Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5309727yba; Wed, 8 May 2019 11:05:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqzag1AivqWe0n6lc6Xw1rh5n41QhuhV+TuHlSgJClj+QUc3E2T8mFhnKFaBs3x8haUymWgD X-Received: by 2002:aa7:8554:: with SMTP id y20mr32633309pfn.258.1557338718492; Wed, 08 May 2019 11:05:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557338718; cv=none; d=google.com; s=arc-20160816; b=idapuVdTczwsG+fSawBI3FBVIMeW2aQkEiMMaFNMcymtsO3f494x7hO9CX9gr7atW3 Hg8BB9omETEqf5vvjgXMa1CvcCUXe+Rjn5sd4S0nO4kHq16X8wXQcnImTnG+rvp6EBkC aM0Tv8B6cQtnEeOKN3RCaQsCOSP/e+p109DoniEgQHpHuIu9TTtaHEQGn5QRBWWLD4ZQ cMjhZ3JFFCQtP44dEaocAZR170wtO65Tx8FVnSLDQJ60nsWD3XY4Ly3fr4BOr5arfg2x ZQ/XxEKos0cA7IAyqlmgzL6xox2b1/XdHnmBpB6ZuNd+s56LDK3CXb4EJ8sXevy/83aH 3+DQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=sEAdbNfbRTCjC9a0sD0Qg1cJEdXEvR4Mo/Vl8HfdoKs=; b=ZZljfIheCKmC5kBFzQgSQDIxEHMVcGAIfO7kNeR0IqlK5d9/Csw9BrOS7qC4GHWJrc ai1DkcdOn/xrOr7nH+xpEcsN+bKfvitJx74zvzG/pK7cicARcw5V9CosRGMPtM47qLJj FomsdeBcFaCelnmycTFGiTH7u9I4rUBgdXF1Ygle+gaN6BZ4wmCdHhbQC6lQb8Z0lk1E 91lSNODABXf2gG2NrsSe4yEiBUVx1CxcoLmXjb5EIt7i1lRgXuIBRerxVWIL8xPFlLBG tzUR29Xbs8OEm4zUCHGTH7q+j7LySUE+jRcVD4+4NSbnn41q4KIQSL59et24EuA4MtXd Rsiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u5si22749689pgp.240.2019.05.08.11.05.01; Wed, 08 May 2019 11:05:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728543AbfEHOoz (ORCPT + 99 others); Wed, 8 May 2019 10:44:55 -0400 Received: from mga06.intel.com ([134.134.136.31]:57649 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728176AbfEHOom (ORCPT ); Wed, 8 May 2019 10:44:42 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2019 07:44:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,446,1549958400"; d="scan'208";a="169656527" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga002.fm.intel.com with ESMTP; 08 May 2019 07:44:35 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 4C59F79C; Wed, 8 May 2019 17:44:29 +0300 (EEST) From: "Kirill A. Shutemov" To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCH, RFC 13/62] x86/mm: Add hooks to allocate and free encrypted pages Date: Wed, 8 May 2019 17:43:33 +0300 Message-Id: <20190508144422.13171-14-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> References: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hook up into page allocator to allocate and free encrypted page properly. The hardware/CPU does not enforce coherency between mappings of the same physical page with different KeyIDs or encryption keys. We are responsible for cache management. Flush cache on allocating encrypted page and on returning the page to the free pool. prep_encrypted_page() also takes care about zeroing the page. We have to do this after KeyID is set for the page. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/mktme.h | 17 +++++++++++++ arch/x86/mm/mktme.c | 49 ++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/arch/x86/include/asm/mktme.h b/arch/x86/include/asm/mktme.h index b5afa31b4526..6e604126f0bc 100644 --- a/arch/x86/include/asm/mktme.h +++ b/arch/x86/include/asm/mktme.h @@ -40,6 +40,23 @@ static inline int vma_keyid(struct vm_area_struct *vma) return __vma_keyid(vma); } +#define prep_encrypted_page prep_encrypted_page +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero); +static inline void prep_encrypted_page(struct page *page, int order, + int keyid, bool zero) +{ + if (keyid) + __prep_encrypted_page(page, order, keyid, zero); +} + +#define HAVE_ARCH_FREE_PAGE +void free_encrypted_page(struct page *page, int order); +static inline void arch_free_page(struct page *page, int order) +{ + if (page_keyid(page)) + free_encrypted_page(page, order); +} + #else #define mktme_keyid_mask ((phys_addr_t)0) #define mktme_nr_keyids 0 diff --git a/arch/x86/mm/mktme.c b/arch/x86/mm/mktme.c index d4a1a9e9b1c0..43489c098e60 100644 --- a/arch/x86/mm/mktme.c +++ b/arch/x86/mm/mktme.c @@ -1,4 +1,5 @@ #include +#include #include /* Mask to extract KeyID from physical address. */ @@ -37,3 +38,51 @@ int __vma_keyid(struct vm_area_struct *vma) pgprotval_t prot = pgprot_val(vma->vm_page_prot); return (prot & mktme_keyid_mask) >> mktme_keyid_shift; } + +/* Prepare page to be used for encryption. Called from page allocator. */ +void __prep_encrypted_page(struct page *page, int order, int keyid, bool zero) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* All pages coming out of the allocator should have KeyID 0 */ + WARN_ON_ONCE(lookup_page_ext(page)->keyid); + lookup_page_ext(page)->keyid = keyid; + + /* Clear the page after the KeyID is set. */ + if (zero) + clear_highpage(page); + + page++; + } +} + +/* + * Handles freeing of encrypted page. + * Called from page allocator on freeing encrypted page. + */ +void free_encrypted_page(struct page *page, int order) +{ + int i; + + /* + * The hardware/CPU does not enforce coherency between mappings + * of the same physical page with different KeyIDs or + * encryption keys. We are responsible for cache management. + */ + clflush_cache_range(page_address(page), PAGE_SIZE * (1UL << order)); + + for (i = 0; i < (1 << order); i++) { + /* Check if the page has reasonable KeyID */ + WARN_ON_ONCE(lookup_page_ext(page)->keyid > mktme_nr_keyids); + lookup_page_ext(page)->keyid = 0; + page++; + } +} -- 2.20.1