Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp3862821ybh;
        Tue, 17 Mar 2020 07:58:12 -0700 (PDT)
X-Google-Smtp-Source: ADFU+vtBySYL//LKIuEWdOBYHjXyAjLZh2KnbuUXe+Sn5T/PkHX77mHyUD+hjSF4mBKnmhNnKIWK
X-Received: by 2002:a05:6830:1190:: with SMTP id u16mr3798672otq.298.1584457092023;
        Tue, 17 Mar 2020 07:58:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1584457092; cv=none;
        d=google.com; s=arc-20160816;
        b=UvdfraeAJQG7qriSuJz/1StK6Eae9p6klXfwVAnZoyijZKk/raf5TDogGV8jf1n5jK
         P1eCsjMpNCdigWGylPmR3aVfywHI48QQl252K4Hfx4taMVi4PGVxiDZcXN7F0IKRBBb5
         iRmUy4HVasyL/Mck4dl2A9TA/5tXDxVXByBxPcF8TbYQkpKeMWkTOh6LH10j4uCdo//4
         sLG+bfMovV57ec+mzYjfulg7wezrdq6uRovn0yCcTxZXSyftA7U/0JNEOXoJVL8oM9Ew
         TJsqdXQ2Htm3iY5F9R3vW2Ed/OQw/2KmPTrXV0FH2wngaFx0Fo98f2KE/pe6KRHffGlE
         WQOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :robot-unsubscribe:robot-id:message-id:mime-version:references
         :in-reply-to:cc:subject:to:reply-to:from:date;
        bh=kA/M+W/aHa2MkmvqchzmdPo3OtEVZwc3UNcNTOt0x4Q=;
        b=jcleMkHYFU4Dpu8ucFj4w9SijEUbaan2vaxL2km0MpB8omm/xuJ229AA5Xmd+oM88a
         yvyAx7S/Rje8Dbaqstak9btvKBTJDTgc7EkctBxPrQcsxzssfWU8+V0QHktJAdfhmQyO
         oaP+0iQqG+ScPfj+qafA15a7EErq/vzxRn7mnKCeEr5WbHSjePuovBW/VXzWswEGdpMh
         bhd72D0rHDZJ1VtwfxSDsOQGtwlawtGplVhUpoxISCOVwUj5Z8x27h/0FP26ViCPlPYD
         v2aYkL0UgxwbWi2OhgIM7BWkYGAHYXW9DxZtDetonTOQIfZkJ+k+n810DADMbeGU8EdP
         0JUA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q137si1820239oic.139.2020.03.17.07.57.59;
        Tue, 17 Mar 2020 07:58:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726980AbgCQO5e (ORCPT <rfc822;uzarths@gmail.com> + 99 others);
        Tue, 17 Mar 2020 10:57:34 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:54797 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726781AbgCQO5d (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Mar 2020 10:57:33 -0400
Received: from [5.158.153.53] (helo=tip-bot2.lab.linutronix.de)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tip-bot2@linutronix.de>)
        id 1jEDej-0002v4-Tg; Tue, 17 Mar 2020 15:57:22 +0100
Received: from [127.0.1.1] (localhost [IPv6:::1])
        by tip-bot2.lab.linutronix.de (Postfix) with ESMTP id 8371C1C2291;
        Tue, 17 Mar 2020 15:57:21 +0100 (CET)
Date:   Tue, 17 Mar 2020 14:57:21 -0000
From:   "tip-bot2 for Thomas Hellstrom" <tip-bot2@linutronix.de>
Reply-to: linux-kernel@vger.kernel.org
To:     linux-tip-commits@vger.kernel.org
Subject: [tip: x86/mm] x86: Don't let pgprot_modify() change the page encryption bit
Cc:     Thomas Hellstrom <thellstrom@vmware.com>,
        Borislav Petkov <bp@suse.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>, x86 <x86@kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
In-Reply-To: <20200304114527.3636-2-thomas_os@shipmail.org>
References: <20200304114527.3636-2-thomas_os@shipmail.org>
MIME-Version: 1.0
Message-ID: <158445704127.28353.16726920950830489620.tip-bot2@tip-bot2>
X-Mailer: tip-git-log-daemon
Robot-ID: <tip-bot2.linutronix.de>
Robot-Unsubscribe: Contact <mailto:tglx@linutronix.de> to get blacklisted from these emails
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The following commit has been merged into the x86/mm branch of tip:

Commit-ID:     6db73f17c5f155dbcfd5e48e621c706270b84df0
Gitweb:        https://git.kernel.org/tip/6db73f17c5f155dbcfd5e48e621c706270b84df0
Author:        Thomas Hellstrom <thellstrom@vmware.com>
AuthorDate:    Wed, 04 Mar 2020 12:45:26 +01:00
Committer:     Borislav Petkov <bp@suse.de>
CommitterDate: Tue, 17 Mar 2020 11:48:31 +01:00

x86: Don't let pgprot_modify() change the page encryption bit

When SEV or SME is enabled and active, vm_get_page_prot() typically
returns with the encryption bit set. This means that users of
pgprot_modify(, vm_get_page_prot()) (mprotect_fixup(), do_mmap()) end up
with a value of vma->vm_pg_prot that is not consistent with the intended
protection of the PTEs.

This is also important for fault handlers that rely on the VMA
vm_page_prot to set the page protection. Fix this by not allowing
pgprot_modify() to change the encryption bit, similar to how it's done
for PAT bits.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lkml.kernel.org/r/20200304114527.3636-2-thomas_os@shipmail.org
---
 arch/x86/include/asm/pgtable.h       | 7 +++++--
 arch/x86/include/asm/pgtable_types.h | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
index 7e11866..64a03f2 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -627,12 +627,15 @@ static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
 	return __pmd(val);
 }
 
-/* mprotect needs to preserve PAT bits when updating vm_page_prot */
+/*
+ * mprotect needs to preserve PAT and encryption bits when updating
+ * vm_page_prot
+ */
 #define pgprot_modify pgprot_modify
 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
 {
 	pgprotval_t preservebits = pgprot_val(oldprot) & _PAGE_CHG_MASK;
-	pgprotval_t addbits = pgprot_val(newprot);
+	pgprotval_t addbits = pgprot_val(newprot) & ~_PAGE_CHG_MASK;
 	return __pgprot(preservebits | addbits);
 }
 
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 0239998..65c2ecd 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -118,7 +118,7 @@
  */
 #define _PAGE_CHG_MASK	(PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT |		\
 			 _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY |	\
-			 _PAGE_SOFT_DIRTY | _PAGE_DEVMAP)
+			 _PAGE_SOFT_DIRTY | _PAGE_DEVMAP | _PAGE_ENC)
 #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE)
 
 /*