Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753191AbcKSSNX (ORCPT ); Sat, 19 Nov 2016 13:13:23 -0500 Received: from mail-bl2nam02on0083.outbound.protection.outlook.com ([104.47.38.83]:34880 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752398AbcKSSNS (ORCPT ); Sat, 19 Nov 2016 13:13:18 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly To: Borislav Petkov References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> <20161110003620.3280.20613.stgit@tlendack-t1.amdoffice.net> <20161117122015.kxnwjtgyzitxio2p@pd.tnic> CC: , , , , , , , , , Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: Date: Sat, 19 Nov 2016 12:12:27 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <20161117122015.kxnwjtgyzitxio2p@pd.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR20CA0009.namprd20.prod.outlook.com (10.173.136.147) To DM5PR12MB1148.namprd12.prod.outlook.com (10.168.236.143) X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;2:E2tFTOsrTahNXgJrWD/bQHCp5uTZ44UfPUv6HaDA9ZK9qmeC2mnGCaUWBXqHcofGDnCR+QdLAauFNqMXRTB5oLooTvKiW8sgd0kRBZ6aJjCiJyboVAsSm5TloYkaABhvbr8v+u++OitmdV6oTBXlEpF7FT8JzZqXefQLqv3i8OU=;3:Eg88TDbQlDqIthYk4vh9Km+dJ1qFh690eGUvz9TbpPq7ICoOh15wYjG+pezM5VpXDyJA28QBclk9p9mDxxDMIdiB7mXyGXQmbBl+SxzV7TrzcaWIgfOYCFvNo5XhgF5pCcS/A65zSFP5+wgnNFQfE5LyLziBnjfnFka+4C3o9Ps=;25:UUTlWUG16TqIf1kFnaLBQdb+t2IA1MBCgGEeMqLC42wRjobAiGJE7v5pQmTLy7xAiEB9WpvrzsllMwc9OW4cRz1eSgCq2rgf5ONxz3H7zk2krOH3orJ8Mfj0b2DyKxFM4V1hxzGZHrnDdb7gBMgz+SV4pD/dXC251+yxj7UrNUPXSzFbS6TLzRE2Vq6bFYstpZsnVOlJL0qdll4muY0I1Fp2cXuYbFme8W7SrXLoLFG8AKxD2pqJAkgTIsWavTVNgKIDSJha8eNwELPAmmRLIQs2KM2MhfB+PPABtjaSlvian/jcWwDoTR/Exn5YEJXCTMuxO2WyEve2c908puyuq4la/dvp9jG6Sg2ZSBXQiVwEcm2Dcjc/g9mPupE6yT855EJySgYcIlrJNKDsa2qHeRKJHzZfo0Az4gk2if/nNy5KQlxiSGUV9W5z1kN2A9TE/8VDD+5lGucYbRFk2kdcXw== X-MS-Office365-Filtering-Correlation-Id: f3463b5c-b16a-479e-bad4-08d410a7b756 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;31:nMt9kDDDcaAEmNxdu5sash9D3TidxI+JlL1t0IeaWXETINqrcLLIfeyhNUWhjuALtLKbTrfKX7UT1fxa+rtfIZpslISYglGUDWWnX+KojHXZ1SaYuSXTtoLOjdaZFSpAlYkBWO//d0qSxjVJ4t78cHn9iWQby11/sa6xIOfdFxyu6BtHOAbTFVKspwsHxFLZsqUCCva5CsldbEJSjS4okaqf4Vn8BwSdCr40Gq+Zvvqp2M7JYFvfA6GIqPysbbbl4adL4hfrp5wO9jukpNayU7rf8IdY1PTkLPWrj+5KdDc=;20:FLJ/zUAR7EYYgZrkiCIUSvI0yVWJx5+e7KBTsI94lt9xzfE7VhGOTcVXiZ9BGxtoIWqc0RREqalFJ6Ind50ulGWGPK63lGFe5ZJsADBfQE9q6i2tgpjvCQ5Z+BCEODsN9iwNpbu2wqqMrLEGT/MJ9WDqzpaehONLt/0D3QrwIQXLqfnoRbi4hsJsk7MKxbIsApDG+rw8eLk/bBI4uO3sJkhdy6ASW8dDofg34FdEE0ITdI/ZCevjRzv/X/CWe6Qp29wQKrqKpcaVwnz9ghnlGBUDSi5vxYyI55/p/Sz7//XlX6tjU++n9FDEwxar1pvafOk7da9eHhfTZAgosIHwSBg1eAT9xe+t2juCguSwj4iS4Vl2+wAErNDyB0NK1cT1N9en47P3h/qAzjSCoFg98HcNR09ZyQHqJTzG2TxnC5uyYLtWTyAIe7OLiAglI73Uw8FLUFdDJ1vlJTgr4Ne84x9StsMylB5Dt6IOUfAfSzHGyFgHd2smfq9FKuGlFVPY X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040307)(6060326)(6045199)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(6061324);SRVR:DM5PR12MB1148;BCL:0;PCL:0;RULEID:;SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;4:UQvI5DRd99QjC63ZoaUI48Dgndq6Absf05joouGFQA9U38iDDBBuG+V5YZekkLuDajs17BMD6zhs68GABHAYvKoPTU81vk+i37i4eK9W0fGMAWeIecbVAjVbZ/f6dKOtf0TEs7U4GR+yNGvSbIGQgrhkwnbSa61FgRAWxniIliHkoqUFhU8XLnRacLliW7/enmL5r80t25IdfOEhu/QDg7t8XMHv0Yg7NrMwYEcGLA4WC1N7KGJxunpMIbioxTe0YStJxo25pe9key3styUtAI/CWSuxLrl+6JK81o1W8O/g+0mF7SidbNXgnSK9IMlK2YL3GRrAJPsPOy6Sarm/AKzqy4WwWA/gwQZHQLwkMKtz45PTrGXEc6nvSqidaLTxkp6hhbuQ+mVPIXTjBlt2hdfOAMGVNJi91lRD2E+hIvT+4tBClcp6Ble862JQij4Ujjt76VrOvFtLKeSB4RTQ4jfkUjXVp6yhHvYqzI4/nEUth73VnXWyMnoqMHQc8NC12PiJv/eNY0i69zw9KADwrMH6wVJEFPNVuJwOjIiZW5Q= X-Forefront-PRVS: 0131D22242 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(377454003)(24454002)(189002)(199003)(305945005)(68736007)(65826007)(76176999)(7846002)(105586002)(50986999)(4326007)(42186005)(31686004)(65806001)(83506001)(81166006)(7736002)(81156014)(92566002)(5660300001)(64126003)(50466002)(54356999)(2906002)(7416002)(77096005)(229853002)(2950100002)(23676002)(47776003)(33646002)(36756003)(65956001)(66066001)(31696002)(86362001)(4001350100001)(101416001)(106356001)(6116002)(3846002)(6666003)(230700001)(110136003)(97736004)(8676002)(189998001)(6916009)(38730400001)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM5PR12MB1148;H:[10.236.64.222];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ4OzIzOlJBa1o0dWllRzVRU2tpRWc1dkpBZDRTZlla?= =?utf-8?B?KzIwTmJlQ3dmV1dHUTNyYUQ0UXVXeWovRExUaGpLcnkxNU5nVlREYVNLK05Z?= =?utf-8?B?SENFUzJwWGtmOVdxbFdFKzlHRVhzUzRPVWVwRDBUTjhnT0phL2MxVlBOeDEv?= =?utf-8?B?eGdrOWsxT052enNtSExJV3FITW9CbXFIUU8ydlA2SUJFaXpyanZZcXVtY1Bx?= =?utf-8?B?NjNFRTN3Z0lud3VQRDBkbUsyUE9heEhZOUFXakdGRzJVVFI5Z0lnL25IeUNs?= =?utf-8?B?L0dXM3htSUk1OTJka3RCbXA4eTV4cXJOVU1MNEZyMzV0dHcwVDNLYW9nN3Uy?= =?utf-8?B?VzJMS21nbER2SzRha0FzTmUvZFpsVG5RTWZGVE01ZWFxVHQ2QTJiUUZaWnJo?= =?utf-8?B?aXFMK0UvdGt6RHp4ZEVPb3BKR0pXWTkzOE1mOTNvclRNb05QbmpZQXpFV3Z6?= =?utf-8?B?cjFXUC9teDk1Nmwva1dhMFRmakdZcFYxVWlYczBwaTkwbHl4alkxRWg4a2px?= =?utf-8?B?d25wSDFHUU83ejdvUFlUZVIrL2lJNzAvRUZ3aWpta3kwVUNtNWpBR0ZoL0p5?= =?utf-8?B?WlE1WmMxS2Q2SXNTZ1prTUxyYXdiMTkwVmFNbjhQWmp3SUhlODdZVFZpblN1?= =?utf-8?B?bTJRaG9Md254VkttWXpma3NpcXF5Z3RZZGdtT3ZITm5lOS9WWk9iNnJvYXlz?= =?utf-8?B?bWljRTZrVGtKaFpVTW5qTHVCRGFBTjFFd2Y0SE5VVWtzNk5ZVmtldVI5Y29W?= =?utf-8?B?ZGhjdG1YY1Z0MDNYOXJlTjV0SE9kb3h3eVlycndUWTlEd3FvMUNUczAxT3Rl?= =?utf-8?B?cGJYSXAyNmNxeFZKWjJqMnlsdGNIVUs4VFRRTWg1ZnJlMWRNdEN3Zzg0QS96?= =?utf-8?B?b0VFT1ZEL0tJL1BhN2lWSzBRYUxKbmpNU0RpMkZPVnliRVJiMWVzMWJsSDFh?= =?utf-8?B?RWVwMG9kRlRpeGlKdjgwdnpGbUVIMDRQTWRnNk9scmNJVncwbDNjNi82dmdC?= =?utf-8?B?RnA5clg2enlsM2JibERyMDdCK0xycW9sZkNQclFPa2lkMUkyeEFZcTlWMkY2?= =?utf-8?B?T1FFVXVSS2JlcmlTWGNWZXA0bWVGaUs0QThwSEpDUDB1TExNa2w3YytRYkgx?= =?utf-8?B?bHJtSEJ6WkZrOENjS1RuVjNHV3pTWnFnTGh2T1FNQXlEK2FSUXNTcXBCbktv?= =?utf-8?B?TkxNS1BpYitUN05vbU9PM2tuSjlYMVc0b0h3eGJPRjViWWYvbVR0NHk2VGZ5?= =?utf-8?B?WmMwS3FIZVU0VUU1QXZJNHRHWmkwQUEyS0Jma0hVMGthRVY4RGpJeHZPdFlS?= =?utf-8?B?TFlFZHhJQVlMd0VpcXhFV202cUZWUGlRd0gxWC96aG5tVDlDQ0dmbGdZcGFN?= =?utf-8?B?UzhMZTk5YjhSU25HV09oa0thQVRnTy9MbDR3cU1zL29ySHI0dW03SEhUa3l2?= =?utf-8?B?SEZqRmJmaWVsbEVrQjBMMXczQ0JOSnorSnB3T0Zqa0VQbXNiSGxqdVQvZnJV?= =?utf-8?B?WDQ4bzJxUTFSN01MMnk1TlIvS0VIWGNqUzRsdWRMbVoyUzBwcXFnMHZRVDdW?= =?utf-8?B?WkN3VHB0S0RDT0tqZEtoNXREeUlwWTdTN05uTmxoRU1Ic3NzRzBXNW8rSENJ?= =?utf-8?B?WU9OakFjZ0x4YzJDRS9hajNRTkJZY0tScVRJRHR0TVorMjl3L01oY053ODVl?= =?utf-8?B?RkhidkF0Qi80elFXZWE1eTNWalFnSThVVWF2SjdubWhPYnlnTFRFamVsMWZ2?= =?utf-8?B?dkVlQ2szYjJDVHd3OXRPaWR2OWo4K3M1V29nOWJ5QUV1WVVqQXJrNTFNa09U?= =?utf-8?B?YUZ2MmdtbXRWSWRLeEo4Nk9UdGdjZy9xK2xJaWJ6dHNQNWc9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;6:GqsVzBEfrRN2LEOY2u7tSDyCGq7Ru0Bnfew/xYwg4U7gwKS6KK9SWM5Cg78Ru/JqeKP8z9JWK0bZXKFwxqtJGhOXYzDK3HvfetLjd9dsi9WOaFU/DfRCcMF51eC3fhHyfQFGImcDNVp5uY9K4KOkGvG6dXCH8zB6EDIkgbA0TgYsdhUYGdl2R/9qcBfGQX9eqAl6AWwrcyrQMRgjR+elkPrgmF1AsTHSWEBSlV/W/5fIz1cdjSTHY3PgPYQ6xNOprzQJRSdOZ+84aPXbxH7vL1E7tX0JQSWjljQULZ0BIaxOv6//OZ8C3X1oWb3BkdavEccxpv5q/yESEpzvN0xN3D2eq/lJwvmj2z6529yjA0dcFYKIzJH1BNqPCvuYNHXr;5:0cq8KsjCOJ7py9JasnOedQBLgAwSCPUyo6+vuGiLu/TyCZVopY1mCJMXJJf0iL2qZOAkksAasl6Pr2yHKoR4Ay2M8NdK3ofqIr0YCDh6o4Trzix4e8A82F1GaezRR+4qiUVcp39AckVjrvZZu1YXwv/2xNk+ZCG7KTpCUpd7yzA=;24:+ELdEeIqM4yW8OiqJOTNUvQ06Y9X22Z0IGw6PS3wUfX6ROZ+CckAluWrs69JSGmLqVk0xnMTXL1RrC/EXdLNdZasRrQWj0OAkFJOqz0MLrw= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1148;7:/UoJdjV4Wu0yhwBxpBMU2VTjx8v6e9b0CqTGGcwxKTOpFHJ41FPmb9ADfZspeVNSZCtk0IHsTO3oVk9lb4BQhh3jtKui2nrtJTjAQV1s3grQPzeGUlAPEDN1sPQB4Lr5Sp3ltYbRu/RrxAy4okx/euKHj2eTU4URTQ1xbLKUbBIBst8PB1IuWO9eJtp6i3kJAdrRm2ZpVMqyT558OlaV9cgAENP+3CkO5iNpvlmRvsbdZpOpK5il8I9MMIkXDUKsWOczIGk44q3WsfbWCjnIRp/FddbiJO+hpPjJtlBKfoTyA4cxb6IgTEEut/dO8PxK2UR/oAEfewhdQGpJ3VyPv1cJC3Z6+OswAZEL1fWmB54=;20:+1QrSY5B9PeJZXdGwEkuK7FeKdrcv/8/z5w14hASH0IXpQb8mFvHeQSXnRqyzUMcg50oPnmkPuyJaR/ryXRllO2nw4R18AOgel3JYxN5/SXos0AuJq5YGm7YvNJOIH+CCWvD64fvswDDt+Guuh5G2ptLEtNNJjnwVcq3tPgiLW3b1Fh0WWgnRS6LTLpetDLr1KpJK6Pwxzhv6bUUJQl4s/jzWRXpDfdWjxMnHhV66FcStowDoQ8Wh9Jrp67AZMfi X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 18:13:00.2298 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1148 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4680 Lines: 160 On 11/17/2016 6:20 AM, Borislav Petkov wrote: > On Wed, Nov 09, 2016 at 06:36:20PM -0600, Tom Lendacky wrote: >> The boot data and command line data are present in memory in an >> un-encrypted state and are copied early in the boot process. The early >> page fault support will map these areas as encrypted, so before attempting >> to copy them, add unencrypted mappings so the data is accessed properly >> when copied. >> >> For the initrd, encrypt this data in place. Since the future mapping of the >> initrd area will be mapped as encrypted the data will be accessed properly. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/mem_encrypt.h | 13 ++++++++ >> arch/x86/kernel/head64.c | 21 ++++++++++++-- >> arch/x86/kernel/setup.c | 9 ++++++ >> arch/x86/mm/mem_encrypt.c | 56 ++++++++++++++++++++++++++++++++++++ >> 4 files changed, 96 insertions(+), 3 deletions(-) > > ... > >> @@ -122,6 +131,12 @@ static void __init copy_bootdata(char *real_mode_data) >> char * command_line; >> unsigned long cmd_line_ptr; >> >> + /* >> + * If SME is active, this will create un-encrypted mappings of the >> + * boot data in advance of the copy operations > ^ > | > Fullstop--+ > >> + */ >> + sme_map_bootdata(real_mode_data); >> + >> memcpy(&boot_params, real_mode_data, sizeof boot_params); >> sanitize_boot_params(&boot_params); >> cmd_line_ptr = get_cmd_line_ptr(); > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index 06235b4..411210d 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -16,8 +16,11 @@ >> >> #include >> #include >> +#include >> +#include >> >> extern pmdval_t early_pmd_flags; >> +int __init __early_make_pgtable(unsigned long, pmdval_t); >> >> /* >> * Since sme_me_mask is set early in the boot process it must reside in >> @@ -126,6 +129,59 @@ void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) >> } >> } >> >> +static void __init *sme_bootdata_mapping(void *vaddr, unsigned long size) > > So this could be called __sme_map_bootdata(). "sme_bootdata_mapping" > doesn't tell me what the function does as there's no verb in the name. > Ok, makes sense. >> +{ >> + unsigned long paddr = (unsigned long)vaddr - __PAGE_OFFSET; >> + pmdval_t pmd_flags, pmd; >> + void *ret = vaddr; > > That *ret ---> > >> + >> + /* Use early_pmd_flags but remove the encryption mask */ >> + pmd_flags = early_pmd_flags & ~sme_me_mask; >> + >> + do { >> + pmd = (paddr & PMD_MASK) + pmd_flags; >> + __early_make_pgtable((unsigned long)vaddr, pmd); >> + >> + vaddr += PMD_SIZE; >> + paddr += PMD_SIZE; >> + size = (size < PMD_SIZE) ? 0 : size - PMD_SIZE; > > size <= PMD_SIZE > > looks more obvious to me... Ok, will do. > >> + } while (size); >> + >> + return ret; > > ---> is simply passing vaddr out. So the function can be just as well be > void and you can do below: > > __sme_map_bootdata(real_mode_data, sizeof(boot_params)); > > boot_data = (struct boot_params *)real_mode_data; > > ... Ok, that simplifies the function too. > >> +void __init sme_map_bootdata(char *real_mode_data) >> +{ >> + struct boot_params *boot_data; >> + unsigned long cmdline_paddr; >> + >> + if (!sme_me_mask) >> + return; >> + >> + /* >> + * The bootdata will not be encrypted, so it needs to be mapped >> + * as unencrypted data so it can be copied properly. >> + */ >> + boot_data = sme_bootdata_mapping(real_mode_data, sizeof(boot_params)); >> + >> + /* >> + * Determine the command line address only after having established >> + * the unencrypted mapping. >> + */ >> + cmdline_paddr = boot_data->hdr.cmd_line_ptr | >> + ((u64)boot_data->ext_cmd_line_ptr << 32); > > <---- newline here. > >> + if (cmdline_paddr) >> + sme_bootdata_mapping(__va(cmdline_paddr), COMMAND_LINE_SIZE); >> +} >> + >> +void __init sme_encrypt_ramdisk(resource_size_t paddr, unsigned long size) >> +{ >> + if (!sme_me_mask) >> + return; >> + >> + sme_early_mem_enc(paddr, size); >> +} > > So this one could simply be called sme_encrypt_area() and be used for > other things. There's nothing special about encrypting a ramdisk, by the > looks of it. The sme_early_mem_enc() function is already exposed so I'll use that. I originally had it that way but tried to hide any logic associated with it by just calling this function. Any changes in logic in the future would be handled within the SME function. But that can be done in the future if needed. Thanks, Tom >