Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp4425654ybf;
        Wed, 4 Mar 2020 03:46:12 -0800 (PST)
X-Google-Smtp-Source: ADFU+vuouuJvbAbH45CJ1hfQpi5Wxzl29PtevY5a2JgStV4fZmJaqbXR/lQB1XMP8LTNFatK9+k2
X-Received: by 2002:a9d:5e06:: with SMTP id d6mr2088794oti.311.1583322371942;
        Wed, 04 Mar 2020 03:46:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1583322371; cv=none;
        d=google.com; s=arc-20160816;
        b=DLwEXpViTSB3IWIndfmjxcQcjLDZc0KKv3aDeKQtjmMHwY15R1aRAWHo3fA9Sgg5fg
         lyQavkwyRRo2P0+OhHY4+0RFEPVlqjmwN4a2AqhT/WTZERMVVnxPtmmqbZtgRPLVJTpH
         PCcGIkvwdQoMufF5yFhmGhQ8BB9wYbQDhV8wSCKinao+wBhGNF7/24b/OEyVaSBk423i
         epumvufo0rH0KLyj8mFPDsimCNviwF+LaEX3pOS4eP1b+32u1gSw5hT+ccLpAN2a6dhQ
         FrHJ5kxmXQUPsXKSpkZ+EsuW+uU2ze+Xop80rTLcLmsIfcKUlxPuugjN3skSMV5hhhng
         nWUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=d7urm75baaxsKS6zbBZGHldmEoX1EnRN/vH85MG/dAM=;
        b=a1jxuH1BlV3tLhlC6R7aLvOYcDbJl8XgqtEWiTLOX2iCdS0O8+yBEby25JUQ9FwXyu
         5xFIKfldnP8bO4XhOw6vrl1FOk6A8/3IRvMyhuJfRJiw8amkeOevJhay4s49fX5wukY9
         e8EQiLR/XVFQ6sZpYG2zfEmYriU+5bVLftua448SU9Nw0RORnzfqzSLmP0irVC9k6xaF
         wMQ99X6kxHMpPj7X24A/v4huqgI+B0iEvVa8s+ZPkpNOpy5TrEsu6zw14wQAkheri7wl
         U4ko/OV7et5EQHASC3AaM3utxcGrMF94NY/7SlzCyxtfY523NRt8Ul16z5DKzEHr9+kn
         OXAg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail (test mode) header.i=@shipmail.org header.s=mail header.b=er5LfDur;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l13si956006oil.161.2020.03.04.03.45.55;
        Wed, 04 Mar 2020 03:46:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail (test mode) header.i=@shipmail.org header.s=mail header.b=er5LfDur;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729345AbgCDLpt (ORCPT <rfc822;epontan@gmail.com> + 99 others);
        Wed, 4 Mar 2020 06:45:49 -0500
Received: from pio-pvt-msa2.bahnhof.se ([79.136.2.41]:37304 "EHLO
        pio-pvt-msa2.bahnhof.se" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729175AbgCDLpt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 4 Mar 2020 06:45:49 -0500
Received: from localhost (localhost [127.0.0.1])
        by pio-pvt-msa2.bahnhof.se (Postfix) with ESMTP id 668EE3FB73;
        Wed,  4 Mar 2020 12:45:47 +0100 (CET)
Authentication-Results: pio-pvt-msa2.bahnhof.se;
        dkim=pass (1024-bit key; unprotected) header.d=shipmail.org header.i=@shipmail.org header.b=er5LfDur;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at bahnhof.se
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level: 
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=6.31
        tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
        DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, URIBL_BLOCKED=0.001]
        autolearn=ham autolearn_force=no
Received: from pio-pvt-msa2.bahnhof.se ([127.0.0.1])
        by localhost (pio-pvt-msa2.bahnhof.se [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id EcSh4HWbh2Xn; Wed,  4 Mar 2020 12:45:46 +0100 (CET)
Received: from mail1.shipmail.org (h-205-35.A357.priv.bahnhof.se [155.4.205.35])
        (Authenticated sender: mb878879)
        by pio-pvt-msa2.bahnhof.se (Postfix) with ESMTPA id EEF0A3FAA1;
        Wed,  4 Mar 2020 12:45:43 +0100 (CET)
Received: from localhost.localdomain.localdomain (h-205-35.A357.priv.bahnhof.se [155.4.205.35])
        by mail1.shipmail.org (Postfix) with ESMTPSA id 392DE36013E;
        Wed,  4 Mar 2020 12:45:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=shipmail.org; s=mail;
        t=1583322343; bh=J7vi1SSK9oTq2TFusYQOaJCHsRuel1r15G53fbJc+fM=;
        h=From:To:Cc:Subject:Date:From;
        b=er5LfDurrbWSmTRg3WLmK4YKulGzV4r97/4xu4KsfbwadmpWhqfXplBPyH4rwp27B
         F3cqZBVgcL3609lbdHycswLRWiTuNbO38pZy52peaGnz8FZKZ5DsgxKXZ4oJnnLeFj
         vqtFZByZfR5E1161zHqYo704FrelfDwJO3rzSl6Q=
From:   =?UTF-8?q?Thomas=20Hellstr=C3=B6m=20=28VMware=29?= 
        <thomas_os@shipmail.org>
To:     x86@kernel.org, Christoph Hellwig <hch@infradead.org>
Cc:     linux-kernel@vger.kernel.org,
        =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas_os@shipmail.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>,
        =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>,
        Marek Szyprowski <m.szyprowski@samsung.com>,
        Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v4 0/2] Fix SEV user-space mapping of unencrypted coherent memory
Date:   Wed,  4 Mar 2020 12:45:25 +0100
Message-Id: <20200304114527.3636-1-thomas_os@shipmail.org>
X-Mailer: git-send-email 2.21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patchset fixes dma_mmap_coherent() mapping of unencrypted memory in
otherwise encrypted environments, where it would incorrectly map that memory as
encrypted.

With SEV and sometimes with SME encryption, The dma api coherent memory is
typically unencrypted, meaning the linear kernel map has the encryption
bit cleared. However, default page protection returned from vm_get_page_prot()
has the encryption bit set. So to compute the correct page protection we need
to clear the encryption bit.

Also, in order for the encryption bit setting to survive across do_mmap() and
mprotect_fixup(), We need to make pgprot_modify() aware of it and not touch it.
Therefore make sme_me_mask part of _PAGE_CHG_MASK and make sure
pgprot_modify() preserves also cleared bits that are part of _PAGE_CHG_MASK,
not just set bits. The use of pgprot_modify() is currently quite limited and
easy to audit.

(Note that the encryption status is not logically encoded in the pfn but in
the page protection even if an address line in the physical address is used).

The patchset has seen some sanity testing by exporting dma_pgprot() and
using it in the vmwgfx mmap handler with SEV enabled.

As far as I can tell there are no current users of dma_mmap_coherent() with
SEV or SME encryption which means that there is no need to CC stable.

Changes since:
RFC:
- Make sme_me_mask port of _PAGE_CHG_MASK rather than using it by its own in
  pgprot_modify().
v1:
- Clarify which use-cases this patchset actually fixes.
v2:
- Use _PAGE_ENC instead of sme_me_mask in the definition of _PAGE_CHG_MASK
v3:
- Added RB from Dave Hansen.

Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Christian König <christian.koenig@amd.com>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>