Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751178AbdCQXAj (ORCPT <rfc822;w@1wt.eu>);
        Fri, 17 Mar 2017 19:00:39 -0400
Received: from mail-by2nam01on0139.outbound.protection.outlook.com ([104.47.34.139]:59904
        "EHLO NAM01-BY2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1751023AbdCQXAa (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Mar 2017 19:00:30 -0400
From: "Elliott, Robert (Persistent Memory)" <elliott@hpe.com>
To: Tom Lendacky <thomas.lendacky@amd.com>,
        "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
        "linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
        "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "kasan-dev@googlegroups.com" <kasan-dev@googlegroups.com>,
        "linux-mm@kvack.org" <linux-mm@kvack.org>,
        "iommu@lists.linux-foundation.org" <iommu@lists.linux-foundation.org>
CC: Rik van Riel <riel@redhat.com>,
        =?utf-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        "Kani, Toshimitsu" <toshi.kani@hpe.com>, Arnd Bergmann <arnd@arndb.de>,
        Jonathan Corbet <corbet@lwn.net>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        "Michael S. Tsirkin" <mst@redhat.com>,
        "Joerg Roedel" <joro@8bytes.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Brijesh Singh <brijesh.singh@amd.com>, Ingo Molnar <mingo@redhat.com>,
        Alexander Potapenko <glider@google.com>,
        "Andy Lutomirski" <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
        "Borislav Petkov" <bp@alien8.de>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        "Thomas Gleixner" <tglx@linutronix.de>,
        Larry Woodman <lwoodman@redhat.com>,
        "Dmitry Vyukov" <dvyukov@google.com>
Subject: RE: [RFC PATCH v4 15/28] Add support to access persistent memory in
 the clear
Thread-Topic: [RFC PATCH v4 15/28] Add support to access persistent memory in
 the clear
Thread-Index: AQHSiGvNzcVQ3lEENkWhme7sHlWC+KGZysww
Date: Fri, 17 Mar 2017 22:58:21 +0000
Message-ID: <DF4PR84MB01694A716568EFB01F5C1C5EAB390@DF4PR84MB0169.NAMPRD84.PROD.OUTLOOK.COM>
References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net>
 <20170216154521.19244.89502.stgit@tlendack-t1.amdoffice.net>
In-Reply-To: <20170216154521.19244.89502.stgit@tlendack-t1.amdoffice.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: amd.com; dkim=none (message not signed)
 header.d=none;amd.com; dmarc=none action=none header.from=hpe.com;
x-originating-ip: [15.203.227.10]
x-microsoft-exchange-diagnostics: 1;DF4PR84MB0300;7:/ediP5l3Buoa4oHkNvmFWmfVX3maTAanL2UIA/YscAhQWvWQNMkbXOoLCM2juAHAUR9uPUhzOCjhTT3hySdwRcfbJVryVor85TfDhTZmwqS4kwtqREAruFNDXrh6clysfJLFLDMAbujkdERG8+5BhAyOZrn5b+zvGGvuphlK6egb1tby/MM2FHpFZ5ThARgII3qnY7OUZX9GtgYBP1RDeYqgI6J+6jsJZXVCtEbcYOcSlhiOpmOTQbBKtJMRyg2oe5C9ryjlCh9dA0u9h9AgqUvjvVY6XOfbttePAGacjNiXNRPkp21GxATd9udrfvq4fWMGertsvbXC50hxIsf+Yg==
x-ms-office365-filtering-correlation-id: 5c490eca-7676-49e5-0db4-08d46d891c49
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:DF4PR84MB0300;
x-microsoft-antispam-prvs: <DF4PR84MB03006EF206E365279034E2DEAB390@DF4PR84MB0300.NAMPRD84.PROD.OUTLOOK.COM>
x-exchange-antispam-report-test: UriScan:(9452136761055)(767451399110);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123558025)(20161123562025)(20161123560025)(20161123555025)(20161123564025)(6072148);SRVR:DF4PR84MB0300;BCL:0;PCL:0;RULEID:;SRVR:DF4PR84MB0300;
x-forefront-prvs: 0249EFCB0B
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(39450400003)(39860400002)(39840400002)(39850400002)(39410400002)(13464003)(377454003)(2201001)(6506006)(305945005)(6436002)(54906002)(50986999)(9686003)(5660300001)(189998001)(86362001)(76176999)(3280700002)(74316002)(53546008)(575784001)(6246003)(54356999)(3660700001)(66066001)(7416002)(2900100001)(2906002)(77096006)(55016002)(81166006)(4326008)(122556002)(8676002)(6306002)(38730400002)(7736002)(229853002)(8936002)(6116002)(2950100002)(7696004)(2501003)(102836003)(33656002)(921003)(217873001)(1121003);DIR:OUT;SFP:1102;SCL:1;SRVR:DF4PR84MB0300;H:DF4PR84MB0169.NAMPRD84.PROD.OUTLOOK.COM;FPR:;SPF:None;MLV:sfv;LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
X-OriginatorOrg: hpe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2017 22:58:21.6235
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 105b2061-b669-4b31-92ac-24d304d195dc
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DF4PR84MB0300
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id v2HN0nvD020715
Content-Length: 2532
Lines: 69



> -----Original Message-----
> From: linux-kernel-owner@vger.kernel.org [mailto:linux-kernel-
> owner@vger.kernel.org] On Behalf Of Tom Lendacky
> Sent: Thursday, February 16, 2017 9:45 AM
> Subject: [RFC PATCH v4 15/28] Add support to access persistent memory in
> the clear
> 
> Persistent memory is expected to persist across reboots. The encryption
> key used by SME will change across reboots which will result in corrupted
> persistent memory.  Persistent memory is handed out by block devices
> through memory remapping functions, so be sure not to map this memory as
> encrypted.

The system might be able to save and restore the correct encryption key for a 
region of persistent memory, in which case it does need to be mapped as
encrypted.

This might deserve a new EFI_MEMORY_ENCRYPTED attribute bit so the
system firmware can communicate that information to the OS (in the
UEFI memory map and the ACPI NFIT SPA Range structures).  It wouldn't
likely ever be added to the E820h table - ACPI 6.1 already obsoleted the
Extended Attribute for AddressRangeNonVolatile.

> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  arch/x86/mm/ioremap.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
> index b0ff6bc..c6cb921 100644
> --- a/arch/x86/mm/ioremap.c
> +++ b/arch/x86/mm/ioremap.c
> @@ -498,6 +498,8 @@ static bool
> memremap_should_map_encrypted(resource_size_t phys_addr,
>  	case E820_TYPE_ACPI:
>  	case E820_TYPE_NVS:
>  	case E820_TYPE_UNUSABLE:
> +	case E820_TYPE_PMEM:
> +	case E820_TYPE_PRAM:
>  		return false;
>  	default:
>  		break;

E820_TYPE_RESERVED is also used to report persistent memory in
some systems (patch 16 adds that for other reasons).

You might want to intercept the persistent memory types in the 
efi_mem_type(phys_addr) switch statement earlier in the function
as well.  https://lkml.org/lkml/2017/3/13/357 recently mentioned that
"in qemu hotpluggable memory isn't put into E820," with the latest 
information only in the UEFI memory map.

Persistent memory can be reported there as:
* EfiReservedMemoryType type with the EFI_MEMORY_NV attribute
* EfiPersistentMemory type with the EFI_MEMORY_NV attribute

Even the UEFI memory map is not authoritative, though.  To really
determine what is in these regions requires parsing the ACPI NFIT
SPA Ranges structures.  Parts of the E820 or UEFI regions could be
reported as volatile there and should thus be encrypted.

---
Robert Elliott, HPE Persistent Memory