From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754437AbdCBPgZ (ORCPT ); Thu, 2 Mar 2017 10:36:25 -0500 Received: from mail-sn1nam01on0055.outbound.protection.outlook.com ([104.47.32.55]:54286 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753236AbdCBPfA (ORCPT ); Thu, 2 Mar 2017 10:35:00 -0500 Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Subject: [RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:12:59 -0500 Message-ID: <148846757895.2349.561582698953591240.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR16CA0043.namprd16.prod.outlook.com (10.172.42.157) To MWHPR12MB1613.namprd12.prod.outlook.com (10.172.56.14) X-MS-Office365-Filtering-Correlation-Id: d8bac782-7ff2-49d4-06c7-08d4617ea013 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:MWHPR12MB1613; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1613;3:Fe8Q1uwOcsllnvu4WeTGkueKk2EGko26LSKql2RvUkASseqQDnmz7vOArSHPUcsKUZRcKnf+q4l/6bu/7MsC+u7F5Cn3eben2XqYZzw7Av15viiouorynex/R8UA8LZxuuuCl2Whj8uZft1F96EAlocyXxnwv+HctDoLeDxyZTgEM73BV6jrIAAm6tPEtWS6kGkVjMkiChy3wis5m5UpWLNCu/43wwM+SVRTvieZcQjLEAWPOOGgiNB38K6c/ku76dT/ulTq2Fj1l07VGc47WcMJMPqCc1fAw/knJ7bBIVA=;25:9zFOHgLD/CVN+5GYOOjYp3bqWllsLrXGkMB0ZtTEdLdXEWnXD6K5P9hM+lnb+xtFbvyaiCAn6uHjxAZFNqGHsA0mv2Ly7FwpoZ2h5uEfU5OmqyUErVrpwPPMOviCUZIYVH1GGaCOT+QYtNGL5zafHSo7nFQT1cSG8D5H4lIicUedYiTD9iEbS/h0B5XrsFgT2L1mCLtqOX6OoD4zdLI3RfA6Mm5pPXFLOG/mlH7JoEWyfCeB8dXwYgtsEijjV3jsw/B+HSgb+Fyy/UsrinVU0E13Ts+431yvEsPeIxtaR4R6lGhz8U9FJj1WKEttaDbsdioP9Bt8un+GLkkFBVoRO+HVYmOr+GEs5rXhuVlKaKqLKqGA8nmO0l48tG7raQETlolj0hAsVbfF7bl2QEw9K9LcjnwXzHtl7sKjwQ4wvT2sdXrRuoGTEopJc7lHuAvR21NV0GJvddlV+pnG9IvFFg== X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1613;31:CMs8lTIOweyV4HAJPmeR8r+YHnLwupd3onLrAeR7R8g9SBtQicBQ4oXGmWfhpAoMLVVoCVzbwmRYQKB3KxVp13EVjw4iO96n1KewjJvHuZ2GrQWAL9VVscMX5ZhQVhQ8Ur5g9l29Oja+AHJYJsFQn15QSSaGR3rgZyIdNH31Vy+2oGJZctDgO3ZUIPCRiwokHDGLx4c8d+gpuf+iy27L5S1F85VLaomgjzatCdKNOlA=;20:vxUhFBPY/bmTNKaLWqieA84+LgVpJwvZePYWJcW76JzLsqpSC3DqdkNRsbKt8UmF4LAkNYl33M3xPXQpiC7t0MaUrMuEbKk8tlMizBRT6wgkpoIihfb1XrOVycjId9z5e3zyp6wipiTzbxOYG9JjZRtG1p5oEQb1l+MixHMfjU38PiCVzcTlRjeFzveOuTFsbSQoVddTbDbP6JqDBk/+dwKhqIqEjhUFC+wVi/r4i8LPDcqrY/rdSdqXjm3z8EnBy1hguAk7nvuyAO9I1AKczpg2OW19sPGxYA3vtr17pVFbZU3XRbjbwQoOnYt1NSn3Hci4pJgK2FP2ddKs4j4+4WeFebZw438eSY7KKUbak1VCW/v1EePd9bXKeQQ9OFhc39xOaQsldphba4EnyC12KguRG8pI6Gr6LsfY+G3jWR4tLdCgceVGde2+k8ep/vLRYZKJqbYLIo+Ar6Lo0c7Aa5iqYG/3ZgxxhHBt78/0y0qeigN4/V+a9AASVBFBbCEI X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123562025)(20161123558025)(20161123560025)(6072148);SRVR:MWHPR12MB1613;BCL:0;PCL:0;RULEID:;SRVR:MWHPR12MB1613; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1613;4:lCnzsSYUytTYK09f8wzYo/aL1MaWXB5JUNfk0Ml6gD/0weBhSFiYkaOzR/YEDp5Cs0oBC8vlag8k7JWFovQA8HKYDcEKp+3Xjcj0Gkrlzju2Nb1irYkGRLKhje72hRyNjwKQlLdyTlg6VZl6558Lyb1P9pPqBmeQFWpfRSPv+2yerCFQmc3fz/KlRs47HkS5IB6kXhFxsAanONBnA0Op8rgRFu0aUwtF7hwxm5dEFgVwXFaxdUgrAZFDmKE0WuzsrU3oLjRQ5YZt8CjFLNWPnpo34l3yTXnwkRV30ojY2EGDdGQq+lBswXjHmTXD2abqX8O8yXKIfK/9EqkdRUFE2YddwnEFT+ix1+NbT4HL5VlApkpg8lEOKbhL0DQYEmhnvlIebuUCqSPxrBvQJty38vaCMOc84w9LziS/lwirbu+ijF/gKBaQW90soDGH9oegFFLvKcUZiqWGTmiG7PV+OB1lfTMA/Fv9kIMqO4knDTrpen0C5FGgtUkpV86e0Z28VZHl6icAn2KdnngoBxtliZbEiybJjK1+mXjfEwWGP6rLF0SliiZnjykAfxnKwm+UOCofkWUcmYKjqKAGSi2wSFAlORRDtigz2LgyvV/zmyO5Gtn25CK8rrKuiXVrZ83yOvMWUhOiXcs+Mffcs/jErmd5WJ80Wf4RwEk5WxgPk88= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(39450400003)(39840400002)(39860400002)(39410400002)(39850400002)(54356999)(230700001)(42186005)(76176999)(3846002)(2950100002)(5660300001)(2906002)(33646002)(33716001)(50986999)(83506001)(6116002)(66066001)(8676002)(9686003)(38730400002)(25786008)(53936002)(92566002)(77096006)(6486002)(189998001)(90366009)(2201001)(50466002)(23676002)(7406005)(1191002)(7366002)(103116003)(86362001)(7416002)(7736002)(305945005)(81166006)(47776003)(921003)(2101003)(1121003)(83996005)(217873001)(84006005);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1613;H:[127.0.1.1];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxNjEzOzIzOmNtM0FXWEVTUDZYV2gveHVpWUhBVnMrVy91?= =?utf-8?B?VzlFclpUWTFvbml2Y2JnT29jeng0MjVQL1dUYmlCQUtBTmpZNXhaV1FCRFVJ?= =?utf-8?B?NVdoeGs3U0V5S2dYS3ltZEwvZ3hDcnUySG1YbkNaTWtoRHNQV2NWQksya0Yy?= =?utf-8?B?bWRoaVpQQlQzM2FkRlN4TEFrMkM5M2JXZndDUktJdGRRaWIzQy8rTnAvNUh1?= =?utf-8?B?d0c3SUxkaHNzYm9vZm9xWnFCeTErZytMa0xHT2ZURlhlUFk3cm5VbllseER3?= =?utf-8?B?S2Erc3BZdzgwd0FuUlJjMHpiMTI5cGhkMkhNZ0YzMVp2UjNvV2lHeW0yU3Ni?= =?utf-8?B?TUtNZ0JTU3V3L21BL3Q4cEczdjFJR3Z5UFJKYzVxT085ZEdtSlpEQWhqN3Bi?= =?utf-8?B?dk9JMzRwWkZhSmNGNXQvdGljZlBkMk9UU0Q4WnNWajM3ZGxNaENLbTN3MGRZ?= =?utf-8?B?dW5rc2Jzb0dsQUhUdVB4TUxQWlh3UnlNajZ0N2diNm5GdHJpL0tIZHRuWmww?= =?utf-8?B?RkVBZ2MvN0xPK2R1RmdPK0haMTFhbWo4eDRLTkhRQVN5S0FtcE40aU9GVTdD?= =?utf-8?B?M1hZMFhSLzdaK2V0cjJaZ0pHWFZGdVlnNzdOalUzMHVFRFZrOVBBWXlsZVN1?= =?utf-8?B?ZVI1aFVsS1k0a0d0N3loMEZ6UkRUVC9VWmovNGZhMXViaEZJekJVOTZKaEZM?= =?utf-8?B?R3VqbHdCQ29GdDR5anV0ODBPV05CUUowQ2ZuRHJtcllsclp5QTRiaHE4MW1s?= =?utf-8?B?QkJXZXNpV2ZUclBkMGVJWkw4aEdwU1NuNmt3V2VCQzFWZTZnejFqWDkyQWpr?= =?utf-8?B?eXBHSWNVMXdGcmZjNkVPOVFTV1dyc3ZTRjl4RHE1SmtXQTU4Wk5wUHR5Ti9h?= =?utf-8?B?RFFkQ0VIUzVhMzBqV2VkQndwRS9oOEtCeFVLMnZnWlRtY2ZEYlFlWmJBY2Z2?= =?utf-8?B?d2RjeFNiMU9ITWI3YVYxeHpUZjJ5ZURRbTlQSTJ3Skd4bU5Bc3o3UTNMZTV5?= =?utf-8?B?Qno5ZnZEVmVCajlZVVRTWGFlcFprd3NOVWYwRUthZHpGb1habkt1N2wvbDBG?= =?utf-8?B?RWF0blRrRjVQbUM0a3ZvNjVLVUFKMGpkRWR1S2xDUFBOM050RTJLeWVERm5m?= =?utf-8?B?ZzdER2dIQ2Y2NCswdkNzKzg3K2MrdkVuNThvWWJiTHF2Vml0QWJQN3hXM2tj?= =?utf-8?B?WjhqV0dRR2JrTHNvczlnVnM2N2x6ejV6UnlZdWhINnV6QW9CbFR2ZUlsdmFj?= =?utf-8?B?U0lXYUJlbldVbVBoN0JxUmpiTTA1aE5HUUc5RjlPVGdmU0Zya2U2VDV0N282?= =?utf-8?B?WUFYU1NISWhCRUR1WHB5bGp3QWRSSmN3Q2JOdU11VUx5QjVybUVtSmo1MEEy?= =?utf-8?B?Z2t0RlJQRy95TzBrR3dtaVQ0WEFyS3A5ME9mZWZ2d0g0R1prWjYycEQ4ZVpM?= =?utf-8?B?N05vS1FFVXpob3NYdTU0NDJOeFZWcU5STTFSQmNRdmhJdk1pOE1qdTVlWndW?= =?utf-8?B?KzE4Q2ROMGdRMENiMU53N3FqaXI0RzlXYnBEeTZ0M3BBQ0kxdDF1ajNLeFQx?= =?utf-8?B?TmFXczQzN0xjVVovTWNvY3o3RktPTG1kNW1uNDQ4azY5TnVjVnJuNkFZTjRW?= =?utf-8?B?bW45YlFabnAwVlc3dnYrL1B2SElIUnVXSnBpMG1sMkpCSnphVFR5Q0FzQXY4?= =?utf-8?Q?YJRA0UK6/NFfl9KGMU=3D?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1613;6:wpdN6+CbsA3oli/a7TyEVHe+rnsKWE+U68aVmmzEDtujrfTMvwMzWYgGZuzuJyCn8hzIqaq9NVl8juZFci1dIlvD9Ciq2A1Qgz1gZQE08Qh0RrQzjGn3S5Xgx8lRQVEQ9/eIfT/2JSyzMyOj0jc1TZYHq1JtekCtPG3To+80j8NUrCy9HtREgFPslucjG/AEGMniiIstKhroCCKvTT5HfUJZuN9NTsCNjkMXnFsPZ5OVLJrelSAbhEw8Cwq1fX9/ag7bjDH+rSqFOVEf9jyIomBIMoiPDZEWJBv0qK+pP24CgRip8GkiY63SiafRf+eT55tJ+f6eykcGnbNgZhly3BmtW1Ap1Gc2DFPJhe0/DCDtJoAud8VzMGtj5mbzaujAa2RK9kLL44EEVe/YcPJBJI6JGb6rpsjhTKrLQsO6Pvc=;5:qwuAiHpq9oDTIGJbkiz14ououHsQO5Fy5CHUhwJR6mM+eJHfsnDoW+y/0E7D1ifre6APSa56Bab3Js9UQYWQp3CEz8NqwPCNY/9aj8BDQx7+r3uvc+nzRNGWeYxhkWX7nGJxc7CqSpchr4rEwDMVnA==;24:xGgxsIYesUGAB4rAS/moI30OV6OUGvwGBEcdkXW/AuwOeFOaKvqrnRgNHGnwzpvZkVz9hsFThcWve3JkIqnOuiuRR/vqX8EBLwrG0LtA5QU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1613;7:hpcMvbh4OEYBJX8Bjksl47xi/rGow8eDJJYcVKZgQlc/58cB/4V7AAmQQ0ZWSfeKMb2WlTDPbO/k/NaIo/jLmN9zh0rvb5hSi3ovYm/FCdRp1NerWbisuW3uHDgI/uKrrdWcX3kjmu5jCoeM9+IUEvAO1yzF+la0e+V82B7ZjQ2DqkF5U+u1P0gIufFKLQYoUwV9nhxAAUk6USWm52O7ho79ZUM/TBAYBs7S8R+q1DD+3B4LZgzxdOEXLS7lvUrDAN+oKMl2MOjjMMmiV16eTTR1bXqgestXFfNS8raU/s8iYw/P9dXRQDI2CVCbibl6sXREfr0MRNHdr9FWtc0HHQ==;20:LkYgkrcxMfyOdu6yPN5/D7/zd8eUs/gboC6zLrPSo2WxLl47QKix81ga163hblZwPdwBd7Qlotu76R47HuMGB3Qf65k6c7kpCaVnpqS98x+J8eUQRRUOqMGMgmdQv72nbUou1YTSXGBcbRB6vI9v/bLPIqyBWyTg02topNt3U86k6V+XX+2BxKVFXkHb5G6DU+Vft7gdHWwWuIXMdl2T2sgwN9j2lYRaJnjC4U92Bpw1EjE7Bz+DO1gzPWpwqVpq X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:13:01.3583 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1613 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data, setup data) is encrypted and needs to be accessed as such when mapped. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index c6cb921..c400ab5 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -462,12 +462,31 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, } /* - * This function determines if an address should be mapped encrypted. - * Boot setup data, EFI data and E820 areas are checked in making this - * determination. + * This function determines if an address should be mapped encrypted when + * SEV is active. E820 areas are checked in making this determination. */ -static bool memremap_should_map_encrypted(resource_size_t phys_addr, - unsigned long size) +static bool memremap_sev_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + /* Check if the address is in persistent memory */ + switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { + case E820_TYPE_PMEM: + case E820_TYPE_PRAM: + return false; + default: + break; + } + + return true; +} + +/* + * This function determines if an address should be mapped encrypted when + * SME is active. Boot setup data, EFI data and E820 areas are checked in + * making this determination. + */ +static bool memremap_sme_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) { /* * SME is not active, return true: @@ -508,6 +527,13 @@ static bool memremap_should_map_encrypted(resource_size_t phys_addr, return true; } +static bool memremap_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + return sev_active() ? memremap_sev_should_map_encrypted(phys_addr, size) + : memremap_sme_should_map_encrypted(phys_addr, size); +} + /* * Architecure function to determine if RAM remap is allowed. */ From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV Date: Thu, 2 Mar 2017 10:12:59 -0500 Message-ID: <148846757895.2349.561582698953591240.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linux-pci@vger.kernel.org, linus.walleij@linaro.org, gary.hook@amd.com, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, cl@linux.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, peterz@infradead.org, piotr.luc@intel.com, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, arnd@arndb.de, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, luto@kernel.org, devel@linuxdriverproj List-Id: linux-efi@vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data, setup data) is encrypted and needs to be accessed as such when mapped. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index c6cb921..c400ab5 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -462,12 +462,31 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, } /* - * This function determines if an address should be mapped encrypted. - * Boot setup data, EFI data and E820 areas are checked in making this - * determination. + * This function determines if an address should be mapped encrypted when + * SEV is active. E820 areas are checked in making this determination. */ -static bool memremap_should_map_encrypted(resource_size_t phys_addr, - unsigned long size) +static bool memremap_sev_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + /* Check if the address is in persistent memory */ + switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { + case E820_TYPE_PMEM: + case E820_TYPE_PRAM: + return false; + default: + break; + } + + return true; +} + +/* + * This function determines if an address should be mapped encrypted when + * SME is active. Boot setup data, EFI data and E820 areas are checked in + * making this determination. + */ +static bool memremap_sme_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) { /* * SME is not active, return true: @@ -508,6 +527,13 @@ static bool memremap_should_map_encrypted(resource_size_t phys_addr, return true; } +static bool memremap_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + return sev_active() ? memremap_sev_should_map_encrypted(phys_addr, size) + : memremap_sme_should_map_encrypted(phys_addr, size); +} + /* * Architecure function to determine if RAM remap is allowed. */ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV Date: Thu, 2 Mar 2017 10:12:59 -0500 Message-ID: <148846757895.2349.561582698953591240.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org List-Id: kvm.vger.kernel.org From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data, setup data) is encrypted and needs to be accessed as such when mapped. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index c6cb921..c400ab5 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -462,12 +462,31 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, } /* - * This function determines if an address should be mapped encrypted. - * Boot setup data, EFI data and E820 areas are checked in making this - * determination. + * This function determines if an address should be mapped encrypted when + * SEV is active. E820 areas are checked in making this determination. */ -static bool memremap_should_map_encrypted(resource_size_t phys_addr, - unsigned long size) +static bool memremap_sev_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + /* Check if the address is in persistent memory */ + switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { + case E820_TYPE_PMEM: + case E820_TYPE_PRAM: + return false; + default: + break; + } + + return true; +} + +/* + * This function determines if an address should be mapped encrypted when + * SME is active. Boot setup data, EFI data and E820 areas are checked in + * making this determination. + */ +static bool memremap_sme_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) { /* * SME is not active, return true: @@ -508,6 +527,13 @@ static bool memremap_should_map_encrypted(resource_size_t phys_addr, return true; } +static bool memremap_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + return sev_active() ? memremap_sev_should_map_encrypted(phys_addr, size) + : memremap_sme_should_map_encrypted(phys_addr, size); +} + /* * Architecure function to determine if RAM remap is allowed. */ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f70.google.com (mail-pg0-f70.google.com [74.125.83.70]) by kanga.kvack.org (Postfix) with ESMTP id 9CFED6B0389 for ; Thu, 2 Mar 2017 10:13:07 -0500 (EST) Received: by mail-pg0-f70.google.com with SMTP id 1so94301097pgz.5 for ; Thu, 02 Mar 2017 07:13:07 -0800 (PST) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0066.outbound.protection.outlook.com. [104.47.34.66]) by mx.google.com with ESMTPS id u10si7690973plu.58.2017.03.02.07.13.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 02 Mar 2017 07:13:06 -0800 (PST) Subject: [RFC PATCH v2 05/32] x86: Use encrypted access of BOOT related data with SEV From: Brijesh Singh Date: Thu, 2 Mar 2017 10:12:59 -0500 Message-ID: <148846757895.2349.561582698953591240.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linux-pci@vger.kernel.org, linus.walleij@linaro.org, gary.hook@amd.com, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, cl@linux.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, peterz@infradead.org, piotr.luc@intel.com, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, arnd@arndb.de, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, luto@kernel.org, devel@linuxdriverproject.org, bhelgaas@google.com, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounine@idt.com, kuleshovmail@gmail.com, linux-kernel@vger.kernel.org, mcgrof@kernel.org, mst@redhat.com, linux-crypto@vger.kernel.org, tj@kernel.org, pbonzini@redhat.com, akpm@linux-foundation.org, davem@davemloft.net From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data, setup data) is encrypted and needs to be accessed as such when mapped. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index c6cb921..c400ab5 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -462,12 +462,31 @@ static bool memremap_is_setup_data(resource_size_t phys_addr, } /* - * This function determines if an address should be mapped encrypted. - * Boot setup data, EFI data and E820 areas are checked in making this - * determination. + * This function determines if an address should be mapped encrypted when + * SEV is active. E820 areas are checked in making this determination. */ -static bool memremap_should_map_encrypted(resource_size_t phys_addr, - unsigned long size) +static bool memremap_sev_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + /* Check if the address is in persistent memory */ + switch (e820__get_entry_type(phys_addr, phys_addr + size - 1)) { + case E820_TYPE_PMEM: + case E820_TYPE_PRAM: + return false; + default: + break; + } + + return true; +} + +/* + * This function determines if an address should be mapped encrypted when + * SME is active. Boot setup data, EFI data and E820 areas are checked in + * making this determination. + */ +static bool memremap_sme_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) { /* * SME is not active, return true: @@ -508,6 +527,13 @@ static bool memremap_should_map_encrypted(resource_size_t phys_addr, return true; } +static bool memremap_should_map_encrypted(resource_size_t phys_addr, + unsigned long size) +{ + return sev_active() ? memremap_sev_should_map_encrypted(phys_addr, size) + : memremap_sme_should_map_encrypted(phys_addr, size); +} + /* * Architecure function to determine if RAM remap is allowed. */ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org