From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935642AbcIFQNJ (ORCPT ); Tue, 6 Sep 2016 12:13:09 -0400 Received: from mail.skyhub.de ([78.46.96.112]:37728 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932874AbcIFQNE (ORCPT ); Tue, 6 Sep 2016 12:13:04 -0400 Date: Tue, 6 Sep 2016 18:12:49 +0200 From: Borislav Petkov To: Tom Lendacky Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Radim =?utf-8?B?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Andrey Ryabinin , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Paolo Bonzini , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov Subject: Re: [RFC PATCH v2 09/20] x86: Add support for early encryption/decryption of memory Message-ID: <20160906161249.3ckotvocwuukhjws@pd.tnic> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> <20160822223710.29880.23936.stgit@tlendack-t1.amdoffice.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160822223710.29880.23936.stgit@tlendack-t1.amdoffice.net> User-Agent: NeoMutt/ (1.7.0) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 22, 2016 at 05:37:10PM -0500, Tom Lendacky wrote: > This adds support to be able to either encrypt or decrypt data during > the early stages of booting the kernel. This does not change the memory > encryption attribute - it is used for ensuring that data present in > either an encrypted or un-encrypted memory area is in the proper state > (for example the initrd will have been loaded by the boot loader and > will not be encrypted, but the memory that it resides in is marked as > encrypted). > > Signed-off-by: Tom Lendacky > --- ... > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index 00eb705..f35a646 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -14,6 +14,107 @@ > #include > > #include > +#include > +#include > + > +/* Buffer used for early in-place encryption by BSP, no locking needed */ > +static char me_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as encrypted but the contents are currently not > + * encyrpted. s/encyrpted/encrypted/ Ditto below. > + */ > +void __init sme_early_mem_enc(resource_size_t paddr, unsigned long size) > +{ > + void *src, *dst; > + size_t len; > + > + if (!sme_me_mask) > + return; > + > + local_flush_tlb(); > + wbinvd(); > + > + /* > + * There are limited number of early mapping slots, so map (at most) > + * one page at time. > + */ > + while (size) { > + len = min_t(size_t, sizeof(me_early_buffer), size); > + > + /* Create a mapping for non-encrypted write-protected memory */ > + src = early_memremap_dec_wp(paddr, len); > + > + /* Create a mapping for encrypted memory */ > + dst = early_memremap_enc(paddr, len); > + > + /* > + * If a mapping can't be obtained to perform the encryption, > + * then encrypted access to that area will end up causing > + * a crash. > + */ > + BUG_ON(!src || !dst); > + > + memcpy(me_early_buffer, src, len); > + memcpy(dst, me_early_buffer, len); > + > + early_memunmap(dst, len); > + early_memunmap(src, len); > + > + paddr += len; > + size -= len; > + } > +} > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as not encrypted but the contents are currently > + * encyrpted. > + */ > +void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) > +{ ... -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Borislav Petkov Subject: Re: [RFC PATCH v2 09/20] x86: Add support for early encryption/decryption of memory Date: Tue, 6 Sep 2016 18:12:49 +0200 Message-ID: <20160906161249.3ckotvocwuukhjws@pd.tnic> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> <20160822223710.29880.23936.stgit@tlendack-t1.amdoffice.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20160822223710.29880.23936.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Tom Lendacky Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Radim =?utf-8?B?S3LEjW3DocWZ?= , Matt Fleming , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Alexander Potapenko , "H. Peter Anvin" , linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Jonathan Corbet , linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, Ingo Molnar , Andrey Ryabinin , Arnd Bergmann , Andy Lutomirski , Thomas Gleixner , Dmitry Vyukov , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Paolo Bonzini List-Id: linux-efi@vger.kernel.org On Mon, Aug 22, 2016 at 05:37:10PM -0500, Tom Lendacky wrote: > This adds support to be able to either encrypt or decrypt data during > the early stages of booting the kernel. This does not change the memory > encryption attribute - it is used for ensuring that data present in > either an encrypted or un-encrypted memory area is in the proper state > (for example the initrd will have been loaded by the boot loader and > will not be encrypted, but the memory that it resides in is marked as > encrypted). > > Signed-off-by: Tom Lendacky > --- ... > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index 00eb705..f35a646 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -14,6 +14,107 @@ > #include > > #include > +#include > +#include > + > +/* Buffer used for early in-place encryption by BSP, no locking needed */ > +static char me_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as encrypted but the contents are currently not > + * encyrpted. s/encyrpted/encrypted/ Ditto below. > + */ > +void __init sme_early_mem_enc(resource_size_t paddr, unsigned long size) > +{ > + void *src, *dst; > + size_t len; > + > + if (!sme_me_mask) > + return; > + > + local_flush_tlb(); > + wbinvd(); > + > + /* > + * There are limited number of early mapping slots, so map (at most) > + * one page at time. > + */ > + while (size) { > + len = min_t(size_t, sizeof(me_early_buffer), size); > + > + /* Create a mapping for non-encrypted write-protected memory */ > + src = early_memremap_dec_wp(paddr, len); > + > + /* Create a mapping for encrypted memory */ > + dst = early_memremap_enc(paddr, len); > + > + /* > + * If a mapping can't be obtained to perform the encryption, > + * then encrypted access to that area will end up causing > + * a crash. > + */ > + BUG_ON(!src || !dst); > + > + memcpy(me_early_buffer, src, len); > + memcpy(dst, me_early_buffer, len); > + > + early_memunmap(dst, len); > + early_memunmap(src, len); > + > + paddr += len; > + size -= len; > + } > +} > + > +/* > + * This routine does not change the underlying encryption setting of the > + * page(s) that map this memory. It assumes that eventually the memory is > + * meant to be accessed as not encrypted but the contents are currently > + * encyrpted. > + */ > +void __init sme_early_mem_dec(resource_size_t paddr, unsigned long size) > +{ ... -- Regards/Gruss, Boris. ECO tip #101: Trim your mails when you reply.