpO1lPZFWMxWbaVVD+WIjmAlEvPETYc0Up8r4gZh5Zhag1cLU91WNldGl8 wj1dlQ7IVDcQUG0QyxUwcXtguUKIE0Rwy8jGHFKSIFB8Wa9FpAEURgH94C/O2+OQKxYN TdNw== X-Gm-Message-State: APjAAAXDOeykivX2Rd+DjFtjGJf1G0M9Ia49VbfHJTnwVBpAJlrc5rBD gierlk6ggBnjYBxYzT+deWIIu+hS X-Google-Smtp-Source: APXvYqz4eqsH2iJwU1tjXfKb0+/bNd+u2NkjVb8FXDZ8ZsSkbsVxoPTi6IlMDOoUIFCjKkMNnj7bMA== X-Received: by 2002:a50:b87c:: with SMTP id k57mr105890483ede.226.1564586627977; Wed, 31 Jul 2019 08:23:47 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id f24sm17482856edf.30.2019.07.31.08.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 953461030BF; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 24/59] keys/mktme: Introduce a Kernel Key Service for MKTME Date: Wed, 31 Jul 2019 18:07:38 +0300 Message-Id: <20190731150813.26289-25-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME (Multi-Key Total Memory Encryption) is a technology that allows transparent memory encryption in upcoming Intel platforms. MKTME will support multiple encryption domains, each having their own key. The MKTME key service will manage the hardware encryption keys. It will map Userspace Keys to Hardware KeyIDs and program the hardware with the user requested encryption options. Here the mapping structure is introduced, as well as the key service initialization and registration. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/Makefile | 1 + security/keys/mktme_keys.c | 60 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 security/keys/mktme_keys.c diff --git a/security/keys/Makefile b/security/keys/Makefile index 9cef54064f60..28799be801a9 100644 --- a/security/keys/Makefile +++ b/security/keys/Makefile @@ -30,3 +30,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += keyctl_pkey.o obj-$(CONFIG_BIG_KEYS) += big_key.o obj-$(CONFIG_TRUSTED_KEYS) += trusted.o obj-$(CONFIG_ENCRYPTED_KEYS) += encrypted-keys/ +obj-$(CONFIG_X86_INTEL_MKTME) += mktme_keys.o diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c new file mode 100644 index 000000000000..d262e0f348e4 --- /dev/null +++ b/security/keys/mktme_keys.c @@ -0,0 +1,60 @@ +// SPDX-License-Identifier: GPL-3.0 + +/* Documentation/x86/mktme/ */ + +#include +#include +#include +#include +#include + +#include "internal.h" + +static unsigned int mktme_available_keyids; /* Free Hardware KeyIDs */ + +enum mktme_keyid_state { + KEYID_AVAILABLE, /* Available to be assigned */ + KEYID_ASSIGNED, /* Assigned to a userspace key */ + KEYID_REF_KILLED, /* Userspace key has been destroyed */ + KEYID_REF_RELEASED, /* Last reference is released */ +}; + +/* 1:1 Mapping between Userspace Keys (struct key) and Hardware KeyIDs */ +struct mktme_mapping { + struct key *key; + enum mktme_keyid_state state; +}; + +static struct mktme_mapping *mktme_map; + +struct key_type key_type_mktme = { + .name = "mktme", + .describe = user_describe, +}; + +static int __init init_mktme(void) +{ + int ret; + + /* Verify keys are present */ + if (mktme_nr_keyids() < 1) + return 0; + + mktme_available_keyids = mktme_nr_keyids(); + + /* Mapping of Userspace Keys to Hardware KeyIDs */ + mktme_map = kvzalloc((sizeof(*mktme_map) * (mktme_nr_keyids() + 1)), + GFP_KERNEL); + if (!mktme_map) + return -ENOMEM; + + ret = register_key_type(&key_type_mktme); + if (!ret) + return ret; /* SUCCESS */ + + kvfree(mktme_map); + + return -ENOMEM; +} + +late_initcall(init_mktme); From patchwork Wed Jul 31 15:07:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068109 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67774174A for ; Wed, 31 Jul 2019 15:09:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4F8D11FFD8 for ; Wed, 31 Jul 2019 15:09:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 42D45201F3; Wed, 31 Jul 2019 15:09:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7A4F201B0 for ; Wed, 31 Jul 2019 15:09:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388632AbfGaPIb (ORCPT ); Wed, 31 Jul 2019 11:08:31 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:34528 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388611AbfGaPIb (ORCPT ); Wed, 31 Jul 2019 11:08:31 -0400 Received: by mail-ed1-f67.google.com with SMTP id s49so31197818edb.1 for ; Wed, 31 Jul 2019 08:08:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=p3ZdWpQd4xgv1kA6jDtn8atrxpLedHc/tVwU2ev+R3g=; b=UeQPYBDUV35JfXNrT+d/+kITJnfTYOBQ1jtvX2JvqFbwVh/IeIZ2iI0ZXO91FPn9Ce GW/w3MO7sHLXXgtgE2TaPrzyGuhNw243bGm6o/iGuQwYW66FhRrCIaqTdHAHoNMlPwIJ eWN5hgS1key/lsY2Gpyw1STp4427doI388pSYFCLVQEjOIiGXT+TkZloJYN6tjzrbOyJ vcQMkjiEs7M6OXH8+Lpe0TAD2Ou/D+uu+KPrBcug6Q74tQXQEJs+TqHWk3omP9QV64d8 7zAhZGz4EvgStlF3Md21t/Dhxvi9IqnlZrJdrf/4i/NIcNvgXhFuAzIO3cs7qe9OAhQP jyqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p3ZdWpQd4xgv1kA6jDtn8atrxpLedHc/tVwU2ev+R3g=; b=ZWYAK/9pdxcROEOSWE+t+wCwXltYGXNYrPA+W3UwM91Y6J0HcVHY2de6f4yqI+F1md Z3A76irFTXlK+jp6/9u2RYkivtpf7CEjSQh0ipXNLUwxtMm0dQlJqoROgBjc1TCzVr6K LLwWqcmEN9o7kgDtWuFXgmb4t337iTSJVDEnVgsbYsRDd5mlC49emeXyjrDN64A2bCfg g2Ci9TQEKV/Ium4uXrp1vfAYhhaJ+AJ5HHyRMASmO2ATMHcLoQA8Voh3ZoegZT2vHBRx 3TlBfyMLG0hTxDFkogiKYC7Uky6NU44++krF6Esvb4ZSbSZkyTRFE8VV5+5IeXSex/3G 1U4g== X-Gm-Message-State: APjAAAXM1rZYNgESo2vLl5zQsNtgmNSrHI0bqDijRGMeNtmZVtoJfM+w L+TOta5EmgMOdGvwBXH9C08Bd+zv X-Google-Smtp-Source: APXvYqwkQSn37lZ2YK2K4kR+zMFHwX+ELvbrlQTI82djGKjlx/y1EvYEwBEFV4qd/VWbyn8Xl7msnw== X-Received: by 2002:a50:a943:: with SMTP id m3mr105292611edc.190.1564585709728; Wed, 31 Jul 2019 08:08:29 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id y11sm12444539ejb.54.2019.07.31.08.08.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:28 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 9EFEC1030C0; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 25/59] keys/mktme: Preparse the MKTME key payload Date: Wed, 31 Jul 2019 18:07:39 +0300 Message-Id: <20190731150813.26289-26-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield It is a requirement of the Kernel Keys subsystem to provide a preparse method that validates payloads before key instantiate methods are called. Verify that userspace provides valid MKTME options and prepare the payload for use at key instantiate time. Create a method to free the preparsed payload. The Kernel Key subsystem will that to clean up after the key is instantiated. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov Reviewed-by: Ben Boeckel --- include/keys/mktme-type.h | 31 +++++++++ security/keys/mktme_keys.c | 134 +++++++++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 include/keys/mktme-type.h diff --git a/include/keys/mktme-type.h b/include/keys/mktme-type.h new file mode 100644 index 000000000000..9dad92f17179 --- /dev/null +++ b/include/keys/mktme-type.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* Key service for Multi-KEY Total Memory Encryption */ + +#ifndef _KEYS_MKTME_TYPE_H +#define _KEYS_MKTME_TYPE_H + +#include + +enum mktme_alg { + MKTME_ALG_AES_XTS_128, +}; + +const char *const mktme_alg_names[] = { + [MKTME_ALG_AES_XTS_128] = "aes-xts-128", +}; + +enum mktme_type { + MKTME_TYPE_ERROR = -1, + MKTME_TYPE_CPU, + MKTME_TYPE_NO_ENCRYPT, +}; + +const char *const mktme_type_names[] = { + [MKTME_TYPE_CPU] = "cpu", + [MKTME_TYPE_NO_ENCRYPT] = "no-encrypt", +}; + +extern struct key_type key_type_mktme; + +#endif /* _KEYS_MKTME_TYPE_H */ diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index d262e0f348e4..fe119a155235 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -6,6 +6,10 @@ #include #include #include +#include +#include +#include +#include #include #include "internal.h" @@ -27,8 +31,138 @@ struct mktme_mapping { static struct mktme_mapping *mktme_map; +enum mktme_opt_id { + OPT_ERROR, + OPT_TYPE, + OPT_ALGORITHM, +}; + +static const match_table_t mktme_token = { + {OPT_TYPE, "type=%s"}, + {OPT_ALGORITHM, "algorithm=%s"}, + {OPT_ERROR, NULL} +}; + +/* Make sure arguments are correct for the TYPE of key requested */ +static int mktme_check_options(u32 *payload, unsigned long token_mask, + enum mktme_type type, enum mktme_alg alg) +{ + if (!token_mask) + return -EINVAL; + + switch (type) { + case MKTME_TYPE_CPU: + if (test_bit(OPT_ALGORITHM, &token_mask)) + *payload |= (1 << alg) << 8; + else + return -EINVAL; + + *payload |= MKTME_KEYID_SET_KEY_RANDOM; + break; + + case MKTME_TYPE_NO_ENCRYPT: + *payload |= MKTME_KEYID_NO_ENCRYPT; + break; + + default: + return -EINVAL; + } + return 0; +} + +/* Parse the options and store the key programming data in the payload. */ +static int mktme_get_options(char *options, u32 *payload) +{ + enum mktme_alg alg = MKTME_ALG_AES_XTS_128; + enum mktme_type type = MKTME_TYPE_ERROR; + substring_t args[MAX_OPT_ARGS]; + unsigned long token_mask = 0; + char *p = options; + int token; + + while ((p = strsep(&options, " \t"))) { + if (*p == '\0' || *p == ' ' || *p == '\t') + continue; + token = match_token(p, mktme_token, args); + if (token == OPT_ERROR) + return -EINVAL; + if (test_and_set_bit(token, &token_mask)) + return -EINVAL; + + switch (token) { + case OPT_TYPE: + type = match_string(mktme_type_names, + ARRAY_SIZE(mktme_type_names), + args[0].from); + if (type < 0) + return -EINVAL; + break; + + case OPT_ALGORITHM: + /* Algorithm must be generally supported */ + alg = match_string(mktme_alg_names, + ARRAY_SIZE(mktme_alg_names), + args[0].from); + if (alg < 0) + return -EINVAL; + + /* Algorithm must be activated on this platform */ + if (!(mktme_algs & (1 << alg))) + return -EINVAL; + break; + + default: + return -EINVAL; + } + } + return mktme_check_options(payload, token_mask, type, alg); +} + +void mktme_free_preparsed_payload(struct key_preparsed_payload *prep) +{ + kzfree(prep->payload.data[0]); +} + +/* + * Key Service Method to preparse a payload before a key is created. + * Check permissions and the options. Load the proposed key field + * data into the payload for use by the instantiate method. + */ +int mktme_preparse_payload(struct key_preparsed_payload *prep) +{ + size_t datalen = prep->datalen; + u32 *mktme_payload; + char *options; + int ret; + + if (datalen <= 0 || datalen > 1024 || !prep->data) + return -EINVAL; + + options = kmemdup_nul(prep->data, datalen, GFP_KERNEL); + if (!options) + return -ENOMEM; + + mktme_payload = kzalloc(sizeof(*mktme_payload), GFP_KERNEL); + if (!mktme_payload) { + ret = -ENOMEM; + goto out; + } + ret = mktme_get_options(options, mktme_payload); + if (ret < 0) { + kzfree(mktme_payload); + goto out; + } + prep->quotalen = sizeof(mktme_payload); + prep->payload.data[0] = mktme_payload; +out: + kzfree(options); + return ret; +} + struct key_type key_type_mktme = { .name = "mktme", + .preparse = mktme_preparse_payload, + .free_preparse = mktme_free_preparsed_payload, .describe = user_describe, }; From patchwork Wed Jul 31 15:07:40 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068123 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 22B8D746 for ; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F41F1FFD8 for ; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 03428201BC; Wed, 31 Jul 2019 15:09:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A15761FFD8 for ; Wed, 31 Jul 2019 15:09:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388609AbfGaPJX (ORCPT ); Wed, 31 Jul 2019 11:09:23 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:45707 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388591AbfGaPIa (ORCPT ); Wed, 31 Jul 2019 11:08:30 -0400 Received: by mail-ed1-f66.google.com with SMTP id x19so60096080eda.12 for ; Wed, 31 Jul 2019 08:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LSpLd4hZuC7djly8qH62+kJZqlzlyenE+/UQYliczqM=; b=GZAidz/YZr5AJC6YjcivhC/xqBVAms+Bun6/vc7F/gyEggHe0hZuW419LPz4dWQdJT vjHvZ3FQT2pTLNYI8+diNtZJ4Mxf5qQsCaz8bhGx2tJou3Mvi7Xln9rS3xcAAjGFrppw gW+UH+S5g+sAHB/UB1hV0L34nZqdQDFvZLBbqH54Bn/Rwmq9aj94nYVe/7QXryCOhcoD vwwLv3UG02KHn4tO4cYfAr/TC4lta3wpVG9Dtv+I97XG9iONckyaqQzJX2KNv21wwD/S NQJW0wh9O3kxFRnoNJn38/KJX15ote/7R4K6CnTOCcK6umCWPj89ZozJSoXMwY2epZJk nulg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LSpLd4hZuC7djly8qH62+kJZqlzlyenE+/UQYliczqM=; b=gCFJJBEuqQy85mBpsRZnj2LitfDo/vuXtTGEg3a5pfDXN9jRZ2+opJUBtUhUSw8Qml IWCmgVTWALrNlsJdwkBvcP7nCtokHDbuuV/6L4RYG/tOeGGeSUKSX82Vn12BQbG0pBKz 6e5k44t+OM5pYo9mG+6MCG+biezAmU+9hRvOvepoFBGGrq4gdk0z8QEa64yAaJsmXJOl +dUne7fE+SqOpAdpmNLpumjO1TR0H/+7WHBVOIdEOFKlgg17lIsThtFjACEGElXkKBiX yVVSDqN/0k0DyAv9U2yN/Q0bKYY6D0xWGbTXq+G2ZU+etsiXl2Eo9w02UzSgbbC/IjnY bIGA== X-Gm-Message-State: APjAAAVhU9H3DScRSTnCvfoHN2q+lya0KVL6Ez7If5t/09fm/RtSYlFP L4dGenKUYdNnU8vpBhEg8Zo= X-Google-Smtp-Source: APXvYqxfkW3YmNbFSguKjUSffCBIjlvJw7vj1+8RS/D77djY6uAKTxwgECDWxNVy5ZuTfly0BeWccg== X-Received: by 2002:a50:c35b:: with SMTP id q27mr108087273edb.98.1564585708851; Wed, 31 Jul 2019 08:08:28 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id k5sm12233535eja.41.2019.07.31.08.08.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:28 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id A370B1030C1; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 26/59] keys/mktme: Instantiate MKTME keys Date: Wed, 31 Jul 2019 18:07:40 +0300 Message-Id: <20190731150813.26289-27-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Instantiate is a Kernel Key Service method invoked when a key is added (add_key, request_key) by the user. During instantiation, MKTME allocates an available hardware KeyID and maps it to the Userspace Key. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index fe119a155235..beca852db01a 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -14,6 +14,7 @@ #include "internal.h" +static DEFINE_SPINLOCK(mktme_lock); static unsigned int mktme_available_keyids; /* Free Hardware KeyIDs */ enum mktme_keyid_state { @@ -31,6 +32,24 @@ struct mktme_mapping { static struct mktme_mapping *mktme_map; +int mktme_reserve_keyid(struct key *key) +{ + int i; + + if (!mktme_available_keyids) + return 0; + + for (i = 1; i <= mktme_nr_keyids(); i++) { + if (mktme_map[i].state == KEYID_AVAILABLE) { + mktme_map[i].state = KEYID_ASSIGNED; + mktme_map[i].key = key; + mktme_available_keyids--; + return i; + } + } + return 0; +} + enum mktme_opt_id { OPT_ERROR, OPT_TYPE, @@ -43,6 +62,20 @@ static const match_table_t mktme_token = { {OPT_ERROR, NULL} }; +/* Key Service Method to create a new key. Payload is preparsed. */ +int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) +{ + unsigned long flags; + int keyid; + + spin_lock_irqsave(&mktme_lock, flags); + keyid = mktme_reserve_keyid(key); + spin_unlock_irqrestore(&mktme_lock, flags); + if (!keyid) + return -ENOKEY; + return 0; +} + /* Make sure arguments are correct for the TYPE of key requested */ static int mktme_check_options(u32 *payload, unsigned long token_mask, enum mktme_type type, enum mktme_alg alg) @@ -163,6 +196,7 @@ struct key_type key_type_mktme = { .name = "mktme", .preparse = mktme_preparse_payload, .free_preparse = mktme_free_preparsed_payload, + .instantiate = mktme_instantiate_key, .describe = user_describe, }; From patchwork Wed Jul 31 15:07:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068297 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BC13B13A4 for ; Wed, 31 Jul 2019 15:22:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA0E6205A4 for ; Wed, 31 Jul 2019 15:22:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 99CAB204BF; Wed, 31 Jul 2019 15:22:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 113F8204BF for ; Wed, 31 Jul 2019 15:22:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729775AbfGaPWA (ORCPT ); Wed, 31 Jul 2019 11:22:00 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:36767 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726520AbfGaPV7 (ORCPT ); Wed, 31 Jul 2019 11:21:59 -0400 Received: by mail-ed1-f65.google.com with SMTP id k21so66073972edq.3 for ; Wed, 31 Jul 2019 08:21:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=c5WMXVoIZssEiK4OS2ZsI14EAD5bwwEyXB7tLs9S9Os=; b=GgMDYljgt69NuT2KJuOpsbtMf2bZflY04jkdcsb64J58gp3TxiHEEkOrT1ozLhakGl 94A0Aqkr8JolguUGlRobFPi57btYrwT3g8MYH4q5fgBYWQAov6IpM5yec8GdWQhRD5tC 0Ax6JsB0ooIwmT4n5nblwvmWo7thAMBxnFrHSP9RfZBW9LLERr65CaaolDQ48tv/CAKX l2OBdufhK2nJeUB9MMPZPdYfYOqpvH6oRpIZCUxqhsrsgYyEegj1/UXzCzFcS0ucxo4Z EdcRyeDiAndnOaS1LNOs83hgApICxD3lTMqnXM53LXOsfL7gbP+s6/BUFBXV4t3iCpQw uzGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c5WMXVoIZssEiK4OS2ZsI14EAD5bwwEyXB7tLs9S9Os=; b=K5RRvXwGlGAt3j/+Af0Q9DJPqrPtWa7lOeQlRazFG+RGZX0QGJ9K1+f8lBfKEoB/DB X9j7iwLEO92WidRzX+vx8hfkv7ttYxkAAuptSLbML5wglEr4JnwBLVRQp1x7WC0okPCO LB8ztVjnjZsnQfeyQY0xpccT2jj5YtpLEJrTeq43S/urrtmcV++RU972RsJ+M+zPCm/0 fm/l+QcuXjIDr2xdiuUGk1JL6rmRq+QG9MEVysb6Gp3iVSVk3VJavppKUMyaOYx7sxkU EMmCwFzdPa3gTrSdVqp1CF5ZiQkb45TNu75qrB+qMn/fZbAGDNHfxjgtq0v6YRR9ZKzz BNXA== X-Gm-Message-State: APjAAAX0c5rpkvvFr2YC94GrloiAye/CyXe4kedQ5pY+LSap3iCLiRRp ++QG6QkpsOMNSZrNyJNn+qg= X-Google-Smtp-Source: APXvYqwYMqulY0Xx64lB5aqfOhV4++kQN1Oobfks3JeYhOF1doEtw6JzyLb48pAr8c5dYOSv/qswsA== X-Received: by 2002:a17:906:e204:: with SMTP id gf4mr92542915ejb.302.1564586036461; Wed, 31 Jul 2019 08:13:56 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id d7sm16507912edr.39.2019.07.31.08.13.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id AA55A1030C2; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 27/59] keys/mktme: Destroy MKTME keys Date: Wed, 31 Jul 2019 18:07:41 +0300 Message-Id: <20190731150813.26289-28-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Destroy is a method invoked by the kernel key service when a userspace key is being removed. (invalidate, revoke, timeout). During destroy, MKTME wil returned the hardware KeyID to the pool of available keyids. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index beca852db01a..10fcdbf5a08f 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -50,6 +50,23 @@ int mktme_reserve_keyid(struct key *key) return 0; } +static void mktme_release_keyid(int keyid) +{ + mktme_map[keyid].state = KEYID_AVAILABLE; + mktme_available_keyids++; +} + +int mktme_keyid_from_key(struct key *key) +{ + int i; + + for (i = 1; i <= mktme_nr_keyids(); i++) { + if (mktme_map[i].key == key) + return i; + } + return 0; +} + enum mktme_opt_id { OPT_ERROR, OPT_TYPE, @@ -62,6 +79,17 @@ static const match_table_t mktme_token = { {OPT_ERROR, NULL} }; +/* Key Service Method called when a Userspace Key is garbage collected. */ +static void mktme_destroy_key(struct key *key) +{ + int keyid = mktme_keyid_from_key(key); + unsigned long flags; + + spin_lock_irqsave(&mktme_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_lock, flags); +} + /* Key Service Method to create a new key. Payload is preparsed. */ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) { @@ -198,6 +226,7 @@ struct key_type key_type_mktme = { .free_preparse = mktme_free_preparsed_payload, .instantiate = mktme_instantiate_key, .describe = user_describe, + .destroy = mktme_destroy_key, }; static int __init init_mktme(void) From patchwork Wed Jul 31 15:07:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068289 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0689A13A4 for ; Wed, 31 Jul 2019 15:21:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E8826204C1 for ; Wed, 31 Jul 2019 15:21:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DC6A6201BD; Wed, 31 Jul 2019 15:21:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BA6B204C1 for ; Wed, 31 Jul 2019 15:21:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728370AbfGaPVb (ORCPT ); Wed, 31 Jul 2019 11:21:31 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:33371 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726779AbfGaPVa (ORCPT ); Wed, 31 Jul 2019 11:21:30 -0400 Received: by mail-ed1-f68.google.com with SMTP id i11so2564085edq.0 for ; Wed, 31 Jul 2019 08:21:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1BQJGkT0s+shkdXKpDMkrADfSTioqQt/ZZz1bLqTUmQ=; b=F0MT0AnrCovBczYaK6YHDuFLb0wBcNajj6NHjl7jAd1Y6o1sz/pNiCycggcpbm6sR3 dDEawPYmizqxf+941dOmoLsE0S6Q6h1HQDO131T53iZuuKNPHzVa3IPL9WD/cAQThRxW 19GfKEGA+MvSm2zoe3KKZc/IX3XQ6h9saIaqsaf2Cv3IGGslYpWhz/Y2aQxDBt3NfhUb w/gBHQa/MfFXThu2xMpIdQZhfx6ijjecuKQ3SRFmAoT48fh5DVqlO0eNkdkALj71DjZx huhf1zc3aR8yYQEOtkcgzJ7LoEXxQCLmXSefv3Umpu1K5rbidj3HWE72bSF4c6y4iBlq mv+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1BQJGkT0s+shkdXKpDMkrADfSTioqQt/ZZz1bLqTUmQ=; b=cIGOBMmzvqAlUAIj3DOTVprJjcFr4bZRbPPyJ1GqnRPlt8r/R4xOT9jstZInCjWcit VpcbriIL+0Hhq/ixBVP1gMM8Y8X67NhNLlt+ReD3RVFGdbjs5ko2jv6wk/7bZjh6CjV4 pOswybRAhRkmxv/zkzaY3bN9zTP1goK9YPQ4kOeDcWmb3A8dCNMkVpdWaNRDwOM/EmAY hxSWDuKTLNUSl7tQFJEegz5RmVYe/Ofd4s/+Ytm1+UVOmSfIOgSbruAE5rKKgsygW/Ws XyyiBVWhKkuGmEguMGiTpgfrcFzuW6UEQ5e0XTUPYsxVL6pA70qDMZKXiX6l5x/Mzhx1 CxiQ== X-Gm-Message-State: APjAAAUdMgqrkSCeiCt5NVvTbUFCxfgOqdVXvwa3RWDaA0C1OAhYaLBR oGnjEIOF0S4hjerxyrgsamw= X-Google-Smtp-Source: APXvYqy+sAZ1XO5Dthl6XVadxh27450cRd8oWJweimgbdsPH0ca3T6NWosb4Y5aumCe01jgo510kdA== X-Received: by 2002:a17:906:2555:: with SMTP id j21mr96482359ejb.231.1564586030314; Wed, 31 Jul 2019 08:13:50 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id s2sm5404851ejf.11.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id B152E1030C3; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 28/59] keys/mktme: Move the MKTME payload into a cache aligned structure Date: Wed, 31 Jul 2019 18:07:42 +0300 Message-Id: <20190731150813.26289-29-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield In preparation for programming the key into the hardware, move the key payload into a cache aligned structure. This alignment is a requirement of the MKTME hardware. Use the slab allocator to have this structure readily available. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 10fcdbf5a08f..8ac75b1e6188 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -16,6 +16,7 @@ static DEFINE_SPINLOCK(mktme_lock); static unsigned int mktme_available_keyids; /* Free Hardware KeyIDs */ +static struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ enum mktme_keyid_state { KEYID_AVAILABLE, /* Available to be assigned */ @@ -79,6 +80,25 @@ static const match_table_t mktme_token = { {OPT_ERROR, NULL} }; +/* Copy the payload to the HW programming structure and program this KeyID */ +static int mktme_program_keyid(int keyid, u32 payload) +{ + struct mktme_key_program *kprog = NULL; + int ret; + + kprog = kmem_cache_zalloc(mktme_prog_cache, GFP_KERNEL); + if (!kprog) + return -ENOMEM; + + /* Hardware programming requires cached aligned struct */ + kprog->keyid = keyid; + kprog->keyid_ctrl = payload; + + ret = MKTME_PROG_SUCCESS; /* Future programming call */ + kmem_cache_free(mktme_prog_cache, kprog); + return ret; +} + /* Key Service Method called when a Userspace Key is garbage collected. */ static void mktme_destroy_key(struct key *key) { @@ -93,6 +113,7 @@ static void mktme_destroy_key(struct key *key) /* Key Service Method to create a new key. Payload is preparsed. */ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) { + u32 *payload = prep->payload.data[0]; unsigned long flags; int keyid; @@ -101,7 +122,14 @@ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) spin_unlock_irqrestore(&mktme_lock, flags); if (!keyid) return -ENOKEY; - return 0; + + if (!mktme_program_keyid(keyid, *payload)) + return MKTME_PROG_SUCCESS; + + spin_lock_irqsave(&mktme_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_lock, flags); + return -ENOKEY; } /* Make sure arguments are correct for the TYPE of key requested */ @@ -245,10 +273,15 @@ static int __init init_mktme(void) if (!mktme_map) return -ENOMEM; + /* Used to program the hardware key tables */ + mktme_prog_cache = KMEM_CACHE(mktme_key_program, SLAB_PANIC); + if (!mktme_prog_cache) + goto free_map; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ - +free_map: kvfree(mktme_map); return -ENOMEM; From patchwork Wed Jul 31 15:07:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068299 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0898713A4 for ; Wed, 31 Jul 2019 15:22:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA4F9200E7 for ; Wed, 31 Jul 2019 15:22:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DED29201BD; Wed, 31 Jul 2019 15:22:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7683F205E9 for ; Wed, 31 Jul 2019 15:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730093AbfGaPVK (ORCPT ); Wed, 31 Jul 2019 11:21:10 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:44450 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726696AbfGaPVI (ORCPT ); Wed, 31 Jul 2019 11:21:08 -0400 Received: by mail-ed1-f65.google.com with SMTP id k8so66016253edr.11 for ; Wed, 31 Jul 2019 08:21:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Sg6bxLoMlRes885QhQrq9mVE221k6YoeytqqLikFglU=; b=IXEicb9BiLYExfvQdFk4yaWrUYrtPs2P+FQ3xbHGAjJqFjc/Tjuex7il/QhhrAU3gJ 1B0zMUjyCzuoPb2CGvJQ7dAtThjRe7D5+pWm017eXRhJ5OYV8RCaNICnYmJ009+sfvzW 5NUoC3YokyUZoQB7sHYWULxV/2/f9TOcZ1/gPkf55duPH15/Vc4B/k9Omnv9/9Yv3CZU SeCOWTrZNYeWEwYFisHEi4GPFxy3g1PXFpyNHAYa2qaeY0jn6aM8/D2yPWi1YGyBcl0J 4Kakk20YFCj7A+Ev81808+OjXvvP+eFNT1KH0KoZhORiukznX+DHLEGwFZnttRXtl3Xg KF/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Sg6bxLoMlRes885QhQrq9mVE221k6YoeytqqLikFglU=; b=FrFOil/AiwbUfThggtdiJH3dfuKDsSxRS/7Ll2p7vpm9hbQYzbDV3lG8r8lFxdvzdy 0SUKXFBWcdd9TKXy04jkHzaNligPt6LmONF2EijF2KTdPS9S+G41oqGR/x19P88nclhZ mUd7z1IT9FnWUEvW/4kZmYyrMzb1NzheBOzIFBCebHw4TW9AewFouUYlXFQQsWhPgrXy tilvJ2Y7N/lEqEesuPMVcYPVOKk4/HcmvM7pE3ZVjYyr1hY+PzGlfH5r6aG/H84Gtlkt YigokvbP0RcAoIvwHaCYsXHnw2Fp3YeZqDk+UnyLOP8mtVoC1Hj6eSgrbNQjcda/keOq hqhA== X-Gm-Message-State: APjAAAVCoFjuxfG3WeO42/J2WEw+qD1FCexXeE/I1g1cRmmBWRJQJrTQ YNudUnj8GVzD/uwAkRiAhP4= X-Google-Smtp-Source: APXvYqzUHszTMCf0FqL0C12el1+4vYG6LYW8ml5drC1eMYBiTn4AhQh509XXdc2m4fyznpBj9tVZ/g== X-Received: by 2002:a17:906:d052:: with SMTP id bo18mr88285067ejb.311.1564586030665; Wed, 31 Jul 2019 08:13:50 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id u9sm17451892edm.71.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id B852D103C08; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 29/59] keys/mktme: Set up PCONFIG programming targets for MKTME keys Date: Wed, 31 Jul 2019 18:07:43 +0300 Message-Id: <20190731150813.26289-30-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME Key service maintains the hardware key tables. These key tables are package scoped per the MKTME hardware definition. This means that each physical package on the system needs its key table programmed. These physical packages are the targets of the new PCONFIG programming command. So, introduce a PCONFIG targets bitmap as well as a CPU mask that includes the lead CPUs capable of programming the targets. The lead CPU mask will be used every time a new key is programmed into the hardware. Keep the PCONFIG targets bit map around for future use during CPU hotplug events. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 42 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 8ac75b1e6188..272bff8591b7 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme/ */ +#include #include #include #include @@ -17,6 +18,8 @@ static DEFINE_SPINLOCK(mktme_lock); static unsigned int mktme_available_keyids; /* Free Hardware KeyIDs */ static struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ +static unsigned long *mktme_target_map; /* PCONFIG programming target */ +static cpumask_var_t mktme_leadcpus; /* One CPU per PCONFIG target */ enum mktme_keyid_state { KEYID_AVAILABLE, /* Available to be assigned */ @@ -257,6 +260,33 @@ struct key_type key_type_mktme = { .destroy = mktme_destroy_key, }; +static void mktme_update_pconfig_targets(void) +{ + int cpu, target_id; + + cpumask_clear(mktme_leadcpus); + bitmap_clear(mktme_target_map, 0, sizeof(mktme_target_map)); + + for_each_online_cpu(cpu) { + target_id = topology_physical_package_id(cpu); + if (!__test_and_set_bit(target_id, mktme_target_map)) + __cpumask_set_cpu(cpu, mktme_leadcpus); + } +} + +static int mktme_alloc_pconfig_targets(void) +{ + if (!alloc_cpumask_var(&mktme_leadcpus, GFP_KERNEL)) + return -ENOMEM; + + mktme_target_map = bitmap_alloc(topology_max_packages(), GFP_KERNEL); + if (!mktme_target_map) { + free_cpumask_var(mktme_leadcpus); + return -ENOMEM; + } + return 0; +} + static int __init init_mktme(void) { int ret; @@ -278,9 +308,21 @@ static int __init init_mktme(void) if (!mktme_prog_cache) goto free_map; + /* Hardware programming targets */ + if (mktme_alloc_pconfig_targets()) + goto free_cache; + + /* Initialize first programming targets */ + mktme_update_pconfig_targets(); + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + + free_cpumask_var(mktme_leadcpus); + bitmap_free(mktme_target_map); +free_cache: + kmem_cache_destroy(mktme_prog_cache); free_map: kvfree(mktme_map); From patchwork Wed Jul 31 15:07:44 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 596A413A4 for ; Wed, 31 Jul 2019 15:22:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4690320223 for ; Wed, 31 Jul 2019 15:22:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3AB4D205E9; Wed, 31 Jul 2019 15:22:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BE7F91FF87 for ; Wed, 31 Jul 2019 15:22:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730128AbfGaPWM (ORCPT ); Wed, 31 Jul 2019 11:22:12 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:46326 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727962AbfGaPWI (ORCPT ); Wed, 31 Jul 2019 11:22:08 -0400 Received: by mail-ed1-f65.google.com with SMTP id d4so66102150edr.13 for ; Wed, 31 Jul 2019 08:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PzedmcWsRc3DhudY/wiWcVyq0AAagaASN0DGAs1EUfk=; b=oLYDLyPe+JzY2m1J7wjX7AgBe2E4rUQv0fXNMOTxiG0nu3Kabo9U15Ufg7K6WUQgmi RNNtxu0DlWJ+voFj2zV59ecQN7UXfIGdJz6l2QQg7hl1DF1htbBcFoFM/zAI2mPjcI1U l3fEHvv0/1gka708wHD2qXwLZrc051+nm/YjhW0tIhCa72L/Tien3Zer+cqAIsJMVqNK L0WPnYRQdIixCyrAGbQRcVHhSuhtXWLR41Rx6IQOFrIz+x0hmONqrQ/gZtqcXxab8960 yeuaFiFWFODRPxwK1POFLi1ZUqFHAQQefGlgCb9xVI6pv/BL6bFoNByecBEofA/OdSSY 7nrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PzedmcWsRc3DhudY/wiWcVyq0AAagaASN0DGAs1EUfk=; b=aVmaVQsTCDqmPWRz8nvjnoKLlnRRnlWoDJNDEGykyzUtP/yChh2VZvSiRS0YG+cfAy d1bRjLmsIMpd6DlpZNQ1DkOIYsjTxXBBP6Z7HnRQUQbxKU2N32w/asy4HBwFOrybP6wE X2BB8XAfiZwtzUk9VSqXaKOTunGtPdcfspRg7dqFfJidEdfR8ZfCfD+0eb18tyBupIRr 2jp0AKDYt7YedFKgDmW51B9jma4lE2fQW0lHZJGYntLwo2GmQM31X3vge8bf0bgM3qFk SZZ6ErnlScAGRqq3x6lfQaLidM2EL+bpLhX9gcagp0QJsmAiMcsS5Jx6o8uAioD4JR6i 4vPQ== X-Gm-Message-State: APjAAAULttjD0jF8yujh8VehuJPu+M+zsQmVSKdpQC0jRJU9mNsUALvv 3aF4Wbs/Tr+pBy3TcXu4Arg= X-Google-Smtp-Source: APXvYqzcJGczjYcDRUjZLltV4/L8von3YErmNZFFERlXjz5jyiPEJ/PtKIEf2ACHSo4AM9+ctzEY3w== X-Received: by 2002:a17:906:c2c9:: with SMTP id ch9mr2839424ejb.167.1564586028666; Wed, 31 Jul 2019 08:13:48 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id a18sm9661518ejp.2.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id BF3F9103FDC; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 30/59] keys/mktme: Program MKTME keys into the platform hardware Date: Wed, 31 Jul 2019 18:07:44 +0300 Message-Id: <20190731150813.26289-31-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Finally, the keys are programmed into the hardware via each lead CPU. Every package has to be programmed successfully. There is no partial success allowed here. Here a retry scheme is included for two errors that may succeed on retry: MKTME_DEVICE_BUSY and MKTME_ENTROPY_ERROR. However, it's not clear if even those errors should be retried at this level. Perhaps they too, should be returned to user space for handling. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 92 +++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 272bff8591b7..3c641f3ee794 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -83,6 +83,96 @@ static const match_table_t mktme_token = { {OPT_ERROR, NULL} }; +struct mktme_hw_program_info { + struct mktme_key_program *key_program; + int *status; +}; + +struct mktme_err_table { + const char *msg; + bool retry; +}; + +static const struct mktme_err_table mktme_error[] = { +/* MKTME_PROG_SUCCESS */ {"KeyID was successfully programmed", false}, +/* MKTME_INVALID_PROG_CMD */ {"Invalid KeyID programming command", false}, +/* MKTME_ENTROPY_ERROR */ {"Insufficient entropy", true}, +/* MKTME_INVALID_KEYID */ {"KeyID not valid", false}, +/* MKTME_INVALID_ENC_ALG */ {"Invalid encryption algorithm chosen", false}, +/* MKTME_DEVICE_BUSY */ {"Failure to access key table", true}, +}; + +static int mktme_parse_program_status(int status[]) +{ + int cpu, sum = 0; + + /* Success: all CPU(s) programmed all key table(s) */ + for_each_cpu(cpu, mktme_leadcpus) + sum += status[cpu]; + if (!sum) + return MKTME_PROG_SUCCESS; + + /* Invalid Parameters: log the error and return the error. */ + for_each_cpu(cpu, mktme_leadcpus) { + switch (status[cpu]) { + case MKTME_INVALID_KEYID: + case MKTME_INVALID_PROG_CMD: + case MKTME_INVALID_ENC_ALG: + pr_err("mktme: %s\n", mktme_error[status[cpu]].msg); + return status[cpu]; + + default: + break; + } + } + /* + * Device Busy or Insufficient Entropy: do not log the + * error. These will be retried and if retries (time or + * count runs out) caller will log the error. + */ + for_each_cpu(cpu, mktme_leadcpus) { + if (status[cpu] == MKTME_DEVICE_BUSY) + return status[cpu]; + } + return MKTME_ENTROPY_ERROR; +} + +/* Program a single key using one CPU. */ +static void mktme_do_program(void *hw_program_info) +{ + struct mktme_hw_program_info *info = hw_program_info; + int cpu; + + cpu = smp_processor_id(); + info->status[cpu] = mktme_key_program(info->key_program); +} + +static int mktme_program_all_keytables(struct mktme_key_program *key_program) +{ + struct mktme_hw_program_info info; + int err, retries = 10; /* Maybe users should handle retries */ + + info.key_program = key_program; + info.status = kcalloc(num_possible_cpus(), sizeof(info.status[0]), + GFP_KERNEL); + + while (retries--) { + get_online_cpus(); + on_each_cpu_mask(mktme_leadcpus, mktme_do_program, + &info, 1); + put_online_cpus(); + + err = mktme_parse_program_status(info.status); + if (!err) /* Success */ + return err; + else if (!mktme_error[err].retry) /* Error no retry */ + return -ENOKEY; + } + /* Ran out of retries */ + pr_err("mktme: %s\n", mktme_error[err].msg); + return err; +} + /* Copy the payload to the HW programming structure and program this KeyID */ static int mktme_program_keyid(int keyid, u32 payload) { @@ -97,7 +187,7 @@ static int mktme_program_keyid(int keyid, u32 payload) kprog->keyid = keyid; kprog->keyid_ctrl = payload; - ret = MKTME_PROG_SUCCESS; /* Future programming call */ + ret = mktme_program_all_keytables(kprog); kmem_cache_free(mktme_prog_cache, kprog); return ret; } From patchwork Wed Jul 31 15:07:45 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068271 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6BB031399 for ; Wed, 31 Jul 2019 15:20:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59877201B1 for ; Wed, 31 Jul 2019 15:20:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4D05A204FF; Wed, 31 Jul 2019 15:20:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DA796201B1 for ; Wed, 31 Jul 2019 15:20:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730076AbfGaPUy (ORCPT ); Wed, 31 Jul 2019 11:20:54 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:46168 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726979AbfGaPUx (ORCPT ); Wed, 31 Jul 2019 11:20:53 -0400 Received: by mail-ed1-f66.google.com with SMTP id d4so66098369edr.13 for ; Wed, 31 Jul 2019 08:20:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bD/5ZInA5DBfNF/OoolUD2uLCIaOC1DGsUwSCxp+njs=; b=nvqdVZ7hy8prTTJcbUZBwkmbx2dG13l4tJOjU/HGiWPNPCIzhkiP7BT5p8Q5xWDndr 7DeAzS8uAbr6+O45Oq+aNxw5yIDCtTUXGB0id3g7Z8mpUiISvVh8+Qdpp6w9Mrz78JiC 0VezF9Twz7YfGrVqrIO2CaQOxV5IahFa9jvmh6yBk00rx18AqNPPp2V83WMw5/RHJxZK V7Ij2TTHXT4PuakKHcAQZMB0LBshUp7ZbQOCUWMzIrguS1msbfDi5NilYa6XZJJc6A82 xAVNYZPhVRKGVGB4dKsMF59lYW4aPwm4ovfr9mL7D2xAkl0s4z/mmm5UiL+UO1fObzyu 5wPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bD/5ZInA5DBfNF/OoolUD2uLCIaOC1DGsUwSCxp+njs=; b=naTenLs3HkwhaJPeI6R8vanmQP+XerIv5lgLBr0DJUiWUiuvxgubtlQWSxAQUftrqK AR13TeP73ypFUp0h+o4quF5hZ2K1x9eb+NdRBMDcV0DU9VWkTGy6zs5jWt5FxfE+llk1 YBcsB6VnqT4m2qUhHb67BkLRuiyMo/jvH1lkotT/84//AE2cahuE/WpGeTTDj0KQsLqk zIHFgCqYP+G5Vt+getUbDdomp361XM9avc+nMJTcOzj9lTC/ziT6Ieaw30X9jEcn6kCa ggssyzxWQ8NZ7Z+wgu4gw8eA9JVPo2wKGMPC03WLaouNhJT/+3GBedrNAgP79O+67RPG QMdg== X-Gm-Message-State: APjAAAUHOOrnSrbRcm5vw3PvglDl/RoUSRMLU5TJ/V8lu4H2eXrKlmTy Wqe7Ah+DZ2/XpH22UYfuPmw= X-Google-Smtp-Source: APXvYqxJIvkHF7kejGb362uxw7wEOxIDocRJ4jXYfh9K6XIBqdmcEBR8hDmMszbdv7iLHfJZFlKGzw== X-Received: by 2002:a05:6402:6d0:: with SMTP id n16mr25572624edy.168.1564586037300; Wed, 31 Jul 2019 08:13:57 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id t2sm17397627eda.95.2019.07.31.08.13.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:54 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id C65041044A6; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 31/59] keys/mktme: Set up a percpu_ref_count for MKTME keys Date: Wed, 31 Jul 2019 18:07:45 +0300 Message-Id: <20190731150813.26289-32-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME key service needs to keep usage counts on the encryption keys in order to know when it is safe to free a key for reuse. percpu_ref_count applies well here because the key service will take the initial reference and typically hold that reference while the intermediary references are get/put. The intermediaries in this case will be encrypted VMA's, Align the percpu_ref_init and percpu_ref_kill with the key service instantiate and destroy methods respectively. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 39 +++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 3c641f3ee794..18cb57be5193 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -71,6 +72,26 @@ int mktme_keyid_from_key(struct key *key) return 0; } +struct percpu_ref *encrypt_count; +void mktme_percpu_ref_release(struct percpu_ref *ref) +{ + unsigned long flags; + int keyid; + + for (keyid = 1; keyid <= mktme_nr_keyids(); keyid++) { + if (&encrypt_count[keyid] == ref) + break; + } + if (&encrypt_count[keyid] != ref) { + pr_debug("%s: invalid ref counter\n", __func__); + return; + } + percpu_ref_exit(ref); + spin_lock_irqsave(&mktme_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_lock, flags); +} + enum mktme_opt_id { OPT_ERROR, OPT_TYPE, @@ -199,8 +220,10 @@ static void mktme_destroy_key(struct key *key) unsigned long flags; spin_lock_irqsave(&mktme_lock, flags); - mktme_release_keyid(keyid); + mktme_map[keyid].key = NULL; + mktme_map[keyid].state = KEYID_REF_KILLED; spin_unlock_irqrestore(&mktme_lock, flags); + percpu_ref_kill(&encrypt_count[keyid]); } /* Key Service Method to create a new key. Payload is preparsed. */ @@ -216,9 +239,15 @@ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) if (!keyid) return -ENOKEY; + if (percpu_ref_init(&encrypt_count[keyid], mktme_percpu_ref_release, + 0, GFP_KERNEL)) + goto err_out; + if (!mktme_program_keyid(keyid, *payload)) return MKTME_PROG_SUCCESS; + percpu_ref_exit(&encrypt_count[keyid]); +err_out: spin_lock_irqsave(&mktme_lock, flags); mktme_release_keyid(keyid); spin_unlock_irqrestore(&mktme_lock, flags); @@ -405,10 +434,18 @@ static int __init init_mktme(void) /* Initialize first programming targets */ mktme_update_pconfig_targets(); + /* Reference counters to protect in use KeyIDs */ + encrypt_count = kvcalloc(mktme_nr_keyids() + 1, sizeof(encrypt_count[0]), + GFP_KERNEL); + if (!encrypt_count) + goto free_targets; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + kvfree(encrypt_count); +free_targets: free_cpumask_var(mktme_leadcpus); bitmap_free(mktme_target_map); free_cache: From patchwork Wed Jul 31 15:07:46 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068345 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 467CD1399 for ; Wed, 31 Jul 2019 15:24:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 33948205E9 for ; Wed, 31 Jul 2019 15:24:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 27A93209CD; Wed, 31 Jul 2019 15:24:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CCB65212D9 for ; Wed, 31 Jul 2019 15:24:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728079AbfGaPYe (ORCPT ); Wed, 31 Jul 2019 11:24:34 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:45736 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727987AbfGaPXv (ORCPT ); Wed, 31 Jul 2019 11:23:51 -0400 Received: by mail-ed1-f68.google.com with SMTP id x19so60142759eda.12 for ; Wed, 31 Jul 2019 08:23:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4nUUGiekxDXyLHELJNk1/crPjGXFhQCWsxTcExxSHys=; b=IOKuLaqnLIIvDxh8sGiA5Ti1EgZD/pb+tvmY2A/5Qcpvrnrj/8Q6+39fm9WysKchIW hxGKfQI/tErC99xqo32YRJXMLxuXvw7D5FxRJcrBpR8LO7tBGljabTEW8R9zvaZ7Gtu/ 5JhEe4A5G3i8YpbuhOwyBAKNi3WqHjxlhczPzXXfzxS1YgpNI6CrX/YkA/t7pf+O56zg jZvbsgItFZICFlQrj2qkMS9K0sSkOv6pJAFh7XH0Y/DNZ6ULvgHOHCZfkaErZTNsmjQb h2tqUsjMeDmKdo4PyoPbBB79hWABkWEqSQS6tHXaEaeEcq0q3LGFncuHeCOpiPphT7io M6bA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4nUUGiekxDXyLHELJNk1/crPjGXFhQCWsxTcExxSHys=; b=QyS5v/t2EEM86DTABeQQ8ozBaTP50vxsUeOyfPWOhrV/mOFYmBPDA7nlFQ+82019qp At0yp5b1DnqQRZSEzF74noMR7z3ntDlU9RHZ9lQHrPk8oj4VxrIXhp5zKmSWY2pK/VNk /BXqOAXnkTnE9N/d9X6G5T/BkJM9V9y40wxtAXNtWL9ekYI0DfRctWT6iz0GzM88Fk91 a4o1S25J8pMD50hB3KvREutJaQ0RJRWNz2FSkvcLuV/IQ6yuXDeOw78pKQj2vl/LwXSr styjmm8MurHTQDMoVUuboELKkv/YQWkwAbp/8nxgmhGD6FU/DQ0Z+uxV94DAfMMTHZWh i0Ww== X-Gm-Message-State: APjAAAXJDeI/TkTPdfgaim2iu2KANrD3by+eXMOidbfyrCjHeu4nhVlo VZmcHjGDQfYxDXvp1ZA2ifM= X-Google-Smtp-Source: APXvYqyocU9LaLEieM1frl2MdSDXaIV0gvyho3ioPkKIqAAuamyJHGIwJo2jc8AHxo4CrQ5fTnM4cQ== X-Received: by 2002:a17:906:9711:: with SMTP id k17mr96659095ejx.298.1564586629507; Wed, 31 Jul 2019 08:23:49 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id 9sm8073168ejw.63.2019.07.31.08.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id CD18F1044A7; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 32/59] keys/mktme: Clear the key programming from the MKTME hardware Date: Wed, 31 Jul 2019 18:07:46 +0300 Message-Id: <20190731150813.26289-33-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Send a request to the MKTME hardware to clear a previously programmed key. This will be used when userspace keys are destroyed and the key slot is no longer in use. No longer in use means that the reference has been released, and its usage count has returned to zero. This clear command is not offered as an option to userspace, since the key service can execute it automatically, and at the right time, safely. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 18cb57be5193..1e2afcce7d85 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -72,6 +72,9 @@ int mktme_keyid_from_key(struct key *key) return 0; } +static void mktme_clear_hardware_keyid(struct work_struct *work); +static DECLARE_WORK(mktme_clear_work, mktme_clear_hardware_keyid); + struct percpu_ref *encrypt_count; void mktme_percpu_ref_release(struct percpu_ref *ref) { @@ -88,8 +91,9 @@ void mktme_percpu_ref_release(struct percpu_ref *ref) } percpu_ref_exit(ref); spin_lock_irqsave(&mktme_lock, flags); - mktme_release_keyid(keyid); + mktme_map[keyid].state = KEYID_REF_RELEASED; spin_unlock_irqrestore(&mktme_lock, flags); + schedule_work(&mktme_clear_work); } enum mktme_opt_id { @@ -213,6 +217,27 @@ static int mktme_program_keyid(int keyid, u32 payload) return ret; } +static void mktme_clear_hardware_keyid(struct work_struct *work) +{ + u32 clear_payload = MKTME_KEYID_CLEAR_KEY; + unsigned long flags; + int keyid, ret; + + for (keyid = 1; keyid <= mktme_nr_keyids(); keyid++) { + if (mktme_map[keyid].state != KEYID_REF_RELEASED) + continue; + + ret = mktme_program_keyid(keyid, clear_payload); + if (ret != MKTME_PROG_SUCCESS) + pr_debug("mktme: clear key failed [%s]\n", + mktme_error[ret].msg); + + spin_lock_irqsave(&mktme_lock, flags); + mktme_release_keyid(keyid); + spin_unlock_irqrestore(&mktme_lock, flags); + } +} + /* Key Service Method called when a Userspace Key is garbage collected. */ static void mktme_destroy_key(struct key *key) { From patchwork Wed Jul 31 15:07:47 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068327 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A4E7D14DB for ; Wed, 31 Jul 2019 15:23:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8D739209CE for ; Wed, 31 Jul 2019 15:23:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 81AFB21327; Wed, 31 Jul 2019 15:23:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C80B212DA for ; Wed, 31 Jul 2019 15:23:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729808AbfGaPXx (ORCPT ); Wed, 31 Jul 2019 11:23:53 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:33683 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729209AbfGaPXx (ORCPT ); Wed, 31 Jul 2019 11:23:53 -0400 Received: by mail-ed1-f67.google.com with SMTP id i11so2570925edq.0 for ; Wed, 31 Jul 2019 08:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Pyaxzbpsx58odlzi9CMlCU1WWA9qqTOgEqw5C9FEBVg=; b=TdeP43VIsvZBSvidBd63JYHMxnbdwhhCTLKUiBkNxJ1dN5ZesnIcrufzgwhWgQyHPq i7R3oVQxFEJynf2mhmWeT0e02bFtLfYtRn6p0VgZ/9Cfk6L2HmVLTwyWiesqSFHcOuWI C7Kd8pQSESCHFSvOb3B4KDGD0ws8qGv6qEQ5VxcXS9cAH00eVayINE6xKGf1l8i8BukU egoKu79G/bPpu3bRP9GqYkSE1/6ni+LU5rtZqvn7BKSJqvWNGHFJFeVK/BRE5mk85JT0 SAUKBlIR/5r0VZdnIOVvK9sEH41/fY04cVEyxQuZT0wYs85IiJA+jJz7ToKIsDLSVFEp FYqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Pyaxzbpsx58odlzi9CMlCU1WWA9qqTOgEqw5C9FEBVg=; b=t6C95crUbaTZ045OKjaNE/IzJpPd/QIpkJRnPt6KXxNFktRbiJRHrukiTpa6X5zZ0j 4CGsFxpCFGe4k2Dt2xDHlsRIBGcRnmWFUvptnTO22iHJYGJCZ+uvlAhAsKEX7+iVsDqk cUpQwFPJjigTTXJUR1YOcKCzvfiF5nuaEyza0T4IFVo+WHN+SyJUqCQP+DGhIdE7W4Jm vjMNn6SFPm28uNHMEbh6q0l3XlsEEsEPlwqwmXjNRXu5FOLq3KYpqS8/4wQ1OPGfD2c4 FB3wXYrdvpSZuFTQs1K+pVnSPjb5QVcwk4TSKSBtwES0KHJ1TeFexNjno16zwHYqHFAH igjw== X-Gm-Message-State: APjAAAXxT0JQHn7o7dDldG1a0w7vxtyQsFSos2FG+6aMTW/FxD/zbruh PMTsP+0bq88rzjy1U6AebrU= X-Google-Smtp-Source: APXvYqwvQzZ9XL8yngupcDep2q/KvYsUDRxmOX5VsyvFeZ5aPPfxl5er8kzo/CVzwYry0AvSpyXG9Q== X-Received: by 2002:a17:906:5409:: with SMTP id q9mr97412776ejo.209.1564586631213; Wed, 31 Jul 2019 08:23:51 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id u7sm12527377ejm.48.2019.07.31.08.23.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:49 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id D3EBD1045F6; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 33/59] keys/mktme: Require CAP_SYS_RESOURCE capability for MKTME keys Date: Wed, 31 Jul 2019 18:07:47 +0300 Message-Id: <20190731150813.26289-34-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME key type uses capabilities to restrict the allocation of keys to privileged users. CAP_SYS_RESOURCE is required, but the broader capability of CAP_SYS_ADMIN is accepted. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 1e2afcce7d85..2d90cc83e5ce 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme/ */ +#include #include #include #include @@ -371,6 +372,9 @@ int mktme_preparse_payload(struct key_preparsed_payload *prep) char *options; int ret; + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) + return -EACCES; + if (datalen <= 0 || datalen > 1024 || !prep->data) return -EINVAL; From patchwork Wed Jul 31 15:07:48 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068283 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8379A13A4 for ; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71B23201BD for ; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6619C20602; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 03823205FC for ; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727626AbfGaPVF (ORCPT ); Wed, 31 Jul 2019 11:21:05 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:43517 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728493AbfGaPVE (ORCPT ); Wed, 31 Jul 2019 11:21:04 -0400 Received: by mail-ed1-f66.google.com with SMTP id e3so66069764edr.10 for ; Wed, 31 Jul 2019 08:21:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3zVMT74rDUltFrg5s5cNC7M6LQV7b9+aLo+/S3q5hiw=; b=GisN2VOHWd3D2xd2nqgN/O4RiDCWZV8MPtYrQVY6TlWY8EHqrabeuC1r3NX9u0NUOO BH2o2lVkrCrb9gk1MKTOTG948p8DjJmLwuCxvSnHSCG2lQ5LlWSSW0TudDJxop3vUybS iS5zXgJkjFJwjSE1VsEQrLIg9PkOFtoA/PrYofcbBQsb/QBWbIN8wq9TtqNGnZW57NXu FygrvM5q/WyuM25UdOJmx6Q3wWqh1eJzizEsGx5+xS2vf/v8J+0H+RHMoHy2oBvIHwmm KlIaNODZHWgCOQ3B780DUv+UnF1kRJdgXgyEo5fMmqmMlzcNCEgAUZoRuuxXG8JEW+4G Cplw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3zVMT74rDUltFrg5s5cNC7M6LQV7b9+aLo+/S3q5hiw=; b=KqBvr2BuZDS61gcYDF56z5bmx9GWJHxmfUL+kT+pK34TkmXVgFiuoP/wan+3jW0hX/ UdIX8a1/J/VvHzdFOlVUICKKsLPasVb90c33QHHKDYBSLhbHnJ88obXY/kP1jldGe704 ii5kJbeSvwGXlTgHHWQcV8pb5zlZ0ErsoB4H8QsFKuvZOqe1D234r+t3MAHpN6sJS8lF B1VaLxjgQqzaVLWyxd5S1LnKS0CjT9Y34vq9h724Bk9WwcdxxFNCwaZaX3m5/uYC1hKT 2LXiyFlcgraylYfMWdmjVfH84aBKaXbJa9yj4MTQGw6mUlsnAx9kSvJVkO8d/Z9nqWWt uShA== X-Gm-Message-State: APjAAAXcSD2fb5vYYXBcDd5NoElzGYsx01P45TCECCf3AE0tHy0f+0AJ FaDyri29iSlH1DCmC+yh5Eg= X-Google-Smtp-Source: APXvYqwlNY51UchCswKgnSs9+WfX2oW8BlZl27GF1PmsG2m8MqrdBgD47IA24LwOZbfQr2I0vImeXg== X-Received: by 2002:a50:8b9c:: with SMTP id m28mr109889326edm.53.1564586039271; Wed, 31 Jul 2019 08:13:59 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id ns22sm12486254ejb.9.2019.07.31.08.13.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id DAD501045F8; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 34/59] acpi: Remove __init from acpi table parsing functions Date: Wed, 31 Jul 2019 18:07:48 +0300 Message-Id: <20190731150813.26289-35-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield ACPI table parsing functions are useful after init time. For example, the MKTME (Multi-Key Total Memory Encryption) key service will evaluate the ACPI HMAT table when the first key creation request occurs. This will happen after init time. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/tables.c | 10 +++++----- include/linux/acpi.h | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c index b32327759380..9d40af7f07fb 100644 --- a/drivers/acpi/tables.c +++ b/drivers/acpi/tables.c @@ -33,7 +33,7 @@ static char *mps_inti_flags_trigger[] = { "dfl", "edge", "res", "level" }; static struct acpi_table_desc initial_tables[ACPI_MAX_TABLES] __initdata; -static int acpi_apic_instance __initdata; +static int acpi_apic_instance; enum acpi_subtable_type { ACPI_SUBTABLE_COMMON, @@ -49,7 +49,7 @@ struct acpi_subtable_entry { * Disable table checksum verification for the early stage due to the size * limitation of the current x86 early mapping implementation. */ -static bool acpi_verify_table_checksum __initdata = false; +static bool acpi_verify_table_checksum = false; void acpi_table_print_madt_entry(struct acpi_subtable_header *header) { @@ -280,7 +280,7 @@ acpi_get_subtable_type(char *id) * On success returns sum of all matching entries for all proc handlers. * Otherwise, -ENODEV or -EINVAL is returned. */ -static int __init acpi_parse_entries_array(char *id, unsigned long table_size, +static int acpi_parse_entries_array(char *id, unsigned long table_size, struct acpi_table_header *table_header, struct acpi_subtable_proc *proc, int proc_num, unsigned int max_entries) @@ -355,7 +355,7 @@ static int __init acpi_parse_entries_array(char *id, unsigned long table_size, return errs ? -EINVAL : count; } -int __init acpi_table_parse_entries_array(char *id, +int acpi_table_parse_entries_array(char *id, unsigned long table_size, struct acpi_subtable_proc *proc, int proc_num, unsigned int max_entries) @@ -386,7 +386,7 @@ int __init acpi_table_parse_entries_array(char *id, return count; } -int __init acpi_table_parse_entries(char *id, +int acpi_table_parse_entries(char *id, unsigned long table_size, int entry_id, acpi_tbl_entry_handler handler, diff --git a/include/linux/acpi.h b/include/linux/acpi.h index 9426b9aaed86..fc1e7d4648bf 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -228,11 +228,11 @@ int acpi_numa_init (void); int acpi_table_init (void); int acpi_table_parse(char *id, acpi_tbl_table_handler handler); -int __init acpi_table_parse_entries(char *id, unsigned long table_size, +int acpi_table_parse_entries(char *id, unsigned long table_size, int entry_id, acpi_tbl_entry_handler handler, unsigned int max_entries); -int __init acpi_table_parse_entries_array(char *id, unsigned long table_size, +int acpi_table_parse_entries_array(char *id, unsigned long table_size, struct acpi_subtable_proc *proc, int proc_num, unsigned int max_entries); int acpi_table_parse_madt(enum acpi_madt_type id, From patchwork Wed Jul 31 15:07:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068319 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BA23B13A4 for ; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A4F66200E7 for ; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9916C212D9; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1FECB201F5 for ; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729004AbfGaPXv (ORCPT ); Wed, 31 Jul 2019 11:23:51 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:44818 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726663AbfGaPXu (ORCPT ); Wed, 31 Jul 2019 11:23:50 -0400 Received: by mail-ed1-f68.google.com with SMTP id k8so66024298edr.11 for ; Wed, 31 Jul 2019 08:23:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fyWNol/pClGETI/+3Fy8S0o8APly1L7wYaUOInJ7cro=; b=0D+e9OKImyb4sTdS3DaGli2ESSvrhwMepoaeber6sOi6xNQeOXqjqOnb/1KIv5eA0x eNNtaJSwMUTdya3x65wpEduqQWVFqNJxowmsYurkJg6idVmOJAgynHTMtURvl6pRH+lp /AXQs/PGw3QMUYeGMcitYEalW7K8jjmrvIDBQFxHoyvKOlQjQp1wt8RvB40She7x5nMN Km17y2HW/2HnGsAkyXDWsXdzi+suKv/3bNL7rEATTZ6hOD/1GmoI3RxM+fG1oxMgjoTb i0NcERRrgjS3qiNo560qZowGrKNWVHk2bwOr/TVDT1ncGB5cnkrBEBAJUPDEPQtBhvsJ S6vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fyWNol/pClGETI/+3Fy8S0o8APly1L7wYaUOInJ7cro=; b=ZwvjW/T0gTTS5g93/H6yC53fQXvAtPgwyBbghpzYPyNbMzMWYhKN1ddh7UVTSfBzGa piYPpE65uTkLBbkd0Kx9U2sxGu5uOQQMaO+sJg5V7JS83A85YuFW8uGz3Tp55pr7lsGO wNTYoRdm/PQ3eIDO4AxODwSj6+IPisPZQxl4v9YMIQ9TbUj1gBJkgev7TDyDw1n0U5cu ZN0GGGT8Ywhnf2dRkyf1gnVEvMkHiCcxhh/FRBhZZSU0WWSNCoFhJ5sF2B4ZLwZHQBZs LeV2dIEPvdVsUBHMkKZKWaBxcEJtcbO09iAnzUt4MeymT6WK7f12z9RrU33K2LZhGSbF 6pRA== X-Gm-Message-State: APjAAAXYxYv+HauTAbYO3FH8zu7MoVKpePzplHUkMAiMwUJe6hzcDEjj L2JmvbB0Yj87AggLAVTzFDg= X-Google-Smtp-Source: APXvYqwsOKPemvbbrapjzGTexE0e+E42HWLS7Zg61PJSi6P6DFE4jdPIWGYYycTh80vcUaFlClexVw== X-Received: by 2002:a50:b388:: with SMTP id s8mr106143247edd.15.1564586629069; Wed, 31 Jul 2019 08:23:49 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id f24sm16699742edt.82.2019.07.31.08.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id E1BE61045F9; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 35/59] acpi/hmat: Determine existence of an ACPI HMAT Date: Wed, 31 Jul 2019 18:07:49 +0300 Message-Id: <20190731150813.26289-36-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Platforms that need to confirm the presence of an HMAT table can use this function that simply reports the HMATs existence. This is added in support of the Multi-Key Total Memory Encryption (MKTME), a feature on future Intel platforms. These platforms will need to confirm an HMAT is present at init time. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/hmat/hmat.c | 13 +++++++++++++ include/linux/acpi.h | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c index 96b7d39a97c6..38e3341f569f 100644 --- a/drivers/acpi/hmat/hmat.c +++ b/drivers/acpi/hmat/hmat.c @@ -664,3 +664,16 @@ static __init int hmat_init(void) return 0; } subsys_initcall(hmat_init); + +bool acpi_hmat_present(void) +{ + struct acpi_table_header *tbl; + acpi_status status; + + status = acpi_get_table(ACPI_SIG_HMAT, 0, &tbl); + if (ACPI_FAILURE(status)) + return false; + + acpi_put_table(tbl); + return true; +} diff --git a/include/linux/acpi.h b/include/linux/acpi.h index fc1e7d4648bf..d27f4d17dfb3 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -1335,4 +1335,8 @@ acpi_platform_notify(struct device *dev, enum kobject_action action) } #endif +#ifdef CONFIG_X86_INTEL_MKTME +extern bool acpi_hmat_present(void); +#endif /* CONFIG_X86_INTEL_MKTME */ + #endif /*_LINUX_ACPI_H*/ From patchwork Wed Jul 31 15:07:50 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068103 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F250813A4 for ; Wed, 31 Jul 2019 15:09:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB5141FFD8 for ; Wed, 31 Jul 2019 15:09:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CD6FA201BC; Wed, 31 Jul 2019 15:09:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 71E891FFD8 for ; Wed, 31 Jul 2019 15:09:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729278AbfGaPJK (ORCPT ); Wed, 31 Jul 2019 11:09:10 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:35939 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388615AbfGaPIb (ORCPT ); Wed, 31 Jul 2019 11:08:31 -0400 Received: by mail-ed1-f68.google.com with SMTP id k21so66033321edq.3 for ; Wed, 31 Jul 2019 08:08:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zVlcJDBaDTqmSz97nQxl4DvHh1B1aL9m42IztWqYpgk=; b=MLb+AaScf0hGsrpPSDd87+yWF18Ne5YphyrJDosl5qgEGBpjx5dqprcz8D6TDurakx v7dksS8vdyH98KwRfDrtg/ZbAe6E5vhUhxog7UiBo5/z7ZxDluJryzZrq7ii40mFem3i jMx9cmbPY8ZVw9geHuaHGUyOzRRTLmVrMwDlEzypgFsoq1OKR/Xmb+uMJ6IghodwNO1n RZiP1ftmR0Lj/uf8ewWim1E6GUd1B5u7cpUbveVRjMCNi8uIaEVIr/L9O6TQUka6NeYB zDwBJBoONjQlX/jht6jQVRNO6og/Cy7j8akyt5hXZpmDzorFoOnlfMMXa/CagiuWGoH+ adxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zVlcJDBaDTqmSz97nQxl4DvHh1B1aL9m42IztWqYpgk=; b=M3dw0wwKdQt0USU5mNDY36kUA4HEG0HnOu8r9ThWD1LTZnc7X8IBU/xQFKSFqFxVbd 6BkRfuKaEHXycjZaWR97+cgwXvexc01gaz106vFaF0XUZdFe6oxr1fU3z1o1i2G/P1Cj n+C8jR7Aut1DhwtIx1KbllEb51iTw7cx8KhXauIXU3gNMJC2OUNx0b5BILNJJu0ClZtN BmOmK7x8mUCsOl1oFa2iD5+RxRb0IugkbJBm9glN5giucTwttBECSpqQy7lSCeNZ4SrS VpppKpQzNoo2B2QArlEOCShDsRe0GWmbZb6NVsUz2P1vXx5zJfN54jQUiGbkJyKqrxNF klWw== X-Gm-Message-State: APjAAAVcfaz+C7zW+gau0mQStSklyupl2Fb0L76WYHeXMszHw8G/ANFD O1ShEBEHDFmQ8vvJ6Roe0EE= X-Google-Smtp-Source: APXvYqyr56BhZiXrSd8f2fq+Z375JbAoHMRws8MKCqxmheMr9Uoh5vHG5eCnsq/pE6efizao1axriw== X-Received: by 2002:a05:6402:3d5:: with SMTP id t21mr107048118edw.13.1564585710210; Wed, 31 Jul 2019 08:08:30 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id s2sm5403001ejf.11.2019.07.31.08.08.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:28 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id E8A5B1045FA; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 36/59] keys/mktme: Require ACPI HMAT to register the MKTME Key Service Date: Wed, 31 Jul 2019 18:07:50 +0300 Message-Id: <20190731150813.26289-37-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The ACPI HMAT will be used by the MKTME key service to identify topologies that support the safe programming of encryption keys. Those decisions will happen at key creation time and during hotplug events. To enable this, we at least need to have the ACPI HMAT present at init time. If it's not present, do not register the type. If the HMAT is not present, failure looks like this: [ ] MKTME: Registration failed. ACPI HMAT not present. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 2d90cc83e5ce..6265b62801e9 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -2,6 +2,7 @@ /* Documentation/x86/mktme/ */ +#include #include #include #include @@ -445,6 +446,12 @@ static int __init init_mktme(void) mktme_available_keyids = mktme_nr_keyids(); + /* Require an ACPI HMAT to identify MKTME safe topologies */ + if (!acpi_hmat_present()) { + pr_warn("MKTME: Registration failed. ACPI HMAT not present.\n"); + return -EINVAL; + } + /* Mapping of Userspace Keys to Hardware KeyIDs */ mktme_map = kvzalloc((sizeof(*mktme_map) * (mktme_nr_keyids() + 1)), GFP_KERNEL); From patchwork Wed Jul 31 15:07:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068295 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 003461399 for ; Wed, 31 Jul 2019 15:22:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E18DC1FF87 for ; Wed, 31 Jul 2019 15:22:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D581C201B0; Wed, 31 Jul 2019 15:22:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 67767201BD for ; Wed, 31 Jul 2019 15:22:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729109AbfGaPV7 (ORCPT ); Wed, 31 Jul 2019 11:21:59 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:44563 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727628AbfGaPV6 (ORCPT ); Wed, 31 Jul 2019 11:21:58 -0400 Received: by mail-ed1-f66.google.com with SMTP id k8so66018712edr.11 for ; Wed, 31 Jul 2019 08:21:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=0SvRw1bdF/wj1/uPaALpB1mJItIzSwaE2+8pgarmj/0=; b=K8GSlHVyaCoX6eoUymMD8WNd8fo5NWDf75jpRiOk+1zSA+MpR6EfH2u4sq/cei0nEX o80zJP8en7QDpE5vzs8O5n4LrgF22geCbTMxZs9xW/Bw6G07hLfzIVGyGKyQoxIOnZBD YFtORfTsEPttMMQotUKNiwrIP4HCJfUjTSf2by1YSPzvrtnfC1aL0Dv/WEnFMeyqvoSY 1yZ+xCdOLBGgiLW+bKu/YcS0pacqJtrPn8i6k/jyqe3Rz1jF3T9VOENF63nv+EydMMBy h8eN884I5s73CM7fbg8Lu/9/FG0L4WKxt0gSlNtUkWxzIvuA+TNSCpjkFO+PNMv3SZs9 BR7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=0SvRw1bdF/wj1/uPaALpB1mJItIzSwaE2+8pgarmj/0=; b=sDKgkhNjIZuVDVxLgiOgKVJauVV3FsXvuxaXeneLlloaf3izQR2I78qjrbGNGgv+sG HP6rFU8N87kmMWEBHeIcgeN7LboF6lo+hNEx3GnrL6SiG55WVmwDogH1p5NVwrTF+qZ+ tqA26sEOiYLNNlilf4q/EOZ2uoVhy6G5QIfpNWuCew4aah6Oe1dqzs5D2pzz07Ruhp5J QjBVy7IvyweMBBEjsxX5AJ4Og+P9pRs4cCokrYTeFjmZP5MKGium4EomTLzDNzv1PQpn ldAvmoC837WquV+N9p0jIv7u4M3UsNeBuA/jX8NWSm2fOW2G4OiIhcqTIHIbZ5JVFNB6 elzA== X-Gm-Message-State: APjAAAUIBjVpxavWbA4Oo7EEIA6X1ukDXJEh+DFqs3e37BRojFohhoAl Fs+714ebkAjfPbg7X7mpoHw= X-Google-Smtp-Source: APXvYqwDDDPlNwfBHKIOlIbyqYdy0UrYvh8zFar3DZnhvZm8R0JCleo52KdoWAHk4ZEHWuudYw10ag== X-Received: by 2002:a17:906:e11a:: with SMTP id gj26mr95741299ejb.95.1564586040068; Wed, 31 Jul 2019 08:14:00 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id qq13sm12564390ejb.27.2019.07.31.08.13.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id EF8F91045FB; Wed, 31 Jul 2019 18:08:16 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 37/59] acpi/hmat: Evaluate topology presented in ACPI HMAT for MKTME Date: Wed, 31 Jul 2019 18:07:51 +0300 Message-Id: <20190731150813.26289-38-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME, Multi-Key Total Memory Encryption, is a feature on Intel platforms. The ACPI HMAT table can be used to verify that the platform topology is safe for the usage of MKTME. The kernel must be capable of programming every memory controller on the platform. This means that there must be a CPU online, in the same proximity domain of each memory controller. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- drivers/acpi/hmat/hmat.c | 54 ++++++++++++++++++++++++++++++++++++++++ include/linux/acpi.h | 1 + 2 files changed, 55 insertions(+) diff --git a/drivers/acpi/hmat/hmat.c b/drivers/acpi/hmat/hmat.c index 38e3341f569f..936a403c0694 100644 --- a/drivers/acpi/hmat/hmat.c +++ b/drivers/acpi/hmat/hmat.c @@ -677,3 +677,57 @@ bool acpi_hmat_present(void) acpi_put_table(tbl); return true; } + +static int mktme_parse_proximity_domains(union acpi_subtable_headers *header, + const unsigned long end) +{ + struct acpi_hmat_proximity_domain *mar = (void *)header; + struct acpi_hmat_structure *hdr = (void *)header; + + const struct cpumask *tmp_mask; + + if (!hdr || hdr->type != ACPI_HMAT_TYPE_PROXIMITY) + return -EINVAL; + + if (mar->header.length != sizeof(*mar)) { + pr_warn("MKTME: invalid header length in HMAT\n"); + return -1; + } + /* + * Require a valid processor proximity domain. + * This will catch memory only physical packages with + * no processor capable of programming the key table. + */ + if (!(mar->flags & ACPI_HMAT_PROCESSOR_PD_VALID)) { + pr_warn("MKTME: no valid processor proximity domain\n"); + return -1; + } + /* Require an online CPU in the processor proximity domain. */ + tmp_mask = cpumask_of_node(pxm_to_node(mar->processor_PD)); + if (!cpumask_intersects(tmp_mask, cpu_online_mask)) { + pr_warn("MKTME: no online CPU in proximity domain\n"); + return -1; + } + return 0; +} + +/* Returns true if topology is safe for MKTME key creation */ +bool mktme_hmat_evaluate(void) +{ + struct acpi_table_header *tbl; + bool ret = true; + acpi_status status; + + status = acpi_get_table(ACPI_SIG_HMAT, 0, &tbl); + if (ACPI_FAILURE(status)) + return -EINVAL; + + if (acpi_table_parse_entries(ACPI_SIG_HMAT, + sizeof(struct acpi_table_hmat), + ACPI_HMAT_TYPE_PROXIMITY, + mktme_parse_proximity_domains, 0) < 0) { + ret = false; + } + acpi_put_table(tbl); + return ret; +} diff --git a/include/linux/acpi.h b/include/linux/acpi.h index d27f4d17dfb3..8854ae942e37 100644 --- a/include/linux/acpi.h +++ b/include/linux/acpi.h @@ -1337,6 +1337,7 @@ acpi_platform_notify(struct device *dev, enum kobject_action action) #ifdef CONFIG_X86_INTEL_MKTME extern bool acpi_hmat_present(void); +extern bool mktme_hmat_evaluate(void); #endif /* CONFIG_X86_INTEL_MKTME */ #endif /*_LINUX_ACPI_H*/ From patchwork Wed Jul 31 15:07:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068255 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E773513A4 for ; Wed, 31 Jul 2019 15:19:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D39A7205E9 for ; Wed, 31 Jul 2019 15:19:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C7467205AD; Wed, 31 Jul 2019 15:19:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 69B19209CD for ; Wed, 31 Jul 2019 15:19:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729477AbfGaPTW (ORCPT ); Wed, 31 Jul 2019 11:19:22 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:33976 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729444AbfGaPTU (ORCPT ); Wed, 31 Jul 2019 11:19:20 -0400 Received: by mail-ed1-f65.google.com with SMTP id s49so31231317edb.1 for ; Wed, 31 Jul 2019 08:19:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ukIFHDJenwkznoJ0S+ycGyH8eEeHrvR6n2ACiYDuDdk=; b=AOy2CWLXXb5HmAhiEuMvNlpAfvbzvVTmBhdFbnfbTg/elp4wHPlGZlanZYYDI/FrxG XR1qjn43zM5orBwV4t3lyE99FyrF9PkSX5oImrC331w0Zqkq8aM4qZ7W1MIsKYtR1Iq+ R9RJkh8iSQEpA340quOn7TlujXd6hrIkjm5Jm0Xb21fUTBV8fnmRZXlmIojL8rcIgjCU PUTp3qDE06KwYQHnhsuC+tatmmIbYIQBPxFpZQsboYojGA8UMc7qiPLpOzuIoc1jePqI mj+jOHlIVv7dZaf23nr1b3w0Wc5cWJIlxSvk362WiEcqLVDtgLk3XpruSZHTCkoabCWN v2Aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ukIFHDJenwkznoJ0S+ycGyH8eEeHrvR6n2ACiYDuDdk=; b=UJ7R4RHNYxY8SakBkeid2j0bTGZ6QpEd5goZxCfF5CeqLAQYuHMqQanyzN3Rn8kzy9 TtZDorL2d2wUlPM1DM/Paxru6WNMTcziknpoL2ueTh8apmvlYuhia86f4CI2ON0gF5ap 7VVsn/xTC3UziyNqUw0gxojMNGTYoHg0JsSESnVbwOP714LcYgDHHQaVlJd0MhPwgKeg dVgsvBd9VDTmx0CVQqQ+TEUv1JcPP3iPRv6NiDnPdIiXDnMvZ5U0mwb4jj+xwLW43wpe CrJtr0aZwU2qFnYVqG8RjZ/aaq8s9SDf4E8SX1ItOo2HHg8smXZTyEvGQTBkBmgiLpt2 fxkQ== X-Gm-Message-State: APjAAAU7DZj9aUHecE7mHpthM5bFlnK0e+yZvsCN/ZAoxRbCNUoWxXJc J17HCut9VKIiO/Z+4EjjXAc= X-Google-Smtp-Source: APXvYqySwhWDf4JA3GLQlNS2pqACUoF55kJ2wCVDTSRm+FoPw2vi1mKPJsOuuhC2eFbEA1+1nD2ApQ== X-Received: by 2002:a17:906:1e85:: with SMTP id e5mr94007378ejj.200.1564586029031; Wed, 31 Jul 2019 08:13:49 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id v6sm12580413ejx.28.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 025681045FC; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 38/59] keys/mktme: Do not allow key creation in unsafe topologies Date: Wed, 31 Jul 2019 18:07:52 +0300 Message-Id: <20190731150813.26289-39-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME depends upon at least one online CPU capable of programming each memory controller in the platform. An unsafe topology for MKTME is a memory only package or a package with no online CPUs. Key creation with unsafe topologies will fail with EINVAL and a warning will be logged one time. For example: [ ] MKTME: no online CPU in proximity domain [ ] MKTME: topology does not support key creation These are recoverable errors. CPUs may be brought online that are capable of programming a previously unprogrammable memory controller. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 6265b62801e9..70662e882674 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -23,6 +23,7 @@ static unsigned int mktme_available_keyids; /* Free Hardware KeyIDs */ static struct kmem_cache *mktme_prog_cache; /* Hardware programming cache */ static unsigned long *mktme_target_map; /* PCONFIG programming target */ static cpumask_var_t mktme_leadcpus; /* One CPU per PCONFIG target */ +static bool mktme_allow_keys; /* HW topology supports keys */ enum mktme_keyid_state { KEYID_AVAILABLE, /* Available to be assigned */ @@ -253,32 +254,55 @@ static void mktme_destroy_key(struct key *key) percpu_ref_kill(&encrypt_count[keyid]); } +static void mktme_update_pconfig_targets(void); /* Key Service Method to create a new key. Payload is preparsed. */ int mktme_instantiate_key(struct key *key, struct key_preparsed_payload *prep) { u32 *payload = prep->payload.data[0]; unsigned long flags; + int ret = -ENOKEY; int keyid; spin_lock_irqsave(&mktme_lock, flags); + + /* Topology supports key creation */ + if (mktme_allow_keys) + goto get_key; + + /* Topology unknown, check it. */ + if (!mktme_hmat_evaluate()) { + ret = -EINVAL; + goto out_unlock; + } + + /* Keys are now allowed. Update the programming targets. */ + mktme_update_pconfig_targets(); + mktme_allow_keys = true; + +get_key: keyid = mktme_reserve_keyid(key); spin_unlock_irqrestore(&mktme_lock, flags); if (!keyid) - return -ENOKEY; + goto out; if (percpu_ref_init(&encrypt_count[keyid], mktme_percpu_ref_release, 0, GFP_KERNEL)) - goto err_out; + goto out_free_key; - if (!mktme_program_keyid(keyid, *payload)) - return MKTME_PROG_SUCCESS; + ret = mktme_program_keyid(keyid, *payload); + if (ret == MKTME_PROG_SUCCESS) + goto out; + /* Key programming failed */ percpu_ref_exit(&encrypt_count[keyid]); -err_out: + +out_free_key: spin_lock_irqsave(&mktme_lock, flags); mktme_release_keyid(keyid); +out_unlock: spin_unlock_irqrestore(&mktme_lock, flags); - return -ENOKEY; +out: + return ret; } /* Make sure arguments are correct for the TYPE of key requested */ From patchwork Wed Jul 31 15:07:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068301 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2BED41399 for ; Wed, 31 Jul 2019 15:22:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 175ED201B0 for ; Wed, 31 Jul 2019 15:22:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0B10E205E9; Wed, 31 Jul 2019 15:22:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 930661FF87 for ; Wed, 31 Jul 2019 15:22:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729339AbfGaPWO (ORCPT ); Wed, 31 Jul 2019 11:22:14 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:41999 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729674AbfGaPVM (ORCPT ); Wed, 31 Jul 2019 11:21:12 -0400 Received: by mail-ed1-f67.google.com with SMTP id v15so66082940eds.9 for ; Wed, 31 Jul 2019 08:21:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uIXZ0F8v9y0X5Vlr65FlBUe43ILwGFJ310V1qk1n87Y=; b=vfdW7e5VZM1NTRsW9Qj9s3ymywg9Z9eZf0L8H23FhduBuIwBKrkUvK2YDh7+VgvO2z 3q9p0yQ2/EX6CTrY+uDCaCJl6TyJDc+BnE2CZKywXpecMsM8Q5tNHXv9bcx8OOj8tnBm QH3O/qxckPbmTmy4X1F0rKZmU1UXd0VSYVNKsK+ChAul5R8pVMmYFyXbEmcIU9HHfUbN frKzsjweIKsQ0mnZrk/2o3FUXu9XTU+CZ3leIN6sTXmycUuVIoqiQg6NFsv1CV7J2zOR MHvIFNk9NC4quOBkwU2rhdIHH54BaXnZovl+oi4BNME3i/u2OjU/uJHdK2YV59LnCg7W X1VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uIXZ0F8v9y0X5Vlr65FlBUe43ILwGFJ310V1qk1n87Y=; b=q+nxYcmENktdN/Q+ygtXdeiGhpedvya+jc9vEF0+/N7t+a6ldBClnjuh0Eo/PD84f1 Gz1WTvoh/Zk9eL9ORkFsAAi72cPw2HeS1GK65bTZTlbtRsftTuS/y1mp8BSJk4Y2Zekz lgO2LFD1eMjyNh9p0yCAnwserjxNKi6S+iJSQA5ntESUb85YcKgWGWms91W5SP59AgHx qS7PS02HDE9yxVxnykVZeqLTQ8OP9EOszgNNRMKJpdCyhhAgCAhLXxCde+k117E8poeX +CFOdllWLE6HZPDypsx/rHkhhW58uPrZ94ocuY466SO09ukP5mLABiHt8y/EUGU5Elot g9Ag== X-Gm-Message-State: APjAAAUCTZlxWOhp+YC9PXTUOfjBu6+a5cKZWEJ81dKwN+7h5w/qu/HZ 5AxoOy4OsqEfudQ/FdJ9M80= X-Google-Smtp-Source: APXvYqwYeWMLltpEBPBckLNCM+g7S+IY4Us955LLaX0vHxxronyzv/ZLKgeH3uRrChjLLmvrEg+r8g== X-Received: by 2002:a50:c28a:: with SMTP id o10mr105376291edf.182.1564586029913; Wed, 31 Jul 2019 08:13:49 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j10sm12539092ejk.23.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 095281045FD; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 39/59] keys/mktme: Support CPU hotplug for MKTME key service Date: Wed, 31 Jul 2019 18:07:53 +0300 Message-Id: <20190731150813.26289-40-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME encryption hardware resides on each physical package. The encryption hardware includes 'Key Tables' that must be programmed identically across all physical packages in the platform. Although every CPU in a package can program its key table, the kernel uses one lead CPU per package for programming. CPU Hotplug Teardown -------------------- MKTME manages CPU hotplug teardown to make sure the ability to program all packages is preserved when MKTME keys are present. When MKTME keys are not currently programmed, simply allow the teardown, and set "mktme_allow_keys" to false. This will force a re-evaluation of the platform topology before the next key creation. If this CPU teardown mattered, MKTME key service will report an error and fail to create the key. (User can online that CPU and try again) When MKTME keys are currently programmed, allow teardowns of non 'lead CPU's' and of CPUs where another, core sibling CPU, can take over as lead. Do not allow teardown of any lead CPU that would render a hardware key table unreachable! CPU Hotplug Startup ------------------- CPUs coming online are of interest to the key service, but since the service never needs to block a CPU startup event, nor does it need to prepare for an onlining CPU, a callback is not implemented. MKTME will catch the availability of the new CPU, if it is needed, at the next key creation time. If keys are not allowed, that new CPU will be part of the topology evaluation to determine if keys should now be allowed. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 47 +++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 70662e882674..b042df73899d 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -460,9 +460,46 @@ static int mktme_alloc_pconfig_targets(void) return 0; } +static int mktme_cpu_teardown(unsigned int cpu) +{ + int new_leadcpu, ret = 0; + unsigned long flags; + + /* Do not allow key programming during cpu hotplug event */ + spin_lock_irqsave(&mktme_lock, flags); + + /* + * When no keys are in use, allow the teardown, and set + * mktme_allow_keys to FALSE. That forces an evaluation + * of the topology before the next key creation. + */ + if (mktme_available_keyids == mktme_nr_keyids()) { + mktme_allow_keys = false; + goto out; + } + /* Teardown CPU is not a lead CPU. Allow teardown. */ + if (!cpumask_test_cpu(cpu, mktme_leadcpus)) + goto out; + + /* Teardown CPU is a lead CPU. Look for a new lead CPU. */ + new_leadcpu = cpumask_any_but(topology_core_cpumask(cpu), cpu); + + if (new_leadcpu < nr_cpumask_bits) { + /* New lead CPU found. Update the programming mask */ + __cpumask_clear_cpu(cpu, mktme_leadcpus); + __cpumask_set_cpu(new_leadcpu, mktme_leadcpus); + } else { + /* New lead CPU not found. Do not allow CPU teardown */ + ret = -1; + } +out: + spin_unlock_irqrestore(&mktme_lock, flags); + return ret; +} + static int __init init_mktme(void) { - int ret; + int ret, cpuhp; /* Verify keys are present */ if (mktme_nr_keyids() < 1) @@ -500,10 +537,18 @@ static int __init init_mktme(void) if (!encrypt_count) goto free_targets; + cpuhp = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, + "keys/mktme_keys:online", + NULL, mktme_cpu_teardown); + if (cpuhp < 0) + goto free_encrypt; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + cpuhp_remove_state_nocalls(cpuhp); +free_encrypt: kvfree(encrypt_count); free_targets: free_cpumask_var(mktme_leadcpus); From patchwork Wed Jul 31 15:07:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068267 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1A77413A4 for ; Wed, 31 Jul 2019 15:20:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 07E18205E9 for ; Wed, 31 Jul 2019 15:20:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EF8DA1FF87; Wed, 31 Jul 2019 15:20:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8AC0204C4 for ; Wed, 31 Jul 2019 15:20:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728771AbfGaPUM (ORCPT ); Wed, 31 Jul 2019 11:20:12 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:36492 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729528AbfGaPUK (ORCPT ); Wed, 31 Jul 2019 11:20:10 -0400 Received: by mail-ed1-f67.google.com with SMTP id k21so66068449edq.3 for ; Wed, 31 Jul 2019 08:20:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vwkKEN+NO/42LLW7V4MVtQKdg9NG9HC4dwr+b7oU7/A=; b=Uf1FCuDX52sEvKUCsJficveOp2kKNYX4EUGxdRJNZykLCtDIIDHpegDxYsp6cPe5pW EAoTzT/6HRwwAnq5QnSYpAtuKu32nvYS2kUdpN1mP4PQQ10UlxLyuA/tskPf2FIwxPud pUuxivdUf/yz+Tp+pjhIEiW+/6YgFS3K9zGL+Qh3OQ4/mioDDDPpCShm0v2J1MgLE8ff LAdvm4H5jX3b3WNwtdu5V9RM3W2HZGEtg1DkZ1XkWQ5ltdRlOKm5W2OJllK1ZO7oeFpf AvmUIe2HLJhkTNVz6b9FQaFDlX7qZyFGnnid7IyU8Nt0XiTLAB+dX1L/C7HwTI3yhcZW +xaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vwkKEN+NO/42LLW7V4MVtQKdg9NG9HC4dwr+b7oU7/A=; b=NGnBEI8WEV1mcHP8ClIvAeYtIHzfWDPxoNhbJInyCvEDcUW/dDQNsADywJeTHHhrnk tOdrl2YpgbQ4EtI+Woc90N0I3MhBzvzfcMwEzkbx/tCXNgrJab5IUFEdEQX5TU/FbjSM 0tv06qjQheGbq683BYo3kGQjXbs5E2bUmq0ruwgfGWaa7BCUWYgfXLNcsVt47IqFkOFr 5TfiDj5LxkCF6C6pbDrAaB60c6SUNxsEZkDa+Bd7CVwFKJMtyj5W7M/Hk487pGumbnWk v2ByXjHHIjYxDr/znuFkUb/3ohqdwahMy0JnmsKTaAXCn4dadWbJttTaY7HudG/rgFc9 qSrg== X-Gm-Message-State: APjAAAWYcm4lVoEjZhESDfc6unqF6Ev7dfzkB7NHoi/Itl2SKG8MXhge RCbzGqZz5DXz84lel4BhAhk= X-Google-Smtp-Source: APXvYqzBhlGdHrkZxNCta+YbwIpYcpSQldx/aTh7wiP6WOvFi0hxTn7lmyACen/6coFCsBG0rQq5SQ== X-Received: by 2002:a17:906:43c9:: with SMTP id j9mr92667128ejn.248.1564586034633; Wed, 31 Jul 2019 08:13:54 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id k10sm17260344eda.9.2019.07.31.08.13.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 103E71045FE; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 40/59] keys/mktme: Block memory hotplug additions when MKTME is enabled Date: Wed, 31 Jul 2019 18:07:54 +0300 Message-Id: <20190731150813.26289-41-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Intel platforms supporting MKTME need the ability to evaluate the memory topology before allowing new memory to go online. That evaluation would determine if the kernel can program the memory controller. Every memory controller needs to have a CPU online, capable of programming its MKTME keys. The kernel uses the ACPI HMAT at boot time to determine a safe MKTME topology, but at run time, there is no update to the HMAT. That run time support will come in the future with platform and kernel support for the _HMA method. Meanwhile, be safe, and do not allow any MEM_GOING_ONLINE events when MKTME is enabled. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index b042df73899d..f804d780fc91 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -497,6 +498,26 @@ static int mktme_cpu_teardown(unsigned int cpu) return ret; } +static int mktme_memory_callback(struct notifier_block *nb, + unsigned long action, void *arg) +{ + /* + * Do not allow the hot add of memory until run time + * support of the ACPI HMAT is available via an _HMA + * method. Without it, the new memory cannot be + * evaluated to determine an MTKME safe topology. + */ + if (action == MEM_GOING_ONLINE) + return NOTIFY_BAD; + + return NOTIFY_OK; +} + +static struct notifier_block mktme_memory_nb = { + .notifier_call = mktme_memory_callback, + .priority = 99, /* priority ? */ +}; + static int __init init_mktme(void) { int ret, cpuhp; @@ -543,10 +564,15 @@ static int __init init_mktme(void) if (cpuhp < 0) goto free_encrypt; + if (register_memory_notifier(&mktme_memory_nb)) + goto remove_cpuhp; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + unregister_memory_notifier(&mktme_memory_nb); +remove_cpuhp: cpuhp_remove_state_nocalls(cpuhp); free_encrypt: kvfree(encrypt_count); From patchwork Wed Jul 31 15:07:55 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068247 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EF41913A4 for ; Wed, 31 Jul 2019 15:19:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD312201F5 for ; Wed, 31 Jul 2019 15:19:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D15C5204FD; Wed, 31 Jul 2019 15:19:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F1B9201F5 for ; Wed, 31 Jul 2019 15:19:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729393AbfGaPTI (ORCPT ); Wed, 31 Jul 2019 11:19:08 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:37187 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726594AbfGaPTH (ORCPT ); Wed, 31 Jul 2019 11:19:07 -0400 Received: by mail-ed1-f66.google.com with SMTP id w13so66093135eds.4 for ; Wed, 31 Jul 2019 08:19:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Qu4eqa88cl7hA3fQdb28KWqV5w4hCLiKuLbYR7iJuDE=; b=EapzB6nV2zuG3XXqORhtOg865rDFWXiiuUO8FpJLb/h1WDao3VpOzWeFDmaFbxm/XL 47TBQ8nUUTf9qkmZiYlrYuMBsFG5TIn6RKRtGHhdoEi679Dd/WD/MF4HtnmQP59r+ZVS lWZPfIfuMFEgQo4Y3mbUEU6Vw4ZKVnL+c9FxScjZKMpMrPiR+cuZijKKGYKRXfElKJqa Xlf/ibW3jXNNJBvLlFTHpGgT5lOrKP+W2Zir2emFXNHQgTL1ugZEAXaNqYvDXjvvf1sY eVxqaYVdOcCPAQPOF9hrrzA0BOHPgcYf40DmCzESR4BUuRMyXnjNV9lnjdj/b1tOOPp+ BzBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Qu4eqa88cl7hA3fQdb28KWqV5w4hCLiKuLbYR7iJuDE=; b=bKOm8qZ3R6z/rZ7NOtqCb4KOZmLc4x6BjWxJ306MOxWAOp+fsI/ELShAfp7LgU3KkR 4wQW8DPwG5mZoP0BspjrnYMD+sD52msYdObIUo2GNTPzGPX+opsvJU9O8vuVLLVvWX4a cSMOzA/yIv7a12fa4IRgDrpKgQDT24z5Zh0yKd3ykJYuudI9AzPwCd4RYrDcRE6x+RH+ BHj0U2pept6aEJTs/xq7QDaMSaZqJijlwErkwP0+9Wkw/25g3Lsu7lPDIU4g5rPdyfBw uVv3YSxABPQtFuRWQb2MDshArXlYDbczkiUv841YkWF59i0MZHisEBJ83Humv1uJT3qB FxFg== X-Gm-Message-State: APjAAAVw+T7ImGssBJ/PUoZ2esgiCnyYjkRW772hxSREYVEFDy9+31RD zK7UBZsTB2RTNqm3RFS1Fo0= X-Google-Smtp-Source: APXvYqx2zTJL6YB+Gc6tZHir/y3NwypWB6AAdiaRHKrntm3SVSrSWzIlrCWGYk+WyVgbmkUaGcUHkg== X-Received: by 2002:a50:acc6:: with SMTP id x64mr110288029edc.100.1564586034088; Wed, 31 Jul 2019 08:13:54 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id oe21sm11729742ejb.44.2019.07.31.08.13.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:52 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 172081045FF; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 41/59] mm: Generalize the mprotect implementation to support extensions Date: Wed, 31 Jul 2019 18:07:55 +0300 Message-Id: <20190731150813.26289-42-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Today mprotect is implemented to support legacy mprotect behavior plus an extension for memory protection keys. Make it more generic so that it can support additional extensions in the future. This is done is preparation for adding a new system call for memory encyption keys. The intent is that the new encrypted mprotect will be another extension to legacy mprotect. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- mm/mprotect.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index 82d7b194a918..4d55725228e3 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -35,6 +35,8 @@ #include "internal.h" +#define NO_KEY -1 + static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd, unsigned long addr, unsigned long end, pgprot_t newprot, int dirty_accountable, int prot_numa) @@ -453,9 +455,9 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } /* - * pkey==-1 when doing a legacy mprotect() + * When pkey==NO_KEY we get legacy mprotect behavior here. */ -static int do_mprotect_pkey(unsigned long start, size_t len, +static int do_mprotect_ext(unsigned long start, size_t len, unsigned long prot, int pkey) { unsigned long nstart, end, tmp, reqprot; @@ -579,7 +581,7 @@ static int do_mprotect_pkey(unsigned long start, size_t len, SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, unsigned long, prot) { - return do_mprotect_pkey(start, len, prot, -1); + return do_mprotect_ext(start, len, prot, NO_KEY); } #ifdef CONFIG_ARCH_HAS_PKEYS @@ -587,7 +589,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len, unsigned long, prot, int, pkey) { - return do_mprotect_pkey(start, len, prot, pkey); + return do_mprotect_ext(start, len, prot, pkey); } SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val) From patchwork Wed Jul 31 15:07:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068093 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 04125746 for ; Wed, 31 Jul 2019 15:09:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DDF861FFD8 for ; Wed, 31 Jul 2019 15:09:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF698201B1; Wed, 31 Jul 2019 15:09:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5E9F81FFD8 for ; Wed, 31 Jul 2019 15:09:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388612AbfGaPId (ORCPT ); Wed, 31 Jul 2019 11:08:33 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:37853 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388624AbfGaPIc (ORCPT ); Wed, 31 Jul 2019 11:08:32 -0400 Received: by mail-ed1-f67.google.com with SMTP id w13so66061239eds.4 for ; Wed, 31 Jul 2019 08:08:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=IPsK2XRosHpKRDn42pkA1hocZnIJH8axKf5oqIqvF+0=; b=RoXYiUX1XnPhAzuEc/754GCS7jv20HjdtnuA0D6/z6EQWRYWWlJYLUmYCp5A9gF6t0 xmdTvGf/RDPJGsWdvfduqJSiPxD1iQy03XbdfaIQyAILVGsn2EfooQl1HvX68XEmvKvE YLVQ2+mjfACH42lwtOVvTBDcZBjRVOCatWgbntGFkKnEMI7/phw5FB2FZk9Pt9J7I72/ XSOCXiRLBenu+N9P+C9H7h3JIHVw5uD4w9ATyXvDePOwu1HaCpJlCNydaVH+dgiEvjFc icfbQU69vCZT3uQOtoM3gTX73RLNevnI2i7LMnV1I9DzMb0PsfE3TEa5CJMzEo4Nvk/X DA6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IPsK2XRosHpKRDn42pkA1hocZnIJH8axKf5oqIqvF+0=; b=qbhbNMwPRyUAnfo+WHG97gTHvI/rarTmbQtPoVShC9dB8kbqP3T8rD2+XBDmNpt2Yn wkly8c4L+1snKzTolwKI08uBWTN3umxqmFZ/A/ketlBrff30XRfwfCDYwuzc2mUB9ZeY m3fzGSH4AYE5X5GGvYn5Vm8q8xgJ/4MQ5NLiS/f92M7VGqTFUcojJu7c1Fh4JCmdg0cy F+daDP3TnBViH464RHfn/cSaDBfgrKK0Nl6p4lQSrQ/MsP5LxC8hXujCwYM+H3fyAzfg Cw2Cg9EObdVUy670l7earAh7f8Q2ifxzP6fMDk1isZ4u79xx7QpSz6XeBIY9MKtNSxgP b7nw== X-Gm-Message-State: APjAAAXGjSgrnox2+N0PzSWo0lrc6AW70vpMExmyqrhjABspvbfVM7a3 FI5tF7f0aZz+W/z9t+liHfA= X-Google-Smtp-Source: APXvYqw++kl/s7OZc/atZ5tqKoJq5up6RoggcbrTF/G7ZR/ZGQU8Rbyr5OdWAhG3JNmHVdhx6GXBWA== X-Received: by 2002:a17:906:914:: with SMTP id i20mr28046601ejd.213.1564585710645; Wed, 31 Jul 2019 08:08:30 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id uz27sm12533468ejb.24.2019.07.31.08.08.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:28 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 1E0E2104600; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 42/59] syscall/x86: Wire up a system call for MKTME encryption keys Date: Wed, 31 Jul 2019 18:07:56 +0300 Message-Id: <20190731150813.26289-43-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield encrypt_mprotect() is a new system call to support memory encryption. It takes the same parameters as legacy mprotect, plus an additional key serial number that is mapped to an encryption keyid. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + include/linux/syscalls.h | 2 ++ include/uapi/asm-generic/unistd.h | 4 +++- kernel/sys_ni.c | 2 ++ 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index c00019abd076..1b30cd007a6a 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -440,3 +440,4 @@ 433 i386 fspick sys_fspick __ia32_sys_fspick 434 i386 pidfd_open sys_pidfd_open __ia32_sys_pidfd_open 435 i386 clone3 sys_clone3 __ia32_sys_clone3 +436 i386 encrypt_mprotect sys_encrypt_mprotect __ia32_sys_encrypt_mprotect diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index c29976eca4a8..716d8a89159b 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -357,6 +357,7 @@ 433 common fspick __x64_sys_fspick 434 common pidfd_open __x64_sys_pidfd_open 435 common clone3 __x64_sys_clone3/ptregs +436 common encrypt_mprotect __x64_sys_encrypt_mprotect # # x32-specific system call numbers start at 512 to avoid cache impact diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 88145da7d140..4494b1d9c85a 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -1000,6 +1000,8 @@ asmlinkage long sys_fspick(int dfd, const char __user *path, unsigned int flags) asmlinkage long sys_pidfd_send_signal(int pidfd, int sig, siginfo_t __user *info, unsigned int flags); +asmlinkage long sys_encrypt_mprotect(unsigned long start, size_t len, + unsigned long prot, key_serial_t serial); /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 1be0e798e362..7c1cd13f6aaf 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -850,9 +850,11 @@ __SYSCALL(__NR_pidfd_open, sys_pidfd_open) #define __NR_clone3 435 __SYSCALL(__NR_clone3, sys_clone3) #endif +#define __NR_encrypt_mprotect 436 +__SYSCALL(__NR_encrypt_mprotect, sys_encrypt_mprotect) #undef __NR_syscalls -#define __NR_syscalls 436 +#define __NR_syscalls 437 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 34b76895b81e..84c8c47cf9d6 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -349,6 +349,8 @@ COND_SYSCALL(pkey_mprotect); COND_SYSCALL(pkey_alloc); COND_SYSCALL(pkey_free); +/* multi-key total memory encryption keys */ +COND_SYSCALL(encrypt_mprotect); /* * Architecture specific weak syscall entries. From patchwork Wed Jul 31 15:07:57 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068311 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3D44E13A4 for ; Wed, 31 Jul 2019 15:22:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2AC54205AD for ; Wed, 31 Jul 2019 15:22:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1F57820223; Wed, 31 Jul 2019 15:22:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B6552209CD for ; Wed, 31 Jul 2019 15:22:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728306AbfGaPWH (ORCPT ); Wed, 31 Jul 2019 11:22:07 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:40971 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726369AbfGaPWF (ORCPT ); Wed, 31 Jul 2019 11:22:05 -0400 Received: by mail-ed1-f68.google.com with SMTP id p15so66019267eds.8 for ; Wed, 31 Jul 2019 08:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZkftAsGdSxojE0fJOOOF/MZdp7LK73Cocd1bOG6H+X8=; b=yNcUiWdQFKls9CJ+s1kmqNYTq4HAt/+z4PQnyTb2R/O/QG4HejvHYbZEnDpZkx4u6m rYryPmrZZw5X0yVl9cqTObJ/vAbi3N2kcWUJTn/nS5m7u0j1NeO76bPx86u5y6/FFXzG GwvkGwtp3dVrAmLGNQwceerYEf8lbhe3A3hpQ9jH6pM/+5oR2hB1poc9BJZ/qpFk3lFg AVoV+a8D/wx7gKubBM5x0ly/CpnY4m7riIc5gECoUZ1ttMWB61O3sn/gxcaUYdZYR3rm riJBLh8bckwgmhvRhWjFVk43K9z3429hxlIIgWZDxIvHcCVj0zmgN7kgBdEg+aubIbZF aYoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkftAsGdSxojE0fJOOOF/MZdp7LK73Cocd1bOG6H+X8=; b=NABfyMpsXDZ2cwFf4LaupHFGzdO8pPIgvXqYJV3IE98HyFbinvNJRdGPzrDVpUjVsZ ZveYfz6MuFW17oIXyJhhfaNbzUVdJlPLg6m1zHYvB998wY5zXDezlpEXZ1Agdjo9BV+W nJdzo5eRRm/+zPs4fz/b9ovR+D1JZJklVbDAAGXTUmta3f29SogdY7ZULjpYOsNA24to kpXqxQInjx/Slz0aXpPM9LUib3O6QKiYnjT2MOJgUW32TvVtRgzHtzGpkgjIqhofeyXy S+TfdyzSzLEGam8/JZJTXHGTb44DR8P0vyoc8qdsrP1yifLxWW0udfCh/aUeY04W6DYZ 0AIw== X-Gm-Message-State: APjAAAWFv/8lZq6SfcoU0X1DSIYQxtwWgJigQnBExC5mUlBvch6bpKvZ miFJeKqnE7crY7MVLk1QaGo= X-Google-Smtp-Source: APXvYqxlBWhD79QJcY6LnrhxwdW4BCeLIylkUAMRGP9j6V32DYMCll5/WusJdm6IK3xrXEoHhQo02A== X-Received: by 2002:a17:906:94ce:: with SMTP id d14mr97075606ejy.251.1564586031480; Wed, 31 Jul 2019 08:13:51 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j37sm17791942ede.23.2019.07.31.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:50 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 251F0104601; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 43/59] x86/mm: Set KeyIDs in encrypted VMAs for MKTME Date: Wed, 31 Jul 2019 18:07:57 +0300 Message-Id: <20190731150813.26289-44-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield MKTME architecture requires the KeyID to be placed in PTE bits 51:46. To create an encrypted VMA, place the KeyID in the upper bits of vm_page_prot that matches the position of those PTE bits. When the VMA is assigned a KeyID it is always considered a KeyID change. The VMA is either going from not encrypted to encrypted, or from encrypted with any KeyID to encrypted with any other KeyID. To make the change safely, remove the user pages held by the VMA and unlink the VMA's anonymous chain. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 4 ++++ arch/x86/mm/mktme.c | 26 ++++++++++++++++++++++++++ include/linux/mm.h | 6 ++++++ 3 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index d26ada6b65f7..e8f7f80bb013 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -16,6 +16,10 @@ extern int __mktme_nr_keyids; extern int mktme_nr_keyids(void); extern unsigned int mktme_algs; +/* Set the encryption keyid bits in a VMA */ +extern void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, + unsigned long start, unsigned long end); + DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); static inline bool mktme_enabled(void) { diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index ed13967bb543..05bbf5058ade 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,5 +1,6 @@ #include #include +#include #include #include #include @@ -71,6 +72,31 @@ int __vma_keyid(struct vm_area_struct *vma) return (prot & mktme_keyid_mask()) >> mktme_keyid_shift(); } +/* Set the encryption keyid bits in a VMA */ +void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, + unsigned long start, unsigned long end) +{ + int oldkeyid = vma_keyid(vma); + pgprotval_t newprot; + + /* Unmap pages with old KeyID if there's any. */ + zap_page_range(vma, start, end - start); + + if (oldkeyid == newkeyid) + return; + + newprot = pgprot_val(vma->vm_page_prot); + newprot &= ~mktme_keyid_mask(); + newprot |= (unsigned long)newkeyid << mktme_keyid_shift(); + vma->vm_page_prot = __pgprot(newprot); + + /* + * The VMA doesn't have any inherited pages. + * Start anon VMA tree from scratch. + */ + unlink_anon_vmas(vma); +} + /* Prepare page to be used for encryption. Called from page allocator. */ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { diff --git a/include/linux/mm.h b/include/linux/mm.h index 3f9640f388ac..98a6d2bd66a6 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2905,5 +2905,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif +#ifndef CONFIG_X86_INTEL_MKTME +static inline void mprotect_set_encrypt(struct vm_area_struct *vma, + int newkeyid, + unsigned long start, + unsigned long end) {} +#endif /* CONFIG_X86_INTEL_MKTME */ #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ From patchwork Wed Jul 31 15:07:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068071 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A00A2174A for ; Wed, 31 Jul 2019 15:08:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 869CC1FFD8 for ; Wed, 31 Jul 2019 15:08:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7A647201B1; Wed, 31 Jul 2019 15:08:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CA580201B0 for ; Wed, 31 Jul 2019 15:08:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388665AbfGaPIf (ORCPT ); Wed, 31 Jul 2019 11:08:35 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:33647 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388644AbfGaPIe (ORCPT ); Wed, 31 Jul 2019 11:08:34 -0400 Received: by mail-ed1-f67.google.com with SMTP id i11so2525063edq.0 for ; Wed, 31 Jul 2019 08:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WXT2KCVQy2E86WIHV388gpcH/h/cqapkcTgzB8ITRTY=; b=gbgwfZZpKF7Zw4y/Cy0+El8MhN5OgIgEsj0rN2nkj9PakelkWIC/N62lsNpt78P51H jvP8xx7Juipvx0RgC4SB4vNCw1P4PSVg2b2+doiEir7dfWiW3vsGXqpbQGM6KNexQSTP r3fNkw3L7doZwwJenk62AM3aDDoLUPKu0t7NkU1I3mRXbo3XJ9NXobg93l8rusAKYuRo dypVLFF2TyUrUJhBYMTvoExAgOrk1M4x1MfzcZx90KOF0LZV+HC3Q1R85RN5+Yd5tXFt ULtpKhZLGf3u8jhLzjctfNyP1AJ1tjB1U+mn3PJugnraGtaxozLw2DlDsbKDrENsFSdN bcCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WXT2KCVQy2E86WIHV388gpcH/h/cqapkcTgzB8ITRTY=; b=o8yik4tXKKWG/s8JlLBCSTTzmUOF8dQL3/7YlKrnqOezAW0h9dZeNEol51qubdOkeU Ms+06MnGoQE7Hn9Be2iwsjTTbnMot/op7bHZ+2XRjqGSBi8DXswt6501byTqoGuO5TbQ DbVQkx+NV6O+fxQDfTqVc0sBpYktvpIzP1MJ4AClp7/ZLkAiGkZErL9M5s0Gd+0XHaTT e7yc5RzYovBseJSfPw/X913LbyK+74DT7X8YQPtryVqgPlGVT68BdV6mmlFzE0nd8uNy kGRaPbaucJ3/SrQxKelwdUbV/PpO5GQvgDfRLveRVZeuvlXjltDoqDjAEBqnPQpspWDM /Mlw== X-Gm-Message-State: APjAAAWGJwIW6nR9/PA8z05nl2NAwWikp7nxiltYncRkaDk8GuE2/en8 ejbSIc/KLU31SnC7mWj6GNQ= X-Google-Smtp-Source: APXvYqwiaqlBMCu7NWbE38q/iVndeTnZvf7qpo+nZ6NbB+Pm6uXYyVJ+okRcWjQSuw2bxKJtzce2+A== X-Received: by 2002:a50:f70c:: with SMTP id g12mr108973248edn.139.1564585712069; Wed, 31 Jul 2019 08:08:32 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id b15sm5578799ejj.5.2019.07.31.08.08.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:30 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 2C437104602; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 44/59] mm: Add the encrypt_mprotect() system call for MKTME Date: Wed, 31 Jul 2019 18:07:58 +0300 Message-Id: <20190731150813.26289-45-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Implement memory encryption for MKTME (Multi-Key Total Memory Encryption) with a new system call that is an extension of the legacy mprotect() system call. In encrypt_mprotect the caller must pass a handle to a previously allocated and programmed MKTME encryption key. The key can be obtained through the kernel key service type "mktme". The caller must have KEY_NEED_VIEW permission on the key. MKTME places an additional restriction on the protected data: The length of the data must be page aligned. This is in addition to the existing mprotect restriction that the addr must be page aligned. encrypt_mprotect() will lookup the hardware keyid for the given userspace key. It will use previously defined helpers to insert that keyid in the VMAs during legacy mprotect() execution. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- fs/exec.c | 4 +-- include/linux/mm.h | 3 +- mm/mprotect.c | 68 +++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 65 insertions(+), 10 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index c71cbfe6826a..261e81b7e3a4 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -756,8 +756,8 @@ int setup_arg_pages(struct linux_binprm *bprm, vm_flags |= mm->def_flags; vm_flags |= VM_STACK_INCOMPLETE_SETUP; - ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end, - vm_flags); + ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end, vm_flags, + -1); if (ret) goto out_unlock; BUG_ON(prev != vma); diff --git a/include/linux/mm.h b/include/linux/mm.h index 98a6d2bd66a6..8551b5ebdedf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1660,7 +1660,8 @@ extern unsigned long change_protection(struct vm_area_struct *vma, unsigned long int dirty_accountable, int prot_numa); extern int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, - unsigned long end, unsigned long newflags); + unsigned long end, unsigned long newflags, + int newkeyid); /* * doesn't attempt to fault and will return short. diff --git a/mm/mprotect.c b/mm/mprotect.c index 4d55725228e3..518d75582e7b 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -348,7 +349,8 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, - unsigned long start, unsigned long end, unsigned long newflags) + unsigned long start, unsigned long end, unsigned long newflags, + int newkeyid) { struct mm_struct *mm = vma->vm_mm; unsigned long oldflags = vma->vm_flags; @@ -358,7 +360,14 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; - if (newflags == oldflags) { + /* + * Flags match and Keyids match or we have NO_KEY. + * This _fixup is usually called from do_mprotect_ext() except + * for one special case: caller fs/exec.c/setup_arg_pages() + * In that case, newkeyid is passed as -1 (NO_KEY). + */ + if (newflags == oldflags && + (newkeyid == vma_keyid(vma) || newkeyid == NO_KEY)) { *pprev = vma; return 0; } @@ -424,6 +433,8 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } success: + if (newkeyid != NO_KEY) + mprotect_set_encrypt(vma, newkeyid, start, end); /* * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. @@ -455,10 +466,15 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } /* - * When pkey==NO_KEY we get legacy mprotect behavior here. + * do_mprotect_ext() supports the legacy mprotect behavior plus extensions + * for Protection Keys and Memory Encryption Keys. These extensions are + * mutually exclusive and the behavior is: + * (pkey==NO_KEY && keyid==NO_KEY) ==> legacy mprotect + * (pkey is valid) ==> legacy mprotect plus Protection Key extensions + * (keyid is valid) ==> legacy mprotect plus Encryption Key extensions */ static int do_mprotect_ext(unsigned long start, size_t len, - unsigned long prot, int pkey) + unsigned long prot, int pkey, int keyid) { unsigned long nstart, end, tmp, reqprot; struct vm_area_struct *vma, *prev; @@ -556,7 +572,8 @@ static int do_mprotect_ext(unsigned long start, size_t len, tmp = vma->vm_end; if (tmp > end) tmp = end; - error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); + error = mprotect_fixup(vma, &prev, nstart, tmp, newflags, + keyid); if (error) goto out; nstart = tmp; @@ -581,7 +598,7 @@ static int do_mprotect_ext(unsigned long start, size_t len, SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, unsigned long, prot) { - return do_mprotect_ext(start, len, prot, NO_KEY); + return do_mprotect_ext(start, len, prot, NO_KEY, NO_KEY); } #ifdef CONFIG_ARCH_HAS_PKEYS @@ -589,7 +606,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len, unsigned long, prot, int, pkey) { - return do_mprotect_ext(start, len, prot, pkey); + return do_mprotect_ext(start, len, prot, pkey, NO_KEY); } SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val) @@ -638,3 +655,40 @@ SYSCALL_DEFINE1(pkey_free, int, pkey) } #endif /* CONFIG_ARCH_HAS_PKEYS */ + +#ifdef CONFIG_X86_INTEL_MKTME + +extern int mktme_keyid_from_key(struct key *key); + +SYSCALL_DEFINE4(encrypt_mprotect, unsigned long, start, size_t, len, + unsigned long, prot, key_serial_t, serial) +{ + key_ref_t key_ref; + struct key *key; + int ret, keyid; + + /* MKTME restriction */ + if (!PAGE_ALIGNED(len)) + return -EINVAL; + + /* + * key_ref prevents the destruction of the key + * while the memory encryption is being set up. + */ + + key_ref = lookup_user_key(serial, 0, KEY_NEED_VIEW); + if (IS_ERR(key_ref)) + return PTR_ERR(key_ref); + + key = key_ref_to_ptr(key_ref); + keyid = mktme_keyid_from_key(key); + if (!keyid) { + key_ref_put(key_ref); + return -EINVAL; + } + ret = do_mprotect_ext(start, len, prot, NO_KEY, keyid); + key_ref_put(key_ref); + return ret; +} + +#endif /* CONFIG_X86_INTEL_MKTME */ From patchwork Wed Jul 31 15:07:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068331 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 54BED1399 for ; Wed, 31 Jul 2019 15:24:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 40B03209CD for ; Wed, 31 Jul 2019 15:24:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 346E02094F; Wed, 31 Jul 2019 15:24:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8ADF321327 for ; Wed, 31 Jul 2019 15:24:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729320AbfGaPYA (ORCPT ); Wed, 31 Jul 2019 11:24:00 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:45739 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729256AbfGaPXx (ORCPT ); Wed, 31 Jul 2019 11:23:53 -0400 Received: by mail-ed1-f65.google.com with SMTP id x19so60142860eda.12 for ; Wed, 31 Jul 2019 08:23:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Sk1PpCuzqYjEJOS8AE7r4czQNGxEA2XkbZsiPBCfi34=; b=zYfX+VekOIhFWRJ2G/0zX9v39cKod648dVL8Af3HBA6yCma0NLUJ9wn4pQd/9Jkwxo plhgwkImm7vcYtinhJSQVqk1MAoTlKk+hJnnIdkIvREU+NvQYGke8sn2GbxcPE1Uwp3e d9FLk488jkV3wDUFrH43C8fjJoatF8ApGk6f2jTHHmYUNGl3G4HSu0Rs89UZ/sZW/KTq SN8gtRY0sjPahfYQyPAezYsBjck1HMmp6Edi2x1w5HyYUVMxaFgoLCv3ml6vi5zqcbZl hC9nZo//Dc9d/32cvuxLuf0GM7cH92tu+V/365Y+aSuMJt615iXOKFwOz3OBpdQimRaz LoJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Sk1PpCuzqYjEJOS8AE7r4czQNGxEA2XkbZsiPBCfi34=; b=PcreWU+lWFc6Cdr8rgHkdUVwLOYVmvjQCK7Yej4YyuHlAZooGwOwvd6igNAmCUv2Fn Leo6qDXw4Q2grjsIVgHuXUwGxRZPFDzSM5UkOZEWOIp1fmLOTNDxIrhIwO3WWxMHsU4e aTTBlT9nebCzqyX7IpFnT5Fsz18HTZDP7Bv17cOEqoJYOXasmc72Q70cNbXL13SSSxHd /x5TBiS9Me0jSgaouUf+wM2bEaK/vBXfoemSs+LFaouU77jPBr3epFjP7/jugJnGT73r otLQqHIejbPdZ8p3A4sI3OV/dVuiGTUnpX3TEqA3Bwx1ag+b4wWVWoA0lfBMhbPJRT2+ HrLw== X-Gm-Message-State: APjAAAWwgmp6xgrSUiKJN9U58VB40GRLzuzUVMSfKKFWizv1HT9i2PT2 bLkex761apMmmRbl29ye5Ns= X-Google-Smtp-Source: APXvYqweIFGj3MCq6N04mbC1BNfi3q/vQoLrR/zJQwa/pOxhj8VtISyLnD/wc39qKae2odfmqbvinQ== X-Received: by 2002:a17:906:f10d:: with SMTP id gv13mr11602301ejb.151.1564586631547; Wed, 31 Jul 2019 08:23:51 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id e3sm7174587ejm.16.2019.07.31.08.23.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:49 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 33243104603; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 45/59] x86/mm: Keep reference counts on hardware key usage for MKTME Date: Wed, 31 Jul 2019 18:07:59 +0300 Message-Id: <20190731150813.26289-46-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield The MKTME (Multi-Key Total Memory Encryption) Key Service needs a reference count the key usage. This reference count is used to determine when a hardware encryption KeyID is no longer in use and can be freed and reassigned to another Userspace Key. The MKTME Key service does the percpu_ref_init and _kill. Encrypted VMA's and encrypted pages are included in the reference counts per keyid. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 5 +++++ arch/x86/mm/mktme.c | 37 ++++++++++++++++++++++++++++++++++-- include/linux/mm.h | 2 ++ kernel/fork.c | 2 ++ 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index e8f7f80bb013..a5f664d3805b 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -20,6 +20,11 @@ extern unsigned int mktme_algs; extern void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unsigned long start, unsigned long end); +/* MTKME encrypt_count for VMAs */ +extern struct percpu_ref *encrypt_count; +extern void vma_get_encrypt_ref(struct vm_area_struct *vma); +extern void vma_put_encrypt_ref(struct vm_area_struct *vma); + DECLARE_STATIC_KEY_FALSE(mktme_enabled_key); static inline bool mktme_enabled(void) { diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 05bbf5058ade..17366d81c21b 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -84,11 +84,12 @@ void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, if (oldkeyid == newkeyid) return; - + vma_put_encrypt_ref(vma); newprot = pgprot_val(vma->vm_page_prot); newprot &= ~mktme_keyid_mask(); newprot |= (unsigned long)newkeyid << mktme_keyid_shift(); vma->vm_page_prot = __pgprot(newprot); + vma_get_encrypt_ref(vma); /* * The VMA doesn't have any inherited pages. @@ -97,6 +98,18 @@ void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unlink_anon_vmas(vma); } +void vma_get_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + percpu_ref_get(&encrypt_count[vma_keyid(vma)]); +} + +void vma_put_encrypt_ref(struct vm_area_struct *vma) +{ + if (vma_keyid(vma)) + percpu_ref_put(&encrypt_count[vma_keyid(vma)]); +} + /* Prepare page to be used for encryption. Called from page allocator. */ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) { @@ -137,6 +150,22 @@ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) page++; } + + /* + * Make sure the KeyID cannot be freed until the last page that + * uses the KeyID is gone. + * + * This is required because the page may live longer than VMA it + * is mapped into (i.e. in get_user_pages() case) and having + * refcounting per-VMA is not enough. + * + * Taking a reference per-4K helps in case if the page will be + * split after the allocation. free_encrypted_page() will balance + * out the refcount even if the page was split and freed as bunch + * of 4K pages. + */ + + percpu_ref_get_many(&encrypt_count[keyid], 1 << order); } /* @@ -145,7 +174,9 @@ void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) */ void free_encrypted_page(struct page *page, int order) { - int i; + int i, keyid; + + keyid = page_keyid(page); /* * The hardware/CPU does not enforce coherency between mappings @@ -177,6 +208,8 @@ void free_encrypted_page(struct page *page, int order) lookup_page_ext(page)->keyid = 0; page++; } + + percpu_ref_put_many(&encrypt_count[keyid], 1 << order); } static int sync_direct_mapping_pte(unsigned long keyid, diff --git a/include/linux/mm.h b/include/linux/mm.h index 8551b5ebdedf..be27cb0cc0c7 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -2911,6 +2911,8 @@ static inline void mprotect_set_encrypt(struct vm_area_struct *vma, int newkeyid, unsigned long start, unsigned long end) {} +static inline void vma_get_encrypt_ref(struct vm_area_struct *vma) {} +static inline void vma_put_encrypt_ref(struct vm_area_struct *vma) {} #endif /* CONFIG_X86_INTEL_MKTME */ #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/kernel/fork.c b/kernel/fork.c index d8ae0f1b4148..00735092d370 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -349,12 +349,14 @@ struct vm_area_struct *vm_area_dup(struct vm_area_struct *orig) if (new) { *new = *orig; INIT_LIST_HEAD(&new->anon_vma_chain); + vma_get_encrypt_ref(new); } return new; } void vm_area_free(struct vm_area_struct *vma) { + vma_put_encrypt_ref(vma); kmem_cache_free(vm_area_cachep, vma); } From patchwork Wed Jul 31 15:08:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068287 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CA7001399 for ; Wed, 31 Jul 2019 15:21:26 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7FB01FF14 for ; Wed, 31 Jul 2019 15:21:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AC97F2094F; Wed, 31 Jul 2019 15:21:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 604ED1FF14 for ; Wed, 31 Jul 2019 15:21:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729646AbfGaPTi (ORCPT ); Wed, 31 Jul 2019 11:19:38 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:39543 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728943AbfGaPTh (ORCPT ); Wed, 31 Jul 2019 11:19:37 -0400 Received: by mail-ed1-f68.google.com with SMTP id m10so66044518edv.6 for ; Wed, 31 Jul 2019 08:19:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dXgFqK9tRsaes8xbX8jlTX0gUbPqQYtilIkdLoU6CY4=; b=D/xOlMhrdU0ZyN8+we4kbni7hHuGIfv/4U4Ig0LX9ewfIEajz0z1lI9iS5QnH6yCat sfE6Wxgj7gCcNgGeO8sqZDkOENTjXyGaq0eGqLegmkmODaaLkPBU23YDdAqvq4s4OSxZ N0A8Q4QWYpmDkk2dAzVYUHeLTCw2YmNW5FYuyTsyMmseshWxSznRJue51TmL0r+h8LG/ vb4cNBRmMjzUCNNogPHi3S31sph/SJ/M4uXMSstfF9OC/trKRR9pDG2nUWbNR9Ymsx50 ScB2FK2fZENk5csdIp1g+R48LmIGH0MJ/LiEr5bfor9Gh3Un92wYv/649p99ZIJ8QAGO S6YQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dXgFqK9tRsaes8xbX8jlTX0gUbPqQYtilIkdLoU6CY4=; b=dpJC0+UNPcwjCPp4067c/p41hbD+j/8Q9wkGoWKMyF9ur91vETXC1ycRWUHGjQvW5K sdxGyDv87S5LtLb0S2C+YBss6nb1Vu/qNe4m9eZ4Podc1rS9LvzF4YwU+NpoQ9q3qWUZ cg8mfG5RRLUfTx+J6qFTxL972c34Vy9Z6WMFgO3X59UxuyMWyDtTPSZHmMRrtyCK8uam EFMyXaeTRhcGSAZaKfkqo9Wgzk6BOMTbXJpNIAm/PtC4IjjnXEsbCckcRnp8xjb3JYFx ufOQVLPJi0xW1/XRoaICH9SnsCi6qlRQ25alZ9OOh0p7V02iO3l34Hc4dG/fIjZfDxta k78g== X-Gm-Message-State: APjAAAUZ3R6zT64FD8TkpsWOS/L8ZokrH5ZgW1NnROpOu9gIrAeZgzQu cLX1sBl8BwlQHeo6PmnJpjU= X-Google-Smtp-Source: APXvYqyagj0pny7ZfrRGD/QMhFKklBkFWmGDfmQgFU5rbWlHF6yWjUkfAl5cJt9AcGs7WHAa7fbavg== X-Received: by 2002:a50:a485:: with SMTP id w5mr108547875edb.277.1564586038641; Wed, 31 Jul 2019 08:13:58 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id i8sm17219860edg.12.2019.07.31.08.13.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 3A5C3104604; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 46/59] mm: Restrict MKTME memory encryption to anonymous VMAs Date: Wed, 31 Jul 2019 18:08:00 +0300 Message-Id: <20190731150813.26289-47-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Memory encryption is only supported for mappings that are ANONYMOUS. Test the VMA's in an encrypt_mprotect() request to make sure they all meet that requirement before encrypting any. The encrypt_mprotect syscall will return -EINVAL and will not encrypt any VMA's if this check fails. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- mm/mprotect.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/mm/mprotect.c b/mm/mprotect.c index 518d75582e7b..4b079e1b2d6f 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -347,6 +347,24 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, return walk_page_range(start, end, &prot_none_walk); } +/* + * Encrypted mprotect is only supported on anonymous mappings. + * If this test fails on any single VMA, the entire mprotect + * request fails. + */ +static bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) +{ + struct vm_area_struct *test_vma = vma; + + do { + if (!vma_is_anonymous(test_vma)) + return false; + + test_vma = test_vma->vm_next; + } while (test_vma && test_vma->vm_start < end); + return true; +} + int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags, @@ -533,6 +551,12 @@ static int do_mprotect_ext(unsigned long start, size_t len, goto out; } } + + if (keyid > 0 && !mem_supports_encryption(vma, end)) { + error = -EINVAL; + goto out; + } + if (start > vma->vm_start) prev = vma; From patchwork Wed Jul 31 15:08:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068277 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5E6991399 for ; Wed, 31 Jul 2019 15:21:01 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4C1891FF14 for ; Wed, 31 Jul 2019 15:21:01 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 404E920243; Wed, 31 Jul 2019 15:21:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E2EA1FF14 for ; Wed, 31 Jul 2019 15:21:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729815AbfGaPU7 (ORCPT ); Wed, 31 Jul 2019 11:20:59 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:34209 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726979AbfGaPU6 (ORCPT ); Wed, 31 Jul 2019 11:20:58 -0400 Received: by mail-ed1-f68.google.com with SMTP id s49so31236123edb.1 for ; Wed, 31 Jul 2019 08:20:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=k+U6VIHmZ/fZHykv9hSZy3hTFPe14uQwWZPNGVQf9Wg=; b=bRpitEYFAw0iw9F4lWLWOaj8uAivovFwyv4AWNZf1NY1sGLxSiCLjNDzw6evzISUMa GHJXwwWF7WOifVXGeInd0STe8yx3ZYQIBXHrbJkyF+Rm71XJH0Uqn7KhiVn6RKSVi/NH GnIdsyLQWF+U1/Hz7RYNsNvOWkWTR+mduMkRXQK/n0AYcfSL5nkUiUeRr88V6rdddNZa NnYZWfhk4GFsXaFANiQNQQqJaMiCdDw2sC/yGDEkK8d34cXt5u306IrMfDI46uU39c0H ulh3gI4vz6iIiS8U4HduYh7aIdHho4vvV2rbd58qJxpeTNRRIu4peFugSAhril4FyF28 DzHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k+U6VIHmZ/fZHykv9hSZy3hTFPe14uQwWZPNGVQf9Wg=; b=onRdpOlc/0ValaG/4OL6fQpfxctWfTZlf/Hz3IUMDzLmSHvvgpTIag2DZ8spIGZ8Aa YRnYnnK4/VoJhBvTDuwCkKPshhU23d7dCAg8bf324inHs/fXU0L6b7sYSur35YV2FDfG pf/uCI+rxzT/2Dsj5HKqUy4vW5t/dvFh+7uzclM6KsBtQUruZBEcbefar511lIgsqmtJ ayNOvnTNwfrvxkfYFs5VuvaZt8iFUl74GXtKa6StQzTFGsEh1iib6OM7UIerflxUgfUx 44TO64qh7iX1KKL7B9RRS2r9wOlYyI9x+EMIp5+OS7TDOxlB03MCB4wzgQfXOevCTIbv h8/w== X-Gm-Message-State: APjAAAWkF7S8sgzhu4+7xwtOxj8ASeDX5Pbolev2yWiDZ7Y0z8MLiXq0 WLwHgXYLrgMcLfO8/ZbQp1A= X-Google-Smtp-Source: APXvYqx+v4/Pbf2jShDF7c6rephC3qv4nn7vrbh6ErmrX7qhFi1sSZ2Ot8M2CUcvWdStTREYbHHJ+Q== X-Received: by 2002:a50:9468:: with SMTP id q37mr106511363eda.163.1564586038381; Wed, 31 Jul 2019 08:13:58 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id e43sm17445027ede.62.2019.07.31.08.13.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 41659104605; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 47/59] kvm, x86, mmu: setup MKTME keyID to spte for given PFN Date: Wed, 31 Jul 2019 18:08:01 +0300 Message-Id: <20190731150813.26289-48-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Kai Huang Setup keyID to SPTE, which will be eventually programmed to shadow MMU or EPT table, according to page's associated keyID, so that guest is able to use correct keyID to access guest memory. Note current shadow_me_mask doesn't suit MKTME's needs, since for MKTME there's no fixed memory encryption mask, but can vary from keyID 1 to maximum keyID, therefore shadow_me_mask remains 0 for MKTME. Signed-off-by: Kai Huang Signed-off-by: Kirill A. Shutemov --- arch/x86/kvm/mmu.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 8f72526e2f68..b8742e6219f6 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2936,6 +2936,22 @@ static bool kvm_is_mmio_pfn(kvm_pfn_t pfn) #define SET_SPTE_WRITE_PROTECTED_PT BIT(0) #define SET_SPTE_NEED_REMOTE_TLB_FLUSH BIT(1) +static u64 get_phys_encryption_mask(kvm_pfn_t pfn) +{ +#ifdef CONFIG_X86_INTEL_MKTME + struct page *page; + + if (!pfn_valid(pfn)) + return 0; + + page = pfn_to_page(pfn); + + return ((u64)page_keyid(page)) << mktme_keyid_shift(); +#else + return shadow_me_mask; +#endif +} + static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, unsigned pte_access, int level, gfn_t gfn, kvm_pfn_t pfn, bool speculative, @@ -2982,7 +2998,7 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, pte_access &= ~ACC_WRITE_MASK; if (!kvm_is_mmio_pfn(pfn)) - spte |= shadow_me_mask; + spte |= get_phys_encryption_mask(pfn); spte |= (u64)pfn << PAGE_SHIFT; From patchwork Wed Jul 31 15:08:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068281 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2ED371399 for ; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1CF7320602 for ; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0EFA8201BD; Wed, 31 Jul 2019 15:21:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4E5AE201BD for ; Wed, 31 Jul 2019 15:21:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727723AbfGaPVF (ORCPT ); Wed, 31 Jul 2019 11:21:05 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:41679 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729675AbfGaPTu (ORCPT ); Wed, 31 Jul 2019 11:19:50 -0400 Received: by mail-ed1-f65.google.com with SMTP id p15so66012380eds.8 for ; Wed, 31 Jul 2019 08:19:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hC2uwgXxojO8zk/Rcrr6mceJUJW70ppjchwtq4ruRCg=; b=0XV6P/gt+Sg4f27WCDZfMiz3yUD8gmqmXbpUkqw2qeKte/64P4ld/yFj9TtHQsxMva Sbd6SFVGZn15wA2StFIL5OKo0viglmdPGCy3S9nsnoLjxmIaz4pZPHVNhzJMBFiEItzK GGFxIZHfCywnX+w1VFB8az1H4FFBZ0dEp86xAnm0F7Jfw3TX8bJ2UwJ4MOp6xtqistdS ci1LlbxLwNn2UPtS72pBvzNbUsUQSbVvUvjpSYYoWOORZ9uWxZOyAGcJabNrh3zrp7Ty xsBZdp44F7iwElj0Db5RusDWd82dGLl/6L2fkZUDkulyOvXwh+aBdW95+eM1LPwVFqZZ pCfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hC2uwgXxojO8zk/Rcrr6mceJUJW70ppjchwtq4ruRCg=; b=BMpY1ZQV17zvIoTy0qFOEeEqo1nVW1v9bzj2bZfVW2HLBDOSmBFvC5Ubozh9gs/x+r OxYFGD2q2D3DQltFF9/vRulXmkLlIGc79YikOXxxwRrCHFM6dFuPaDtIO/uPbus7h1fP ruovnYDz984AocOE3lfjafdahYuNVxna9joPrdLEzJVlDKp0tlQ4IZkFZnEQ9gkov/02 e+/0JzBlRs/xnHXxgv1VGR7PkBJi/giv145fxMUiByWYgJqUAe8+BNabyLKcF7ZBxlqG LJO3Lxd93IEo1IPBvdWZEYz5x5qMLcYGL+B3elhuTgIerSEEyDy6W+Qw5Wf8EI18FI2P Z5cg== X-Gm-Message-State: APjAAAWqP2oiyMCRivet/6skHhXFxerFBNXbq/nNq1jZXX3wEmDE6RP7 j/V5YF5wArlD2Enr89ICcHI= X-Google-Smtp-Source: APXvYqz5v5Tv2OUvZrbCEWIRRAB8vEgVkF30Jl6xeuTpZr0HJyo73/wTXum206aQYtxXoB+6KiDpDg== X-Received: by 2002:a17:906:9447:: with SMTP id z7mr29540487ejx.165.1564586039736; Wed, 31 Jul 2019 08:13:59 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id g11sm12443173ejm.86.2019.07.31.08.13.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 488B9104606; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 48/59] iommu/vt-d: Support MKTME in DMA remapping Date: Wed, 31 Jul 2019 18:08:02 +0300 Message-Id: <20190731150813.26289-49-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan When MKTME is enabled, keyid is stored in the high order bits of physical address. For DMA transactions targeting encrypted physical memory, keyid must be included in the IOVA to physical address translation. This patch appends page keyid when setting up the IOMMU PTEs. On the reverse direction, keyid bits are cleared in the physical address lookup. Mapping functions of both DMA ops and IOMMU ops are covered. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- drivers/iommu/intel-iommu.c | 29 +++++++++++++++++++++++++++-- include/linux/intel-iommu.h | 9 ++++++++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index ac4172c02244..32d22872656b 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c @@ -867,6 +867,28 @@ static void free_context_table(struct intel_iommu *iommu) spin_unlock_irqrestore(&iommu->lock, flags); } +static inline void set_pte_mktme_keyid(unsigned long phys_pfn, + phys_addr_t *pteval) +{ + unsigned long keyid; + + if (!pfn_valid(phys_pfn)) + return; + + keyid = page_keyid(pfn_to_page(phys_pfn)); + +#ifdef CONFIG_X86_INTEL_MKTME + /* + * When MKTME is enabled, set keyid in PTE such that DMA + * remapping will include keyid in the translation from IOVA + * to physical address. This applies to both user and kernel + * allocated DMA memory. + */ + *pteval &= ~mktme_keyid_mask(); + *pteval |= keyid << mktme_keyid_shift(); +#endif +} + static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, unsigned long pfn, int *target_level) { @@ -893,7 +915,7 @@ static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, break; if (!dma_pte_present(pte)) { - uint64_t pteval; + phys_addr_t pteval; tmp_page = alloc_pgtable_page(domain->nid); @@ -901,7 +923,8 @@ static struct dma_pte *pfn_to_dma_pte(struct dmar_domain *domain, return NULL; domain_flush_cache(domain, tmp_page, VTD_PAGE_SIZE); - pteval = ((uint64_t)virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE; + pteval = (virt_to_dma_pfn(tmp_page) << VTD_PAGE_SHIFT) | DMA_PTE_READ | DMA_PTE_WRITE; + set_pte_mktme_keyid(virt_to_dma_pfn(tmp_page), &pteval); if (cmpxchg64(&pte->val, 0ULL, pteval)) /* Someone else set it while we were thinking; use theirs. */ free_pgtable_page(tmp_page); @@ -2214,6 +2237,8 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, } } + set_pte_mktme_keyid(phys_pfn, &pteval); + /* We don't need lock here, nobody else * touches the iova range */ diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h index f2ae8a006ff8..8fbb9353d5a6 100644 --- a/include/linux/intel-iommu.h +++ b/include/linux/intel-iommu.h @@ -22,6 +22,8 @@ #include #include +#include + /* * VT-d hardware uses 4KiB page size regardless of host page size. @@ -608,7 +610,12 @@ static inline void dma_clear_pte(struct dma_pte *pte) static inline u64 dma_pte_addr(struct dma_pte *pte) { #ifdef CONFIG_64BIT - return pte->val & VTD_PAGE_MASK; + u64 addr = pte->val; + addr &= VTD_PAGE_MASK; +#ifdef CONFIG_X86_INTEL_MKTME + addr &= ~mktme_keyid_mask(); +#endif + return addr; #else /* Must have a full atomic 64-bit read */ return __cmpxchg64(&pte->val, 0ULL, 0ULL) & VTD_PAGE_MASK; From patchwork Wed Jul 31 15:08:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068303 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2B3031399 for ; Wed, 31 Jul 2019 15:22:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 13EFA1FFD9 for ; Wed, 31 Jul 2019 15:22:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 08294205FC; Wed, 31 Jul 2019 15:22:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1B7081FFD9 for ; Wed, 31 Jul 2019 15:22:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728345AbfGaPWU (ORCPT ); Wed, 31 Jul 2019 11:22:20 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:40802 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730170AbfGaPWN (ORCPT ); Wed, 31 Jul 2019 11:22:13 -0400 Received: by mail-ed1-f65.google.com with SMTP id k8so66040102eds.7 for ; Wed, 31 Jul 2019 08:22:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xZCrLs3XD8OGAT3ycWjyC35TQ10BuGZLp4dKCEJJsRg=; b=ZzxPi2vB6H9up8THEqzUbCNwa2E1YZmLUp1GoionKsfBr1KQUEhgprj6heyI63fXrw H+vh1QV4vFyU7pFE4ViKBgvENglga5fVeNfWMRPCrZCi98qsi+r5zk6N62pl/svz4DjD WnRM8TC+Pj61sbunfqi5fGW98WW6DAYki4QW6kO4N7z8wCx7WTMte/S7jP4fuei7n7eq Hftvw0iaa2a1kXT25K4D3+dXvLj2vwBC0o2P1NCeJjiYQsXP0Nqqds5A7BCA5ZOq7vv9 366A7NPLtjGoulNRAC6+0JGz6sJc40LnEY1OPEQYpV1Yi42ZVQe4Pz+slBHXGt07SvXV N3yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xZCrLs3XD8OGAT3ycWjyC35TQ10BuGZLp4dKCEJJsRg=; b=QW4Zc7XgSfdwp3oOWZ9YPaZxg/ht0DxOg3qdgv6AhnGdAIiTVqJgooz2vWrfrudOoP tvnvVIp2/2qr2dMhVmZ4hMNyRgNU5iBlkIE6/y/ybrKf7Nrtc90twXTSk9c0+Yud9hRE 6+B/8sasMPZypHelXGJVHlhvhfNyhziwgXtYee9qtzFk2U9N1HDXRDc9xzD5tpqiRNBg FzhY926TOAXgPRkNfmu9fkGieIFkoekDDT2H4BwEMurLbFNTs2sGzCYJRdeiZGiVA1xu 0Duxddme59TxyjJRGhdDVEb1bPl+MqN4ND+iG7wrdtWDDiUyVY0isa8QZD/XQqM5Zgyz i8/g== X-Gm-Message-State: APjAAAUN4BSDhKFt14NumFIvsOJuzM3/l0RXjmlFKgzaD2l8dWGddDJr FZhckPvrI6mFN+uLZS1/5K0= X-Google-Smtp-Source: APXvYqzi+h2CEkJox27TxBwILuSunR6853S6mGlis2VdUPScZU2xczXssICyuyck991q2MnJokM4kQ== X-Received: by 2002:a17:906:1dd5:: with SMTP id v21mr65219317ejh.112.1564586040695; Wed, 31 Jul 2019 08:14:00 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id h10sm16374181edn.86.2019.07.31.08.13.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:57 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 4FE39104831; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 49/59] x86/mm: introduce common code for mem encryption Date: Wed, 31 Jul 2019 18:08:03 +0300 Message-Id: <20190731150813.26289-50-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan Both Intel MKTME and AMD SME have needs to support DMA address translation with encryption related bits. Common functions are introduced in this patch to keep DMA generic code abstracted. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 8 +++-- arch/x86/mm/Makefile | 1 + arch/x86/mm/mem_encrypt.c | 30 ------------------ arch/x86/mm/mem_encrypt_common.c | 52 ++++++++++++++++++++++++++++++++ 4 files changed, 59 insertions(+), 32 deletions(-) create mode 100644 arch/x86/mm/mem_encrypt_common.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 2eb2867db5fa..f2cc88fe8ada 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1521,12 +1521,16 @@ config X86_CPA_STATISTICS config ARCH_HAS_MEM_ENCRYPT def_bool y +config X86_MEM_ENCRYPT_COMMON + select ARCH_HAS_FORCE_DMA_UNENCRYPTED + select DYNAMIC_PHYSICAL_MASK + def_bool n + config AMD_MEM_ENCRYPT bool "AMD Secure Memory Encryption (SME) support" depends on X86_64 && CPU_SUP_AMD - select DYNAMIC_PHYSICAL_MASK select ARCH_USE_MEMREMAP_PROT - select ARCH_HAS_FORCE_DMA_UNENCRYPTED + select X86_MEM_ENCRYPT_COMMON ---help--- Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 600d18691876..608e57cda784 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -55,3 +55,4 @@ obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_identity.o obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o obj-$(CONFIG_X86_INTEL_MKTME) += mktme.o +obj-$(CONFIG_X86_MEM_ENCRYPT_COMMON) += mem_encrypt_common.o diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index fece30ca8b0c..e94e0a62ba92 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -15,10 +15,6 @@ #include #include #include -#include -#include -#include -#include #include #include @@ -352,32 +348,6 @@ bool sev_active(void) } EXPORT_SYMBOL(sev_active); -/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ -bool force_dma_unencrypted(struct device *dev) -{ - /* - * For SEV, all DMA must be to unencrypted addresses. - */ - if (sev_active()) - return true; - - /* - * For SME, all DMA must be to unencrypted addresses if the - * device does not support DMA to addresses that include the - * encryption mask. - */ - if (sme_active()) { - u64 dma_enc_mask = DMA_BIT_MASK(__ffs64(sme_me_mask)); - u64 dma_dev_mask = min_not_zero(dev->coherent_dma_mask, - dev->bus_dma_mask); - - if (dma_dev_mask <= dma_enc_mask) - return true; - } - - return false; -} - /* Architecture __weak replacement functions */ void __init mem_encrypt_free_decrypted_mem(void) { diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c new file mode 100644 index 000000000000..c11d70151735 --- /dev/null +++ b/arch/x86/mm/mem_encrypt_common.c @@ -0,0 +1,52 @@ +#include +#include +#include +#include + +/* + * Encryption bits need to be set and cleared for both Intel MKTME and + * AMD SME when converting between DMA address and physical address. + */ +dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + unsigned long keyid; + + if (sme_active()) + return __sme_set(daddr); + keyid = page_keyid(pfn_to_page(__phys_to_pfn(paddr))); + + return (daddr & ~mktme_keyid_mask()) | (keyid << mktme_keyid_shift()); +} + +phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + if (sme_active()) + return __sme_clr(paddr); + + return paddr & ~mktme_keyid_mask(); +} + +/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ +bool force_dma_unencrypted(struct device *dev) +{ + u64 dma_enc_mask, dma_dev_mask; + + /* + * For SEV, all DMA must be to unencrypted addresses. + */ + if (sev_active()) + return true; + + /* + * For SME and MKTME, all DMA must be to unencrypted addresses if the + * device does not support DMA to addresses that include the encryption + * mask. + */ + if (!sme_active() && !mktme_enabled()) + return false; + + dma_enc_mask = sme_me_mask | mktme_keyid_mask(); + dma_dev_mask = min_not_zero(dev->coherent_dma_mask, dev->bus_dma_mask); + + return (dma_dev_mask & dma_enc_mask) != dma_enc_mask; +} From patchwork Wed Jul 31 15:08:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068087 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0FCF746 for ; Wed, 31 Jul 2019 15:08:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ABAB01FFD8 for ; Wed, 31 Jul 2019 15:08:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9FFAF201BD; Wed, 31 Jul 2019 15:08:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 223331FFD8 for ; Wed, 31 Jul 2019 15:08:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388701AbfGaPIz (ORCPT ); Wed, 31 Jul 2019 11:08:55 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:41242 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388650AbfGaPIe (ORCPT ); Wed, 31 Jul 2019 11:08:34 -0400 Received: by mail-ed1-f65.google.com with SMTP id p15so65977928eds.8 for ; Wed, 31 Jul 2019 08:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bKIWoBO1Ox9foRE7zQy0IoCXQXSDJQsZ/wpbYRrt7O8=; b=PbSjR/3YSpT3z0VTol0zIBTaptMjGhUYM3HUndjM3neCQkCTkww5qEep158FrhMPDB lOja6cV3oSHoyK5HuysL26jeiqkfqfvW5YCcm+LVastLopDh0evznn9Jq/ft27Nk0yls rnC1AKEeGTuwcFgRdFljMrIygrLWBDFyhvLXjbwshxlOfCLSeM8F5NTRRHEv0Ie5JSY0 b1aiesbbVNHw4aazLYgwIMzT8ab5pWkVI/0jSeHw4sNpg9XZaJV+IqQWo3AWpb2CYE/1 0iRZiF3T3Y4zZUpFAx0MzBe/Qihdixe290PHhrcx6T5Kzu6+jBCiV+w7prbZ/t0zig7E KLeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bKIWoBO1Ox9foRE7zQy0IoCXQXSDJQsZ/wpbYRrt7O8=; b=m4EaXSttML5FCIUuMGPe4IFzMjji7FbJLPbGFdMxGMrIgyMXiQBLlMyjBiMQn9u/fS s/riEBD9JNgE8ISyCONigOE+9PiWpmTXnk+oOF1pHr8pwBMWIAxYuC4EciJ7cMgxYROT TBcKZSWwuAcrPIlkwy8/YOJZOBPft4Ck4SelhsxERw7X/vRhmg41M1a7jj31tmapirBo CCneiKlEc0k8jqSzfm9bvCpUYoS+Pu1ya8Ghavfb513uUjiDOSw4OtuVjhvA15klS2lv 7qYzcGaIbLdRokPVMjGvA68LRc3ivMX2rEaCi95sFVsc/4/SQCnACCe2zE9XaYxh0lvh iVMQ== X-Gm-Message-State: APjAAAVjAYjoy/+Yw3XHziZyjp1bjS/Y1QE/MCtivieuPNqZ8YTQq3LD e1iuj8PlQdOlxOL1Mh0G3Ok= X-Google-Smtp-Source: APXvYqxPGPCNvE23xibIXe+57N4H71XsaK3wWKF6xCUN274arFhtKnpkEJtXRg5udE0RuJ4iEKcGYA== X-Received: by 2002:a05:6402:145a:: with SMTP id d26mr107237799edx.10.1564585712394; Wed, 31 Jul 2019 08:08:32 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id g7sm16942446eda.52.2019.07.31.08.08.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:30 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 57277104836; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 50/59] x86/mm: Use common code for DMA memory encryption Date: Wed, 31 Jul 2019 18:08:04 +0300 Message-Id: <20190731150813.26289-51-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Jacob Pan Replace sme_ code with x86 memory encryption common code such that Intel MKTME can be supported underneath generic DMA code. dma_to_phys() & phys_to_dma() results will be runtime modified by memory encryption code. Signed-off-by: Jacob Pan Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mem_encrypt.h | 29 +++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt_common.c | 2 +- include/linux/dma-direct.h | 4 ++-- include/linux/mem_encrypt.h | 23 ++++++++++------------- 4 files changed, 42 insertions(+), 16 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 0c196c47d621..62a1493f389c 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -52,8 +52,19 @@ bool sev_active(void); #define __bss_decrypted __attribute__((__section__(".bss..decrypted"))) +/* + * The __sme_set() and __sme_clr() macros are useful for adding or removing + * the encryption mask from a value (e.g. when dealing with pagetable + * entries). + */ +#define __sme_set(x) ((x) | sme_me_mask) +#define __sme_clr(x) ((x) & ~sme_me_mask) + #else /* !CONFIG_AMD_MEM_ENCRYPT */ +#define __sme_set(x) (x) +#define __sme_clr(x) (x) + #define sme_me_mask 0ULL static inline void __init sme_early_encrypt(resource_size_t paddr, @@ -94,4 +105,22 @@ extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypte #endif /* __ASSEMBLY__ */ +#ifdef CONFIG_X86_MEM_ENCRYPT_COMMON + +extern dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr); +extern phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr); + +#else +static inline dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + return daddr; +} + +static inline phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + return paddr; +} +#endif /* CONFIG_X86_MEM_ENCRYPT_COMMON */ + + #endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/mm/mem_encrypt_common.c b/arch/x86/mm/mem_encrypt_common.c index c11d70151735..588d6ea45624 100644 --- a/arch/x86/mm/mem_encrypt_common.c +++ b/arch/x86/mm/mem_encrypt_common.c @@ -1,6 +1,6 @@ #include -#include #include +#include #include /* diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index adf993a3bd58..6ce96b06c440 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -49,12 +49,12 @@ static inline bool force_dma_unencrypted(struct device *dev) */ static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr) { - return __sme_set(__phys_to_dma(dev, paddr)); + return __mem_encrypt_dma_set(__phys_to_dma(dev, paddr), paddr); } static inline phys_addr_t dma_to_phys(struct device *dev, dma_addr_t daddr) { - return __sme_clr(__dma_to_phys(dev, daddr)); + return __mem_encrypt_dma_clear(__dma_to_phys(dev, daddr)); } u64 dma_direct_get_required_mask(struct device *dev); diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h index 470bd53a89df..88724aa7c065 100644 --- a/include/linux/mem_encrypt.h +++ b/include/linux/mem_encrypt.h @@ -23,6 +23,16 @@ static inline bool sme_active(void) { return false; } static inline bool sev_active(void) { return false; } +static inline dma_addr_t __mem_encrypt_dma_set(dma_addr_t daddr, phys_addr_t paddr) +{ + return daddr; +} + +static inline phys_addr_t __mem_encrypt_dma_clear(phys_addr_t paddr) +{ + return paddr; +} + #endif /* CONFIG_ARCH_HAS_MEM_ENCRYPT */ static inline bool mem_encrypt_active(void) @@ -35,19 +45,6 @@ static inline u64 sme_get_me_mask(void) return sme_me_mask; } -#ifdef CONFIG_AMD_MEM_ENCRYPT -/* - * The __sme_set() and __sme_clr() macros are useful for adding or removing - * the encryption mask from a value (e.g. when dealing with pagetable - * entries). - */ -#define __sme_set(x) ((x) | sme_me_mask) -#define __sme_clr(x) ((x) & ~sme_me_mask) -#else -#define __sme_set(x) (x) -#define __sme_clr(x) (x) -#endif - #endif /* __ASSEMBLY__ */ #endif /* __MEM_ENCRYPT_H__ */ From patchwork Wed Jul 31 15:08:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068085 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE2C4746 for ; Wed, 31 Jul 2019 15:08:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C608D1FFD8 for ; Wed, 31 Jul 2019 15:08:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B9AA8201B1; Wed, 31 Jul 2019 15:08:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C4351FFD8 for ; Wed, 31 Jul 2019 15:08:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388627AbfGaPIz (ORCPT ); Wed, 31 Jul 2019 11:08:55 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:33648 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388657AbfGaPIe (ORCPT ); Wed, 31 Jul 2019 11:08:34 -0400 Received: by mail-ed1-f66.google.com with SMTP id i11so2525097edq.0 for ; Wed, 31 Jul 2019 08:08:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AKmba4vf/ZPJ1ANSLVq0BszaZ5EHEw0+rluolW4cNw8=; b=bo4uajak/nrY2caCviEQ5+13QOOruKSVot/3mpFhnPUptXe8wQiI2pcggx1UFzkc+6 p2enaIZE1WQ0nur+4ojLwMmfA3mnX2TiIzq/vOH4fPX7tFzT7bwdjkaqQeNcebCtaRK2 YncpJbM19Mg+hJ0PgQoeGEunjUw6+YNXDPaFZKrtGi1suwJGSQ25iciPmh/QlVLzh68/ dFKIA5VbuTbQiB1EFWVSIRHLZOqQe4aOiF5cdzltkeIKMO93kV8/XGQs8282Dvs4jNAK r4taKwQzR2Fb1WQzuTvnWB10NdFL0EW3LOi1Sx3I7icX3Xv1+3uBneHoWO18TZnuPiw4 Xl9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AKmba4vf/ZPJ1ANSLVq0BszaZ5EHEw0+rluolW4cNw8=; b=NLM2jAHeIbKXmAEbbxHtGIFgmSkaxLvrsZBkGJrLoK2VZuW4aFhMexXbNysf+XsNEq GMtMPPdikJSmuTcb0ecKyEi44IYOCrRC++TdRNDYecak6VKpCDSiH6XguJ0Vohe1Kq+f kBBt1u8JiEG1oHE7wMspahJpjkDAKfEVK1AOi0PrCpHyxhWVMThJmF5AWGmCrWtsieSH FpM6H7Vmnn5iv8PzDm+L8OM0Jbn1MRqTq4p+He2iNUORdp4hZ5v+OKj7LUXeXnWgZ26V slWYkQJdaydTB+i0gVibJYYOgMT+pnAZSkfhUuO6yefAjr1EXJtxfT1WvtkVFuNoRcBe LK7g== X-Gm-Message-State: APjAAAViODjq/wb0iM5mNKItPj3fuixIKPlYXYcvuceQVRPcacBV1fW9 w1jwP3l7MNbt+M/hFLeMlS4= X-Google-Smtp-Source: APXvYqwScU6xXfOXVBF3/9vB3jUnf5274LJ9+ShKG2lqwNOlRRUFmLwjUMddJUmbcRJe29HUOaEEYg== X-Received: by 2002:a17:906:b6c6:: with SMTP id ec6mr96502459ejb.183.1564585711755; Wed, 31 Jul 2019 08:08:31 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id w24sm17512065edb.90.2019.07.31.08.08.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:08:30 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 5E4AA1048A3; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 51/59] x86/mm: Disable MKTME on incompatible platform configurations Date: Wed, 31 Jul 2019 18:08:05 +0300 Message-Id: <20190731150813.26289-52-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Icelake Server requires additional check to make sure that MKTME usage is safe on Linux. Kernel needs a way to access encrypted memory. There can be different approaches to this: create a temporary mapping to access the page (using kmap() interface), modify kernel's direct mapping on allocation of encrypted page. In order to minimize runtime overhead, the Linux MKTME implementation uses multiple direct mappings, one per-KeyID. Kernel uses the direct mapping that is relevant for the page at the moment. Icelake Server in some configurations doesn't allow a page to be mapped with multiple KeyIDs at the same time. Even if only one of KeyIDs is actively used. It conflicts with the Linux MKTME implementation. OS can check if it's safe to map the same with multiple KeyIDs by examining bit 8 of MSR 0x6F. If the bit is set we cannot safely use MKTME on Linux. The user can disable the Directory Mode in BIOS setup to get the platform into Linux-compatible mode. Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 9852580340b9..3583bea0a5b9 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -19,6 +19,7 @@ #include #include #include +#include #ifdef CONFIG_X86_64 #include @@ -560,6 +561,16 @@ static void detect_vmx_virtcap(struct cpuinfo_x86 *c) #define TME_ACTIVATE_CRYPTO_KNOWN_ALGS TME_ACTIVATE_CRYPTO_AES_XTS_128 +#define MSR_ICX_MKTME_STATUS 0x6F +#define MKTME_ALIASES_FORBIDDEN(x) (x & BIT(8)) + +/* Need to check MSR_ICX_MKTME_STATUS for these CPUs */ +static const struct x86_cpu_id mktme_status_msr_ids[] = { + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ICELAKE_X }, + { X86_VENDOR_INTEL, 6, INTEL_FAM6_ICELAKE_XEON_D }, + {} +}; + /* Values for mktme_status (SW only construct) */ #define MKTME_ENABLED 0 #define MKTME_DISABLED 1 @@ -593,6 +604,17 @@ static void detect_tme(struct cpuinfo_x86 *c) return; } + /* Icelake Server quirk: do not enable MKTME if aliases are forbidden */ + if (x86_match_cpu(mktme_status_msr_ids)) { + u64 status; + rdmsrl(MSR_ICX_MKTME_STATUS, status); + + if (MKTME_ALIASES_FORBIDDEN(status)) { + pr_err_once("x86/tme: Directory Mode is enabled in BIOS\n"); + mktme_status = MKTME_DISABLED; + } + } + if (mktme_status != MKTME_UNINITIALIZED) goto detect_keyid_bits; From patchwork Wed Jul 31 15:08:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068317 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5D9D61399 for ; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 47FE021BED for ; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3BCE7209CE; Wed, 31 Jul 2019 15:23:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A7C4A21327 for ; Wed, 31 Jul 2019 15:23:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728540AbfGaPXu (ORCPT ); Wed, 31 Jul 2019 11:23:50 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:33676 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727417AbfGaPXu (ORCPT ); Wed, 31 Jul 2019 11:23:50 -0400 Received: by mail-ed1-f65.google.com with SMTP id i11so2570799edq.0 for ; Wed, 31 Jul 2019 08:23:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=UJ4hP1jpsdk64Bv8Sf387CJe/yf6g4uoo14C+HjaYmc=; b=1WGj7wJ1Xlp3fgcH7vRPMztYr6U5tkfbscC1DOrRMnOQVJ19MV2EFmQ3dnX/uhMZZn +9L8x0NHV+iAuJ5WNvg45vfgpudSqJX8d/cH7WzdQ31ED8yVQqTnWs55ok0ywoT/cwgf LRqfk29P9c2a6t2n4GX6Zecm1hTDG8T8yRuJTxwS4MxO8xCaa30nlcP9NO9vMwzhD2/o jqb8W3AN4/5jM2qm735SpdYqlgeo8FHpUWhX0TEFnQDL0Nc2/fTIBdSXwohDdZnHEMKC JwVVXHl6iKII+YD7dMq1HoHGHE4mMuXMCZtypv68y+qEBnZs7tcFjmgIVrRdiTc9lYx6 gpdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=UJ4hP1jpsdk64Bv8Sf387CJe/yf6g4uoo14C+HjaYmc=; b=HPUyWBAMyQOtNYF1DdqoMlM4cEV3LE+VkKrDMpbjxWsCaZReZr5fE6HFq/vr3oLMli /DSCGcIIk1x5j6iM+eZ+BifshwbHI9cNbS1gbr8vrXGm2tO+7Ae+9X4630e4AT+dkWUj eKtM1noQXJXnpOquW7sYonaI9o4YpFt95PdIsa+v0mMSZeA+FQS5QaCS3EXWFlZWOWx0 hM/gvVq24eYjzNZm68xdUH45GGdGQZAOdDUI5e16UFvf71lVSgnizQU3PBN8rPeOJH76 RGmNuCS11aw/tZZs12G/zVxQr/icEAyEly0wHPDkhHBo1RaI/ZrZF7cjJxgsWDJfdSlT Wm2g== X-Gm-Message-State: APjAAAUX7+TbJKw5XnAjWjjd3XenB2RY9WYyKCJz7dpxMkPRlQgyCWf/ vswJwqlT2DPDwdOz6voU6WA= X-Google-Smtp-Source: APXvYqyzPuIoVNHRDVYCIgZPGv2mkwSHT27TYRbjUfR28hqJRIWgt4niZw9djMR/+XyBoAXfW/QEEA== X-Received: by 2002:a50:a5ec:: with SMTP id b41mr104531465edc.52.1564586628484; Wed, 31 Jul 2019 08:23:48 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id k20sm17485239ede.66.2019.07.31.08.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 6575C1048A4; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 52/59] x86/mm: Disable MKTME if not all system memory supports encryption Date: Wed, 31 Jul 2019 18:08:06 +0300 Message-Id: <20190731150813.26289-53-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP UEFI memory attribute EFI_MEMORY_CPU_CRYPTO indicates whether the memory region supports encryption. Kernel doesn't handle situation when only part of the system memory supports encryption. Disable MKTME if not all system memory supports encryption. Signed-off-by: Kirill A. Shutemov --- arch/x86/mm/mktme.c | 35 +++++++++++++++++++++++++++++++++++ drivers/firmware/efi/efi.c | 25 +++++++++++++------------ include/linux/efi.h | 1 + 3 files changed, 49 insertions(+), 12 deletions(-) diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index 17366d81c21b..4e00c244478b 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,9 +1,11 @@ #include #include #include +#include #include #include #include +#include /* Mask to extract KeyID from physical address. */ phys_addr_t __mktme_keyid_mask; @@ -48,9 +50,42 @@ void mktme_disable(void) static bool need_page_mktme(void) { + int nid; + /* Make sure keyid doesn't collide with extended page flags */ BUILD_BUG_ON(__NR_PAGE_EXT_FLAGS > 16); + if (!mktme_nr_keyids()) + return 0; + + for_each_node_state(nid, N_MEMORY) { + const efi_memory_desc_t *md; + unsigned long node_start, node_end; + + node_start = node_start_pfn(nid) << PAGE_SHIFT; + node_end = node_end_pfn(nid) << PAGE_SHIFT; + + for_each_efi_memory_desc(md) { + u64 efi_start = md->phys_addr; + u64 efi_end = md->phys_addr + PAGE_SIZE * md->num_pages; + + if (md->attribute & EFI_MEMORY_CPU_CRYPTO) + continue; + if (efi_start > node_end) + continue; + if (efi_end < node_start) + continue; + if (!e820__mapped_any(efi_start, efi_end, E820_TYPE_RAM)) + continue; + + printk("Memory range %#llx-%#llx: doesn't support encryption\n", + efi_start, efi_end); + printk("Disable MKTME\n"); + mktme_disable(); + break; + } + } + return !!mktme_nr_keyids(); } diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c index ad3b1f4866b3..fc19da5da3e8 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -852,25 +852,26 @@ char * __init efi_md_typeattr_format(char *buf, size_t size, if (attr & ~(EFI_MEMORY_UC | EFI_MEMORY_WC | EFI_MEMORY_WT | EFI_MEMORY_WB | EFI_MEMORY_UCE | EFI_MEMORY_RO | EFI_MEMORY_WP | EFI_MEMORY_RP | EFI_MEMORY_XP | - EFI_MEMORY_NV | + EFI_MEMORY_NV | EFI_MEMORY_CPU_CRYPTO | EFI_MEMORY_RUNTIME | EFI_MEMORY_MORE_RELIABLE)) snprintf(pos, size, "|attr=0x%016llx]", (unsigned long long)attr); else snprintf(pos, size, - "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]", + "|%3s|%2s|%2s|%2s|%2s|%2s|%2s|%2s|%3s|%2s|%2s|%2s|%2s]", attr & EFI_MEMORY_RUNTIME ? "RUN" : "", attr & EFI_MEMORY_MORE_RELIABLE ? "MR" : "", - attr & EFI_MEMORY_NV ? "NV" : "", - attr & EFI_MEMORY_XP ? "XP" : "", - attr & EFI_MEMORY_RP ? "RP" : "", - attr & EFI_MEMORY_WP ? "WP" : "", - attr & EFI_MEMORY_RO ? "RO" : "", - attr & EFI_MEMORY_UCE ? "UCE" : "", - attr & EFI_MEMORY_WB ? "WB" : "", - attr & EFI_MEMORY_WT ? "WT" : "", - attr & EFI_MEMORY_WC ? "WC" : "", - attr & EFI_MEMORY_UC ? "UC" : ""); + attr & EFI_MEMORY_NV ? "NV" : "", + attr & EFI_MEMORY_CPU_CRYPTO ? "CR" : "", + attr & EFI_MEMORY_XP ? "XP" : "", + attr & EFI_MEMORY_RP ? "RP" : "", + attr & EFI_MEMORY_WP ? "WP" : "", + attr & EFI_MEMORY_RO ? "RO" : "", + attr & EFI_MEMORY_UCE ? "UCE" : "", + attr & EFI_MEMORY_WB ? "WB" : "", + attr & EFI_MEMORY_WT ? "WT" : "", + attr & EFI_MEMORY_WC ? "WC" : "", + attr & EFI_MEMORY_UC ? "UC" : ""); return buf; } diff --git a/include/linux/efi.h b/include/linux/efi.h index f87fabea4a85..4ac54a168ffe 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -112,6 +112,7 @@ typedef struct { #define EFI_MEMORY_MORE_RELIABLE \ ((u64)0x0000000000010000ULL) /* higher reliability */ #define EFI_MEMORY_RO ((u64)0x0000000000020000ULL) /* read-only */ +#define EFI_MEMORY_CPU_CRYPTO ((u64)0x0000000000080000ULL) /* memory encryption supported */ #define EFI_MEMORY_RUNTIME ((u64)0x8000000000000000ULL) /* range requires runtime mapping */ #define EFI_MEMORY_DESCRIPTOR_VERSION 1 From patchwork Wed Jul 31 15:08:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068335 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8DE0314DB for ; Wed, 31 Jul 2019 15:24:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7A39B209CD for ; Wed, 31 Jul 2019 15:24:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6E2A8204C1; Wed, 31 Jul 2019 15:24:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0E635209CD for ; Wed, 31 Jul 2019 15:24:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729369AbfGaPXx (ORCPT ); Wed, 31 Jul 2019 11:23:53 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:44820 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729085AbfGaPXw (ORCPT ); Wed, 31 Jul 2019 11:23:52 -0400 Received: by mail-ed1-f66.google.com with SMTP id k8so66024369edr.11 for ; Wed, 31 Jul 2019 08:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=V4Vs01tlfRxj/hdhWvsn+MzzX7wMrP0xYcTZ6W3t7PA=; b=DnqAXhTZp01yN6WSw/evIc0boNe52PO2BoJktJtMh2RgostVls+YOyjDU6sjdeAXpu pYNcxAcwMJyK9ACo0Uze5/331zleuRgZ8tdMXcyXHPouR7MjjLnzEm4vrrvRLtE8OL+z 76Cfo0xHGEhi44+MBvlBGlpc/EOvonqmzkGktFkI44+xmuDaiqapmC1Xp/Y9zTg7OInG a9YhCGJldybaRAWWZ5RBIZd3ymSs+wsjDNu5AUmyHnhmm+vat7AO8LplmVvMjX0krWt7 jQavX89FPCTjy4eg6GZ4rPAOp0XfZXIvJviPw7ZSaRn3QUgHcgBLfJ3RAn+sdl9p07vK IUrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=V4Vs01tlfRxj/hdhWvsn+MzzX7wMrP0xYcTZ6W3t7PA=; b=OVEzLmll4tLR3wVpB339bZT0rrEjJg1/IXAqw0NCBJJz+fG0hjqQ7ZP6AIqCAM4Gey WaShcNZSEH2MeO1XH/PWtq8UFsrCSkYkQhLCEkRJOPrb1AjBhvWo4Mid+Xy4dy2Kq7yb XtFtc+uaqTqyJQgFraMtBayscaui6TfJktmTq1YSX4mTxeBCW4m5yIAySl6TaucYXNKD NmZR7MqLL173UIYuniI0AcsnzsEg8jXFZWD1P6zsqRt9x7j+4rXWvOXQciTIMrRa5NhX BYPU3xkXQqD6a6eL0TUT8IR+JsHqLBBpVfh0dyE8Zb0RkZB76wFnUl3JvhmiYq6loRST SbqA== X-Gm-Message-State: APjAAAVwxbV9Hr06zu00nwooTLabVDdPNqGRiHtBAhTmuDpqmgXh0m0N n9CQdkr4pED3vH5E1DLnmDI= X-Google-Smtp-Source: APXvYqzpD06BRkFUgNWq9pUNA5hd6n+ixu+p9XWwB3ULdCfnwz/4f2lQt2Iw5Gwg1+XUTttxmbAlwg== X-Received: by 2002:a50:9116:: with SMTP id e22mr108657772eda.161.1564586630746; Wed, 31 Jul 2019 08:23:50 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id 9sm8073176ejw.63.2019.07.31.08.23.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:49 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 6C43A1048A5; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2 53/59] x86: Introduce CONFIG_X86_INTEL_MKTME Date: Wed, 31 Jul 2019 18:08:07 +0300 Message-Id: <20190731150813.26289-54-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add new config option to enabled/disable Multi-Key Total Memory Encryption support. Signed-off-by: Kirill A. Shutemov --- arch/x86/Kconfig | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index f2cc88fe8ada..d8551b612f3b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1550,6 +1550,25 @@ config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT If set to N, then the encryption of system memory can be activated with the mem_encrypt=on command line option. +config X86_INTEL_MKTME + bool "Intel Multi-Key Total Memory Encryption" + depends on X86_64 && CPU_SUP_INTEL && !KASAN + select X86_MEM_ENCRYPT_COMMON + select PAGE_EXTENSION + select KEYS + select ACPI_HMAT + ---help--- + Say yes to enable support for Multi-Key Total Memory Encryption. + This requires an Intel processor that has support of the feature. + + Multikey Total Memory Encryption (MKTME) is a technology that allows + transparent memory encryption in upcoming Intel platforms. + + MKTME is built on top of TME. TME allows encryption of the entirety + of system memory using a single key. MKTME allows having multiple + encryption domains, each having own key -- different memory pages can + be encrypted with different keys. + # Common NUMA Features config NUMA bool "Numa Memory Allocation and Scheduler Support" @@ -2220,7 +2239,7 @@ config RANDOMIZE_MEMORY config MEMORY_PHYSICAL_PADDING hex "Physical memory mapping padding" if EXPERT - depends on RANDOMIZE_MEMORY + depends on RANDOMIZE_MEMORY || X86_INTEL_MKTME default "0xa" if MEMORY_HOTPLUG default "0x0" range 0x1 0x40 if MEMORY_HOTPLUG From patchwork Wed Jul 31 15:08:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068291 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DC6761399 for ; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C9B8A205FC for ; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BD94120602; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AA9A204BF for ; Wed, 31 Jul 2019 15:21:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727978AbfGaPVt (ORCPT ); Wed, 31 Jul 2019 11:21:49 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:42073 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727276AbfGaPVt (ORCPT ); Wed, 31 Jul 2019 11:21:49 -0400 Received: by mail-ed1-f68.google.com with SMTP id v15so66084632eds.9 for ; Wed, 31 Jul 2019 08:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rS7n4vbFz7RKbnJIWYLJ3LD2/VhASWWBXDQ1YiyXUK4=; b=afbMm0GfaAisY0kxZUpRSnh8R0UIgNbJC7BJabH5D9WD/FNoXqbra0An01CbRBxtGZ 6HU1X6ERvuzfNqTtDr+HgIFNQrS9uH8mDg4JioI9lUGBcB+JyiVbUiZDn49xnAK2QQn2 oQ3mhFNgfpG+AUJM6loNdB65enq3rg75smpnnn5r67isH8PNtXlUf6jqP5gfHsQbMQyF l59jSDgnvEUi9oWKOkD6rlyjzioaGiCcKXFv5vzlqChSrqbNMbLCeGEwMXmrJepCKBgI Uuo0QV/OGqvUg9Jx7SfUQ3NHZ5kkTcCYHyjFw9TFCxaRJlkdceV57/R8dgaSbT3qft98 VEWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rS7n4vbFz7RKbnJIWYLJ3LD2/VhASWWBXDQ1YiyXUK4=; b=QAaQKwO5+PjQDPY0xX4oF/sqDNVEwoNaa/HQkA8EsBrtakSKCwBY8vrN/VF9+Qtz/N 31hqqr41HEwUbnNv3XXbmg8Iu9IFDS1Drvzu/bzZAk3h1XRkOohc61BvmTi0w0V38QGn Vf7utTV1LoHWWfppfVaN2Igr2gZ+J+8++mJB17VjFzwCsC8sm7P8V3ALTXpVCxdDEFaG 4KLOBtA+gExpqd42OnjwCazjLGHQTSrmaeSFHIFqEaR38LxsBrILSKThgkNR6ICIQ8ZK WR476s/1rjhpZt1SSqoi4qen7o1fF+SKe4mKmWKAQDOULU1IGoKDVzGdSwXs9gVNVxnS Xn3A== X-Gm-Message-State: APjAAAUkRcp4GvGzgUeDiFaJf53Eg/L8k40Tgo8l4Unu3MgZF5zSvAgd x6p0PuOX+peM2UVAyqPTjLE= X-Google-Smtp-Source: APXvYqzYx7vkfK0pCreTlPXP87r4rm9+sWwDysXJ5rrTYu3XJTTOF6g20uha3nGp0gwYlH89T1Svfw== X-Received: by 2002:a17:906:6bc4:: with SMTP id t4mr97503471ejs.256.1564586032415; Wed, 31 Jul 2019 08:13:52 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id 9sm8069757ejw.63.2019.07.31.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:50 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 7337F1048A6; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 54/59] x86/mktme: Overview of Multi-Key Total Memory Encryption Date: Wed, 31 Jul 2019 18:08:08 +0300 Message-Id: <20190731150813.26289-55-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Provide an overview of MKTME on Intel Platforms. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/index.rst | 1 + Documentation/x86/mktme/index.rst | 8 +++ Documentation/x86/mktme/mktme_overview.rst | 57 ++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 Documentation/x86/mktme/index.rst create mode 100644 Documentation/x86/mktme/mktme_overview.rst diff --git a/Documentation/x86/index.rst b/Documentation/x86/index.rst index af64c4bb4447..449bb6abeb0e 100644 --- a/Documentation/x86/index.rst +++ b/Documentation/x86/index.rst @@ -22,6 +22,7 @@ x86-specific Documentation intel_mpx intel-iommu intel_txt + mktme/index amd-memory-encryption pti mds diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst new file mode 100644 index 000000000000..1614b52dd3e9 --- /dev/null +++ b/Documentation/x86/mktme/index.rst @@ -0,0 +1,8 @@ + +========================================= +Multi-Key Total Memory Encryption (MKTME) +========================================= + +.. toctree:: + + mktme_overview diff --git a/Documentation/x86/mktme/mktme_overview.rst b/Documentation/x86/mktme/mktme_overview.rst new file mode 100644 index 000000000000..64c3268a508e --- /dev/null +++ b/Documentation/x86/mktme/mktme_overview.rst @@ -0,0 +1,57 @@ +Overview +========= +Multi-Key Total Memory Encryption (MKTME)[1] is a technology that +allows transparent memory encryption in upcoming Intel platforms. +It uses a new instruction (PCONFIG) for key setup and selects a +key for individual pages by repurposing physical address bits in +the page tables. + +Support for MKTME is added to the existing kernel keyring subsystem +and via a new mprotect_encrypt() system call that can be used by +applications to encrypt anonymous memory with keys obtained from +the keyring. + +This architecture supports encrypting both normal, volatile DRAM +and persistent memory. However, persistent memory support is +not included in the Linux kernel implementation at this time. +(We anticipate adding that support next.) + +Hardware Background +=================== + +MKTME is built on top of an existing single-key technology called +TME. TME encrypts all system memory using a single key generated +by the CPU on every boot of the system. TME provides mitigation +against physical attacks, such as physically removing a DIMM or +watching memory bus traffic. + +MKTME enables the use of multiple encryption keys[2], allowing +selection of the encryption key per-page using the page tables. +Encryption keys are programmed into each memory controller and +the same set of keys is available to all entities on the system +with access to that memory (all cores, DMA engines, etc...). + +MKTME inherits many of the mitigations against hardware attacks +from TME. Like TME, MKTME does not mitigate vulnerable or +malicious operating systems or virtual machine managers. MKTME +offers additional mitigations when compared to TME. + +TME and MKTME use the AES encryption algorithm in the AES-XTS +mode. This mode, typically used for block-based storage devices, +takes the physical address of the data into account when +encrypting each block. This ensures that the effective key is +different for each block of memory. Moving encrypted content +across physical address results in garbage on read, mitigating +block-relocation attacks. This property is the reason many of +the discussed attacks require control of a shared physical page +to be handed from the victim to the attacker. + +-- +1. https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf +2. The MKTME architecture supports up to 16 bits of KeyIDs, so a + maximum of 65535 keys on top of the “TME key” at KeyID-0. The + first implementation is expected to support 6 bits, making 63 + keys available to applications. However, this is not guaranteed. + The number of available keys could be reduced if, for instance, + additional physical address space is desired over additional + KeyIDs. From patchwork Wed Jul 31 15:08:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068265 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 756451399 for ; Wed, 31 Jul 2019 15:20:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 60B9F204BE for ; Wed, 31 Jul 2019 15:20:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 55135212BE; Wed, 31 Jul 2019 15:20:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A66F204BE for ; Wed, 31 Jul 2019 15:19:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729765AbfGaPT5 (ORCPT ); Wed, 31 Jul 2019 11:19:57 -0400 Received: from mail-ed1-f66.google.com ([209.85.208.66]:37293 "EHLO mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729784AbfGaPT4 (ORCPT ); Wed, 31 Jul 2019 11:19:56 -0400 Received: by mail-ed1-f66.google.com with SMTP id w13so66095492eds.4 for ; Wed, 31 Jul 2019 08:19:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=igF6rwOO/MpHXaPOW5M5V10Q4NOXV533wOmvObyjS78=; b=a8D1IY8WQS/+pFXxx/c79xwSarq0iBdwCWmWCulUgzml4ker2LJSZneHrbBGRc9GCv H11X9TMhet9vbmINgjsTxzpQhGw8LclboXWyHT3C8sP81/lKyUEJb80FNr1Z3YxssR1s IN4FXExlSdSk1vWQd4N5Kkg511vrNfyls4pDcgm+WDjrht72CCqQslx6rnLT6w1nFhR7 qav+PNWqOr+wWtQ7MgYg1Knk12t/pP9iRkjhwnvEbWBJH7+WHTJWnfHK0vZdejGeflRe +np9WYVRO4AAyNwU58oVH7WDmV4bh3Re5u+csPI0Y37Za/tH7uxoXCEETZ2CG6GG8fvP xGJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=igF6rwOO/MpHXaPOW5M5V10Q4NOXV533wOmvObyjS78=; b=nbvzUo/74dHX3O4K++YvQBxppO+1LKjDS3KeDQaEQUbu+r34AaTLGtWEuDP+dNqsHp rjRq83wd+3LJy4oA8x8KVd/TLgRqr+vLaUNuysAxYO8LtLgnUPzIX5e6ejn8XdF+tGQY kQZ3US0ICJv9tax+A3mM0oXamPStGFgooahRfisvM8C6coiqOLkFq8r4tICQGiQpZrCH 8AVtpZXTLjiMQCxVseTRSRbeQqyTM3cIpzMaZpFWI5q/snP0jsAMsSUKEvHGgmYIrRpL xB41t+XyJejK06j0fqycQOPIsKJBZKfEB1zLaAzT0j6lIozDdOUvqv+nHoWI6obMvJZX YBtg== X-Gm-Message-State: APjAAAX9s44cT2G6/IKGtsIdoxw84KSlbHS3+S7WS+m82Qk9T/Qakdmq SFw63OC1zYAdQwWyE104Vao= X-Google-Smtp-Source: APXvYqwV5kCyMozU4z2zmBu0uFZ9eCcpeUARTXuEcmuWXOI+wPOLh76dszK/1zlrOgtlJNxL8DEMmg== X-Received: by 2002:a17:906:784:: with SMTP id l4mr80515472ejc.19.1564586033595; Wed, 31 Jul 2019 08:13:53 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id c16sm17311766edc.58.2019.07.31.08.13.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:51 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 79BFF1048A7; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 55/59] x86/mktme: Document the MKTME provided security mitigations Date: Wed, 31 Jul 2019 18:08:09 +0300 Message-Id: <20190731150813.26289-56-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Describe the security benefits of Multi-Key Total Memory Encryption (MKTME) over Total Memory Encryption (TME) alone. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_mitigations.rst | 151 ++++++++++++++++++ 2 files changed, 152 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_mitigations.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 1614b52dd3e9..a3a29577b013 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -6,3 +6,4 @@ Multi-Key Total Memory Encryption (MKTME) .. toctree:: mktme_overview + mktme_mitigations diff --git a/Documentation/x86/mktme/mktme_mitigations.rst b/Documentation/x86/mktme/mktme_mitigations.rst new file mode 100644 index 000000000000..c593784851fb --- /dev/null +++ b/Documentation/x86/mktme/mktme_mitigations.rst @@ -0,0 +1,151 @@ +MKTME-Provided Mitigations +========================== +:Author: Dave Hansen + +MKTME adds a few mitigations against attacks that are not +mitigated when using TME alone. The first set are mitigations +against software attacks that are familiar today: + + * Kernel Mapping Attacks: information disclosures that leverage + the kernel direct map are mitigated against disclosing user + data. + * Freed Data Leak Attacks: removing an encryption key from the + hardware mitigates future user information disclosure. + +The next set are attacks that depend on specialized hardware, +such as an “evil DIMM” or a DDR interposer: + + * Cross-Domain Replay Attack: data is captured from one domain +(guest) and replayed to another at a later time. + * Cross-Domain Capture and Delayed Compare Attack: data is + captured and later analyzed to discover secrets. + * Key Wear-out Attack: data is captured and analyzed in order + to Weaken the AES encryption itself. + +More details on these attacks are below. + +Kernel Mapping Attacks +---------------------- +Information disclosure vulnerabilities leverage the kernel direct +map because many vulnerabilities involve manipulation of kernel +data structures (examples: CVE-2017-7277, CVE-2017-9605). We +normally think of these bugs as leaking valuable *kernel* data, +but they can leak application data when application pages are +recycled for kernel use. + +With this MKTME implementation, there is a direct map created for +each MKTME KeyID which is used whenever the kernel needs to +access plaintext. But, all kernel data structures are accessed +via the direct map for KeyID-0. Thus, memory reads which are not +coordinated with the KeyID get garbage (for example, accessing +KeyID-4 data with the KeyID-0 mapping). + +This means that if sensitive data encrypted using MKTME is leaked +via the KeyID-0 direct map, ciphertext decrypted with the wrong +key will be disclosed. To disclose plaintext, an attacker must +“pivot” to the correct direct mapping, which is non-trivial +because there are no kernel data structures in the KeyID!=0 +direct mapping. + +Freed Data Leak Attack +---------------------- +The kernel has a history of bugs around uninitialized data. +Usually, we think of these bugs as leaking sensitive kernel data, +but they can also be used to leak application secrets. + +MKTME can help mitigate the case where application secrets are +leaked: + + * App (or VM) places a secret in a page * App exits or frees +memory to kernel allocator * Page added to allocator free list * +Attacker reallocates page to a purpose where it can read the page + +Now, imagine MKTME was in use on the memory being leaked. The +data can only be leaked as long as the key is programmed in the +hardware. If the key is de-programmed, like after all pages are +freed after a guest is shut down, any future reads will just see +ciphertext. + +Basically, the key is a convenient choke-point: you can be more +confident that data encrypted with it is inaccessible once the +key is removed. + +Cross-Domain Replay Attack +-------------------------- +MKTME mitigates cross-domain replay attacks where an attacker +replaces an encrypted block owned by one domain with a block +owned by another domain. MKTME does not prevent this replacement +from occurring, but it does mitigate plaintext from being +disclosed if the domains use different keys. + +With TME, the attack could be executed by: + * A victim places secret in memory, at a given physical address. + Note: AES-XTS is what restricts the attack to being performed + at a single physical address instead of across different + physical addresses + * Attacker captures victim secret’s ciphertext * Later on, after + victim frees the physical address, attacker gains ownership + * Attacker puts the ciphertext at the address and get the secret + plaintext + +But, due to the presumably different keys used by the attacker +and the victim, the attacker can not successfully decrypt old +ciphertext. + +Cross-Domain Capture and Delayed Compare Attack +----------------------------------------------- +This is also referred to as a kind of dictionary attack. + +Similarly, MKTME protects against cross-domain capture-and-compare +attacks. Consider the following scenario: + * A victim places a secret in memory, at a known physical address + * Attacker captures victim’s ciphertext + * Attacker gains control of the target physical address, perhaps + after the victim’s VM is shut down or its memory reclaimed. + * Attacker computes and writes many possible plaintexts until new + ciphertext matches content captured previously. + +Secrets which have low (plaintext) entropy are more vulnerable to +this attack because they reduce the number of possible plaintexts +an attacker has to compute and write. + +The attack will not work if attacker and victim uses different +keys. + +Key Wear-out Attack +------------------- +Repeated use of an encryption key might be used by an attacker to +infer information about the key or the plaintext, weakening the +encryption. The higher the bandwidth of the encryption engine, +the more vulnerable the key is to wear-out. The MKTME memory +encryption hardware works at the speed of the memory bus, which +has high bandwidth. + +Such a weakness has been demonstrated[1] on a theoretical cipher +with similar properties as AES-XTS. + +An attack would take the following steps: + * Victim system is using TME with AES-XTS-128 + * Attacker repeatedly captures ciphertext/plaintext pairs (can + be Performed with online hardware attack like an interposer). + * Attacker compels repeated use of the key under attack for a + sustained time period without a system reboot[2]. + * Attacker discovers a cipertext collision (two plaintexts + translating to the same ciphertext) + * Attacker can induce controlled modifications to the targeted + plaintext by modifying the colliding ciphertext + +MKTME mitigates key wear-out in two ways: + * Keys can be rotated periodically to mitigate wear-out. Since + TME keys are generated at boot, rotation of TME keys requires a + reboot. In contrast, MKTME allows rotation while the system is + booted. An application could implement a policy to rotate keys + at a frequency which is not feasible to attack. + * In the case that MKTME is used to encrypt two guests’ memory + with two different keys, an attack on one guest’s key would not + weaken the key used in the second guest. + +-- +1. http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf +2. This sustained time required for an attack could vary from days + to years depending on the attacker’s goals. From patchwork Wed Jul 31 15:08:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068285 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A79EF1399 for ; Wed, 31 Jul 2019 15:21:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 937011FF14 for ; Wed, 31 Jul 2019 15:21:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 87E6A20602; Wed, 31 Jul 2019 15:21:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 438001FF14 for ; Wed, 31 Jul 2019 15:21:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727489AbfGaPVH (ORCPT ); Wed, 31 Jul 2019 11:21:07 -0400 Received: from mail-ed1-f42.google.com ([209.85.208.42]:36076 "EHLO mail-ed1-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726382AbfGaPVF (ORCPT ); Wed, 31 Jul 2019 11:21:05 -0400 Received: by mail-ed1-f42.google.com with SMTP id k21so66071297edq.3 for ; Wed, 31 Jul 2019 08:21:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=I5PL3KEd8NdLoJF+LQ8UkD4dkMItZA8rJO7OBoBpg0o=; b=tW+zNphqnZbkGHkrMBxx1TXe9FglfbohupscPg50rqzrfHLWW9Hl0Z+CMMOXjE/R2+ NcyfhCCsOWXcuwckjmfDmtUusVsnWuowFpyaegX4gCHmyqrGBy+MQMUADGcZpvVKZ512 11xIjMWWAyW63Hda6ArgtSMycjMggoGiwik1SYPbJausNlmbXMmpld6k3+d5JCJ4LZJP gwHYjVnbIrQYu9TGb2+5XJG8HpaJESPi+R23zoUlviPx31pjGUmVrMYLiGF/H3Dcw0QM E2t8w4UFu33JUkrOE5ctmB9g/FhPzqGB/iO94n+xj19M9EujxQQ7zv77d7Yw2DGds/F/ 6oYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=I5PL3KEd8NdLoJF+LQ8UkD4dkMItZA8rJO7OBoBpg0o=; b=odclrMGdXkaN+xyHA+cKYRWoPucbcUI4ps0FO7k8jcKkQc6p8F1LMwAiCWGsBRcz51 PG+goVb6SZx9ofpzQ/pviZGeInK5OESCcYAJmy6NLPdD8dXjNHwIaCoAufqoDxwKE2cn ivOFZ9ZfAlE4fWSjW3cq/zAQNV2VmknKwWGIPwGN1T1FwplSqad9TS+NJZ5l1+UnG06J qDoAHfOqYGhvmFNIMW3Jd0e9QrkLErGCJZMN7XRMgLIT2f4JsAZYP3Wk5U/MVJzqw3mM QWu2jbT67TehkI9TDiHNtK+mbKqOu1+Z5FLtAny5Fu1Rvu8YspKFB7fmGjmD1aPgvP/F gqrg== X-Gm-Message-State: APjAAAW2k0orvwWrCLa8f0QbVn3lOQKGK7WmR80vKayW4BZUzvs/yBgv ErKMY6cyqaMtOfKlglXMY4A= X-Google-Smtp-Source: APXvYqzcY0rGlEFl7gKQAV09OPdwNja6Zvxs45AN38Cu6T9Con7khC9d8WVErECQGCkC99X7sSihKQ== X-Received: by 2002:a17:906:2557:: with SMTP id j23mr93846289ejb.228.1564586035522; Wed, 31 Jul 2019 08:13:55 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id p43sm17365793edc.3.2019.07.31.08.13.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 809A21048A8; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 56/59] x86/mktme: Document the MKTME kernel configuration requirements Date: Wed, 31 Jul 2019 18:08:10 +0300 Message-Id: <20190731150813.26289-57-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_configuration.rst | 6 ++++++ 2 files changed, 7 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_configuration.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index a3a29577b013..0f021cc4a2db 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -7,3 +7,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_overview mktme_mitigations + mktme_configuration diff --git a/Documentation/x86/mktme/mktme_configuration.rst b/Documentation/x86/mktme/mktme_configuration.rst new file mode 100644 index 000000000000..7d56596360cb --- /dev/null +++ b/Documentation/x86/mktme/mktme_configuration.rst @@ -0,0 +1,6 @@ +MKTME Configuration +=================== + +CONFIG_X86_INTEL_MKTME + MKTME is enabled by selecting CONFIG_X86_INTEL_MKTME on Intel + platforms supporting the MKTME feature. From patchwork Wed Jul 31 15:08:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068279 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 647AD1399 for ; Wed, 31 Jul 2019 15:21:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 523801FF14 for ; Wed, 31 Jul 2019 15:21:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 465042022C; Wed, 31 Jul 2019 15:21:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC5E71FF14 for ; Wed, 31 Jul 2019 15:21:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730086AbfGaPVB (ORCPT ); Wed, 31 Jul 2019 11:21:01 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:34211 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729131AbfGaPVA (ORCPT ); Wed, 31 Jul 2019 11:21:00 -0400 Received: by mail-ed1-f67.google.com with SMTP id s49so31236152edb.1 for ; Wed, 31 Jul 2019 08:20:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=WTAAjTsK3+3w7eSPHsyJf/zyVQM+N+66EXtK8GvqGh0=; b=vHCm2eeuCUQs2yHSeXWs6297E3LD/DJ3yKHjxnQ3uS38oTOhZMWNOL2t2b8qyqezCd TSyHJ2nZIkIp+xozfa1fMkbPHgLyD07pzVHXY1r0RJbOqJQjIa59zY+kzkFpFK+i6bAm u2IRsUZJ7qr8muyrOi/vvs1sPIHYD5F+Sz93KlJmSVBGUVMoNkaJnWL0flwcUWdk1Rd+ pJLhMUZ1mXkr512XbgaOmHVFaepWq9DNGGdxUvxD97xw+4EXINwjigBZSkDbyOrFGk9v coI9yYfL7DOZadkWb+EyLWXGslgUVJIufSy67o3yRyMY9W/s+uFsbxg0YK6+eu5onsz9 Qs2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WTAAjTsK3+3w7eSPHsyJf/zyVQM+N+66EXtK8GvqGh0=; b=XfmqWz9zenlUYcQsfFuXYu9+sIWnQnmlZC3wVp5JM7o6ldafCGNgWybFsEqFNlgNTS Xif5++he/k26tLXVFjjU1vKcS4+/o5HcOISVOZ4asQdra/g5XW6qr0iCk5aeJdWMR4UY FbflqRYEAai4OMe75riEpkEWur+oeympU+n6+eCbz3EIjtGkjtKSHUmzPm1oe+pd68HD Fg4xuxJjawJG8FEGYqvh3+IatHd1Lp0woq9zk03WyaQeRGRRs/BI4CZX44eH1s+RQNpU o1/bG/NLkmJqQhPmZ8mWzZ60n9K0yLnt/W+vMlhDVPAup/057FCAszuHkHpiWrkx5sM2 yL6Q== X-Gm-Message-State: APjAAAU3xsqbySsmWtsKufKH9KPZ18KbrCFXiMRfSz89dGgho8OD7jyC kclwLDR0VOJn9CnlsdZ9NSA= X-Google-Smtp-Source: APXvYqyDF7Ax4wPwm75VtJQs6n6Sw+upz55I60UXt6jJNg1T+Xcry5rWrrwsNPjn0mCM+yzapDyh9Q== X-Received: by 2002:a50:9153:: with SMTP id f19mr109455097eda.70.1564586035945; Wed, 31 Jul 2019 08:13:55 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id q56sm17022134eda.28.2019.07.31.08.13.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 87A6F1048A9; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 57/59] x86/mktme: Document the MKTME Key Service API Date: Wed, 31 Jul 2019 18:08:11 +0300 Message-Id: <20190731150813.26289-58-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov Reviewed-by: Ben Boeckel --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_keys.rst | 61 ++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_keys.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 0f021cc4a2db..8cf2b7d62091 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -8,3 +8,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_overview mktme_mitigations mktme_configuration + mktme_keys diff --git a/Documentation/x86/mktme/mktme_keys.rst b/Documentation/x86/mktme/mktme_keys.rst new file mode 100644 index 000000000000..5d9125eb7950 --- /dev/null +++ b/Documentation/x86/mktme/mktme_keys.rst @@ -0,0 +1,61 @@ +MKTME Key Service API +===================== +MKTME is a new key service type added to the Linux Kernel Key Service. + +The MKTME Key Service type is available when CONFIG_X86_INTEL_MKTME is +turned on in Intel platforms that support the MKTME feature. + +The MKTME Key Service type manages the allocation of hardware encryption +keys. Users can request an MKTME type key and then use that key to +encrypt memory with the encrypt_mprotect() system call. + +Usage +----- + When using the Kernel Key Service to request an *mktme* key, + specify the *payload* as follows: + + type= + *cpu* User requests a CPU generated encryption key. + The CPU generates and assigns an ephemeral key. + + *no-encrypt* + User requests that hardware does not encrypt + memory when this key is in use. + + algorithm= + When type=cpu the algorithm field must be *aes-xts-128* + *aes-xts-128* is the only supported encryption algorithm + + When type=no-encrypt the algorithm field must not be + present in the payload. + +ERRORS +------ + In addition to the Errors returned from the Kernel Key Service, + add_key(2) or keyctl(1) commands, the MKTME Key Service type may + return the following errors: + + EINVAL for any payload specification that does not match the + MKTME type payload as defined above. + + EACCES for access denied. The MKTME key type uses capabilities + to restrict the allocation of keys to privileged users. + CAP_SYS_RESOURCE is required, but it will accept the + broader capability of CAP_SYS_ADMIN. See capabilities(7). + + ENOKEY if a hardware key cannot be allocated. Additional error + messages will describe the hardware programming errors. + +EXAMPLES +-------- + Add a 'cpu' type key:: + + char \*options_CPU = "type=cpu algorithm=aes-xts-128"; + + key = add_key("mktme", "name", options_CPU, strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); + + Add a "no-encrypt' type key:: + + key = add_key("mktme", "name", "no-encrypt", strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); From patchwork Wed Jul 31 15:08:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068269 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9F0731399 for ; Wed, 31 Jul 2019 15:20:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8D7C820243 for ; Wed, 31 Jul 2019 15:20:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8BCEC205FC; Wed, 31 Jul 2019 15:20:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1B82520587 for ; Wed, 31 Jul 2019 15:20:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729687AbfGaPUt (ORCPT ); Wed, 31 Jul 2019 11:20:49 -0400 Received: from mail-ed1-f68.google.com ([209.85.208.68]:46160 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730061AbfGaPUt (ORCPT ); Wed, 31 Jul 2019 11:20:49 -0400 Received: by mail-ed1-f68.google.com with SMTP id d4so66098203edr.13 for ; Wed, 31 Jul 2019 08:20:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=giiClMAwHghspubxRJeU98UBj4kcy5uaSNNQ5yHBQr8=; b=YaTXMBHevd+rhxg7oKsHgnNx749IFnPZBGV8uL7sZwZst8GkM7+TgJ5hOEwl+8ch77 0SnQ660ccq3nonm+oPVfiPClF1RSRdsFcsOmiSCMAee/860JmulRtpJu6ZVUPIXxPpab A4HPUmoMK+oL/ZYU5z/0aKIN4ZyJj82QmP1VUkYEBl9uw4vslQvBcp1bM5ghPUhjzxVC giBVV/0crRxnqKUVAJjYi7W4wag0HivWwFFhHGvLdDIRmm1PDwxpL1ZVySWrGgKoEpQY GhlGRvNmW51GC9GcIML/xNJIoQeLdRe0qiR4tweLB/NiOTOi4OWFj5nMUqbAYuKnK/j8 MnLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=giiClMAwHghspubxRJeU98UBj4kcy5uaSNNQ5yHBQr8=; b=EpsL2yAFQnYSP1cFKFjVqQdWk/OdzgvVeGQ0m2hdC9qGQxUGvR1rhV5PBGPSIeGUEl sPMlGhFRzoJelpeMUqxTVVd+h0DghXz3WIk2qXeG3uejvwap++J2m4ZjLl5Fxo7Pqe9L 4zozR+yOP9dH++c+rc5JgI7qrOHQLy7McE1Lj5FDQMmzbo6Q5s+qskXTcwanXv5ARth7 fTAH5nNffcbCcIelleDk4+Hz04tXQyYr8YyBOzc9RvPcgniUqQlRLpByUfNM+UorUJFz whdmfFlG/ZFMd3OZi3jLkoP/naSxKWU8PRkEEHbv7coErIAIX0VRYsEqd8QIHt25lVVn toFQ== X-Gm-Message-State: APjAAAX/+VzOQzjk+mFd7NGq36SKJtZj6alLuUi/4xrrupNuBYDVoCPQ +MNk7jxsUD9f7hpG/EB+hhk= X-Google-Smtp-Source: APXvYqwa7uk1eoCfkAn/mJHFtQFBKd5911qUgdeykZm3YPTTj3MkDFh75r+Wsq0y3PI0U1ZEMWspDg== X-Received: by 2002:aa7:dd09:: with SMTP id i9mr109849959edv.193.1564586036906; Wed, 31 Jul 2019 08:13:56 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id t13sm17047248edd.13.2019.07.31.08.13.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:53 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 8EA5E1048AA; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 58/59] x86/mktme: Document the MKTME API for anonymous memory encryption Date: Wed, 31 Jul 2019 18:08:12 +0300 Message-Id: <20190731150813.26289-59-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_encrypt.rst | 56 +++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_encrypt.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index 8cf2b7d62091..ca3c76adc596 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -9,3 +9,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_mitigations mktme_configuration mktme_keys + mktme_encrypt diff --git a/Documentation/x86/mktme/mktme_encrypt.rst b/Documentation/x86/mktme/mktme_encrypt.rst new file mode 100644 index 000000000000..6dc8ae11f1cb --- /dev/null +++ b/Documentation/x86/mktme/mktme_encrypt.rst @@ -0,0 +1,56 @@ +MKTME API: system call encrypt_mprotect() +========================================= + +Synopsis +-------- +int encrypt_mprotect(void \*addr, size_t len, int prot, key_serial_t serial); + +Where *key_serial_t serial* is the serial number of a key allocated +using the MKTME Key Service. + +Description +----------- + encrypt_mprotect() encrypts the memory pages containing any part + of the address range in the interval specified by addr and len. + + encrypt_mprotect() supports the legacy mprotect() behavior plus + the enabling of memory encryption. That means that in addition + to encrypting the memory, the protection flags will be updated + as requested in the call. + + The *addr* and *len* must be aligned to a page boundary. + + The caller must have *KEY_NEED_VIEW* permission on the key. + + The memory that is to be protected must be mapped *ANONYMOUS*. + +Errors +------ + In addition to the Errors returned from legacy mprotect() + encrypt_mprotect will return: + + ENOKEY *serial* parameter does not represent a valid key. + + EINVAL *len* parameter is not page aligned. + + EACCES Caller does not have *KEY_NEED_VIEW* permission on the key. + +EXAMPLE +-------- + Allocate an MKTME Key:: + serial = add_key("mktme", "name", "type=cpu algorithm=aes-xts-128" @u + + Map ANONYMOUS memory:: + ptr = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); + + Protect memory:: + ret = syscall(SYS_encrypt_mprotect, ptr, size, PROT_READ|PROT_WRITE, + serial); + + Use the encrypted memory + + Free memory:: + ret = munmap(ptr, size); + + Free the key resource:: + ret = keyctl(KEYCTL_INVALIDATE, serial); From patchwork Wed Jul 31 15:08:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A . Shutemov" X-Patchwork-Id: 11068349 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6F65B13A4 for ; Wed, 31 Jul 2019 15:24:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5D702201B1 for ; Wed, 31 Jul 2019 15:24:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 518122094F; Wed, 31 Jul 2019 15:24:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F41ED201B1 for ; Wed, 31 Jul 2019 15:24:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729123AbfGaPYl (ORCPT ); Wed, 31 Jul 2019 11:24:41 -0400 Received: from mail-ed1-f48.google.com ([209.85.208.48]:46531 "EHLO mail-ed1-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727223AbfGaPXt (ORCPT ); Wed, 31 Jul 2019 11:23:49 -0400 Received: by mail-ed1-f48.google.com with SMTP id d4so66107177edr.13 for ; Wed, 31 Jul 2019 08:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rpVydprU+qUIbG2ieS0/pcejmTH1ILSgd/PE5xIU2l8=; b=DRp4/04Ql9tuwZ8HmklcrVGbpbwpqyiHWrb5OFmDW/SEC8peDq2WPBaUHFkAudB5fO O6QRunFSo/ysHy81uSqyDDbaDB0RbNas5DoSFJjERVndASSmEQlNkxI6m4UzvLb1lYXe HR9PxFKm/WpkDGRuHh7/II3kWjLslUMYjW15KfsW1uUXxZKw3qH1ykdFZqetYNR65uFr gcHNHUE6tyTdsEhVT4TE8EFJvr35k771sHCQxS/OJ1ZA0dTfkaCGA+sR1YMCZ/ySG35J zgO0k7b/GKJH49Q3m+NOFpVJ9izt7DqzZczYOnuYmoEesdA/OGp8B5vhT4m926rqes+k RWuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rpVydprU+qUIbG2ieS0/pcejmTH1ILSgd/PE5xIU2l8=; b=GdLQfZaJhxZ6HMP6UK3z5WX/ut20rvE7q/P6570q0hi2NirrA6BRgyfdMm1j+hZx9b 4/q0/o0+mvfchXPfxZrgjvzwKmgYT1rSX62wImgY1CruvFyitgTaLJKmnhEF+IlK/r5Y g6kn0OQscmFrX51dcOk5SDJUFqFtokIM2CyA0N4JWyLHjvIZl5vaTWKl6Az3Xq4MZdV2 cbx5m0CJdVqBhkjgTX51MuVHkLfZ8YbfeHl/sxGpKmYBNQi/DJvWd8tNUU/5zny9iGnS TSVFJZ8u36tBrhDF1DLVWzGQuspToP9SKJiTUOJM86zgBjJ1wcqVJEf4Wm0mXuR/wV4o EuUA== X-Gm-Message-State: APjAAAVfc4pFbY5Spk46m48Kvdx0LYVUZ4jzpJpIwsAgjiQ4Ah9nVe+b IkxS1Ih8EojYR3ZC8gLQuow= X-Google-Smtp-Source: APXvYqzHNAWdNlgTeKpfoNbFrJilyAoYtl9yAfdpOnAx37mkMd2b2DlC485Nke0u/zSmR8xGQJj0mw== X-Received: by 2002:aa7:ca45:: with SMTP id j5mr106898585edt.217.1564586627658; Wed, 31 Jul 2019 08:23:47 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j12sm12429043ejd.30.2019.07.31.08.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:23:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 957D31048AB; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 59/59] x86/mktme: Demonstration program using the MKTME APIs Date: Wed, 31 Jul 2019 18:08:13 +0300 Message-Id: <20190731150813.26289-60-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Alison Schofield Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- Documentation/x86/mktme/index.rst | 1 + Documentation/x86/mktme/mktme_demo.rst | 53 ++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 Documentation/x86/mktme/mktme_demo.rst diff --git a/Documentation/x86/mktme/index.rst b/Documentation/x86/mktme/index.rst index ca3c76adc596..3af322d13225 100644 --- a/Documentation/x86/mktme/index.rst +++ b/Documentation/x86/mktme/index.rst @@ -10,3 +10,4 @@ Multi-Key Total Memory Encryption (MKTME) mktme_configuration mktme_keys mktme_encrypt + mktme_demo diff --git a/Documentation/x86/mktme/mktme_demo.rst b/Documentation/x86/mktme/mktme_demo.rst new file mode 100644 index 000000000000..5af78617f887 --- /dev/null +++ b/Documentation/x86/mktme/mktme_demo.rst @@ -0,0 +1,53 @@ +Demonstration Program using MKTME API's +======================================= + +/* Compile with the keyutils library: cc -o mdemo mdemo.c -lkeyutils */ + +#include +#include +#include +#include +#include +#include +#include + +#define PAGE_SIZE sysconf(_SC_PAGE_SIZE) +#define sys_encrypt_mprotect 434 + +void main(void) +{ + char *options_CPU = "algorithm=aes-xts-128 type=cpu"; + long size = PAGE_SIZE; + key_serial_t key; + void *ptra; + int ret; + + /* Allocate an MKTME Key */ + key = add_key("mktme", "testkey", options_CPU, strlen(options_CPU), + KEY_SPEC_THREAD_KEYRING); + + if (key == -1) { + printf("addkey FAILED\n"); + return; + } + /* Map a page of ANONYMOUS memory */ + ptra = mmap(NULL, size, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE, -1, 0); + if (!ptra) { + printf("failed to mmap"); + goto inval_key; + } + /* Encrypt that page of memory with the MKTME Key */ + ret = syscall(sys_encrypt_mprotect, ptra, size, PROT_NONE, key); + if (ret) + printf("mprotect error [%d]\n", ret); + + /* Enjoy that page of encrypted memory */ + + /* Free the memory */ + ret = munmap(ptra, size); + +inval_key: + /* Free the Key */ + if (keyctl(KEYCTL_INVALIDATE, key) == -1) + printf("invalidate failed on key [%d]\n", key); +}