Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5288987yba; Wed, 8 May 2019 10:44:19 -0700 (PDT) X-Google-Smtp-Source: APXvYqyWH/EAmm9tvjQ1WVk9O2f4dG8qxojl5XS72SvorSrHzNoaBWrqptOMJtRvMfBRynEkqygG X-Received: by 2002:a63:1854:: with SMTP id 20mr46786105pgy.366.1557337459369; Wed, 08 May 2019 10:44:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557337459; cv=none; d=google.com; s=arc-20160816; b=NqU3iYl4BZ4/maidUdJprANQH32AO8AI0RwwIPAWEpuN/Ck1B9msTrqZ7eWCTVvSIr cgjmccXpT1HY2Rg+9e7RL1vxQvzQUqCowMAa2sBDm62kewlc5DllpHrOJXJfqteaTPch ckTeL+bOJXSiO1gRcc0WK6T1wzDwNtzhKJWOiUYV4aeDvxn+yIVPq/5MPkAcrAPAXf+n AK19PA540ny9+uDpUEfwU96/uFYat/7swBfgIIxxUIAZoSO+U2jqnSFZBhRVqkpo6VZK Apn5G2gYfX/b2sixsHSoSljUbEicXySG0j8RxmTPa+/L1tl40tCiwcHmgA2obvVhIRmq PScA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=018UgTJ/DlaExsBeCC+mPQWwJqpTOkW1qegnhZScuV8=; b=ArL8e9w9fGL0KHdJ3HgSjh7lEEjZPiBYnpTrbU1WYhg8Ts2wd6uP6rJoVqCVwsNNCH f5utoOEXVsJ2QeTimE76T8++ybJlAnjkFjBd2TnMBIraaWFXGoHFsUkvaeDGlWzgzMZ2 yleQNtL+YbBqqbL+P64VDtg4ooPHC3ht2qQl7IJQ4Ecqr/qP/QLpZau+RYNaOb94Fg+K hdXSHPOjUKsimMQEiN6Rjao4HeHsQQTkEaN5Mo+EFq2tdIXtjEWG2/Pax8vs649F0KBg gSXjqDj7yIa/y8b8s5FXAXbZz3M6j2qERpn2db/j5b32rgd4IHjiqZXwVlKHnvghYzVM HV6g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u74si10040896pgc.346.2019.05.08.10.44.03; Wed, 08 May 2019 10:44:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728708AbfEHOpN (ORCPT + 99 others); Wed, 8 May 2019 10:45:13 -0400 Received: from mga02.intel.com ([134.134.136.20]:19918 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728395AbfEHOou (ORCPT ); Wed, 8 May 2019 10:44:50 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656563" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:44 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id B16F3D2B; Wed, 8 May 2019 17:44:30 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCH, RFC 40/62] keys/mktme: Program new PCONFIG targets with MKTME keys Date: Wed, 8 May 2019 17:44:00 +0300 Message-Id: <20190508144422.13171-41-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alison Schofield When a new PCONFIG target is added to an MKTME platform, its key table needs to be programmed to match the key tables across the entire platform. This type of newly added PCONFIG target may appear during a memory hotplug event. This key programming path will differ from the normal key programming path in that it will only program a single PCONFIG target, AND, it will only do that programming if allowed. Allowed means that either user type keys are stored, or, no user type keys are currently programmed. So, after checking if programming is allowable, this helper function will program the one new PCONFIG target, with all the currently programmed keys. This will be used in MKTME's memory notifier callback supporting MEM_GOING_ONLINE events. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 44 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 2c975c48fe44..489dddb8c623 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -582,6 +582,50 @@ static int mktme_get_new_pconfig_target(void) return new_target; } +static int mktme_program_new_pconfig_target(int new_pkg) +{ + struct mktme_payload *payload; + int cpu, keyid, ret; + + /* + * Only program new target when user type keys are stored or, + * no user type keys are currently programmed. + */ + if (!mktme_storekeys && + (bitmap_weight(mktme_bitmap_user_type, mktme_nr_keyids))) + return -EPERM; + + /* Set mktme_leadcpus to only include new target */ + cpumask_clear(mktme_leadcpus); + for_each_online_cpu(cpu) { + if (topology_physical_package_id(cpu) == new_pkg) { + __cpumask_set_cpu(cpu, mktme_leadcpus); + break; + } + } + /* Program the stored keys into the new key table */ + for (keyid = 1; keyid <= mktme_nr_keyids; keyid++) { + /* + * When a KeyID slot is not in use, the corresponding key + * pointer is 0. '-1' is an intermediate state where the + * key is on it's way out, but not gone yet. Program '-1's. + */ + if (mktme_map->key[keyid] == 0) + continue; + + payload = &mktme_key_store[keyid]; + ret = mktme_program_keyid(keyid, payload); + if (ret != MKTME_PROG_SUCCESS) { + /* Quit on first failure to program key table */ + pr_debug("mktme: %s\n", mktme_error[ret].msg); + ret = -ENOKEY; + break; + } + } + mktme_update_pconfig_targets(); /* Restore mktme_leadcpus */ + return ret; +} + static int __init init_mktme(void) { int ret, cpuhp; -- 2.20.1