Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp843816ybe;
        Wed, 11 Sep 2019 05:42:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx6SobGcDsJCdywT9M/EwEfHp3C1QyNgmDPzsuvR4+4HaluSutUC6Q6zph2Gv9E8goaPvQF
X-Received: by 2002:a50:c209:: with SMTP id n9mr36514285edf.215.1568205770160;
        Wed, 11 Sep 2019 05:42:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568205770; cv=none;
        d=google.com; s=arc-20160816;
        b=noVAU72k9ga98EwTDZTMgYprUvrPGRbQbRuqDTvsT/JrG8gVBaqiM/8mgf7sYJ8PSz
         89vrA4BzM42z1uZj90cM8GWO6G1kceQc3YgXNeplatL3kTeKw3iIFayItfAUXUZwg0oD
         l+fnxcqjpBtu/AkBc1vPW14c9yt/1vAAVI/iy4tjoc9r0W8OiCgkItunjuDenuCODvIs
         aUm8v3UmvmFDW3o99XFY6d9F1KAu7oYvToa3q7n+dWe3PVScUohsYNylzl9q/gqPU96d
         HaC+3VLa2woN08pPyvGsBAd44mSaYe5F1cEfusOBBePowXFJgl98FfwrfYZv9I+j9mhI
         QoWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=VF9HrA/eVAkVSrZNJf/AW6LVlEYBkBwYE65GBkX0S/w=;
        b=sPlI63dW14cM1mxdGxIgw2WtfeqvrCviVmNofjyC2Am7+tlLu4O4r95g1IZB200w6c
         JrqJuBA8v1l8BP7rd4RTpPpHzgbRk2yylue0DOuBEqznSR9Nb9Y7C3qPdsIJCc1thgYR
         dEJbaMIo14QKEVkKtbvY3bjUd4+17hVJgP+faBavGBv8Nic1zDyQK4lzP0Yy6qwLi5hi
         14+YQorpg+/qL/aLNoVj0CAOMjj5hAHlEexgGLt12hrLiHhAjpzlyBU5Lf4AvV2qXV33
         IWryfG49FZzuja/OYzH524NRj19I6B9ClQf4cT9SQwHYlM0w2pY0FT66gd4hIrgijx6Q
         nxfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail (test mode) header.i=@shipmail.org header.s=mail header.b=A2txoPff;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a8si8020288edm.240.2019.09.11.05.42.25;
        Wed, 11 Sep 2019 05:42:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail (test mode) header.i=@shipmail.org header.s=mail header.b=A2txoPff;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727917AbfIKMkh (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Wed, 11 Sep 2019 08:40:37 -0400
Received: from ste-pvt-msa1.bahnhof.se ([213.80.101.70]:11397 "EHLO
        ste-pvt-msa1.bahnhof.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727121AbfIKMkg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Sep 2019 08:40:36 -0400
Received: from localhost (localhost [127.0.0.1])
        by ste-pvt-msa1.bahnhof.se (Postfix) with ESMTP id AC2E13F451;
        Wed, 11 Sep 2019 14:40:33 +0200 (CEST)
Authentication-Results: ste-pvt-msa1.bahnhof.se;
        dkim=pass (1024-bit key; unprotected) header.d=shipmail.org header.i=@shipmail.org header.b=A2txoPff;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=6.31
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, URIBL_BLOCKED=0.001]
        autolearn=ham autolearn_force=no
Received: from ste-pvt-msa1.bahnhof.se ([127.0.0.1])
        by localhost (ste-pvt-msa1.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id w3-hGhTA-1TP; Wed, 11 Sep 2019 14:40:32 +0200 (CEST)
Received: from mail1.shipmail.org (h-205-35.A357.priv.bahnhof.se [155.4.205.35])
        (Authenticated sender: mb878879)
        by ste-pvt-msa1.bahnhof.se (Postfix) with ESMTPA id 523063F3E7;
        Wed, 11 Sep 2019 14:40:30 +0200 (CEST)
Received: from localhost.localdomain.localdomain (h-205-35.A357.priv.bahnhof.se [155.4.205.35])
        by mail1.shipmail.org (Postfix) with ESMTPSA id A27BA3601AA;
        Wed, 11 Sep 2019 14:40:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shipmail.org; s=mail;
        t=1568205629; bh=7SO825O/eVKmWjE4dAVYK2Eg/Z28NqxjWn9MyBH3Afk=;
        h=From:To:Cc:Subject:Date:From;
        b=A2txoPffcjeRBhug8kXam4r+ivwqAWzeSWokAarz9uaZAy2oEWyPi55feukePX25X
         OUk+6tibFBce4djKdnyfZbAV6qMWdNXyqqtbKh3ApSqRdOE3GcUvcFTNRdNiUO47tZ
         GBWzW0ogsJ/bvh5gDg1KJ/6O1EXopT82FHmyY3ag=
From:   =?UTF-8?q?Thomas=20Hellstr=C3=B6m=20=28VMware=29?= 
        <thomas_os@shipmail.org>
To:     linux-kernel@vger.kernel.org
Cc:     pv-drivers@vmware.com, linux-graphics-maintainer@vmware.com,
        x86@kernel.org,
        =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas_os@shipmail.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Christoph Hellwig <hch@infradead.org>,
        =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>,
        Marek Szyprowski <m.szyprowski@samsung.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v2 0/2] Fix SEV user-space mapping of unencrypted coherent memory
Date:   Wed, 11 Sep 2019 14:40:20 +0200
Message-Id: <20190911124022.22423-1-thomas_os@shipmail.org>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patchset fixes dma_mmap_coherent() mapping of unencrypted memory in
otherwise encrypted environments, where it would incorrectly map that memory as
encrypted.

With SEV and sometimes with SME encryption, The dma api coherent memory is
typically unencrypted, meaning the linear kernel map has the encryption
bit cleared. However, default page protection returned from vm_get_page_prot()
has the encryption bit set. So to compute the correct page protection we need
to clear the encryption bit.

Also, in order for the encryption bit setting to survive across do_mmap() and
mprotect_fixup(), We need to make pgprot_modify() aware of it and not touch it.
Therefore make sme_me_mask part of _PAGE_CHG_MASK and make sure
pgprot_modify() preserves also cleared bits that are part of _PAGE_CHG_MASK,
not just set bits. The use of pgprot_modify() is currently quite limited and
easy to audit.

(Note that the encryption status is not logically encoded in the pfn but in
the page protection even if an address line in the physical address is used).

The patchset has seen some sanity testing by exporting dma_pgprot() and
using it in the vmwgfx mmap handler with SEV enabled.

As far as I can tell there are no current users of dma_mmap_coherent() with
SEV or SME encryption which means that there is no need to CC stable.

Changes since:
RFC:
- Make sme_me_mask port of _PAGE_CHG_MASK rather than using it by its own in
  pgprot_modify().
v2:
- Clarify which use-cases this patchset actually fixes.

Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Christian König <christian.koenig@amd.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>