Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753332AbdHQTXI (ORCPT ); Thu, 17 Aug 2017 15:23:08 -0400 Received: from mail-sn1nam02on0056.outbound.protection.outlook.com ([104.47.36.56]:8122 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752632AbdHQTXE (ORCPT ); Thu, 17 Aug 2017 15:23:04 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC Part1 PATCH v3 11/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages To: Borislav Petkov , Brijesh Singh Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-efi@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric Biederman , Benjamin Herrenschmidt , Paul Mackerras , Konrad Rzeszutek Wilk , Jonathan Corbet , Dave Airlie , Kees Cook , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Tejun Heo , Christoph Lameter References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-12-brijesh.singh@amd.com> <20170802040255.GA4336@nazgul.tnic> From: Tom Lendacky Message-ID: <74c7115c-d435-7ae3-6d2e-820558d3e446@amd.com> Date: Thu, 17 Aug 2017 14:22:48 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170802040255.GA4336@nazgul.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM3PR12CA0051.namprd12.prod.outlook.com (10.161.151.19) To MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: dc99a00e-f75d-48ae-7f6f-08d4e5a55f79 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(48565401081)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;3:bAl71Uc+EdAmilYAuK6Qj3zFKQhVyuRYMLsYt1OSZwBwxu8qR8aH3seLAtBX5iy0kagXH9A/uixKs7uN3w4B1aAD2RfYydq1s1YGuAjuvQ3GuU8S5G+C4nXLKp3S4NRLrQt7LjmJ1zK12dtzCDU+JKuPRo1SM2BIlMmZkWVgEb4moAgSYO/Nv4WVSN/IednjsbIuWdCcM/g2sTMNXsSMAYo1nIXpkB2SLBFkfY5k3ou1M0BlvPjGvefQDyvyZChG;25:c94OPNbfs2a4scXfY+4uJbGLnR7m52dLLIWMd5xH95H36oh7ybj4ARab55jYPWKRlHS1AMueez/lzqdpZtyXdcJhIUQdz1iLAHY4kJAI0YyoTlVb5oQTzeVMPkZTlZvRUtmeJLeio0A61RfJNhN+du+d9NAEOBRerqJKpUR8Q6+5DI5YPwF85MIQ0OvNhKwLMVX3dSJdlnsAdrJM8lKHSAsiwoykbNNDdfRy2L6bz0zvIcB8ihORF11Hh/mz6LrYYc7W0I+zaQyW5eCNljIVmSAmKcB//5UcV7sZPSBen3z2NI0nLPerGggERSZHPYz4DNes0ZKXhq9g5lkn0JAPDA==;31:u/2lG1u6D/DU1QBY/L6BdksGECOHMO3skgcfZVtptd4mNCaQwJJtLJ2na8DIH587hBT8UDl8sugQ0kVRGdIUVjoHTxb7VtVRR+2VNb41fTPb+ttRw+N/xyGmZPFXfJBB23z25mu9e9zUjXyQUjAytCZwS0BbjX/2os6eoa6DQWQS2zvNJjEEAnZr9PeVzp8S4FMyiaILvh1MKMYFYxq+ySZkkwrf7zdwxZsfpo4DgHU= X-MS-TrafficTypeDiagnostic: MWHPR12MB1149: X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:yS6NrJJ/5uC3/YLm8zZsH8ht8XABVsgGsTOCK+yNGHIegGspuT4rt1PJWbmB9cjYj+FiAhNm4uBnJx1Z/w/ZTKIKFCs7X5L5UhTv6gBXLtIyftYhWTGfLpy9k2SjZQVX1UPRdfGIkwgDHGgPU+3c8I13TBA3/XCJOqQ0xw0PPlFfJdNHzARumdMAOnRC7j3sXhtikiWZfCiLy2DjHnTQd+M5T8Lhu7Icu2G0qDRxxC+VPNF4SoVJfT8TYCypLSKjTCNeI5pbvH0D7ecA8dmiENvQlyeZc3JZUASYAjFQNBVwNQupPcX7Sm0PFw+21TBhtsFpHwMOQ6VQxYw1mb2lLwC++SqJxPcSRnjxBfAaaB+/tgF/HtLX7CUsvNBrMfZ1mt2KbonH45hU58oCQjRczHBsV3jE2v3DsvJUNqtOstlemOxda/VOMq4DZ23OTO29RXe5rg43nz+ewEV2JDiifvontuZrrDLlBUfh/k+mNkTS+6WmEmXu40u6uRWMs+Fh;4:ftPbeQDwwFcFJehE+wgValRCS6kzaNO8Yz1gyy7hW/z6+0DbezNPuL7PNrHidapRJy8Fjcf0nF54RRitkhLjAgURIJpPp+3CPma9vv9sieq4/dx68Qm6VMy+9+Du+Bu+i1b7t6plg/SFc/lsG0TQQPBt/KC2eG8AYU/jTXw6SwV3/fXREhywjEroBE/uPNYsDWr8MWocCThE4fBdxL8Cn9ZxiUYZYD9EEsEZLr+zTZYYioytXuj19kQ31XIn7QWPZz4Bayo1430vFiL48v2KXQ0mgm4CzEuhKcwWuHPlCzU= X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:MWHPR12MB1149;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:MWHPR12MB1149; X-Forefront-PRVS: 0402872DA1 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(7370300001)(6009001)(6049001)(39860400002)(199003)(189002)(377454003)(24454002)(72206003)(31686004)(31696002)(105586002)(42186005)(106356001)(4326008)(7736002)(50466002)(2906002)(64126003)(305945005)(229853002)(478600001)(5660300001)(54356999)(76176999)(50986999)(33646002)(36756003)(7350300001)(25786009)(3846002)(7406005)(3260700006)(6116002)(7416002)(101416001)(189998001)(6246003)(6666003)(230700001)(6486002)(90366009)(65826007)(53546010)(81156014)(8676002)(77096006)(4001350100001)(81166006)(65956001)(65806001)(47776003)(66066001)(83506001)(68736007)(54906002)(2950100002)(6636002)(53936002)(23676002)(97736004)(575784001)(86362001);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1149;H:[10.236.64.250];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzIzOnpCaE1XdlZ0MURVNG02bFdFZlBwUGNsblYv?= =?utf-8?B?ZEJTeHRQVmlTMHlTcG1jUlhxZ29BekJpcmh0ZTQ1MnNCd2M5N2xyaUNHbC9i?= =?utf-8?B?S2lIWXRGZW5zODF6MEhtVFhnaFZKTFdkeE9GR0tWclhZaVFyNzlmYkMwNyty?= =?utf-8?B?c3pKRW8xNExWZzA0Lzl5YitQZXNiUGJKOXFXWGJvWHE0YmwzZWNaZVR4ak5I?= =?utf-8?B?djFIUmxjd0RnZG1xci82L3I5NFRRdjhkV2NDNFg4eEhKVmlwWFZMdFgvYXZj?= =?utf-8?B?bmpmSDdYVDZZOEpPcnBwMlE3K3RRTzF0ZUlKYzFQdjNGY1lyN0EzTGtFK2tt?= =?utf-8?B?Mk1NMGp4d3pWaktaNndTZ2tHdHZDN3JjcWVscUtFa1R5NGVydGRmZWNIRzJp?= =?utf-8?B?d1RkMHlnUnB3YzJFdWl3UmJQMU9mZDh5cWo4ZlJyQUIwcWI3eWk5QlZQSi96?= =?utf-8?B?dytOTUlOV3FOZzJTN0V4QmVmSTA4WVNCZkMxdW5hU0pRa1dRdmF0RlBIaWY0?= =?utf-8?B?NnlrTkJEVVNDOEd0RXRpRXozVERSNnk0N2UrakxpeEUrb1pMTmFqZ0V3RFVR?= =?utf-8?B?MlFXTmVFVEFzL2tRSnM3VmNFeS8yNHBsTG1iVXdTSlFuMk5IU1h3dnJKVUxq?= =?utf-8?B?NmFSTkxRSE1LU2x5K05oWHRzL1F3Y0FEb1NQS2xNTnhGQnpUdUM0SFNFUEll?= =?utf-8?B?eGNsNk41ckJiVWpwd3FjNnJlbTdteFRKSUs5eHJxVjlZRmJ4UlVHU2VMODFR?= =?utf-8?B?NnVhQ0p4VHVPblhtR01QcVBjSUQ0VDJYMmVyRXE1Yi9xN3lHaGhBeDlVY3VS?= =?utf-8?B?SGc4ZXNiWUtjQ21na1k5MGtBVHhCZ240QjJVZ2VHejNvQU9rck1IcXIvalZx?= =?utf-8?B?dkxwYnRVTlhNN3hyc1Y1aWc5bjBUZ1lrbFNZcWtmcGxnd21kRlB5RFRTVUFp?= =?utf-8?B?czRyODY3cFVjVnJqTm1wNXUzUmNvcXllY0tEUlQ0a2lGTER6NlpiVG90VnY1?= =?utf-8?B?UEg5aUliL2hFTXlNTmN6ckgvRk5ncksxRVZkdW96V2F0MTdUNXRFWXFzNmNF?= =?utf-8?B?RzNKYW1udUtzNURiVGNKUW5uc21GSXEzSXhCWlczNXJnZDlDLzBSZ1luWmJZ?= =?utf-8?B?M2RYdDRVSWROUVArMlFRcXRkaFNUSXBicGJJVEJiQnkrK2lTSXNYZENEVmdl?= =?utf-8?B?ajNOMzE1VGJUWEtncFdxV3FUa0IvRERGRFNNTngzeUY0SUpEaFpCUlNrQjh6?= =?utf-8?B?MGdpMmViSjlTZDAyU3F1MUZja2RBSHRFekdKVEJSUmlJeWdoUE96SFNhR2pl?= =?utf-8?B?SHJUMkkrUGdvTjJIVXllK2ZVQ3JQRndPSG4rMGFzNFRFWnIrV1ZLbldET09I?= =?utf-8?B?K25jR05SeFZOYzZmcXRWaTJHbExxTXhUdzhxVk5FdnNvUXdzcXBuT291Vlhw?= =?utf-8?B?dlVHUWpqREkzNkozRGFSZWF5cDdublZOa2Y4dlJXbzFFVlBuMWc5akUvSGdl?= =?utf-8?B?NDJXeVVUeHEveFUwUXZ5YlNMaXZSOUlaYlBJNWhGZFJJTlRGQXFnUXkzM3VC?= =?utf-8?B?Q3VyM0FPVUhZYldZWTNCWEVYRS9qQndIWlEyRVovMHNhcjZFaHVVSkFLc3Yr?= =?utf-8?B?T3d6M0laQnRtRlV5T2lkY0s4NncyeUR6V3dQMUVFYzFHSUp1by83SGJrYWU0?= =?utf-8?B?dFpXdkNWYTNZa0hFY1l4K2JuUGM1VHRndnd3TU9WNnd3R05GWWdPaVlXM2RW?= =?utf-8?B?NG8vMkpLK0tqOUhPMGRZWDRCd3UzU1dEdFQrdEJacTdJUkhLVExrMFQ4Mkw3?= =?utf-8?B?Lyt6bG9acFozRXhWM3BUbGNZRDNTcmxERzV6Y1N2d2Y5VzBaQTJWQlc0MGJC?= =?utf-8?B?Skw3SndVYVU2d0pOUHRzZEJvQmM1OElqZGhTR0JoQ0U2SDRUWnRpTlpreFJw?= =?utf-8?B?elhqa3FIcHVMZ0E3ZWRlaG1kQ1ovQ1orc0x0TDg2Tm5BTFlxZXpSRjBvVUsv?= =?utf-8?B?VDFEeFZQK1NYZlR6THdWUnlWOUIzOEs4ZmZWRm54eTcrdUN1Q3J3czZBTDRX?= =?utf-8?Q?8+zUEKd3ygie2T5y+e+qpflKY?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;6:alLi2N8TF8uC2eE8WD8nUsOFA+d4QmTxwngm0uFWHPQUE99yFnMtLz5GJMQsv0BeyXzlnlnMezrdcLvmxinOMkf70APratkNLw6C1qSxlR26suOGyaHQfaek+oCplme0joa+ZzMxGZP3YqXO4R97l2rizCZ2nHZiUCSwcdJX+EAEIKDWZl4seewlN74dE3oOsSKFtyD5OPncDCz2/0xd+cTB4ErdTtBamCb1+FRdtvCE7e2MJ28qxXx4GXsLV7Xt/paBXpKy8i38Gkf33gpPVkMFeUNpN7yvMRL4X0xNnUv3ERpx0ON8mrAG0Joxn6S3d3axu6h/aB1uulToMifpjQ==;5:sO132R3EZJ5gARAWmsPmitdFzDiHMWQZfOAXiGeRCDS8+uE9tJD03kFV/t/jIW/J4bRsFZ41yUkZQNfmoGO46oPpbL6ZjuxRmeV41hikR96VxNBYvsGjyyebVNoylyHt6S//5ag8thpDqMW0wQCgIw==;24:3RNGhZnHBrmHzPCf1/YrvXFRmxpU/wNgXc+P/pPqp9moLIH8ZDsQlUeZDZFB50Jif2MaPDEAItA+E8DE8mwOuFAcheiz86eNNlBZVpGD6dY=;7:iHeZCmJx3bYne4pMqncayDR1hFHpm5Iaac08Uym/ZDY/MbN12SArvkIIHC4B7Lc72sHmg1F9qyBHE+fTBRNZoiREnRgCg/zk1EJOxBr+9N/SNd1eRO5FpQEhfwbRhkVIHZv5Jyu+hDA3JiXji2r0HvARIxdF3OgbskxL/MIAjj2P2Jre1xjbP3OZRvj5XGWmaZYNLFZURa5uxFO9c1ZCA7Ank84YwpoFOhqmVvshq2Y= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:mfRfvLejHdp1YQg+gscBUXzCznOK+f1w6h010/D0gdmYJ5GRk4nBFvo0/uX7mfa2KOOWXmp2zr3vAHkU0Bb8qHgTgb6RyOaoyjFmLIh4bPaxKt0IiDg+drGmyw6FrdSpQcHpFaNWm7SfqHrMmm/CLevtPFTGfm1N77kkQdP4UyUDKiFXPkHUASjjMkVwYW4/7zLZI+8sCCBsP+oskMWvBQaHHou0oLjvsQ+cWXNz2wKLOE2R3ueYIbxmBIXuM7kD X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2017 19:22:57.4932 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2647 Lines: 75 On 8/1/2017 11:02 PM, Borislav Petkov wrote: > On Mon, Jul 24, 2017 at 02:07:51PM -0500, Brijesh Singh wrote: >> From: Tom Lendacky >> >> In order for memory pages to be properly mapped when SEV is active, we >> need to use the PAGE_KERNEL protection attribute as the base protection. >> This will insure that memory mapping of, e.g. ACPI tables, receives the >> proper mapping attributes. >> >> Signed-off-by: Tom Lendacky >> Signed-off-by: Brijesh Singh >> --- >> arch/x86/mm/ioremap.c | 28 ++++++++++++++++++++++++++++ >> include/linux/ioport.h | 3 +++ >> kernel/resource.c | 17 +++++++++++++++++ >> 3 files changed, 48 insertions(+) >> >> diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c >> index c0be7cf..7b27332 100644 >> --- a/arch/x86/mm/ioremap.c >> +++ b/arch/x86/mm/ioremap.c >> @@ -69,6 +69,26 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, >> return 0; >> } >> >> +static int __ioremap_res_desc_other(struct resource *res, void *arg) >> +{ >> + return (res->desc != IORES_DESC_NONE); >> +} >> + >> +/* >> + * This function returns true if the target memory is marked as >> + * IORESOURCE_MEM and IORESOURCE_BUSY and described as other than >> + * IORES_DESC_NONE (e.g. IORES_DESC_ACPI_TABLES). >> + */ >> +static bool __ioremap_check_if_mem(resource_size_t addr, unsigned long size) >> +{ >> + u64 start, end; >> + >> + start = (u64)addr; >> + end = start + size - 1; >> + >> + return (walk_mem_res(start, end, NULL, __ioremap_res_desc_other) == 1); >> +} >> + >> /* >> * Remap an arbitrary physical address space into the kernel virtual >> * address space. It transparently creates kernel huge I/O mapping when >> @@ -146,7 +166,15 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, >> pcm = new_pcm; >> } >> >> + /* >> + * If the page being mapped is in memory and SEV is active then >> + * make sure the memory encryption attribute is enabled in the >> + * resulting mapping. >> + */ >> prot = PAGE_KERNEL_IO; >> + if (sev_active() && __ioremap_check_if_mem(phys_addr, size)) >> + prot = pgprot_encrypted(prot); > > Hmm, so this function already does walk_system_ram_range() a bit > earlier and now on SEV systems we're going to do it again. Can we make > walk_system_ram_range() return a distinct value for SEV systems and act > accordingly in __ioremap_caller() instead of repeating the operation? > > It looks to me like we could... Let me look into this. I can probably come up with something that does the walk once. Thanks, Tom >