Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752381AbdLGXeA (ORCPT ); Thu, 7 Dec 2017 18:34:00 -0500 Received: from mail-sn1nam01on0063.outbound.protection.outlook.com ([104.47.32.63]:9120 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752296AbdLGXd6 (ORCPT ); Thu, 7 Dec 2017 18:33:58 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; From: Tom Lendacky Subject: [PATCH v1 1/3] x86/mm: Centralize PMD flags in sme_encrypt_kernel() To: x86@kernel.org Cc: Brijesh Singh , linux-kernel@vger.kernel.org, Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Thomas Gleixner Date: Thu, 07 Dec 2017 17:33:52 -0600 Message-ID: <20171207233352.29646.52076.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20171207233342.29646.12858.stgit@tlendack-t1.amdoffice.net> References: <20171207233342.29646.12858.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR18CA0025.namprd18.prod.outlook.com (10.175.9.139) To DM5PR12MB1145.namprd12.prod.outlook.com (10.168.236.140) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6e9377bf-d2dd-4501-ebf6-08d53dcafc3b X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(48565401081)(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603307);SRVR:DM5PR12MB1145; X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;3:jJU07yjRQG4OFAzex9DITcHXiwfLfR24vGP6NvdMfiCPBKwgHO+6QoLd0Iyj6Kn07/Hixrnlx15QUEuPAZyaoBZMbY8KErDdjaiurN/fYTQGUGXTdO6a8J9vC3/w4GqLhaghdyCptBCq+qLLiu5hePBNYCCdvYvdSajJD/rJWpcDTl+Na5myF0d9nZlfkS6y90scFarMechsYzzy9N7zVRLnsHCcfUADYNt8eH28wHcZ09HUeAXHzAXf77uGM4y6;25:I8J6289DTp2XERpspvGBtWMnMpBdJUGO/ljuSjYhpi3nyeSSlc3wTsmDQed3XaoobDFbrBKI5s+GnT4wuyP52S/8BfFPWHQwT6R7lM6XR3tzyeqq8XPEZkF63E+zyEEudb90qSaZy+yutVhunPVhpPI/nd3zQGVY/nwWXB3novpwCci7Ml9QvCFZyBYKcTLSsxh7oU7xCA/ylnYytKy2yTFUSoPPj2ONHP9/lm9s/p90S2RGup0eZHxCMiek4gAQRqUIhDxxGYy5mc2QkSWgxSYccHd/Ty7RZyQTovfy/jv1zAuVbqovr//AXP3cM2/FnhyU6MJwnw6fAX/3Yc3k7w==;31:b3z3+0sy5TMrH6p3awQb9hPSTf5VJhQOH8GWu7k4xJXEsCPM29Iq0umUO8LrsU2/+MfWx4AO9UmGRDHv4J/n8+pABJHRglBgqXK22fvpjefN5/lzVIWd1iaExPidcnSPdPv3LRGU2fD5C704WfFKAXecvBZ81eCkgQlcXWE9+bx16upL0Aa+IvQ1Bo8twpGUZYoZS6X5mNfhDwdz+xClryEOigyOxjb58yx5vNmIU9g= X-MS-TrafficTypeDiagnostic: DM5PR12MB1145: X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;20:af2fP6b4QL28rALUh6yn8YXmQ/BiygWG/gHcYHoA4aPfylhFSSQCZ/GRP5NKQvFDUOsbdjGy4hHf7NWGg/d8wJg9IwJvLCMr+Jh9AzV9B0FyFca2iVB/MKwNlzZORsu60nyFD0HnaAkYzB+1sJMPigpKfV+bCs9q6OssCYFAkx6sL+3DOZlUJgezPi+x7dMDsN0GDSFR2/3fJ9vAlqVU+Yh5tbykPbKSAeeQl5jThjYRZnDMu8b0nwUqV0WxHj6rgvejRvXz10bx/KUWy0V1T8v4sr1wi2flg+TuVARFLGUSpraNiPPiOFPXUDyRmTLAYAlRzseWhap4sCtcZOesnYHMY/+jeVPAb27nDOe4UO2OK10/9RCtaehqKrccbwkJU+tid1TQHark3BiuH6WF5BAtdVfpiUJVuWt1YVdrYTsgAZRXMd3OuvMH8twFeeb/EuGATpKo5ekApVRtGj5g5kswhMcCmW/FUaCA0FPU+6kWPNLgmsOcUIoewAU4rnOH;4:lE+hcLKpPalzq1EXjbnc/zKIj4viGtOR3dxIRQi8MuqisTBa7AVbgXycOBr5+j1at5XaH6Y9acNvP+J2sNOK3YT8VW0iyGee2BlvFfyWyZ/NNF8iNdNrSBwKpmDrqi7/s6lTxTIpHYmKs4/JJfRPUFc0xLPfd+HSV+gmmTXdX7m/TBp6YzBcOyAmtogRXRMrF2tyl2t537oaVEdx5pq0b8E8DRaPfQ1/fgNwnAjFOFHCRi2W6K4roE72IdAg6E+0jjr7hf/negj18X8mxlyU4lWc9vZQH+EW9cbrAv1Etg13C8sHIBnSa6TNwgVZw0u+ X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(3231022)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123562025)(20161123558100)(20161123564025)(6072148)(201708071742011);SRVR:DM5PR12MB1145;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:DM5PR12MB1145; X-Forefront-PRVS: 05143A8241 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(366004)(376002)(39860400002)(346002)(189003)(199004)(9686003)(2361001)(105586002)(106356001)(83506002)(33646002)(97746001)(2351001)(66066001)(53936002)(5660300001)(103116003)(4326008)(6506006)(8936002)(47776003)(69596002)(53416004)(2906002)(230700001)(7736002)(305945005)(478600001)(8676002)(81156014)(81166006)(50466002)(25786009)(55016002)(6666003)(72206003)(2950100002)(97736004)(7696005)(52116002)(1076002)(3846002)(58126008)(16526018)(6916009)(76176011)(54906003)(23676004)(86362001)(2486003)(68736007)(316002)(6116002);DIR:OUT;SFP:1101;SCL:1;SRVR:DM5PR12MB1145;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ1OzIzOmJCTkFyZWlIcld4LzRsN2hlSWdhd0RVWmtQ?= =?utf-8?B?RGJkU2hzeTZrSytGKzV1cGRvdHozM2lCWnJXWTZFeW1oMUxlLzdaRkdpSWxF?= =?utf-8?B?YmxnWVB5NE5RVXQycUxxYllDTHV0QVhuRy9DNkZpWk12ZDlkV01IWkpqbEJp?= =?utf-8?B?alhIdEM5TXRXc2tmdWhmbFowcC85TjZmUXJ6aGZCYmFKaCtNRTlrVXFFelNw?= =?utf-8?B?OWZHcVR5aU1yS1JpQXY0YmlLUU53VitKLzdOMlEyejBVREdzazRYcWRKTUg3?= =?utf-8?B?Q3R2OWNwWFJjYzFiaE5OSEcwVGxlb1hCOFlETHhZTWpDMmdlQWlFR1cwUkZr?= =?utf-8?B?em9yMVU1cVJoSUNUdTIwbHRHRDBINXF6R2kvaStKcTJGcGQxdnhUL3pXL0oz?= =?utf-8?B?bGpsMGJRNS9TSm0zVE1CaEl2WXpGYlN1Q2VSTGRodkFkT2tWdWtZdVU4U1No?= =?utf-8?B?VTBOWVdOWm5qRUhoYzNNbU5oV3lHVk5zRmtSZHVNbW84OTJSRkk5cE9MNkVv?= =?utf-8?B?d1RBUnRzTzl6NzlHdEhvSkNnZ21TTjVsRVFXck5ZcHQrSWZYOHpxK2UzOERz?= =?utf-8?B?NFN2djBDRzl2VnlHK3lIaTJXa1FySTBxMG5ZcW42cjYxVndjelAxOFpzcmVC?= =?utf-8?B?ZDd3QkRlTWMxb2RiZE0wdlM3Vmc0ZGw2OVBSWVdSbTExNmlqSm50M1lNN09X?= =?utf-8?B?V1dBUUJibUQzSmFtbDZ4WjltZGhDcjVhLy95Lzl1d2oxUjNLOTNPa0p5TzJn?= =?utf-8?B?d0U1VHNQTFJwMXpWeGdQamUwSnpJaFhoNHNGTDNXTEw0ejNUMjc5T0lsM2hp?= =?utf-8?B?akp5dVF0UkwzTEs2SWY0aVIraFNwR1ZRRlc2Sk1lWVc4MkdvbHhrVDhmSld3?= =?utf-8?B?R0dkdVBzcDd4MnpYcHVQMFR2eElIZ3dOdzlsbWp2VFRzbVk1SDUwczZHaURt?= =?utf-8?B?aEN1UTFSSXFrMDBWNVZjWWJTamRSVHdpbW1FSTliRXM2RTk4ZVgxYlp0SmZG?= =?utf-8?B?NWZKY1lqSEdLWDMvcm1QQTk0MnJUcTVBMTBzSlRJQk1uS3RYZmUxTjh2NXdT?= =?utf-8?B?d3RUT0NQNGw0VmJBQUwxVGJES2NmSTdzaTlMVitKR245QS9sb0xlOC9jTlh1?= =?utf-8?B?ZGdpcnRrTUozNldUbmVidVBDUnRWVHZ2eVV0VHlWaStIUXZrakxWVDRWVkdl?= =?utf-8?B?TXAyQnRyZUFiTUJ6U3A4YTJCd0hEaHREMWVEbU5DYTlmSC96Y3lZMFhXV2tT?= =?utf-8?B?SzE0MEtORVpBOWw3Y1g0Ui92RjhtbjVjZTBFQW1TNGdyZVVXQTdwQ0FCVjJJ?= =?utf-8?B?dk1tQlpSaFBpbm1XWHJ2eHhQSTNzQ2U4dmdrbnhjekxUbGlXRDlWenVBaUUr?= =?utf-8?B?cjdNd3M1STJqYlAydU1qOC90Q25KelVMK3JtdGxacThGbHd6YmRJbnprRFBS?= =?utf-8?B?aU9zZDBpWG1HRTUwT001WUlLRTNrRGVHTVNqMVdONTBicWg2Y1VWQTRWWnoz?= =?utf-8?B?K01nZFptR0kraVNMbmJWM2MvSVhaRmk4V0lObVFtdHg2VW1VTWM4RGtZcnd2?= =?utf-8?B?ZFlIMkM2Ym9jN1NkbTYwOExjbkhSZ3NIWWZLR1JPRUpZTkpaK01ueTdCa1cw?= =?utf-8?B?dTRjVTltRUtyaUJQT1AvTmV3VWhMR3k4YU0rRmRWMEVYaWwySFpCV0QwNVU1?= =?utf-8?Q?rgKVj5yLb2CRP/48SI=3D?= X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;6:iSXkJUuvCvQRR4uHLduvbvVD5IcHBU6DUDGbq/utXoP+NkfjXLyiJUbyRnG22UWWSGVUaRCLyL/COV+xg4voicr/7CvTcbfk5Ikb2Y1DFS0X+C91kra2f7rkKU/ae9i5aVMHeHY82PyT++V4241U/+aAch6OY68T/68vv9PYeQI3eboIt7VJHDpXy2FRhS4noHXrmwW6dEa7J+1vRro319L19irxP2z8tvDGhPQN/vlhHl/hajuz5rqZNkUFWR0c1S0VVLkv7mvOYHw/HDD6ghMShQhzYcwMn3QaNujZ7S6ZvE2TqwDciYJbvy1o8RMTaIaLrOkeqYzN7DU6kW2v1pPUdmoHly9QY9zE2Ywq3EY=;5:wQuIFhcUADrpD0Z+9DiVmrm2JMQj6I0sP4Jgp2eu4WgYjc7qZDzgOIuKLOiX36fvNS3Aomnw7PdjpGVfAaHGsn3r7N36UDfgCdNPA1mBYVT++Ctz2U8ZWvbzcridqePKHFs65Q3xeIJiM/NQnxWdSDYqEdloseHslel1+8UMyAs=;24:qJzVCm0wGxiAc4GNvUxUBHD/FpDBFQHIAqSOMeO/2GdFigWV2YpoOPPvYDHUGs8vRwGJyO2+NUjrhfCD2zwf84wO12/dpcAHQ8uz2Nf4z0U=;7:I4cFJUlkjih72Gfo9jvX4kRuCRrujcAVkaATYJLiFO4NFgDh5z+r48Djbi7H/ocDCQ+wRl1J3iIKVkfsRrHxaF/kN3s1kBv/5r0ZV1iwj05hjNdc/P5FSjEyOn38fue0irhvIBkfyd0adWP5mXZCn6/TynGgQ+9/w5BT4jOwBG8hGFz2yFGgnvhYoywUxo6cmLZS+aClWFtU27GLvK4Uv/yBENhV2A0mcXvX8lsWdKY2mIl7l1wXegctPc16T2lJ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM5PR12MB1145;20:YhWh/cWOPIofg9SYb45WGTRReq5q0EC3t1TpXZG2vlh0ue7IfMBe77YtUXZK4E54neYtTKI+3hJVUUpbVJ7O98F+9U3v528kQ+9NZ+Ym1qIJhNC7FrWlFTtIq/fDffcyqH/NWweK1mUxH1bBaa7pa2U9qy2AKIiuZvV6eEKClbh5rez9UOBT2TUuMXKei7WR+FsN14Erq00vWldNxZCCfNBnvfu5Dvlm/4dQsS9swsWaqy5zxJ0sK/66mjN9pgQY X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Dec 2017 23:33:55.8516 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6e9377bf-d2dd-4501-ebf6-08d53dcafc3b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1145 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6343 Lines: 186 In preparation for encrypting more than just the kernel during early boot processing, centralize the use of the PMD flag settings based on the type of mapping desired. When 4KB aligned encryption is added, this will allow either PTE flags or large page PMD flags to be used without requiring the caller to adjust. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c | 109 +++++++++++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 49 deletions(-) diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index d9a9e9f..2d8404b 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -464,6 +464,8 @@ void swiotlb_set_mem_attributes(void *vaddr, unsigned long size) set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT); } +static void *pgtable_area; + static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, unsigned long end) { @@ -484,10 +486,16 @@ static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, #define PGD_FLAGS _KERNPG_TABLE_NOENC #define P4D_FLAGS _KERNPG_TABLE_NOENC #define PUD_FLAGS _KERNPG_TABLE_NOENC -#define PMD_FLAGS (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) -static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, - unsigned long vaddr, pmdval_t pmd_val) +#define PMD_FLAGS_LARGE (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) + +#define PMD_FLAGS_DEC PMD_FLAGS_LARGE +#define PMD_FLAGS_DEC_WP ((PMD_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ + (_PAGE_PAT | _PAGE_PWT)) +#define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) + +static void __init sme_populate_pgd(pgd_t *pgd_base, unsigned long vaddr, + unsigned long paddr, pmdval_t pmd_flags) { pgd_t *pgd_p; p4d_t *p4d_p; @@ -538,7 +546,7 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, pud_p += pud_index(vaddr); if (native_pud_val(*pud_p)) { if (native_pud_val(*pud_p) & _PAGE_PSE) - goto out; + return; pmd_p = (pmd_t *)(native_pud_val(*pud_p) & ~PTE_FLAGS_MASK); } else { @@ -554,10 +562,43 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, pmd_p += pmd_index(vaddr); if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) - native_set_pmd(pmd_p, native_make_pmd(pmd_val)); + native_set_pmd(pmd_p, native_make_pmd(paddr | pmd_flags)); +} -out: - return pgtable_area; +static void __init __sme_map_range(pgd_t *pgd, unsigned long vaddr, + unsigned long vaddr_end, + unsigned long paddr, pmdval_t pmd_flags) +{ + while (vaddr < vaddr_end) { + sme_populate_pgd(pgd, vaddr, paddr, pmd_flags); + + vaddr += PMD_PAGE_SIZE; + paddr += PMD_PAGE_SIZE; + } +} + +static void __init sme_map_range_encrypted(pgd_t *pgd, + unsigned long vaddr, + unsigned long vaddr_end, + unsigned long paddr) +{ + __sme_map_range(pgd, vaddr, vaddr_end, paddr, PMD_FLAGS_ENC); +} + +static void __init sme_map_range_decrypted(pgd_t *pgd, + unsigned long vaddr, + unsigned long vaddr_end, + unsigned long paddr) +{ + __sme_map_range(pgd, vaddr, vaddr_end, paddr, PMD_FLAGS_DEC); +} + +static void __init sme_map_range_decrypted_wp(pgd_t *pgd, + unsigned long vaddr, + unsigned long vaddr_end, + unsigned long paddr) +{ + __sme_map_range(pgd, vaddr, vaddr_end, paddr, PMD_FLAGS_DEC_WP); } static unsigned long __init sme_pgtable_calc(unsigned long len) @@ -616,9 +657,7 @@ void __init sme_encrypt_kernel(void) unsigned long execute_start, execute_end, execute_len; unsigned long kernel_start, kernel_end, kernel_len; unsigned long pgtable_area_len; - unsigned long paddr, pmd_flags; unsigned long decrypted_base; - void *pgtable_area; pgd_t *pgd; if (!sme_active()) @@ -690,14 +729,8 @@ void __init sme_encrypt_kernel(void) * addressing the workarea. */ pgd = (pgd_t *)native_read_cr3_pa(); - paddr = workarea_start; - while (paddr < workarea_end) { - pgtable_area = sme_populate_pgd(pgd, pgtable_area, - paddr, - paddr + PMD_FLAGS); - - paddr += PMD_PAGE_SIZE; - } + sme_map_range_decrypted(pgd, workarea_start, workarea_end, + workarea_start); /* Flush the TLB - no globals so cr3 is enough */ native_write_cr3(__native_read_cr3()); @@ -712,17 +745,6 @@ void __init sme_encrypt_kernel(void) memset(pgd, 0, sizeof(*pgd) * PTRS_PER_PGD); pgtable_area += sizeof(*pgd) * PTRS_PER_PGD; - /* Add encrypted kernel (identity) mappings */ - pmd_flags = PMD_FLAGS | _PAGE_ENC; - paddr = kernel_start; - while (paddr < kernel_end) { - pgtable_area = sme_populate_pgd(pgd, pgtable_area, - paddr, - paddr + pmd_flags); - - paddr += PMD_PAGE_SIZE; - } - /* * A different PGD index/entry must be used to get different * pagetable entries for the decrypted mapping. Choose the next @@ -732,30 +754,19 @@ void __init sme_encrypt_kernel(void) decrypted_base = (pgd_index(workarea_end) + 1) & (PTRS_PER_PGD - 1); decrypted_base <<= PGDIR_SHIFT; - /* Add decrypted, write-protected kernel (non-identity) mappings */ - pmd_flags = (PMD_FLAGS & ~_PAGE_CACHE_MASK) | (_PAGE_PAT | _PAGE_PWT); - paddr = kernel_start; - while (paddr < kernel_end) { - pgtable_area = sme_populate_pgd(pgd, pgtable_area, - paddr + decrypted_base, - paddr + pmd_flags); + /* Add encrypted kernel (identity) mappings */ + sme_map_range_encrypted(pgd, kernel_start, kernel_end, kernel_start); - paddr += PMD_PAGE_SIZE; - } + /* Add decrypted, write-protected kernel (non-identity) mappings */ + sme_map_range_decrypted_wp(pgd, kernel_start + decrypted_base, + kernel_end + decrypted_base, kernel_start); /* Add decrypted workarea mappings to both kernel mappings */ - paddr = workarea_start; - while (paddr < workarea_end) { - pgtable_area = sme_populate_pgd(pgd, pgtable_area, - paddr, - paddr + PMD_FLAGS); - - pgtable_area = sme_populate_pgd(pgd, pgtable_area, - paddr + decrypted_base, - paddr + PMD_FLAGS); - - paddr += PMD_PAGE_SIZE; - } + sme_map_range_decrypted(pgd, workarea_start, workarea_end, + workarea_start); + sme_map_range_decrypted(pgd, workarea_start + decrypted_base, + workarea_end + decrypted_base, + workarea_start); /* Perform the encryption */ sme_encrypt_execute(kernel_start, kernel_start + decrypted_base,