Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp163763lqh; Thu, 30 May 2024 18:36:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVafOjH72pn9lxpsAhYomjkItQHlnCzY3B+LyCn5spCKqdpV5U6CadygRiBlKtOWg3irh8sH/02Gb9Tu5BMQtl1FFAOXEjkAQjlOWvKIw== X-Google-Smtp-Source: AGHT+IEy3bYLFlumpPQmkUAvy9FxbO+U18zSzD4FuOCaH43w7xJje99ZU5F5qmCrUMeefLSQ+ubl X-Received: by 2002:a17:906:3285:b0:a67:403a:4bf7 with SMTP id a640c23a62f3a-a682022f933mr28893166b.26.1717119402295; Thu, 30 May 2024 18:36:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717119402; cv=pass; d=google.com; s=arc-20160816; b=IYNgblh/IPs5BSnWDE7L8VNo18xbtlRJ81UXbjtGZkSYrl8VtdH0BUGlSKIYVe/NeV xj8p6ZIW3aWyGcJZhNRwQE4Mo8qw+WV+nlmxPvzrqA15nyN4ckeXoJ+KiiAU64ZpaheH JXNM127tta0tOJ55Rj9Jw9dR12nERELMQ+jC6ft6PSz5cy2Nr38MBfw/LgopIUUOHGij x3/NtYMz3GQ0HEjd6SJ7kT8akRiu9W5Rzj+F5NOWGFqyzeS4h3JkgOS2T97X+S/CPchs bzovInarLkzDSGClNC2dcXPayrO793hHVeBorpivJmTmeKE07wxdBFBhFW94hDEofcFH Mw9w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mvwJiSUwHCQaMu/gJ1amcyqTBR6oRTrKabpNQjVqH1o=; fh=ksrYNUbdo9+K4DYOCXVji8cRdTI1C1SaRA8HdvQyCiA=; b=pdgfGOihTsaG7xC5tWJ6RqXoU/KLZQUotPsTHl1rqnT25p4yOZGypGEry9FDyIjCb2 Qh76vOZEV+japRfh8a/mAPi+4QM3VjddqdbxqtFwMjsvFMLjkJ0UxtS2S6gfA5o/rPNY IN1U+whZJ762DdcYO146aXeiA2dJvqSPBDGbJ3H+i7piTOCZCbE9PUW+KDHh7fji0NvX QezrQnlb2dKXoRyO6LoLtdhM6vTIiajB0dNX+JgQNROk1tuxH+QYhNjAuA9ParXvD1HZ ifTEWsmLEQPuOgnq15wF7bH5Rz74c7zSK9GD7SFV0HWDCvv2w1nKAialtoOzezjZ8bwX H3JQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-4560-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4560-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a67ea990fecsi34380366b.645.2024.05.30.18.36.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 18:36:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4560-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-4560-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4560-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id AB4761F25B71 for ; Fri, 31 May 2024 01:36:41 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 753CB78C9A; Fri, 31 May 2024 01:33:06 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A735678C6D; Fri, 31 May 2024 01:33:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119186; cv=none; b=abqM0frIL0BS7CoFrLD6p81krj1Eew7LsrHJMfbvzBs7DqhdjJb4kJVhiD1pIp0duJtm9X+f1z3VAPDtY5vp4IGqNkm9Rny4hh9sacbGkrKk3aXUEFuH9zjJiyV0ZWeQiX1ihXw90p2uw76SW/BzXzr4tRtTFZO2LffnYIbjtnE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119186; c=relaxed/simple; bh=naL9k54WrSC4c8HvqaO1lkZaE1Khr9F9UnDO1lUHjCs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hjbvai1dNHMv29hklkQ3DGbzo7WGLMQfHGlQQvEcgdmI4B2QRNoXvU/KGeLpmdKmf99sQ23CXBnVkON+tlSCDhCPOw2TssmvSVxw8BdLiNU9q2rZz8KdB7XvPJlSAc5b12FsS/rSUtVceXS6oXaWI8KJBo2aHfEJQ4StZt3Q5zs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44UF9phb018664; Fri, 31 May 2024 01:31:12 GMT DKIM-Signature: =?UTF-8?Q?v=3D1;_a=3Drsa-sha256;_c=3Drelaxed/relaxed;_d=3Doracle.com;_h?= =?UTF-8?Q?=3Dcc:content-transfer-encoding:date:from:in-reply-to:message-i?= =?UTF-8?Q?d:mime-version:references:subject:to;_s=3Dcorp-2023-11-20;_bh?= =?UTF-8?Q?=3DmvwJiSUwHCQaMu/gJ1amcyqTBR6oRTrKabpNQjVqH1o=3D;_b=3DasELMjnR?= =?UTF-8?Q?aa6I9w8GL/V08BG0YvZ7l/+ieZEmnd7QgGUYyD/s5XTEeMUFhUej1ossXpmN_uD?= =?UTF-8?Q?7xR18RyTBCJGyMrTn7UB7RmBU19VmOU+kYYmKzjG5wvXZQN9NjspmzgSx4kFZiL?= =?UTF-8?Q?47G_aeQaS0XYxt3qU/XsKWTKZAkghYsLDUDh4a4xiJxYX/IfdAiPRp1gEnjyce3?= =?UTF-8?Q?8bFLqt4Ca_8YcO83rq55VMGiNQpjupUpPjfafRlQ3C2euYPLfFMGJMzMn4lgioO?= =?UTF-8?Q?ZeJ3G5fbh8ltd8V_0wmv1Ue49b1jp0PJGayWBjBwM05U6BGIHDt4/2G1+uMtmQp?= =?UTF-8?Q?rtCOAmQWFYNsm+pP9ZWxZ_Pg=3D=3D_?= Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8j8a3e9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 31 May 2024 01:31:12 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44V00rYO016237; Fri, 31 May 2024 01:31:11 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t97xe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:11 +0000 Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44V1SKNa027418; Fri, 31 May 2024 01:31:10 GMT Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t96yw-12 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:10 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v9 11/19] kexec: Secure Launch kexec SEXIT support Date: Thu, 30 May 2024 18:03:23 -0700 Message-Id: <20240531010331.134441-12-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240531010331.134441-1-ross.philipson@oracle.com> References: <20240531010331.134441-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405310010 X-Proofpoint-ORIG-GUID: bpp0AhCylGUShk0Mr94pkHETRtEQRdSe X-Proofpoint-GUID: bpp0AhCylGUShk0Mr94pkHETRtEQRdSe Prior to running the next kernel via kexec, the Secure Launch code closes down private SMX resources and does an SEXIT. This allows the next kernel to start normally without any issues starting the APs etc. Signed-off-by: Ross Philipson --- arch/x86/kernel/slaunch.c | 73 +++++++++++++++++++++++++++++++++++++++ kernel/kexec_core.c | 4 +++ 2 files changed, 77 insertions(+) diff --git a/arch/x86/kernel/slaunch.c b/arch/x86/kernel/slaunch.c index 48c9ca78e241..f35b4ba433fa 100644 --- a/arch/x86/kernel/slaunch.c +++ b/arch/x86/kernel/slaunch.c @@ -523,3 +523,76 @@ void __init slaunch_setup_txt(void) pr_info("Intel TXT setup complete\n"); } + +static inline void smx_getsec_sexit(void) +{ + asm volatile ("getsec\n" + : : "a" (SMX_X86_GETSEC_SEXIT)); +} + +/* + * Used during kexec and on reboot paths to finalize the TXT state + * and do an SEXIT exiting the DRTM and disabling SMX mode. + */ +void slaunch_finalize(int do_sexit) +{ + u64 one = TXT_REGVALUE_ONE, val; + void __iomem *config; + + if ((slaunch_get_flags() & (SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT)) != + (SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT)) + return; + + config = ioremap(TXT_PRIV_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT private reqs\n"); + return; + } + + /* Clear secrets bit for SEXIT */ + memcpy_toio(config + TXT_CR_CMD_NO_SECRETS, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Unlock memory configurations */ + memcpy_toio(config + TXT_CR_CMD_UNLOCK_MEM_CONFIG, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Close the TXT private register space */ + memcpy_toio(config + TXT_CR_CMD_CLOSE_PRIVATE, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* + * Calls to iounmap are not being done because of the state of the + * system this late in the kexec process. Local IRQs are disabled and + * iounmap causes a TLB flush which in turn causes a warning. Leaving + * thse mappings is not an issue since the next kernel is going to + * completely re-setup memory management. + */ + + /* Map public registers and do a final read fence */ + config = ioremap(TXT_PUB_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT public reqs\n"); + return; + } + + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + pr_emerg("TXT clear secrets bit and unlock memory complete.\n"); + + if (!do_sexit) + return; + + if (smp_processor_id() != 0) + panic("Error TXT SEXIT must be called on CPU 0\n"); + + /* In case SMX mode was disabled, enable it for SEXIT */ + cr4_set_bits(X86_CR4_SMXE); + + /* Do the SEXIT SMX operation */ + smx_getsec_sexit(); + + pr_info("TXT SEXIT complete.\n"); +} diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 0e96f6b24344..ba2fd1c0ddd9 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -1046,6 +1047,9 @@ int kernel_kexec(void) cpu_hotplug_enable(); pr_notice("Starting new kernel\n"); machine_shutdown(); + + /* Finalize TXT registers and do SEXIT */ + slaunch_finalize(1); } kmsg_dump(KMSG_DUMP_SHUTDOWN); -- 2.39.3