Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753577AbdHQSFy (ORCPT <rfc822;w@1wt.eu>);
        Thu, 17 Aug 2017 14:05:54 -0400
Received: from mail-cys01nam02on0073.outbound.protection.outlook.com ([104.47.37.73]:54284
        "EHLO NAM02-CY1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1753283AbdHQSFv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 17 Aug 2017 14:05:51 -0400
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Thomas.Lendacky@amd.com; 
Subject: Re: [RFC Part1 PATCH v3 06/17] x86/mm: Use encrypted access of boot
 related data with SEV
To: Borislav Petkov <bp@suse.de>, Brijesh Singh <brijesh.singh@amd.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-efi@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
        kvm@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, "H . Peter Anvin" <hpa@zytor.com>,
        Andy Lutomirski <luto@kernel.org>, Tony Luck <tony.luck@intel.com>,
        Piotr Luc <piotr.luc@intel.com>, Fenghua Yu <fenghua.yu@intel.com>,
        Lu Baolu <baolu.lu@linux.intel.com>,
        Reza Arbab <arbab@linux.vnet.ibm.com>,
        David Howells <dhowells@redhat.com>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Laura Abbott <labbott@redhat.com>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Eric Biederman <ebiederm@xmission.com>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Jonathan Corbet <corbet@lwn.net>, Dave Airlie <airlied@redhat.com>,
        Kees Cook <keescook@chromium.org>, Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>,
        Christoph Lameter <cl@linux.com>
References: <20170724190757.11278-1-brijesh.singh@amd.com>
 <20170724190757.11278-7-brijesh.singh@amd.com>
 <20170727133125.GB28553@nazgul.tnic>
From: Tom Lendacky <thomas.lendacky@amd.com>
Message-ID: <8b2c75e2-6ed9-ed7d-ff62-39df8aedc12c@amd.com>
Date: Thu, 17 Aug 2017 13:05:38 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <20170727133125.GB28553@nazgul.tnic>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: MWHPR1701CA0019.namprd17.prod.outlook.com (10.172.58.29) To
 CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a844186f-9922-4377-0f60-08d4e59a95f5
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:CY4PR12MB1141;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;3:lBxhROK2/woWg6ZyN7/9d4asy5JM+MYGqHjWBpIdbKYrE4IR5P56hiJHqbUnNCnKDJoirgGy7N2W20LyozsDXZnA2LRQgQ3mCn5htIYPbdpZLT5CbAuzKKeBofJ1A2JbOV2cKEuALiC7BEynfC6dzETYUrN4YOVe0ndCWGfD/wjsaTlRVhmdDsGnRIV2M3EzP+M4vyM0+vqyU6hRMPsAl5YY5KoPZQqL1la/8MOpQupvnJ5C9asGLS9wNVGmvVKb;25:96wGKGLOKhpkxd2XdRomjlVU3kyL6SdZL2v6r3TSukbyKNKdjZ3UmkFkXdOO7G8x3tiaODzM5rOChIm10/+UdJHiF/tW5zrI++OV7d2NxgXyP7mYysK+pG5qzy+WKzAvSiwcMC71G/dARIkSxTzhmRQUnIOVYX8L23vosHhK90aDPBBdRalGyO634xGFMmoYgnaVHBSC0772k8kkk1CPdOytGZzWQMfIB5DPN10vH0pbQTUPlu810OXVq8cXTCVHoAKgVTMfDpHR/gkWZsq2jQI0Boo55LT/oDDIHaNSVqw6Y7WAZFuk+ZJpKV8gvNvIOlD5uy9/hUKb16iWWmtBpA==;31:KOs6MU8oUoQUmnN6SbqgdYdMjwej6OKNI/wm711l0LJTFqeLfQqC/EI4hZFsjVinoEaON95CLcOYgmkwhukr1Bu4WBC0MBkXAHfD6587u8E3HEWYs7d+YaDZ81pBrsiXDyNnGqn7/+BNx4gTzGGWobslMzgVLBcF24yFq7ETboGCiOPIvQ4fhb7azhfI5FKV/jovRhinqZJmsmY2WjB9AqYINQ6yEREWiiVKt6Y3skk=
X-MS-TrafficTypeDiagnostic: CY4PR12MB1141:
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:sVuk7D+NUvc+UMJjxR01K6pKOtxG0pqOUqyFAY6bxacDhATGT95GuEs6l1Yf1oHgypMPtr8f+m6lgf/kUUmpWho76/A4sgGEMReaSKdggKB9nCyf89YeQKeJttQwgbtyAV52hJGtyZdAGLGCwrbE1iNwIjUI3vLv81X/OAwgEDvzegq2jjJhBLf1xJxltQbH3xED/Su5q175q+OdRrEJlsAqbSxSWA0wN2pVKo5o/BuOWtgdGONAyOpp6Be/2tC5WBUmwfYHm9SMI861wQI5cj/MuX/zf1bWmxxPoV42Qxu1kpvOUEgpEGkGUnDrS+3cafYJ9F0cJ6r3SVvpAUgKtzdYNlgw3u3J4SdmBIVWY5MA4r/PiEpUjMAObB15UvPqozSZJ2vrQ9jEL46RWF1y1RkwVwj9JB8jaqt5Pdnzq34ECBUbag6ADWZa7g/fh+xIXISkNCu9t+GjysBY9Q3CnRd+mfU2Rj05+1FuaJLUAG1748H6SpIhrGEtdSOiwZzx;4:myn6KPi/Eams/rH7YAnMKQjUFdKWjYn5diTIdrIW30qXS2YHIuA3+u7Pu0cZHn0ymtvlYW/sXKiyK7em6cDht9HZCAgtBRyLlKmmyoVMr25IT4KFXXmps3iOjn310ST451cgkgeRhZq5Zck3w2YeXvyi/ZhNPDOlJic8YFRyRh/mMUEM7accMfNzOYS9gmA/m8seeFNdcxN+Zzpfq9gVholAbBVcdm/EZzI+OB0ArUsdKahWzPcKTAU5skn1AWxnoUNwuQGtcAb7SA1tgTrp7Smw9aknNPJ93xZU+Ge7EU8=
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Microsoft-Antispam-PRVS: <CY4PR12MB1141FE83EC89F7F66B5F964DEC830@CY4PR12MB1141.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:CY4PR12MB1141;
X-Forefront-PRVS: 0402872DA1
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(7370300001)(4630300001)(6049001)(6009001)(39860400002)(377454003)(199003)(189002)(24454002)(86362001)(2906002)(72206003)(31696002)(3260700006)(25786009)(66066001)(106356001)(6486002)(90366009)(65806001)(65956001)(77096006)(105586002)(4326008)(97736004)(305945005)(7736002)(4001350100001)(478600001)(64126003)(230700001)(8676002)(81156014)(81166006)(6116002)(3846002)(53546010)(83506001)(7350300001)(54906002)(101416001)(53936002)(189998001)(23676002)(76176999)(54356999)(6246003)(50986999)(50466002)(31686004)(68736007)(42186005)(5660300001)(7416002)(7406005)(65826007)(229853002)(36756003)(47776003)(33646002)(2950100002)(6666003)(6636002);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.64.250];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOmVPaGxqMitrckhDZjZRbGJSYXJpVUpBMnZS?=
 =?utf-8?B?RnZpMmZtZ1lQS3RMZDFIWU9RQmFMcDVTYXhwUGFxNTB2bUdWNzJkcEQyZExn?=
 =?utf-8?B?bTkxcjNsa0FnQTBScWhCZ3VLa0RvOUIzK3FzcFhNNTFiZGNTQTI2SFZ1aWYz?=
 =?utf-8?B?TXVvaG5wK2RXMjBmN1l3SStBbWtpbkJ3WWZHQVR1cUVBcEpJNWN3WGVlTjhw?=
 =?utf-8?B?V3paeXJnRVlwdG1rcDVnTks0L3k4bmlFckNzNGovbnIzaDllZU55d1BabDJP?=
 =?utf-8?B?SlZxKzRia0h2N1JGT1ZMcDNKVnJDaGs3Wk0vdVFMTlVqQWszdC84QWdpbkg4?=
 =?utf-8?B?dGRrK2M1bzkxcnl4NnErWjFIOElxQVQ2a282U05PNWJFQzRFbGlQajJmT2tK?=
 =?utf-8?B?ZEgwcmx5ZHUreWhtRkJjK29JTFNlVExkYy9GclVyVWQya0xzV3poVXRtZHJJ?=
 =?utf-8?B?WEVGNjlXQjNsdmFleUxTVHBoNTdyZm1LS3BpNXIwaWk4ZjJvR0tZUzM5RHBX?=
 =?utf-8?B?KzBvMi8rejN4amRPMWRKOFNMYkNuK3FzMkM0empCUTk4M0ROUTNvUzc2WUVN?=
 =?utf-8?B?MytmOEJzaGh0RG10eVJQSmFzWGdXRGl2bk9GcTNVazBSeXZTWDRHdmVMVzNq?=
 =?utf-8?B?bElkeFpCdFRjSlFMUGRPZlNCdkZwbWxxSXNOb2ZlVW01WkkwYXlQQXpUcyt2?=
 =?utf-8?B?blBaelBqcVhxZlU0dmo1engxL2xjcWtHdU5sc3dpaWwwTXFpU05TNE5XdUJN?=
 =?utf-8?B?RDRWTzg1KzhKN2dDN2h4Q29TdFRWOHhLTmNNS3lJRW4waGg2cWtFOEZvaHc1?=
 =?utf-8?B?SzVxbVpaR2I1OEFwOHZSYm5jdTBKVFI5U05xbXc3M1hxMmtreU9pTFEzZHVi?=
 =?utf-8?B?TURsZ2ZpM2IyRmJ4alFmUy9XN1g2U1B0RWpTUTYwOVZMQWVvOUJRUUZxeGpJ?=
 =?utf-8?B?ZkpYZWg2YXFHaXdNN3RNWHFDRXE3UFdnNm0wbFNNcGpvVDhsdEpzSXBKTUhD?=
 =?utf-8?B?b1EzY0FoUDFQVzhZajhzZUZYRG55ZThUYkN0UWUwaHYvNzhPVjFVQW9kMWpK?=
 =?utf-8?B?VlRnV3h0cWtnYzFiTzdVelB3dUNLQ3FkV05BaTFYRXVVckgrSDJ5a1dZUndE?=
 =?utf-8?B?QzArVTdJSzBsQVkyc0NkRVRSOG9LeVhWR3NlNjgwdXpZQmpGMXNwUmp0UVJm?=
 =?utf-8?B?eTFYUXYyZU1Fa3FZMkxYTEcxcE0rRGdRckpzZFBJVXhlVzdYdytZUjlKWllO?=
 =?utf-8?B?WmFqZGppbk1MdmNCVkhFVFJGNnVMRUE0NlBuNTEyc081dDd6cjJWZGpyaHY1?=
 =?utf-8?B?Z1RXMHV5ZTdBeGthSmZ4YXBkN1dCbmpJMWJ4bWpZZVVRbVVxZjl2ZDAzVXIv?=
 =?utf-8?B?WE9hWXNaamVUS1VPTUhvcFc1R2ttVTBsdktpang5bzBzL3daNXc4MFoweU94?=
 =?utf-8?B?N3AwalFzQWh3U0FMOFVuRWVBVzNYNDZKaTJwOTJpb3BONCtKd2ZuZ2JNcmpo?=
 =?utf-8?B?SnJVOTdQSGpORXJIN1dzeHlvY1BjMFhUTUNIc003Z0czUENDMHRQczZZbUFw?=
 =?utf-8?B?WGZFamNNTWFWTEx0SHVEQm5KZE13Z0kvT09Say96dVo4NFlqNHJkMjl3WmRy?=
 =?utf-8?B?VGxYU3lBTHpCOXFTZzlLZkVzdFlJR0hGNldDbEp4eW9MeWtHNUtIRlNCamEz?=
 =?utf-8?B?WHFIV2FNRTkxNHJCdjkwVTRjZkdnMWZJSUFrM3hOYW81ZktBY2dKWGpxVjVE?=
 =?utf-8?B?a3NzV1BGNEFWVmJWc3kzOVppTGk1Q25kQmg2V1lnZXlOd2pTSXpTYlI2SHRV?=
 =?utf-8?B?UExHK2laVTBLcDZYMTdadGdoNStEMmZnWk4zOFphcGh2M094S0xQaVJJUXB0?=
 =?utf-8?B?YWJOUW1FcVBFcktyK1VxTW95NGk5YmdoYnZDa0dNUmhKalpjRURPR0ovM0tL?=
 =?utf-8?B?azZBS21qZUNiWDhIMGliRVh2eDlBNk9pTW9Ld2pnMkRTY2U5MjhXWE5Ga1Zy?=
 =?utf-8?B?ZFBNcDNnTWVpQ2J3MWsraE1GQUVLYkpMcWQwc09hVGdEaXJUcWRnZzFYMEpH?=
 =?utf-8?Q?qgLI=3D?=
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:SUtZn8JlvOx/n+r2hvUEmIN3dWwzD8mWlN9LvwwCvEV4xtqI7i4pXqvgeof5IyRu5kxYAhUjjy2ZxSXd0lLwBrIZBRJIQO2NtZwk+dTdM+pNPkM94MkxbFEPSlp0OvGEjyJVxZ8mPmfOexmto5CXZIcdB/tuNtYc7Yyq+YWHnJjCH+3lyZtn7QQZWw1/lkSzOQ3LzTPSkSIecLzMl7NS/Pv0xXb4Cz+Ldn5DXEUSKkf2uhV0lG/x0YuwfNIbN9Xcpo4gOWZlFxturLZG10taUhLoqZmKSjVx/lBCkMT9pOQqFyWGKqhNZ9VVepTpkcyvY84yFYkxFFC6lLHQ3NdRWA==;5:UgC6Tty04W3RgHnHLPARRPJSfWcBsyylZNWSklPaimdEIuO+25yET8Pf3q/q/WwyucVfvtg4Su5IDDi4iWQfl/21xeAY3UqypcP8hsMgR4pAiDF8dx3LA6wOQ06sZKSKm9jaYtcRh+2rNCpVAdiHpjO0XmI/1uNyGw2OnIlBMnU=;24:lVNexIv6w5aQEVyWhDTaiOBq4ihoHZGPeprylMJQExAIeI1tOG6RRyq/R8mIg/APQxbJRZ0TdaXPAp2a99dis43nV0OFPny7g5CsVtdH8og=;7:lpmxlyq51XeqKeBEAGJiGR4gmrOk8SIbMMciIQbBkk07d2WUpYk3qp2qrFSYqbH6VnsvPRBcQ3DlZDAavdfy5WPInBFFiaciv0xzCfjdXOxrtXb50k3fK3u0KnSYt/GSZtAIJO/7V+FbttXiB7L1ccD6nu7WC9j2wEXf68SNuQhY99EcbN2zkpty9DL0EnBnryp22VJfN7NGPXkrIF6AImMaZes5+Nnuga2csVPWV8A=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:NuHVBPJRfx4W4K8AYuChKxqyQPBpOl6mj2VSFRvQsHaBn2pJ4roVDiZjrp65rqKqj7C/vGu+0c2Ktu/ueYm3dx6vson/iVHVNWGsWlmTDWNSbkIrbnQgCMFCsrjBsZnYKg0pJ0yRgAz2poX6E8eS3xr9eIJ7Eldaq0kpINkr9ihhxS/k4TMIWF0GhuUbHgzJAbMhhML+axNWJZKclMOlaqCC7gKVHxrOun7wvXENsPl8f2wJfVoEzJwqntFMRryy
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2017 18:05:43.6424 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2940
Lines: 97

On 7/27/2017 8:31 AM, Borislav Petkov wrote:
> On Mon, Jul 24, 2017 at 02:07:46PM -0500, Brijesh Singh wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> When Secure Encrypted Virtualization (SEV) is active, boot data (such as
>> EFI related data, setup data) is encrypted and needs to be accessed as
>> such when mapped. Update the architecture override in early_memremap to
>> keep the encryption attribute when mapping this data.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>   arch/x86/mm/ioremap.c | 44 ++++++++++++++++++++++++++++++++------------
>>   1 file changed, 32 insertions(+), 12 deletions(-)
> 
> ...
> 
>> @@ -590,10 +598,15 @@ bool arch_memremap_can_ram_remap(resource_size_t phys_addr, unsigned long size,
>>   	if (flags & MEMREMAP_DEC)
>>   		return false;
>>   
>> -	if (memremap_is_setup_data(phys_addr, size) ||
>> -	    memremap_is_efi_data(phys_addr, size) ||
>> -	    memremap_should_map_decrypted(phys_addr, size))
>> -		return false;
>> +	if (sme_active()) {
>> +		if (memremap_is_setup_data(phys_addr, size) ||
>> +		    memremap_is_efi_data(phys_addr, size) ||
>> +		    memremap_should_map_decrypted(phys_addr, size))
>> +			return false;
>> +	} else if (sev_active()) {
>> +		if (memremap_should_map_decrypted(phys_addr, size))
>> +			return false;
>> +	}
>>   
>>   	return true;
>>   }
> 
> I guess this function's hind part can be simplified to:
> 
>          if (sme_active()) {
>                  if (memremap_is_setup_data(phys_addr, size) ||
>                      memremap_is_efi_data(phys_addr, size))
>                          return false;
>          }
> 
>          return ! memremap_should_map_decrypted(phys_addr, size);
> }
> 

Ok, definitely cleaner.

>> @@ -608,15 +621,22 @@ pgprot_t __init early_memremap_pgprot_adjust(resource_size_t phys_addr,
>>   					     unsigned long size,
>>   					     pgprot_t prot)
> 
> And this one in a similar manner...
> 
>>   {
>> -	if (!sme_active())
>> +	if (!sme_active() && !sev_active())
>>   		return prot;
> 
> ... and you don't need that check...
> 
>> -	if (early_memremap_is_setup_data(phys_addr, size) ||
>> -	    memremap_is_efi_data(phys_addr, size) ||
>> -	    memremap_should_map_decrypted(phys_addr, size))
>> -		prot = pgprot_decrypted(prot);
>> -	else
>> -		prot = pgprot_encrypted(prot);
>> +	if (sme_active()) {
> 
> ... if you're going to do it here too.
> 
>> +		if (early_memremap_is_setup_data(phys_addr, size) ||
>> +		    memremap_is_efi_data(phys_addr, size) ||
>> +		    memremap_should_map_decrypted(phys_addr, size))
>> +			prot = pgprot_decrypted(prot);
>> +		else
>> +			prot = pgprot_encrypted(prot);
>> +	} else if (sev_active()) {
> 
> And here.

Will do.

Thanks,
Tom

> 
>> +		if (memremap_should_map_decrypted(phys_addr, size))
>> +			prot = pgprot_decrypted(prot);
>> +		else
>> +			prot = pgprot_encrypted(prot);
>> +	}
>