Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753264AbcKSSuj (ORCPT <rfc822;w@1wt.eu>);
        Sat, 19 Nov 2016 13:50:39 -0500
Received: from mail-by2nam01on0046.outbound.protection.outlook.com ([104.47.34.46]:29450
        "EHLO NAM01-BY2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1752695AbcKSSuf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 19 Nov 2016 13:50:35 -0500
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Thomas.Lendacky@amd.com; 
Subject: Re: [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory
 encryption is active
To: Borislav Petkov <bp@alien8.de>
References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
 <20161110003708.3280.29934.stgit@tlendack-t1.amdoffice.net>
 <20161117180913.ha5h4bfgrr5u6ccg@pd.tnic>
CC: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
        <kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>, <x86@kernel.org>,
        <linux-kernel@vger.kernel.org>, <kasan-dev@googlegroups.com>,
        <linux-mm@kvack.org>, <iommu@lists.linux-foundation.org>,
        Rik van Riel <riel@redhat.com>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Arnd Bergmann <arnd@arndb.de>, Jonathan Corbet <corbet@lwn.net>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        Joerg Roedel <joro@8bytes.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Larry Woodman <lwoodman@redhat.com>, Ingo Molnar <mingo@redhat.com>,
        Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Dmitry Vyukov <dvyukov@google.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Message-ID: <bb107821-3ddf-a3bd-e0c5-5a25daffb516@amd.com>
Date: Sat, 19 Nov 2016 12:50:24 -0600
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <20161117180913.ha5h4bfgrr5u6ccg@pd.tnic>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: BLUPR0301CA0007.namprd03.prod.outlook.com (10.162.113.145)
 To CY4PR12MB1144.namprd12.prod.outlook.com (10.168.164.136)
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;2:ELKuh+g9ICGjTnJJA+wUv3xUZkG8G76Vr8/upf3M2vOf2IwE21QAF91nQjMT9cjRDvpBNRGPQbwJDrYbHPr962BviGoh1lpLYtWx//ba6Wp8b9nJybqiHeRFUSxSRWkfTi/2tUGRwwEh+iego8oJn2AlO5kTEKXtxAQseVrp+4o=;3:WlYvRtcNZ4iK+/oLKYwsgPTtFKTMeitbTQQFC8c+PfWKWKdvECZMjm2xAkYeqxd2HKJcoxW7SvOu968JqZwn0zoWzwAPR8cDxLP5yYLfJ1ARe2w9I06SWvho4u21UgUdaWwM4ZwtJOn9PuyQmc40AvC4RhpOR+4TV4jYoj9rjDM=
X-MS-Office365-Filtering-Correlation-Id: e2c0a9b9-6442-4c3c-2751-08d410acef52
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY4PR12MB1144;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;25:CR8yKUUAvpwp9WQaNmn3tM5L+YNZ8PUiihG9GZ+zDLbeOCF/qBrFRBjpEPKae1XmHjrSgwxelaL3EuP5557sK8QtCs0+d5Vly9THJzs+kRRJ2nu7xhhgclgc2M5rwsm6WYLJM+Jd2zbnc02dybHZbjp36Ozs6ocfXvE6fR2p31gC3T0ak8X51jXzPbOiK/VcX8d75VgOzB1D7TrZ1YGqSL9M9sfugg92c2pl2cMT4PGsBJJRdhZ6nmKlIuqMe7iGqlB0sFVczKPSPC/AQ/Cjds/Tgcg3/mLodCB+g/JHia4xqBaSXVBe5j48YLab47RNrMjSU7aaDsRGVMQgdwwiXphJdUjZpNt7trNJ/HKdyJnnv8423mUj3PL9Fg/HHggiJSZiijaYgl4pdjJWnSVr9Ew7u4IK1ssJAsFAj6MMzKGlqtQeubSYduLRFaxkfvIixq4FTnOb+k4ZP5Hh8OjS6zxXwbi3RNqw1EVvW6KTGD19YiDBabM7lykASMMvSmjJp0Fm2QHa2jnfD+Y09WxMmw+nz+63ohpTkD8W7qO2MZpVYwgNs/6WfzkzK16XHVYPKQegxWBeN4xSiIAC1PA2fyJgVG9tKH/qqj8C49kvydzfFrm9z/q3f6yRf6i7V70Rig97UibT9xRuvIdGTIJTm7yQwhdspcxOmj97Uv4iaLm8KKAfzpf5oZ8GIbDb8yjdkdGYeI/Y0oyzxCoCeMmMmurTn50u5HeJtSTSRDvcc6CMZsWPpUgNK3ziwdx9a3LjLGAfKGWvrF7q31SLUNCsCrmgpsgp1IvixQrdWHwVHOs=
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;31:EK4DHCVWXmHI4YX2hdxIzSPWsoKKjNuKXgmENxgFAQ3awewyE528Zke06Do+SUeL7slTFoMRECKbIhT2TYpfa69rMHm+CmflnlnMUOY/t6z451gRlqS7hD9PSIErlKNW3Ri3VkHAbd556PVynCJ7ell2Oupnt9Z7bsNt9XR+ZfMbzX+MAd78Cv01O1Wx7+gDFOCom/vDxtaYCjIEFxq+kSDJ2Y1OQa0NdCwjfU3wutAa45X8Ju4Gvknj2lg9KQY+9mLHr+5FxdkdSfhHfxbPdSTilhobcCTdjjARt/I2MKY=;20:mRukNgT+VOmbBz/pPtN+fdT9GgQr6ZGYcBgizdoaDoKP5GfCmZvxTq31FDLetEsI8RrRBKNz3HKWKyhIhhQk5xsYoJIdqf3EnRg6n08e7p8rAIDYyTwiPmy3LqnGB6JIfad8VJld4aonecW6/QSntnkbXBO288uwq1R7o40USQVCyocj2LsL8vjvTyaMftrER3nMAjYutSA8F4BgsH5xxdd98272Y1WcuswrFfXI8j7BDcK1msEHRFVrSE87FAQ7+2RmuGFFqQxkeBnfRVxK944hkxXFhWTNa36PQi4Kcdr+TcalXtUz9ovEjyfhWox5wV69kTJu+xJWxPhDc5HzbbWqehIabErdJtbdbnLvTNRM3/hlj9eEsh5OjR9Qqu9dsTmWxWTEsN/xcD6EHsEJYNX3niIACd3GcuLsLrtDBwDvsF7bzf3N8ZivsyO31xnbUdztMp17MahO0ysZHRSLfRHzjLv/YVhcCKbc9t6l88EO9NQBVRMPiwcTaBgJtkce
X-Microsoft-Antispam-PRVS: <CY4PR12MB11448B47F03A70E158B719AFECB30@CY4PR12MB1144.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6060326)(6040307)(6045199)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(6061324)(6041248)(6072148);SRVR:CY4PR12MB1144;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1144;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;4:YEYzA0sIAN3htagqUIoO4TRXynzlhbj2LNdZ1zpv2DFuLzfFv3tpJxK5Tc06n5dwu3ozStG2vgBQZSt90jGVe7+a4bvOEfvcxxYxGTMNcZ/upy3rxWobzQQMF2rGikhyLyhwubQy8iD4xJK7c5W9TO/YYfTfqnjcvTNEA6rlNmKLC1c/J/IONTz4G771OAc1hn6YQ+5WTX3WaiGncNloteNw44beA5XvrUx+7bmED+d+FgOJ4WNsxfHh0T20W9wE0v5oEgIQMBWYGnoKlHoyzdLv0jppw6KF0vwHLWFAJFljK5XobDjcka2KbjBTXPh5WFKDCX6xWjH22M7zsrnum4rG4M0QMx4PWd1XQghCWyTn2BPSGsTtg7D6LeDZt5cXIUxTrRvBcvRVMc9+U1K0VwBfwuaeu3Unz7MJmG0oDc+bzb34RFBzXHDfzm1/1SQ/Cgv9fDbEsgqIoDRookabdmxFFGaq5e7Wq2W5sHaTNt0GH3LMPvsMuETMUbkzdjmKs+OXAUvRG5vVERwqZ18HIm12GoHXjCaeEwkxNc+jXTaLn4oHvJpWxutuOSVmWfrb
X-Forefront-PRVS: 0131D22242
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(24454002)(377454003)(199003)(2906002)(305945005)(50986999)(105586002)(7846002)(23676002)(4326007)(189998001)(65806001)(106356001)(47776003)(5660300001)(33646002)(65826007)(7736002)(81166006)(31696002)(68736007)(229853002)(64126003)(6116002)(83506001)(50466002)(86362001)(65956001)(3846002)(36756003)(4001350100001)(77096005)(76176999)(2950100002)(97736004)(6916009)(6666003)(92566002)(110136003)(81156014)(31686004)(101416001)(66066001)(7416002)(8676002)(42186005)(230700001)(54356999)(38730400001)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1144;H:[10.236.64.222];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQ0OzIzOmQ5NEt1VENUc2phcnRtRStnLy9RYlhkenM0?=
 =?utf-8?B?YkIzUFBET1BvK2hDMUhDZ0xVMkVBT1JJajdUMHVkQVR3cmZNQUQ0WFBVN084?=
 =?utf-8?B?WGZ5Z0R4c05NcUFpZUdYc3QrNmE4SGtUSWtMRGVQOTMrdlhQVVZ0RDNkYXFp?=
 =?utf-8?B?Wkc0N1FWMlZ2Ky8zejhCdFpERHI5N3JZRzFUNVFJNlJtMjZ1NTFqcWpVRUpD?=
 =?utf-8?B?UTdzcVVwNGJxYS80aFFZTzRyTjNNQUhrVXkwTzd0RHpxK0JSQnZ2ZjJpZ214?=
 =?utf-8?B?WGhIWGdSSWYvWXRoNFcxbmVzZDRybHpDaFJGVnBvWjlyNithcUxGV2loMlNW?=
 =?utf-8?B?SjZBdnU0cGtXaXk4cW93VFVaeXlrQ3V4OXlSSGlUZDB1TGpCSExaZk9sL2Rv?=
 =?utf-8?B?MzdwOVNiZ1psOUFzemU2TEdBNEdPaFRQR3drZjMzUnNKS1B6RFNXQ1FzOXNm?=
 =?utf-8?B?K2NFVTZHaDFMTlBncmt0QUl2cDgyY0VLN1F4bUlLMkgyWFRaQXJ5U2phTlQw?=
 =?utf-8?B?eXdpYlBrTk1mVTM4TTVhYmF5cjNSWDBVdGFsWXhjRDJLa3NoZmRRUGkrYmQv?=
 =?utf-8?B?MXgxMW5QQ25TRHVDRkFMdEsxNk11Rk9zWDZIYVd3a1k2cFlHY2EvQ3JvelQv?=
 =?utf-8?B?R2N2b2F5RkduRDRyYWM0TnJYWjQyWG9selg3OEVjL290VGk2Nm5leUx0Qnhm?=
 =?utf-8?B?RExJaFZucFdxb0xEZUd4WnlvZTk2aklvSlFhYXg2TXR1N1EwcDlkVHo1ZHla?=
 =?utf-8?B?LzNmMEFrSWxSQ1JSZVZvQzUrVFUyQm03dWllb0JEUitRT0NpUy9Fa2NWeUN3?=
 =?utf-8?B?YUM1WXBzK2p3S2ZJTXJRcWowWVVKMEtuY2dZTmkyQnE5RHROMDc1Z3ovZzhZ?=
 =?utf-8?B?Y21iS2VvUVcvd3E0c2x3U0FCTFFwelBCUWtXbEU2WHNQejRSUmluWlluVHln?=
 =?utf-8?B?eE1DSWlLa1ozVlVmWExrWVBnMDZ2UitSa3NRTThGcWhyQ0xmRFFSYXZJY3Bj?=
 =?utf-8?B?bHpvdm5NVjBUY1FTVlRBc2w3L1VUd1FETjMwL3NWd1JnUHF1OEtqVU43dm1F?=
 =?utf-8?B?Nmt1SG1td0NlS2p1Ymt3Z3krVER2d3VmMXZlVUp4dHdaVHFiNjdrTFU2Qy9P?=
 =?utf-8?B?YmpRVFVOaEwzWmZVZE0zbTBpVDZiSU01a2tQZ1QzUkpBSVpjSnd1RHhqa0kw?=
 =?utf-8?B?eVd1cklBYkVXTVFUOG5EVlEzUFZZM3JlWUkzQzV6d0dVdER0RzIvRlpmcTZB?=
 =?utf-8?B?TExVZVJ2UjRIakY2bVdHbEJiMmRQZm5FYUQyTGVIMmUvN2xEYVFCNUFRcGl4?=
 =?utf-8?B?cnVIZ2l5UEEyYWlkOStKS3VDU2sxVDhVT05za1FwbUZvSDJ3emd5OHJPV3R3?=
 =?utf-8?B?TkxheTQ5WFBnaVJNTWFKVFVIUFY1dVgyZnF1VWIrc0tubmVqTk01aDJMYmpZ?=
 =?utf-8?B?WENXdjU4amdjbTlscHQvMVpmcXpIT0FwLzQ4RENlMEVJT1NNMzlBYkFSSThv?=
 =?utf-8?B?ZG1BWWU1QTZyMWdPZVFQSGNHNXBFYW9VR2NVQ05qeDJBaVVFdmU3dk5kMEE1?=
 =?utf-8?B?eDI1dC9DelgyMTkvK3kzWlNRUFgvRllITW5iVGtqTnJrU1NRS0p1V1IxeTdv?=
 =?utf-8?B?SjZNaWIvVXVvWUZiU0hrWEdkWlJ4Yk5jQzFYeWlpdzl6NmlsdVl3bXF4LzRj?=
 =?utf-8?B?cDlkZzVGV01FOHRTbGo4d0diVlp2aFVtR3R2eUtVY25DTEdDRXduTmdiNEk0?=
 =?utf-8?B?WEpCMEljYy9rcUNrREtJbzB1TERyVU5Pck92YWhwU2FROExvajhvL2lvQkl2?=
 =?utf-8?B?cWhnTU1kUHVLR3RIU3A1cUFyQ3c4NGQ3ZDBHc3lRZjZtcVE9PQ==?=
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;6:hAXOFtSYzJ8sCW7eoWKvhMcGdmzcxRYtGqWwbX4PLzBmfAl0EcL+pEdajRTTj4qye1GJZnUaRJDVzw3XSXm2vqs/0Pzejy6ilPRsdJbDdBo4FoqyscikpWpdN1Kay+X8nrBxV79YeCp5V3if6u/qBU0fIvzY5JcS5accqZkt2HTN0gTBPqlP73bWB7q6AJtp2sq3f+ejGlUqT27t5xUD8ms78FxzTxbYPvyI08AoHGodHuuA9TOHzQhPYUHB3QdBBPWc/SvYb6uTHbbG7E8igtOiUizuC9OcUkh2o4u3PaZFqPt7CstdYgavxZax93YL2cRNlDx0/bgaOUwoFjpqmKPFmuOJbw3Gs8NVjq5adq7UpI0TIRox6zHsFB/l4xAY;5:wRxaq/i461ZR345yC56acTSM5cxcxwNpjBLF6w2MWmOCA0mJ9tQMFQ1/mHUEy+zWLq0F1GMReA7XzAgsZ6qfHikTEyqLnGgiP+uwF6xYh6Q2XBkja9Zapbts8xKv3tmDFaxWwxhjLt5L9XxqcOK1eLCPodMhIxX8X7cruun9xeQ=;24:H6hcKmnDjcM1FO5QtxAVneBge7eokQ4JrrAjZYWw2GAOXUoQRRWwpbBBtBPxxNo4nGySQwnvxULi4yQzaMn5qwQa3MYdznHfCGZgqoIdDbo=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;7:VSHjM5f5TbzSFBZPdhjlRHPADFfppHhcIgxXc2eJpRidO9Z1zPHtWm4rzd+9r0/lb6f+mhlWrgQkVzoj2P7gwye8b0WTbRsGgcMX5+zRP0VqdQxqxxFZfRfDE2rhAF4dsKrpY9njDjh6lGUyvjweT+5rnDzUON4BseASvv6Z3dXHY3aoFQuvlv8uNVd5NeK330VHFQAJNO3PIIHxiWc4B+TnVk+ZS+agfXBE3jmY0/rO6OM5ajXUv8zqXJCCydBu9e9uLkbMW35Ad6ROqn1lU94lvpUnAuW6EDLwgLmOZQyaX5qudQMp5phtKIKLhePe83dnc2uoxcSLHF7UgQZlqjcAiRIZYOPJa3KZ1jP5big=;20:wMQpsqsOKno/0Y7Z2yhdOqZCFHF2B4c71Ho88Gwp0VThizIfuvZsNMk5tZf6zdlpFwy/AHzlNW1dOGus1XgfyuNPLsTOG+MGg8OHDBv2VVpZ5zbYpDk2C85Vlh/i8tUcQbanhaYnauQ6MMSxXlsZRQpKCwqVBxrkW6kwIEu6nYtrj63N0L0JpoqOvPA8ADjKDqD1hMfpHkBwv1oHfrlJm7l3VPMrOnBzoYiC3fxR/uLcEBeNRkbb9tf6s3rX7xew
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Nov 2016 18:50:27.5328 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1144
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1745
Lines: 51

On 11/17/2016 12:09 PM, Borislav Petkov wrote:
> On Wed, Nov 09, 2016 at 06:37:08PM -0600, Tom Lendacky wrote:
>> When Secure Memory Encryption is enabled, the trampoline area must not
>> be encrypted. A CPU running in real mode will not be able to decrypt
>> memory that has been encrypted because it will not be able to use addresses
>> with the memory encryption mask.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>>  arch/x86/realmode/init.c |    9 +++++++++
>>  1 file changed, 9 insertions(+)
>>
>> diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
>> index 5db706f1..44ed32a 100644
>> --- a/arch/x86/realmode/init.c
>> +++ b/arch/x86/realmode/init.c
>> @@ -6,6 +6,7 @@
>>  #include <asm/pgtable.h>
>>  #include <asm/realmode.h>
>>  #include <asm/tlbflush.h>
>> +#include <asm/mem_encrypt.h>
>>  
>>  struct real_mode_header *real_mode_header;
>>  u32 *trampoline_cr4_features;
>> @@ -130,6 +131,14 @@ static void __init set_real_mode_permissions(void)
>>  	unsigned long text_start =
>>  		(unsigned long) __va(real_mode_header->text_start);
>>  
>> +	/*
>> +	 * If memory encryption is active, the trampoline area will need to
>> +	 * be in un-encrypted memory in order to bring up other processors
>> +	 * successfully.
>> +	 */
>> +	sme_early_mem_dec(__pa(base), size);
>> +	sme_set_mem_unenc(base, size);
> 
> We're still unsure about the non-encrypted state: dec vs unenc. Please
> unify those for ease of use, code reading, etc etc.
> 
> 	sme_early_decrypt(__pa(base), size);
> 	sme_mark_decrypted(base, size);
> 
> or similar looks much more readable and understandable to me.

Yeah, I'll go through and change everything so that the implication
or action is expressed better.

Thanks,
Tom

>