Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp6108641ybi; Wed, 31 Jul 2019 08:28:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqyX03x1ghZ4gvfFdo0ZmvUw3/47otJSzHksGAltfEBnagD7JepF+LpQgzPKzMRxOPmJ+vK1 X-Received: by 2002:aa7:8202:: with SMTP id k2mr48924583pfi.31.1564586931499; Wed, 31 Jul 2019 08:28:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564586931; cv=none; d=google.com; s=arc-20160816; b=u+x5moZmbvIebKw+UcYPtIRNdvekuCu4rkBC1OcBzU0M3RamnZ98IkOjvnvV+JvayY R3MS7XY2n/atvQBRWXbEGjM1iiTwn+n/Y8dkKGWtBydVg82be9dQuvja8QZvC/no5tAP uodNmQHOjrducKcMgLv1zWwdtbyG8aaXRBdpnFZa+Hal0Z19O+myjCEOt1mAr1JS+d3y dz6iYMmbhBNx9umgU9j0xaziQFoWx0jOMt/c7us8JTgyCSb++w229ZvD+g0+eu0u60CS w3S4iEGEhghGuaJ/xUXipSHzuI78zM9fiVvNg9B9pVN0ot2py2KSjjoPTkrLcGIczlZp uy5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uIXZ0F8v9y0X5Vlr65FlBUe43ILwGFJ310V1qk1n87Y=; b=EWf1zBf+O2xu0Aa0j8jGxJSzveJJ1ronlr5wDlSgsBPkK5yY5A2un8u4QrpsMrEdl+ VhiHRaGN370SaT+jlugiEOM+GQW+Or685hQWnmBfRc2sTwmINFo7k4SefZ4m62xMncgC x7Dg77TuktqX8EHby+glSPqqqUrRwrrjIzH+9TiMbzbScS+lYU9JR0lvSYhDKc4SdxxH LbJrab6HVb9HU1pWEWNvCPJ4bI7tHsTYkydggnpnn+uQWHrm2tbJFQzA8z6u6B6WU5an W4Bq7HUafXgoMmIZ0tv503CqThRXTAVUt26ZdEHKaBvK8xTbmjx8XFvVPs3SxDtVyUYC gn9Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=vfdW7e5V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f12si29234617plr.211.2019.07.31.08.28.36; Wed, 31 Jul 2019 08:28:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=vfdW7e5V; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727650AbfGaPUG (ORCPT + 99 others); Wed, 31 Jul 2019 11:20:06 -0400 Received: from mail-ed1-f67.google.com ([209.85.208.67]:38318 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729695AbfGaPUE (ORCPT ); Wed, 31 Jul 2019 11:20:04 -0400 Received: by mail-ed1-f67.google.com with SMTP id r12so31256842edo.5 for ; Wed, 31 Jul 2019 08:20:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=uIXZ0F8v9y0X5Vlr65FlBUe43ILwGFJ310V1qk1n87Y=; b=vfdW7e5VZM1NTRsW9Qj9s3ymywg9Z9eZf0L8H23FhduBuIwBKrkUvK2YDh7+VgvO2z 3q9p0yQ2/EX6CTrY+uDCaCJl6TyJDc+BnE2CZKywXpecMsM8Q5tNHXv9bcx8OOj8tnBm QH3O/qxckPbmTmy4X1F0rKZmU1UXd0VSYVNKsK+ChAul5R8pVMmYFyXbEmcIU9HHfUbN frKzsjweIKsQ0mnZrk/2o3FUXu9XTU+CZ3leIN6sTXmycUuVIoqiQg6NFsv1CV7J2zOR MHvIFNk9NC4quOBkwU2rhdIHH54BaXnZovl+oi4BNME3i/u2OjU/uJHdK2YV59LnCg7W X1VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=uIXZ0F8v9y0X5Vlr65FlBUe43ILwGFJ310V1qk1n87Y=; b=KuPIYKxm60FVeLsrciDMA/K2JhrmMZY0tq7snA5JnaB5FJ75CpC8Er4KwJyhtNuTvM 1a4ezv58ithG+ZqAoXhkoMcX61EEc6GLDKOcEL7SMAUDFBI8L4VeiHa5mxlvArjd/d8J OeTUuPmDSajsmJKuKFgrGmpSox70p/d05gtwnTsrcdXmM4WI1tEK+GII/PYDdVn6zCwY t/XZP4SuXUfV6Y4Ipij2z+wH4Qkli5keoHoR54Z5RxEGv/ujBAIWD2glaYIgV94prJbM ZC/W8zcGasg7nMf7YUUAPPm9SZtZ5FhzgGxQd+8o4PVys48VuXX1qPboDHHrlx6zvi4e pGcA== X-Gm-Message-State: APjAAAU6I1RIQYEEDxmYYj54dwxiGaVZEJ3ejVAIJ+Sgq9obASqY6970 cxFn62TxOkLI9dKz4szQawg= X-Received: by 2002:a50:c28a:: with SMTP id o10mr105376291edf.182.1564586029913; Wed, 31 Jul 2019 08:13:49 -0700 (PDT) Received: from box.localdomain ([86.57.175.117]) by smtp.gmail.com with ESMTPSA id j10sm12539092ejk.23.2019.07.31.08.13.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jul 2019 08:13:47 -0700 (PDT) From: "Kirill A. Shutemov" X-Google-Original-From: "Kirill A. Shutemov" Received: by box.localdomain (Postfix, from userid 1000) id 095281045FD; Wed, 31 Jul 2019 18:08:17 +0300 (+03) To: Andrew Morton , x86@kernel.org, Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , David Howells Cc: Kees Cook , Dave Hansen , Kai Huang , Jacob Pan , Alison Schofield , linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" Subject: [PATCHv2 39/59] keys/mktme: Support CPU hotplug for MKTME key service Date: Wed, 31 Jul 2019 18:07:53 +0300 Message-Id: <20190731150813.26289-40-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> References: <20190731150813.26289-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alison Schofield The MKTME encryption hardware resides on each physical package. The encryption hardware includes 'Key Tables' that must be programmed identically across all physical packages in the platform. Although every CPU in a package can program its key table, the kernel uses one lead CPU per package for programming. CPU Hotplug Teardown -------------------- MKTME manages CPU hotplug teardown to make sure the ability to program all packages is preserved when MKTME keys are present. When MKTME keys are not currently programmed, simply allow the teardown, and set "mktme_allow_keys" to false. This will force a re-evaluation of the platform topology before the next key creation. If this CPU teardown mattered, MKTME key service will report an error and fail to create the key. (User can online that CPU and try again) When MKTME keys are currently programmed, allow teardowns of non 'lead CPU's' and of CPUs where another, core sibling CPU, can take over as lead. Do not allow teardown of any lead CPU that would render a hardware key table unreachable! CPU Hotplug Startup ------------------- CPUs coming online are of interest to the key service, but since the service never needs to block a CPU startup event, nor does it need to prepare for an onlining CPU, a callback is not implemented. MKTME will catch the availability of the new CPU, if it is needed, at the next key creation time. If keys are not allowed, that new CPU will be part of the topology evaluation to determine if keys should now be allowed. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- security/keys/mktme_keys.c | 47 +++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index 70662e882674..b042df73899d 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -460,9 +460,46 @@ static int mktme_alloc_pconfig_targets(void) return 0; } +static int mktme_cpu_teardown(unsigned int cpu) +{ + int new_leadcpu, ret = 0; + unsigned long flags; + + /* Do not allow key programming during cpu hotplug event */ + spin_lock_irqsave(&mktme_lock, flags); + + /* + * When no keys are in use, allow the teardown, and set + * mktme_allow_keys to FALSE. That forces an evaluation + * of the topology before the next key creation. + */ + if (mktme_available_keyids == mktme_nr_keyids()) { + mktme_allow_keys = false; + goto out; + } + /* Teardown CPU is not a lead CPU. Allow teardown. */ + if (!cpumask_test_cpu(cpu, mktme_leadcpus)) + goto out; + + /* Teardown CPU is a lead CPU. Look for a new lead CPU. */ + new_leadcpu = cpumask_any_but(topology_core_cpumask(cpu), cpu); + + if (new_leadcpu < nr_cpumask_bits) { + /* New lead CPU found. Update the programming mask */ + __cpumask_clear_cpu(cpu, mktme_leadcpus); + __cpumask_set_cpu(new_leadcpu, mktme_leadcpus); + } else { + /* New lead CPU not found. Do not allow CPU teardown */ + ret = -1; + } +out: + spin_unlock_irqrestore(&mktme_lock, flags); + return ret; +} + static int __init init_mktme(void) { - int ret; + int ret, cpuhp; /* Verify keys are present */ if (mktme_nr_keyids() < 1) @@ -500,10 +537,18 @@ static int __init init_mktme(void) if (!encrypt_count) goto free_targets; + cpuhp = cpuhp_setup_state_nocalls(CPUHP_AP_ONLINE_DYN, + "keys/mktme_keys:online", + NULL, mktme_cpu_teardown); + if (cpuhp < 0) + goto free_encrypt; + ret = register_key_type(&key_type_mktme); if (!ret) return ret; /* SUCCESS */ + cpuhp_remove_state_nocalls(cpuhp); +free_encrypt: kvfree(encrypt_count); free_targets: free_cpumask_var(mktme_leadcpus); -- 2.21.0