Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
In-Reply-To: <3f7c5d6e-3c22-4a7f-c38f-b34b7cd1b451@amd.com>
References: <20180110192544.6026.17285.stgit@tlendack-t1.amdoffice.net>
 <20180111183313.7ub2t3xkeko5yb3z@pd.tnic> <68544677-2cbc-b41e-2db0-5799ef84d592@gmail.com>
 <b541ff4d-8131-ac09-1dbe-f549ceb47c6f@amd.com> <20180119151150.GB9033@kroah.com>
 <47ab23e7-c3e8-0edd-a7ac-019bd0e47a02@amd.com> <20180119153524.GB1214@kroah.com>
 <3f7c5d6e-3c22-4a7f-c38f-b34b7cd1b451@amd.com>
From:   Gabriel C <nix.or.die@gmail.com>
Date:   Fri, 19 Jan 2018 17:02:04 +0100
Message-ID: <CAEJqkggB+bYCLLBhBNct510mi69cuk4GxLS_R53kzgV=agh1sg@mail.gmail.com>
Subject: Re: [PATCH v3 0/5] x86: SME: BSP/SME microcode update fix
To:     Tom Lendacky <thomas.lendacky@amd.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Borislav Petkov <bp@alien8.de>, x86@kernel.org,
        Brijesh Singh <brijesh.singh@amd.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

2018-01-19 16:56 GMT+01:00 Tom Lendacky <thomas.lendacky@amd.com>:
> On 1/19/2018 9:35 AM, Greg Kroah-Hartman wrote:
>> On Fri, Jan 19, 2018 at 09:27:47AM -0600, Tom Lendacky wrote:
>>> On 1/19/2018 9:11 AM, Greg Kroah-Hartman wrote:
>>>> On Fri, Jan 19, 2018 at 09:03:52AM -0600, Tom Lendacky wrote:
>>>>> On 1/15/2018 4:47 PM, Gabriel C wrote:
>>>>>> On 11.01.2018 19:33, Borislav Petkov wrote:
>>>>>>> On Wed, Jan 10, 2018 at 01:25:45PM -0600, Tom Lendacky wrote:
>>>>>>>> This patch series addresses an issue when SME is active and the BS=
P
>>>>>>>> is attempting to check for and load microcode during load_ucode_bs=
p().
>>>>>>>> Since the initrd has not been decrypted (yet) and the virtual addr=
ess
>>>>>>>> of the initrd treats the memory as encrypted, the CPIO archive par=
sing
>>>>>>>> fails to locate the microcode.
>>>>>>>>
>>>>>>>> This series moves the encryption of the initrd into the early boot=
 code
>>>>>>>> and encrypts it at the same time that the kernel is encrypted.  Si=
nce
>>>>>>>> the initrd is now encrypted, the CPIO archive parsing succeeds in
>>>>>>>> properly locating the microcode.
>>>>>>>>
>>>>>>>> The following patches are included in this fix:
>>>>>>>> - Cleanup register saving in arch/x86/mm/mem_encrypt_boot.S
>>>>>>>> - Reduce parameters and complexity for creating the SME PGD mappin=
gs
>>>>>>>> - Centralize the use of the PMD flags used in sme_encrypt_kernel()=
 in
>>>>>>>>    preparation for using PTE flags also.
>>>>>>>> - Prepare sme_encrypt_kernel() to handle PAGE aligned encryption, =
not
>>>>>>>>    just 2MB large page aligned encryption.
>>>>>>>> - Encrypt the initrd in sme_encrypt_kernel() when the kernel is be=
ing
>>>>>>>>    encrypted.
>>>>>>>>
>>>>>>>> This patch series is based on tip/master.
>>>>>>>>
>>>>>>>> ---
>>>>>>>>
>>>>>>>> Changes from v2:
>>>>>>>> - General code cleanup based on feedback.
>>>>>>>>
>>>>>>>> Changes from v1:
>>>>>>>> - Additional patch to cleanup the register saving performed in
>>>>>>>>    arch/x86/mm/mem_encrypt_boot.S in prep for changes made in the
>>>>>>>>    remainder of the patchset.
>>>>>>>> - Additional patch to reduce parameters and complexity for creatin=
g the
>>>>>>>>    SME PGD mappings by introducing and using a structure for refer=
encing
>>>>>>>>    the PGD to populate, the pagetable allocation area, the
>>>>>>>> virtual/physical
>>>>>>>>    addresses being mapped and the pagetable flags to be used.
>>>>>>>> - Consolidate PMD/PTE mapping code to reduce duplication.
>>>>>>>>
>>>>>>>> Tom Lendacky (5):
>>>>>>>>        x86/mm: Cleanup register saving in mem_encrypt_boot.S
>>>>>>>>        x86/mm: Use a struct to reduce parameters for SME PGD mappi=
ng
>>>>>>>>        x86/mm: Centralize PMD flags in sme_encrypt_kernel()
>>>>>>>>        x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encry=
ption
>>>>>>>>        x86/mm: Encrypt the initrd earlier for BSP microcode update
>>>>>>>>
>>>>>>>>
>>>>>>>>   arch/x86/include/asm/mem_encrypt.h |    4
>>>>>>>>   arch/x86/kernel/head64.c           |    4
>>>>>>>>   arch/x86/kernel/setup.c            |   10 -
>>>>>>>>   arch/x86/mm/mem_encrypt.c          |  356
>>>>>>>> ++++++++++++++++++++++++++----------
>>>>>>>>   arch/x86/mm/mem_encrypt_boot.S     |   80 ++++----
>>>>>>>>   5 files changed, 308 insertions(+), 146 deletions(-)
>>>>>>>
>>>>>>> All 5:
>>>>>>>
>>>>>>> Reviewed-by: Borislav Petkov <bp@suse.de>
>>>>>>>
>>>>>>
>>>>>> Guys , are these patches going to be part of 4.15 ?
>>>>>>
>>>>>> With mem_encrypt=3Don without these patches microcode loading doesn'=
t
>>>>>> work right. Also @stable 4.14 would need the fixes too.
>>>>>
>>>>> It looks like these patches have been pulled into 4.15.  I did forget
>>>>> to cc stable, so I'll follow-up with a separate email to have these
>>>>> back-ported to the 4.14 stable tree.
>>>>
>>>> What are the git commit ids?   That's all I need :)
>>>
>>> Hi Greg,
>>>
>>> Here are the commit ids:
>>>   1303880179e6 (=E2=80=9Cx86/mm: Clean up register saving in the __enc_=
copy() assembly code=E2=80=9D)
>>>   bacf6b499e11 (=E2=80=9Cx86/mm: Use a struct to reduce parameters for =
SME PGD mapping=E2=80=9D)
>>>   2b5d00b6c2cd (=E2=80=9Cx86/mm: Centralize PMD flags in sme_encrypt_ke=
rnel()=E2=80=9D)
>>>   cc5f01e28d6c (=E2=80=9Cx86/mm: Prepare sme_encrypt_kernel() for PAGE =
aligned encryption=E2=80=9D)
>>>   107cd2532181 (=E2=80=9Cx86/mm: Encrypt the initrd earlier for BSP mic=
rocode update=E2=80=9D)
>>>
>>> The last commit won't apply cleanly on 4.14.  There was a change in
>>> arch/x86/kernel/setup.c for SEV support.  The actual patch to that file
>>> is very small it just removes the call to sme_early_encrypt() and the
>>> associated comment.  I can submit a new version of that patch if you
>>> want, just let me know.
>>
>> A backported version of that would be great, thanks.
>
> Ok, I'll send that out as soon as possible.  Since it is a changed patch
> I was planning to remove the Tested-by, Signed-off-by (except for my sign
> off), etc. or would you prefer I leave them in this case?
>

I tested the series on top 4.14.13/.14 already , the conflict is
trivial and easy to fix.

If you wish you can keep my Tested-by.

Regards,

Gabriel C