Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935579AbeAKSda (ORCPT + 1 other); Thu, 11 Jan 2018 13:33:30 -0500 Received: from mail.skyhub.de ([5.9.137.197]:59566 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935541AbeAKSd3 (ORCPT ); Thu, 11 Jan 2018 13:33:29 -0500 Date: Thu, 11 Jan 2018 19:33:14 +0100 From: Borislav Petkov To: Tom Lendacky Cc: x86@kernel.org, Brijesh Singh , linux-kernel@vger.kernel.org, Ingo Molnar , "H. Peter Anvin" , Thomas Gleixner Subject: Re: [PATCH v3 0/5] x86: SME: BSP/SME microcode update fix Message-ID: <20180111183313.7ub2t3xkeko5yb3z@pd.tnic> References: <20180110192544.6026.17285.stgit@tlendack-t1.amdoffice.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20180110192544.6026.17285.stgit@tlendack-t1.amdoffice.net> User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 10, 2018 at 01:25:45PM -0600, Tom Lendacky wrote: > This patch series addresses an issue when SME is active and the BSP > is attempting to check for and load microcode during load_ucode_bsp(). > Since the initrd has not been decrypted (yet) and the virtual address > of the initrd treats the memory as encrypted, the CPIO archive parsing > fails to locate the microcode. > > This series moves the encryption of the initrd into the early boot code > and encrypts it at the same time that the kernel is encrypted. Since > the initrd is now encrypted, the CPIO archive parsing succeeds in > properly locating the microcode. > > The following patches are included in this fix: > - Cleanup register saving in arch/x86/mm/mem_encrypt_boot.S > - Reduce parameters and complexity for creating the SME PGD mappings > - Centralize the use of the PMD flags used in sme_encrypt_kernel() in > preparation for using PTE flags also. > - Prepare sme_encrypt_kernel() to handle PAGE aligned encryption, not > just 2MB large page aligned encryption. > - Encrypt the initrd in sme_encrypt_kernel() when the kernel is being > encrypted. > > This patch series is based on tip/master. > > --- > > Changes from v2: > - General code cleanup based on feedback. > > Changes from v1: > - Additional patch to cleanup the register saving performed in > arch/x86/mm/mem_encrypt_boot.S in prep for changes made in the > remainder of the patchset. > - Additional patch to reduce parameters and complexity for creating the > SME PGD mappings by introducing and using a structure for referencing > the PGD to populate, the pagetable allocation area, the virtual/physical > addresses being mapped and the pagetable flags to be used. > - Consolidate PMD/PTE mapping code to reduce duplication. > > Tom Lendacky (5): > x86/mm: Cleanup register saving in mem_encrypt_boot.S > x86/mm: Use a struct to reduce parameters for SME PGD mapping > x86/mm: Centralize PMD flags in sme_encrypt_kernel() > x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption > x86/mm: Encrypt the initrd earlier for BSP microcode update > > > arch/x86/include/asm/mem_encrypt.h | 4 > arch/x86/kernel/head64.c | 4 > arch/x86/kernel/setup.c | 10 - > arch/x86/mm/mem_encrypt.c | 356 ++++++++++++++++++++++++++---------- > arch/x86/mm/mem_encrypt_boot.S | 80 ++++---- > 5 files changed, 308 insertions(+), 146 deletions(-) All 5: Reviewed-by: Borislav Petkov -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.