Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932287AbcKJAvg (ORCPT ); Wed, 9 Nov 2016 19:51:36 -0500 Received: from mail-sn1nam01on0067.outbound.protection.outlook.com ([104.47.32.67]:46227 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932220AbcKJAv3 (ORCPT ); Wed, 9 Nov 2016 19:51:29 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; From: Tom Lendacky Subject: [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , "Paolo Bonzini" , Larry Woodman , "Ingo Molnar" , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , "Thomas Gleixner" , Dmitry Vyukov Date: Wed, 9 Nov 2016 18:36:20 -0600 Message-ID: <20161110003620.3280.20613.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY4PR21CA0012.namprd21.prod.outlook.com (10.172.122.150) To DM5PR12MB1148.namprd12.prod.outlook.com (10.168.236.143) X-MS-Office365-Filtering-Correlation-Id: dd2ce236-3d4e-4512-0603-08d409019a02 X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;2:sjFpdsfDor2VVeTRm+1jZrAibJ0AnpTkZ5y5BgiNbkddIjgC+zATUqFcDtSSauao6SElPGNBvoqvj481im5yefMCC8bNDj/e21LnpaQ2fwCW3Cx+1mov7RRsWePoRoTUewhJ+tarGjkKh/ebyguNKRwwjbVZp94WPaDGDfxOlEG8R8o1H7Sijyk1kgxjUyesNyEoJBXZKnQUG/WWZzzzfg==;3:Ji4ekjbLyRMVe8HfDng52JczZY0ChWhe2XXF4mPQ92z51uqtiZrCjIuj3ECyiN34SodJ6dPigoDa8pr+GW3Y+LMLcsxYMz8jdcWOWuYVCyfqPTIljk5qxL0XWe2gWS6PFssClaK5sku0fLSARZpnWw== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;25:mFVzj8dUTkDHxO60XhRozR7OAIQ/6L7Md4QfxduPAdRLRsZ9L13BYy4txZcQhXGGQVfZwnXaps2KG0C34QBmkRiFfTN0lzTn8MCBT1rPRpSD0h5zYgf7WMXFfdjrdpvkBZSW23vmHe1uDHqG7E64QCFODYOjRaZQEOHebIO4DS4br8Tm2YlpkMjk+ljN35WFYkgZ7so7xjVnjchWKu+bw5dtlmx6JObvCOsYkdLdA8iB4qZhNkTTopSxhhbjvQSwmYAPnUFkRMbg9BpNYEpPa0sNeKjJ60CxyyDxv5HjOpo8Tky+t3B1ESY0h+Idc94MCO9Q89aowwb843cEJu6nnf6KQakbUaVDNJ1EYPQDT8I7EIY6pQGK8/ZirdhdQtAD8j+RL2HRSjeTHGHVPcdGpF+JqzMduEpxWky2EgKe0+IbaqY/IUcCnyKKhV0PvVvN3GrShTZnawjw1//1ZkWF2R0nEN/C0lbT02ph+eGIyNrsf226hoVAx8QxOW99WCl86czYYP7HN6trn9vInyUcAwIlRFpg9/IjPH4q8FHl72B7b+cgYakv6E6QENL+/6ffEOebhsW9cUi39ibKpckqwFu5+NBx9oS8dexhgb5VGBhQ8Wp2y9dqtKiH2TtBiLCNczgnVKJelcto382SjtVgUUD7MNIIjblP+HDgc0zcwZGzd+7uFp0TW0f27BlKkaRvLmRFAqtpzocSPc7ss32W8Q== X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;31:DAfcrKrhfXGGaysEQcQsd2/xTAVWOIj+SphfmsKx7HOdTi6PEk4WlgVTwxM9ypIheVzlghrcCx2G6fDSdIXIa9S5LR7iSm+lLW1f0IZWBqba7UNJSFrnZAgnQbeSwCGbfivO+rpH6jRl/rMroW9Sbef8O8y4vf26Skemj5pGMzAR5LCBtD9ujtCHg3E62319DSdv6Yq61w2HpwM4pkWG0Hy/+Fo4A15ik0bzPOTiowwJJfq0yxS0i1Ck2TMf8j+l;20:1yMhag4R4iRER+yqgGALpeuZsgw3jQxuSmmtpR/q9IS8t4geZNyvByoHA37qfmeZgz3Q4/3i1s32nmnNwaLv2i1OLaKKWDUt8FYsv3NdwbVN071t/bjiH+bOX2Y8j6VI3fqImpY+4Gy5dsUWVb13CYmwkmDX0dabWZzsIfArcqFgZfwGk3+R6oIw5XNx9m8i9BA36lDvlOZlfbucngYci+a01qes0gUglizf/GRPygXmCj/aIfb57d8ZiiTY2iO1xcoe0M0f4a87Z5lReJ5/cNGsfGycBe1XpB+DDyzW9Q7Qcnx+GoU1QHbvZgPFsOLvxS0qDK++dM+LDvpkZjhV8z73VF1tG5vr1DtGz8HUyxIeebzhZYL4g9uvzhxijokhbOX7NX1BLe4QOFHtXYALf+sD4q6HAV5wuWYkP4gcIbdzInX9wP5hN6a6fCSGkkqEckwtIOsnQFR2xkKq1pw5PEjDEhoTmjjhmE63dnoDzxr7cRVpKXf4RkYMdLqvdl7Q X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026);SRVR:DM5PR12MB1148;BCL:0;PCL:0;RULEID:;SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;4:cbJ9Smgp+ARf2YKNAAN53DNZZVVbUXHKKJHdC70m/tvCOmorokNP6z1XpjHyWkWawK/p7mJ6/rjrCUTmnx1N4AwLF2F8M61D/nAgGySu4jj+u3+9wyU5agwAqPFKJ7s5W6bRgt85FbRdVNARWki4Eo9Tb6tWCVMEQjPeK9OixsUkW25cAOHsboW1E2oVr2YgBeesK4SMu1V0HSwdyFpTOb12J7W53zPg6eGoLy4C3pngmf4VTEE4YHmQ1yoPokA9wfnN4tv4yAM3dktOqbSGNqO9k5gi2fu81qU/p5dOt0PwurxFDevc3Di5YeqbiNydgARqAD/aJ3ZoUPLHxmA3xXtAze/zKDSl3pRLHWhKflHMGZimAZCYnWeyJKZ7kLG1WrrJuBQuDGM/OQMR6RI6rrvYPVXu4koni9W32IDmednqVuh8Ew1Lq2+13Sazpjl1q5yZtEmEws917Y33Ej9IUg== X-Forefront-PRVS: 01221E3973 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(7916002)(199003)(189002)(189998001)(69596002)(5001770100001)(4001350100001)(33646002)(50986999)(9686002)(97736004)(106356001)(101416001)(81156014)(50466002)(305945005)(8676002)(105586002)(7736002)(7846002)(81166006)(53416004)(83506001)(92566002)(42186005)(77096005)(4326007)(86362001)(1076002)(5660300001)(6116002)(230700001)(586003)(7416002)(97746001)(2906002)(66066001)(2201001)(68736007)(23676002)(76176999)(54356999)(47776003)(2950100002)(103116003)(3846002)(71626007)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM5PR12MB1148;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ4OzIzOm9mVEZCSENob1hDS2RmeHRLU0UvMGdNUHlJ?= =?utf-8?B?VTlDVExRbXF0dWMwV0lWa1lITVF2M2wvamk1VEZENXMwNU43V0hxTmV2T2lJ?= =?utf-8?B?dVV4azVJUjN5ZE9GY1JHV1N0cHAveWlWeHEzTStLZS9HQjhqTHNFZVo1YmFZ?= =?utf-8?B?aUJQK1EzSVMrK1Y4OVpRR2ZUaUVQRGN0aXc1NlJPbjhCRGE5UzhRejFXMEJs?= =?utf-8?B?SXFxY0FrVXVXYm1OL0puTDZIRS9uTEFORTlmd0dYTWxxVFRsOGRDWFFoR0s2?= =?utf-8?B?Wk1yWDJnOXMxR2x6T3g0c2ZhQ01HQ2tGY0tsenBTOVdidWpTTllreHJPNEth?= =?utf-8?B?d05zbElQVEg0ZHhDb3RwVCtRcTQzUWpFNVdJVlR2cEtPUVhsTUhmU1FGcGNp?= =?utf-8?B?R08xc24wNWtTREI0TlZ0a092L3BtKy9DcmY0anRYYjEwZ3hNT3FVOXdNdXY5?= =?utf-8?B?N09jWjB1WUNoQTdGT0ZuQkl6dVQ1amdoWWEzZ3RkR3BKbjhCak94NjM4N1RO?= =?utf-8?B?VERlVEtOUUVpaVNMVmZIaXBFVkkrQU5NM05rZ1VoR1dKYjdIUnpWcjBaNTFp?= =?utf-8?B?em8rSGNnSVJrNWcySzRkVUJUWGxTNVAzOFdRN0ZseWhleVJldmF0N2dUSWh0?= =?utf-8?B?L0I1R2o4TkcrQU02empuU1BIRHlEWmVyc2FoSGVyRVhLQzQwekVoZjFTNUJz?= =?utf-8?B?ZHBLNlJxNWNzTE9Bd3BJbXJnMzhjTmh6SXZhNlQ1UjlBS0g0djNuQ3hXV08r?= =?utf-8?B?N2xYTVlJV2NyRTAzaXAzUzk0YTgzeWE4L1h4VWtPQ25jVnViZEs0L21Obkw3?= =?utf-8?B?bHFjYzIyNklrNGNZSEVOWkR3QXRvU3dHTVZIZ2FFSFdYSWs2VU95QzlTaklL?= =?utf-8?B?S3VjSWZMelVOZXc2SlBxYzRzOTJGaW9tVnQvSHhRSzR6UFZaMTNPdyswd01p?= =?utf-8?B?bW5tbzRIQzNEejAzVGdJNGhUTXlZL2FPaXBudzBBVGwxNVpuNGJuWHJ4ZUt3?= =?utf-8?B?QWpFWmRhOWJnaU5FdmJEeWpXRzRLWUk4TVp0enRwbjE4SFdQbFBLdSs1cG5D?= =?utf-8?B?d0ZSOFE0d0FXSzJjWG5CZ1JpbXdIUzcydm1JQUpMdlBaZnB4WTh5QWxyUTZl?= =?utf-8?B?SlBETjRhN0FFdVBUMEk5S3lzKzNGSXJ2N2I1cWVOdktlNDNxRStYNTgvWlZG?= =?utf-8?B?TzJyeTdlUFMyMHBkc0JLUHNVSTJuUVArU3pNT3VFU2pGQW1uelhRekFyWk5s?= =?utf-8?B?UzEzM2FmY0dDT0g2cFpHUGZyK0s1UWQ1WXlPVUY2bmlnV1JNNUd3Qnc4RE1y?= =?utf-8?B?SUwvYUt6c1VEdUp6aDdCSXY5OE1VZE55ZWxWWEZqcDYrdXBJK3RlTTZzZW4x?= =?utf-8?B?WXViWXVvZFhTbmlvb0QrYVlVMzZEUW9jeko4NlJZc09KenRXdHJFUmtSUWVF?= =?utf-8?B?UDBlL0owZHhiTGNYZWxrdlR4a0NLSTFIYUpnNjNJUE9jZk9ibXRUbjFHdDZv?= =?utf-8?B?VXNFRnQ0bklXMzB2ckp0b0lPUzhvSTNlcGxQMzZ0NVZPWUcwSjg4MjlpRUI2?= =?utf-8?B?eHBjRDZveXh2eTZQRi9hYjEzVFJtUkZ1R3NaWUxFWjF2TFJvZ1kxY1dvWm5X?= =?utf-8?B?VEJZMmJVT0FMY05BUE9UZXZVeXBCeGtYcm1YY2tEdG9KaUFzTjdlVkN3PT0=?= X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;6:wSjFW5xBzt8XbNnID/cVGaCgJri43iBmU/tPwAz6UzNU9RL3mm+I1AkgyB9+ovaSaJ/SzuP+50jfIl2OuBwFUiNGiQhLdcY2klJQ32E/oe1I7Tmy9GirlSqOZ0kA6354gIEdn0hvMh/aNz3gIkQNm/BMn0PopZLkibUcqFBy/6icADqMG7EEDZhyfxlE31i7UiyNQre292hbTRV4oeRiv/VB/kmPkIP5HY5nxXaukLWA2JgKCvcrj/WSYC1W929P9vCie/1HwDcXy483ulhV2l8y0w0qhFqaUppfcWnQN91Of9f7W72rX39/O9q23e/+SIBjrp+2YYR55ATYsh45UVWq+bW+CI0ctw/Niq5oMbM=;5:o0KyJpgh+BkjUGnkgub/+brcn4JUxmDGhpiiYepF9vhgfs4/GKA2Qw9XGhNdfWt+SGR8+GntZ7hA3iGrX+HNcT6BrFuMAysmQWY289cGWj/nbkvGbUBYsHIDVJUq8o7w/1yFawUaeSb3DdVCQanAJw==;24:6sqO0amzMKgeOkENj65Y1jGohEiBeCqn9ssv7qFf4O7iujcUhmTZspGsWPqz0p/T7k4FtmkmDCqXEqCl9W3zWXGyceKz2/FM7JSoOyEqE9o= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;7:UE5r8nbcxXGSTryb911aXcQH8OMDq8uxhNdlbFeaEfyNP7K5HLf/FKvxFS5NXEzpummzSURh1bCRPFRnZmWcqUJSMC6HQbo0gqsZBj+PtkzmdOcdg+/kvKAgXbJRLzxN6KTmfV0zC0McUBp+k/Ev7iIBNh/wXaLx+ahwGYDA6Z1MNEN1sPn4rm6M1o+V2VTvGjkeVeQnP+Pvnp5YD9gti5C+p74oyof+TyQzrRex0AJC+OIIdcJkIAkc5935UctJgFCjsT0noqXvoAjSjynozg4FjkjynD2is+VwHNmW+AvMyNCMlHfOcjo8LIam4XZ8LBxhL6vdJl6ZzbgO6M7SEr/9x7YWE9mUaJIjjxgvtFk=;20:SRFDdzeoP4waJckOakX+i8TrqLjuRX++BySzBisn/0f51Gwv+XauE0bELT7qIGleWgj45HK0/yRD7+lZvvRBgiD9DVwFPF6LD0x4D56uLTrDmnZJqfVccr8Z+llt24lsQgfV9u0t2NJsunnUsLmWBCH1idUM6CYglv27bQnzbSTP3cj/FG3ZABPC00eS4FkQnXY4yWzMiyrUNZSqcg12dKYSfCM3uXO5qZwfn4N2xLntxJJP2JTGgrRBtXnQ+VNl X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2016 00:36:23.6292 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1148 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6283 Lines: 206 The boot data and command line data are present in memory in an un-encrypted state and are copied early in the boot process. The early page fault support will map these areas as encrypted, so before attempting to copy them, add unencrypted mappings so the data is accessed properly when copied. For the initrd, encrypt this data in place. Since the future mapping of the initrd area will be mapped as encrypted the data will be accessed properly. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 13 ++++++++ arch/x86/kernel/head64.c | 21 ++++++++++++-- arch/x86/kernel/setup.c | 9 ++++++ arch/x86/mm/mem_encrypt.c | 56 ++++++++++++++++++++++++++++++++++++ 4 files changed, 96 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 2a8e186..0b40f79 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -26,6 +26,10 @@ void __init sme_early_mem_enc(resource_size_t paddr, void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size); +void __init sme_map_bootdata(char *real_mode_data); +void __init sme_encrypt_ramdisk(resource_size_t paddr, + unsigned long size); + void __init sme_early_init(void); #define __sme_pa(x) (__pa((x)) | sme_me_mask) @@ -45,6 +49,15 @@ static inline void __init sme_early_mem_dec(resource_size_t paddr, { } +static inline void __init sme_map_bootdata(char *real_mode_data) +{ +} + +static inline void __init sme_encrypt_ramdisk(resource_size_t paddr, + unsigned long size) +{ +} + static inline void __init sme_early_init(void) { } diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 0540789..88d137e 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -47,12 +47,12 @@ static void __init reset_early_page_tables(void) } /* Create a new PMD entry */ -int __init early_make_pgtable(unsigned long address) +int __init __early_make_pgtable(unsigned long address, pmdval_t pmd) { unsigned long physaddr = address - __PAGE_OFFSET; pgdval_t pgd, *pgd_p; pudval_t pud, *pud_p; - pmdval_t pmd, *pmd_p; + pmdval_t *pmd_p; /* Invalid address or early pgt is done ? */ if (physaddr >= MAXMEM || read_cr3() != __sme_pa_nodebug(early_level4_pgt)) @@ -94,12 +94,21 @@ again: memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD); *pud_p = (pudval_t)pmd_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE; } - pmd = (physaddr & PMD_MASK) + early_pmd_flags; pmd_p[pmd_index(address)] = pmd; return 0; } +int __init early_make_pgtable(unsigned long address) +{ + unsigned long physaddr = address - __PAGE_OFFSET; + pmdval_t pmd; + + pmd = (physaddr & PMD_MASK) + early_pmd_flags; + + return __early_make_pgtable(address, pmd); +} + /* Don't add a printk in there. printk relies on the PDA which is not initialized yet. */ static void __init clear_bss(void) @@ -122,6 +131,12 @@ static void __init copy_bootdata(char *real_mode_data) char * command_line; unsigned long cmd_line_ptr; + /* + * If SME is active, this will create un-encrypted mappings of the + * boot data in advance of the copy operations + */ + sme_map_bootdata(real_mode_data); + memcpy(&boot_params, real_mode_data, sizeof boot_params); sanitize_boot_params(&boot_params); cmd_line_ptr = get_cmd_line_ptr(); diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index bbfbca5..6a991adb 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -114,6 +114,7 @@ #include #include #include +#include /* * max_low_pfn_mapped: highest direct mapped pfn under 4GB @@ -376,6 +377,14 @@ static void __init reserve_initrd(void) !ramdisk_image || !ramdisk_size) return; /* No initrd provided by bootloader */ + /* + * This memory will be marked encrypted by the kernel when it is + * accessed (including relocation). However, the ramdisk image was + * loaded un-encrypted by the bootloader, so make sure that it is + * encrypted before accessing it. + */ + sme_encrypt_ramdisk(ramdisk_image, ramdisk_end - ramdisk_image); + initrd_start = 0; mapped_size = memblock_mem_size(max_pfn_mapped); diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 06235b4..411210d 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -16,8 +16,11 @@ #include #include +#include +#include extern pmdval_t early_pmd_flags; +int __init __early_make_pgtable(unsigned long, pmdval_t); /* * Since sme_me_mask is set early in the boot process it must reside in @@ -126,6 +129,59 @@ void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) } } +static void __init *sme_bootdata_mapping(void *vaddr, unsigned long size) +{ + unsigned long paddr = (unsigned long)vaddr - __PAGE_OFFSET; + pmdval_t pmd_flags, pmd; + void *ret = vaddr; + + /* Use early_pmd_flags but remove the encryption mask */ + pmd_flags = early_pmd_flags & ~sme_me_mask; + + do { + pmd = (paddr & PMD_MASK) + pmd_flags; + __early_make_pgtable((unsigned long)vaddr, pmd); + + vaddr += PMD_SIZE; + paddr += PMD_SIZE; + size = (size < PMD_SIZE) ? 0 : size - PMD_SIZE; + } while (size); + + return ret; +} + +void __init sme_map_bootdata(char *real_mode_data) +{ + struct boot_params *boot_data; + unsigned long cmdline_paddr; + + if (!sme_me_mask) + return; + + /* + * The bootdata will not be encrypted, so it needs to be mapped + * as unencrypted data so it can be copied properly. + */ + boot_data = sme_bootdata_mapping(real_mode_data, sizeof(boot_params)); + + /* + * Determine the command line address only after having established + * the unencrypted mapping. + */ + cmdline_paddr = boot_data->hdr.cmd_line_ptr | + ((u64)boot_data->ext_cmd_line_ptr << 32); + if (cmdline_paddr) + sme_bootdata_mapping(__va(cmdline_paddr), COMMAND_LINE_SIZE); +} + +void __init sme_encrypt_ramdisk(resource_size_t paddr, unsigned long size) +{ + if (!sme_me_mask) + return; + + sme_early_mem_enc(paddr, size); +} + void __init sme_early_init(void) { unsigned int i;