Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752817AbcD2XuN (ORCPT ); Fri, 29 Apr 2016 19:50:13 -0400 Received: from mail-bn1on0054.outbound.protection.outlook.com ([157.56.110.54]:15494 "EHLO na01-bn1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752613AbcD2XuI (ORCPT ); Fri, 29 Apr 2016 19:50:08 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=amd.com; Subject: Re: [RFC PATCH v1 13/18] x86: DMA support for memory encryption To: Konrad Rzeszutek Wilk References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> <20160426225812.13567.91220.stgit@tlendack-t1.amdoffice.net> <20160429071743.GC11592@char.us.oracle.com> <572379ED.9050404@amd.com> <20160429162757.GA1191@char.us.oracle.com> CC: , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Paolo Bonzini , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <5723F324.9040909@amd.com> Date: Fri, 29 Apr 2016 18:49:56 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <20160429162757.GA1191@char.us.oracle.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR12CA0035.namprd12.prod.outlook.com (10.162.96.173) To BY2PR1201MB1111.namprd12.prod.outlook.com (10.164.168.19) X-MS-Office365-Filtering-Correlation-Id: 2d2ddf7e-b18c-498d-21a0-08d37088fad1 X-Microsoft-Exchange-Diagnostics: 1;BY2PR1201MB1111;2:/BGdEfJ4QBnqPK2WEd8VHnTxanGQ1+kVaZtjNTnXNZGuvGF/IvChCCNJIOFRP0rcvXcHykbvXQ3aNU0R8hdiw3hiBfdiwV9GhBPSeDHnHEdm9K3P6Uc7PLa0wXGcy/hNErjJ/DaNmPSQFtN1NYTQmC0SzxqNHqmAYrhsrIRxMqwlMyZisX2XONEjYqw2Deum;3:XxfsqQnj5QXYVMCcTcI48CNiPsuE/Fbm/13N+z4Cp+3uovx3GUcXpbKPTg6eKTup8CMl+KcpNoqjmA8wkcAwMy8hYbMeu3OmHGQKSHuOSJfbmTv3NN0DMSYCraVFgLCn;25:HNzy+pFkoa8JGjOHvmlT+3FqA5IsOVTO6s0ofR4HAS2EosC5nlDpfg1wJfh0osNqbu4c0qbLvGDGcykgh18K2b6b/ySMLtxg06xGn48fKip31iKLYd1tPbQdnAb0nRB11UjHkUG8EgHXAsZ4KZm4MiLFVn5azbKbgg1Do0Y9/ov6BlnPa2q3/yGwiMMI0HJMTbZfRpGhs/yayxTmUks0+UCaE6QAQVnOysRTgFDN504gMhB4qvB9LdPTcAuJszKl+tfzumza+BwlB9V7xTMqxqXSLLE/sHdr7zEKRks1xrjaciPA11OTIbLa4pqs57TtNSJ/xu4u8pfcQt5zxg0vaQ== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR1201MB1111; X-Microsoft-Exchange-Diagnostics: 1;BY2PR1201MB1111;20:EnK4HwIymkJRLQRQ74mwvsNbOJOwfAQ4yOXVFcrmgjB9yN5JTinU4NLWDlTjVF3XnBbi6H1fM205pjvhqmt+0SvfhZDgLZmstgDfSlP8kjA3gTMRL0bomd9O91Ry9LPF1G7vGty6lqVwxodyeQ11lzMxnUkVGOUNWsg0zQ7rczABsB9g7jdP4dKI/+ZCd4OiTUp4lWWCzNFmQuJLOtuDy/NLpYSCnhZ+jWAF5vgI2yVghmweqdW0mieba5u32JxugjcGmc6BMo3PJoyP6Fn1pvGoaqTs0jA1AnlcC/c3MynSb1AYNzsHkftlTG/9G3ksBQa/UAdyJW2i+ijrdg0Bx+WyH5GctnPNS0m8iAqBrAGI6UU+j+ibrycKAuFByQZEfCewFf6IQQ+N9nv2O4IzNIHC2Okx8cukfD+UIjofE9q67oJ1Na0TIzN7uhXYS4xJOryKZ/PsA+xZQR5cOaRB8hp2AZVXTkLLIZN/pD5fGxewqWupx5F6lvwpr8pDm1LI;4:2JSyc2/fN9yJhc+0Ht7Xn8YRxId66h6qdDdzrRFfecQ7WQletIl0wXzluhf7WyUyv+U7EAsHkqljmOOLTiWqT0Rsm0+K8V6o3OqggLNmpFZ8UMPKB0Vv6WwnOJJ/L81yC6sui0MmElE2Q+BieK9JwoqmyYGAusqfeOOUI4PLZwMD8D6iQW1IIrJE6CB5BVrXWz0Qj2+Eu0np+zIYGtbfCO76zKY8kaWbLhIghs7SyK1rvb/0wD+hgFuui3b6H3I/CV5gb/8UZO/SOga6f3noG5olaRwNI/3agD5ereFzubHWjPTmBhqunnvjHohorcWLGGhmCH8GmZSMys1TlQTuwqyfkZfmWTkmx9f+6rV6CHBLbC4svTyH8jXa3bodeCLUihRLI2YQqF42+4xQY6qq5PPasmxP9Nt1T2S47nqXBgA= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(9101521072)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026);SRVR:BY2PR1201MB1111;BCL:0;PCL:0;RULEID:;SRVR:BY2PR1201MB1111; X-Forefront-PRVS: 0927AA37C7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(377454003)(24454002)(81166005)(36756003)(64126003)(50986999)(65816999)(54356999)(230700001)(23746002)(76176999)(5008740100001)(92566002)(6116002)(3846002)(110136002)(4001350100001)(586003)(86362001)(189998001)(1096002)(80316001)(33656002)(66066001)(47776003)(65956001)(42186005)(77096005)(2906002)(2950100001)(93886004)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR1201MB1111;H:[10.236.18.82];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: 1;BY2PR1201MB1111;23:kj0bs0ynx2P4o9/LExV57FPmK4lv9IMHnzP2Y/FXoDBgAL5QrKQIJ9gAF4HHNJ6juRbC2itklNQol93HODUeGlIBt1JTtqG7sTjlNckNJ4ZRzerRV/kCsmE1gFel1GgnEH4Wfca4ySYl+hR8NUO3+WyQolJqxKrU+/26CRVMJ04kADaafbUq/Uhf9syjGzfx1GhLPeBIt0veGTKUhbMdP8p1u3y/Nsm+MjIA8ZFGicWGjqxHG0bXqDXBkuMHADXZHReaVA/RhgeMDVdrWsBPzA5Eu+0vuwA/uCmnt+PZmC3mTubmSueARjChqUJ5biLOtsX3MYoqvpPXojaaDg+Z2U1nDiGjszmH6CjkAvl3iK49KcRHzZO1it/OgF6VyzqqZykswUYKJF4H4gvnvaWyJjrswsBxEZbpD/S/wDrjv6YLel174Hf9p41iBxP8ikQMICejlHR5lJip8uK+PE4zObB49J+4EnEzUw54cj/et5eBpbjA5zeYjrA7Q59aF+q/70t6Ku8FlF8KSkxI2N5L6rHPmF5BZqqea+pyrBS0zL7PmSXXM7ozUBehzdJjjuDw8CP/Cw8SwK53sDHvLx6GAyzfJ/IBU7Zq7b4fuFObOHr56QOry0N4Rz5hnWJPt7PIPXg+gKaMGQzexALZyaZ29uupeoePkVfc5+0ZI2RTiCUSI2YJMRi2fBEkX5skspjCqjwGiwpc4eGv1pcFYD3INI5RUmNJDiR8G0tATTjvrBVJVdPv5LTiiqK/74JTRDwHLClNA9tM0Eq8KeWMUPzsKgvf2udvjh0pDS4r4HHYnLVEJpBN3jEPpDoZjNI+PmKWdAFS+zoPrgwINfCM2R3dUu/oQlPORNMYKeWb+YyYoH4GKpIHmC3saZo07FAYQq2okdP2oVTNeq5xCj1dyIxG8rDl5Ihptuoj3G5uS8ftUislAD+e/apXnXUPG8CvdK6f X-Microsoft-Exchange-Diagnostics: 1;BY2PR1201MB1111;5:a+EzV6yFn6ejpcCQHAypOxwn/I14REvQHhHV2ScDEUH2kQXPLY6TyVjSygdLK55EOIrQk4Rk7FF2bou5i1Rm12nIGH5wyCfIR6Z36mNQCI37ssrSY15RDj21XH9XnPzZBH5UWoCNcO/nZwYGjETxPQ==;24:gDLRbvDUlV5aYBzIPy6dMEvt7rKvDP/7jpBQwL/1XzQIJ5bF49FSphEvsyHoUd3+6SxCLs4bCmnqigR2D2x+XqoFwQvXiWk+aZLrWjx449k=;7:vB8Zu2AvXhc3jsw17Uh0hzbBZOygLKlwb8rpFGWCDwO0fGBgG3yCV6k25+lVmm+A97X79vEjrJR+l1au9JijJQC9NAdatIfmn4nDO2lRc4LrsJSUpFntKU3qUDgSVsaIwoxMy0vLCS8lcOPdw0awex/RxqdsZUj1omcAi8icd+VWlVxw0h496DTt6821aYc+;20:FRsh/nLNhtr2JkzAo4K6aHzo4NuNsWvJt+7HxOabFy0gzzN9sLQxUFeX4HrmZU/bhOeHksQ6pbFNMR3PBPWK3BPtD0AM47/l9rCKflNJXxGK/GKmglEvjHFp2D1Qvu2D4UumYgxobl7iDiv4xvYg4XjvZOQmTt+tgq5am/+zjHsrhGoiN+OkDufv/24dEXU0uRMmRMRQBtvsZBymdRYnoJ/WXw2SWlVUBMA+hmRWYEV+0d5XIavPgxGt3CzNHfLc SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Apr 2016 23:50:00.2587 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR1201MB1111 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4150 Lines: 120 On 04/29/2016 11:27 AM, Konrad Rzeszutek Wilk wrote: > On Fri, Apr 29, 2016 at 10:12:45AM -0500, Tom Lendacky wrote: >> On 04/29/2016 02:17 AM, Konrad Rzeszutek Wilk wrote: >>> On Tue, Apr 26, 2016 at 05:58:12PM -0500, Tom Lendacky wrote: >>>> Since DMA addresses will effectively look like 48-bit addresses when the >>>> memory encryption mask is set, SWIOTLB is needed if the DMA mask of the >>>> device performing the DMA does not support 48-bits. SWIOTLB will be >>>> initialized to create un-encrypted bounce buffers for use by these devices. >>>> >>> >>> >>> I presume the sme_me_mask does not use the lower 48 bits? >> >> The sme_me_mask will actually be bit 47. So, when applied, the address >> will become a 48-bit address. >> >>> >>> >>> ..snip.. >>>> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >>>> index 7d56d1b..594dc65 100644 >>>> --- a/arch/x86/mm/mem_encrypt.c >>>> +++ b/arch/x86/mm/mem_encrypt.c >>>> @@ -12,6 +12,8 @@ >>>> >>>> #include >>>> #include >>>> +#include >>>> +#include >>>> >>>> #include >>>> #include >>>> @@ -168,6 +170,25 @@ void __init sme_early_init(void) >>>> } >>>> >>>> /* Architecture __weak replacement functions */ >>>> +void __init mem_encrypt_init(void) >>>> +{ >>>> + if (!sme_me_mask) >>>> + return; >>>> + >>>> + /* Make SWIOTLB use an unencrypted DMA area */ >>>> + swiotlb_clear_encryption(); >>>> +} >>>> + >>>> +unsigned long swiotlb_get_me_mask(void) >>>> +{ >>>> + return sme_me_mask; >>>> +} >>>> + >>>> +void swiotlb_set_mem_dec(void *vaddr, unsigned long size) >>>> +{ >>>> + sme_set_mem_dec(vaddr, size); >>>> +} >>>> + >>>> void __init *efi_me_early_memremap(resource_size_t paddr, >>>> unsigned long size) >>>> { >>>> diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h >>>> index 017fced..121b9de 100644 >>>> --- a/include/linux/swiotlb.h >>>> +++ b/include/linux/swiotlb.h >>>> @@ -30,6 +30,7 @@ int swiotlb_init_with_tbl(char *tlb, unsigned long nslabs, int verbose); >>>> extern unsigned long swiotlb_nr_tbl(void); >>>> unsigned long swiotlb_size_or_default(void); >>>> extern int swiotlb_late_init_with_tbl(char *tlb, unsigned long nslabs); >>>> +extern void __init swiotlb_clear_encryption(void); >>>> >>>> /* >>>> * Enumeration for sync targets >>>> diff --git a/init/main.c b/init/main.c >>>> index b3c6e36..1013d1c 100644 >>>> --- a/init/main.c >>>> +++ b/init/main.c >>>> @@ -458,6 +458,10 @@ void __init __weak thread_info_cache_init(void) >>>> } >>>> #endif >>>> >>>> +void __init __weak mem_encrypt_init(void) >>>> +{ >>>> +} >>>> + >>>> /* >>>> * Set up kernel memory allocators >>>> */ >>>> @@ -597,6 +601,8 @@ asmlinkage __visible void __init start_kernel(void) >>>> */ >>>> locking_selftest(); >>>> >>>> + mem_encrypt_init(); >>>> + >>>> #ifdef CONFIG_BLK_DEV_INITRD >>>> if (initrd_start && !initrd_below_start_ok && >>>> page_to_pfn(virt_to_page((void *)initrd_start)) < min_low_pfn) { >>> >>> What happens if devices use the bounce buffer before mem_encrypt_init()? >> >> The call to mem_encrypt_init is early in the boot process, I may have >> overlooked something, but what devices would be performing DMA before >> this? > > I am not saying that you overlooked. Merely wondering if somebody re-orders these > calls what would happen. It maybe also good to have a comment right before > mem_encrpyt_init stating what will happen if the device does DMA before the function > is called. > Ah, ok. Before mem_encrypt_init is called the bounce buffers will be marked as encrypted in the page tables. The use of the bounce buffers will not have the memory encryption bit as part of the DMA address so a device will DMA into memory in the clear. When the bounce buffer is copied to the original buffer it will be accessed by a virtual address that has the memory encryption bit set in the page tables. So the plaintext data that was DMA'd in will be decrypted resulting in invalid data in the destination buffer. I'll be sure to add a comment before the call. Thanks, Tom