Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1568183rwb; Wed, 14 Dec 2022 11:53:07 -0800 (PST) X-Google-Smtp-Source: AA0mqf7RaX/NWsvwOzSGA37B2lcPWmSv9qii6f+/nc+DGrmLhKxVK7teIOluD+NXwZTY7xkTL0Yh X-Received: by 2002:a17:90a:af84:b0:218:c8fd:c213 with SMTP id w4-20020a17090aaf8400b00218c8fdc213mr26825245pjq.36.1671047586991; Wed, 14 Dec 2022 11:53:06 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1671047586; cv=pass; d=google.com; s=arc-20160816; b=gbbhntBLBIHq2Aukm/nRcm9gq9CiA77ejt7GiF9UTtDUVf2l7wsdgz0sJgtpcBSva2 YqB0xc6p32uJXHw60RcBQMEulLNnuzHsceoA/yRWrg5ENkEukiyibcx4qfAQYO9HOq2N iNGM+WfjHuL4sPxE8VsIt1rvjvi4g2rTDpEPDCzJFbIbvyRrrwzz94oNE7wj96IPDWHU 2vCbdyAa5rR1ZmLGINbN3EtaqKc2tcZcRcFpETUyXycywBEvGkOPdtpBr2Yt8XNBib+E pqCoYQmBoQMxUQxLYAC5hmTaIQUJLEJyPpL2FST8Y472EzDPM04/wQntEeHCjiWne3x0 2fDg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xr9WbvJ0VYPoXlLW+mpQJnYb1YLVqrmHGPL/cfLSrWI=; b=ZjEPph7ylXy05Dl6HmL0RgW9TJC8ooUx+NORre7z8S+9fX9a7uwqm3l7d1EWuQzztw YfdoUhxaDOV5Uk/4/RImX+SVNPdFSbtYADp3H9zwwPXxZ9x6fqOxZkbpGDziLYbXrUvY UTOr1FV2CGyvE55CU3R7RBdYGILNPEXQcQndtBNLiQsqs/KqiDk/GLaAC4uPc+C6e8a6 0sKqcpZuD1Dmw+VPVsxswaDb3f6/z4g4MzOMAaiOdsPTIXng8Pz98pMY5cjN7L+svO30 z/PvVvdPIFCAfgjNDihsAAGvFahgau/9y+27CPyUU8M5gXg8PfYhMlTvVNxtlL2nsfpx G78A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Jw+D4WFv; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l7-20020a17090a850700b00218c30f7e1esi2649197pjn.127.2022.12.14.11.52.54; Wed, 14 Dec 2022 11:53:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Jw+D4WFv; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239123AbiLNTwQ (ORCPT + 99 others); Wed, 14 Dec 2022 14:52:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239231AbiLNTvn (ORCPT ); Wed, 14 Dec 2022 14:51:43 -0500 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD4FB2B255; Wed, 14 Dec 2022 11:50:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YdB1eR9TpCnHdFMks1CqIbzwKpBbSNN2pvdJbkOWQi74ZJxSFo+urEzBJUf+/4KdG/bdYO6D+Pc3pEPgaW3eH2YOFldVUqObQnkdGRRwtkt+hG97dEO/4oMYHUZC1VQ6V+rts1oqjupWjpBURF6peecw7ggIoeiaZxwAyH3E5HS0S7hXcHj6ac3TSnPFVweS9PsxVk81P++xwBzvuw3PWPvo+7GNOTqy8uWSV1q2ZRznjLxkO0nRFVTYbZH0iDBoErr94zV1PwfNGWl5ZWxHV49ylsTZfNWH99J6ad0b6XQEVZgzQAGI8tJ/W0Chj5DGh1mLri2mqkGvBq9kCQjCXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xr9WbvJ0VYPoXlLW+mpQJnYb1YLVqrmHGPL/cfLSrWI=; b=JvvUiGuWyRCV/d6m/zLVPdSP2MoRgYoWFhCXWbDuGu/KCE/2coh2q2a4EieAarP5yFX9hrJ2an8PEVQfLDIHyjEFdBj/VfsktZzAEvTPGDD7puYVWgAN+1BI3O1YN03bSHPOT9DSWXvM7qEit6wlEBSF7YXItLrMsuaXwq1Cb+ZH/LlYaKgdZg+lvcesYbu1l+6K95X0Vrnyjbp4N8RCmPnBahbh1vxHl+NrbLb1PxJBwF73/7DxbDCbyFFkA5V+SkmuAi3STbj0dMGaVqsQewnKIkptCvMcQY2rf6tpNYyozkg18Eht/pfHDiAAkq+X/GoSj9RJisBoZbkhhO+V8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xr9WbvJ0VYPoXlLW+mpQJnYb1YLVqrmHGPL/cfLSrWI=; b=Jw+D4WFv9XAcV3ddRB16D1lc1TmfOuFIkyjAXIjGegAZrEigZhEdv18Q1TiiRG0z8lIjuGtt4saxUfx7cU27AcwUtu+71ma2BMEYa77OzwNWfEqeCcwpoDlj60DCpqTxVudyJ+4M5O/I4ymWby/FIdbS/V4Az6NvsCLAgYotckc= Received: from CY5P221CA0022.NAMP221.PROD.OUTLOOK.COM (2603:10b6:930:b::23) by CO6PR12MB5475.namprd12.prod.outlook.com (2603:10b6:5:354::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11; Wed, 14 Dec 2022 19:50:14 +0000 Received: from CY4PEPF0000C978.namprd02.prod.outlook.com (2603:10b6:930:b:cafe::79) by CY5P221CA0022.outlook.office365.com (2603:10b6:930:b::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5924.11 via Frontend Transport; Wed, 14 Dec 2022 19:50:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000C978.mail.protection.outlook.com (10.167.241.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5924.10 via Frontend Transport; Wed, 14 Dec 2022 19:50:14 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Wed, 14 Dec 2022 13:50:13 -0600 From: Michael Roth To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: [PATCH RFC v7 18/64] x86/sev: Invalidate pages from the direct map when adding them to the RMP table Date: Wed, 14 Dec 2022 13:40:10 -0600 Message-ID: <20221214194056.161492-19-michael.roth@amd.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221214194056.161492-1-michael.roth@amd.com> References: <20221214194056.161492-1-michael.roth@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000C978:EE_|CO6PR12MB5475:EE_ X-MS-Office365-Filtering-Correlation-Id: 3d79f132-52b7-4d84-b876-08dade0c6b04 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CINFwuHUrf+qXKJFcBtDD1EA7g1DtHRzzXorcqC7/ltyMhn3JjCaJqWXuX4dMCaIPLWeJmtAITv/C26Tft1pokla+mfexCY5IZyiEf1An20JTmpjRwWvwRjCKfhd+ydA35YePOU03kzU9LltPrGDGzjrW3GXPDbC6UbVUjoo45yiO3z93GC4sVpMWqbkyRBvCNctv95D0jp0x8LUNe+qlJ0CV5ee2lk/cvdlTpbzfplm0isRsePWIGLavjJP/qJOBB12sEhiKvFYCJGeDpvwhO8eVdkOEiyxYKULT3+BCK5YmeFrDHSKk8N3cq0VwOL9YSKww6SVz4KtCqoqusLEb0ikEqKgYON1HXq5o2Xae0aJKdhFkX+6eUUxPrmaPp05D3QHyxIcN0l6mFtfb+j5nCtBXTPhqVT5XxHoDwvL4fAH+kwEJgZaQXpKe+5aMP3lO84F32ydsR59hu7UsTeYpuvNPyPYD62l6GUVTx852Z05Cpf4dkd1uF4WxHYfIz5IjXx7y2i4QK+D/eSQoggjb0EGhSoswffYFRB11nZfmY6wQ9Lx24y8mXUGUNrzod7dFgmBICXxxUgMuFdGFSwsUaxzkZXjmVLeX0AlBBKrV1MpamOICjoiMa2hVLZau3xaQXn7P9m5wog+QvPsYfHrkAiv4n9y6qMQjSVuy1K8rTtTYz2ESik1sIZg5LEuy6avL9iK9kQyFkcCBRh95ZnQVTiLWTYOGx4bm0eBGtZ3Gqs= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:CA;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(136003)(396003)(346002)(376002)(451199015)(46966006)(40470700004)(36840700001)(36756003)(2906002)(7416002)(7406005)(40480700001)(36860700001)(40460700003)(5660300002)(336012)(8936002)(44832011)(86362001)(1076003)(2616005)(81166007)(356005)(426003)(47076005)(82740400003)(83380400001)(6916009)(54906003)(186003)(316002)(16526019)(82310400005)(4326008)(41300700001)(26005)(8676002)(478600001)(70206006)(70586007)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Dec 2022 19:50:14.1855 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3d79f132-52b7-4d84-b876-08dade0c6b04 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000C978.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR12MB5475 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Brijesh Singh The integrity guarantee of SEV-SNP is enforced through the RMP table. The RMP is used with standard x86 and IOMMU page tables to enforce memory restrictions and page access rights. The RMP check is enforced as soon as SEV-SNP is enabled globally in the system. When hardware encounters an RMP-check failure, it raises a page-fault exception. The rmp_make_private() and rmp_make_shared() helpers are used to add or remove the pages from the RMP table. Improve the rmp_make_private() to invalidate state so that pages cannot be used in the direct-map after they are added the RMP table, and restored to their default valid permission after the pages are removed from the RMP table. Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- arch/x86/kernel/sev.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 67035d34adad..e2b38c3551be 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2549,15 +2549,40 @@ int psmash(u64 pfn) } EXPORT_SYMBOL_GPL(psmash); +static int restore_direct_map(u64 pfn, int npages) +{ + return set_memory_p((unsigned long)pfn_to_kaddr(pfn), npages); +} + +static int invalidate_direct_map(unsigned long pfn, int npages) +{ + return set_memory_np((unsigned long)pfn_to_kaddr(pfn), npages); +} + static int rmpupdate(u64 pfn, struct rmp_state *val) { unsigned long paddr = pfn << PAGE_SHIFT; + int ret, level, npages; int retries = 0; - int ret; if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) return -ENXIO; + level = RMP_TO_X86_PG_LEVEL(val->pagesize); + npages = page_level_size(level) / PAGE_SIZE; + + /* + * If page is getting assigned in the RMP table then unmap it from the + * direct map. + */ + if (val->assigned) { + if (invalidate_direct_map(pfn, npages)) { + pr_err("Failed to unmap %d pages at pfn 0x%llx from the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + retry: /* Binutils version 2.36 supports the RMPUPDATE mnemonic. */ asm volatile(".byte 0xF2, 0x0F, 0x01, 0xFE" @@ -2578,6 +2603,17 @@ static int rmpupdate(u64 pfn, struct rmp_state *val) pr_err("RMPUPDATE for pfn %llx succeeded after %d retries\n", pfn, retries); } + /* + * Restore the direct map after the page is removed from the RMP table. + */ + if (!ret && !val->assigned) { + if (restore_direct_map(pfn, npages)) { + pr_err("Failed to map %d pages at pfn 0x%llx into the direct_map\n", + npages, pfn); + return -EFAULT; + } + } + return ret; } -- 2.25.1