From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754103AbcIGOQm (ORCPT ); Wed, 7 Sep 2016 10:16:42 -0400 Received: from mail-co1nam03on0042.outbound.protection.outlook.com ([104.47.40.42]:35506 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1750798AbcIGOQh (ORCPT ); Wed, 7 Sep 2016 10:16:37 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v2 07/20] x86: Provide general kernel support for memory encryption To: Borislav Petkov References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> <20160822223646.29880.28794.stgit@tlendack-t1.amdoffice.net> <20160905084817.GB18856@pd.tnic> CC: , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Andrey Ryabinin , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Paolo Bonzini , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <22bcc398-8c6f-80e0-99db-8066508bb089@amd.com> Date: Wed, 7 Sep 2016 09:16:21 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160905084817.GB18856@pd.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BY1PR15CA0007.namprd15.prod.outlook.com (10.162.17.145) To CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149) X-MS-Office365-Filtering-Correlation-Id: 7b52bfb4-3b13-48b5-7b8c-08d3d7299102 X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;2:EzhT0yjJLhjMu8cmjR8FZEqEhC7EYskLiAYyxdWRWBPYlxQV1ULX++iUIKl1ssP4PPDqCDXK21kdV2fKCmvR+fQ4oue2FB0O3blUECLAqz9kyFzeNl6x5+3jzAk1pWhuKn8pokXNzWb0Www5oJLFAkmWvOK+dTX6mipof0VS/WHzPuR5MvjDWfyxnyZwYNuL;3:2A1xbyQd0OgLp46BKFL62vtF5ynzlCvyMblwiXRc+4j5qmJpzYPMT88A9avFMDsoTo8H7Pi8Nltp9o6bH6CVB0vqfnjwG4JodJ6b4EhxvLinbYdJS24dcMQtes7r2QmL;25:gtAuF96CiUqAqd0Skd/zZHjLY7aCqW/CI96IfVuASlFNdG6SyPcQOP2kr5qCV1LaamQj84reT7QKhp1afvnLC+KsTIJOkpRjdK3Z+zB/kN/c89vYnkHWiP7+krwQK25lBsR/m4AwAuaoOUPmUWxZG9r6MVCGsruZtW5PowRxSG4dO/K81kwfD2VdAoRUIgXeYFd+wyYlvjCJwEiZuQasxeDSW4Shv9Af2jQV4Ny6C/wQF6Uaf6+rP16fvMMeCeVLUAIF2miJDfgtWQQfHic2U8a2j6tLtxxXcSL2Xiqv9T2Tc/tEOy5yeSrQMD9dc3CFH7pkwDZdKFTzx+m0B1Ttzgj4NuoLcUkois4qcxzg4NV3JkSLn+A8KqiJPDRqj1Mg+n/kA0yIWY5zgYEMNcVN5Q==;31:fvKifwjDbgc/DEUUuHIwjQyo8y710x6ADTCgrXe0TSOL+I/8Zb41aBSvVXeiioXhBkEur8ImHrsMUVyNaDRbNVE645WMPJtmX78tkMsKNyN4+7bDEwyhJH4+AbGNilr0OPXQhVG7gArAuoyuOtMD2RDU1EYRDPSAEC23J5a0Fr1pl/fdC2vtUZoSJr3QfeGSHU40EUWupIW6cLqwRVmespS1YBV4AjtD3dPs6XOBNdc= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:jV29qf6Lgmk7prvnldkaOu4yB6NstddcRQMhBUqtJsnZT5FXTUIanmzWfNXSxy5m5mnI1yfz+fqL8PPvHKxETnDq6GjrpyimKbJ9tDvrTkfvJDtu2dGQGay0VFznDiEg4lfa12O4M+gZ9tnNVSc8uw1N79uMY874Cts5K1kHKxHoF2zFw8YlXb0V1Km8M6ZQ2nlig3jD7NDwgDZQAnm70G9V0HTx5YdqbjbCfn0iIZj20MYctTcBT9Uq1yUw1crFJRCoGSgIQy2PPmwRtSW8JIvsju6Zyiqi0IhU/shF+MQrOvZBiz2001aGJMiYpx6SWMi955AW/mtrmevm4UHQEYE/Cmii3FWSfWksPqdlOKhSjxmCKXADNxgYD2eMJMDehhdiRpd1PoaZlEK1rilpdxJPBrjNmYSoxQORZxpj60qZKwkqCwAJJ1q4IJLyp1M5KBrACzyaYl961dk1aKqYtxt3FUfjx4HArxmkA7EplNoQKytFjuVfU4yej8iThsxy;4:lhsokYxuvZbv4uQQ3Z1vaHIrWtvhDLAnhrp6J8DxoZWbaFc08/XMqkkVW1C29juTswrgxkLl4wt8NzZ8U3nHSovOBzxHXSPCWNGo7vzsDRQBkQHddn9l19JXtxKCrPxo5uZc0MmmdJ/HjBX1c/HW6WspCrXVd+daslAqfCMvFBNY+Ku8HxidnCvFzLrmi7sayf6AWS5oPX7+WGRfrJkS1geVL/Yy329U7C+Ma6gQXLT78MW84l+Zz3kZq9NRKmuEuX3zFhcBCZiBvsXDI5aca7Pkz0XLXiDwXMAEVdXtC248icjQSd6bf7zY5gif+4lOoOT8wVz+F3QGuClG11n4Eokh4JcAQ/zOqQSlUwxk7N0J2O7DBvWmFQ8VCs0XewhTJH4mQo5BUBYZO7VIFsn2U5U7IhrEB3qCpfXnMtSmh4MWuGBPQw2qGeWsXGxDzO6t X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141; X-Forefront-PRVS: 0058ABBBC7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(199003)(24454002)(377454003)(50986999)(586003)(6116002)(110136002)(189998001)(86362001)(83506001)(36756003)(575784001)(2950100001)(19580395003)(77096005)(5660300001)(31696002)(19580405001)(230700001)(50466002)(2906002)(64126003)(4326007)(31686004)(8676002)(81156014)(3846002)(81166006)(106356001)(65806001)(7846002)(47776003)(7736002)(42186005)(7416002)(105586002)(68736007)(23676002)(101416001)(33646002)(66066001)(54356999)(97736004)(76176999)(65956001)(4001350100001)(65826007)(305945005)(92566002)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.18.82];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOmN1dHQ4KzlhZzk5Z3o5Y1dlUmdzd1pKbk5s?= =?utf-8?B?dzJYeUxpdFZzZlBEMjc2RW5rNlQzNmdvWTRES3o0czZjeC85ZjNuZU1OYUht?= =?utf-8?B?NFI1RFcvQnVxdmE4bTBsQllHT29GaitXeUhQU3NoMmdXNi9HN2s3bVFTMGFz?= =?utf-8?B?WktJcjhlNWZFSWkxS0prdHFPd3dQSmp0Z2wrU09MQW5HaFp0S091aWsydlRG?= =?utf-8?B?WXc2bnVyVHVCbmJCbWN0TG4yTmNwMGdnTVYvL3FNRitQSXl2N3VCK3haeS8y?= =?utf-8?B?dUVQNXlaSGVZSFAvUFRsQlRIYXhwUkxSOXUzT0c5OUJrUzgvam9ld0I4dDNs?= =?utf-8?B?QUV2N0NYeUJRYnhtYitWc0swYWMwMDVqQmNENEgzamlVZWo1TEdzVXJUNGVE?= =?utf-8?B?UHVwNy9JQ0tkeUdvaFdtcm5nTDhmUTMwS01HeVc3aHNXUUIxRjhJR2ZUMzd0?= =?utf-8?B?SUYrMytzeWMrSnNpUUVIZWJnRXd3V0ppelNRVSs5NDlMZ0RHK0hZRW52RWxo?= =?utf-8?B?NS9EMXc5QkFpQmxzMFMrajczYWNGQ29TVDB3UjJEbE43V2xJSTRHZE9UZnRK?= =?utf-8?B?UFdmcklYYm11K1V5VFEzN3paOUh4YXhzcktoQlplaUx2dFZ1UXFzM09uSU5k?= =?utf-8?B?SnJGTldXU3ZFS0tpOUtab0tFV01YdnNBQllNTTJ2NTNkZjhTc0pGUmlXRm5X?= =?utf-8?B?cFkvWTBqMXczdko2dXdxanpqNXFpYTdzZ1lZRWpYSDQyMWowemc4aW00cXZS?= =?utf-8?B?RmxsRFJJczV1c2VLSGd3S3NnbUhkS2RPa1hTaW9jU2NWSngxMkxoNjdLckFk?= =?utf-8?B?NmlSR1N5WnNxcGdUVmZOZmp5Z3puWGNkOXRQdlIzbG9PejU4aDhlZDVqOHV6?= =?utf-8?B?UUdJcVVIZU5WNExoWjN0blNxaklEK1ArMU9CaGRzMmVUY2E5WldHVmJjQTR6?= =?utf-8?B?dG95L1V0cTZsYlZXZUlTZlJYS0FBdEZSdmxoanhibDBDU1pCcWJyR2g0UWc0?= =?utf-8?B?VkcxdlloOEYzWWlRTldCcndILy9vaFA1NmpYYzRpYlZBTjFFOExzSEFPdHdR?= =?utf-8?B?UjVKNkVTNVlldWFuRHpWSmU0Z1pHWXNRSFR5VXl6U0pUbmt0WkQ4TVhGNEFE?= =?utf-8?B?OGIxelR2eWhJb0ZNSFcxSnhqa1FIdy8wS0RTR1hoOGdJb1VKWkhybW5tN0tL?= =?utf-8?B?VVV3eEM4M09JSVhhd1MyNVRoZ0pNTGJhZWl0b2ZacEdvdkJPbFBsVFhNUmVH?= =?utf-8?B?VVpBangxQTJBck9YOFNMZjhMaHNidE0zcndJVXdqZTFLVWR5Z3p2cFdiTTF3?= =?utf-8?B?V0xHZWRrR0E2Qm92cnMxR1dieHgrK2JNcE96VzZ4TXNJV3dpYmFiWDVHYjE5?= =?utf-8?B?NVI4S3QzaDJncXBMMzFrNkgwVklhTmY3cFNmNjVDbEdZYXhXRGFKN1NVMkhi?= =?utf-8?B?NkhPMk5Sa2Nwcno3Mm5xbXRzS0lwVUlRMGR3UWE4Q0hMVkkyV1FadDZvdld1?= =?utf-8?B?ZTBzRU9HT0VhME4wUk92aWQ1UEtwbGNBb041WG9waVZWa3R1RHJyTXJtaFZB?= =?utf-8?B?Tnc1SFFFNFVQWDhUbGxXTlFMMnlKQ3pMM1FzY0gvOURaWDNyVitpNTRsQlB3?= =?utf-8?B?QU9YQTdCTFNqYmVGMVBjdHJBN2xySlU5UUhDcGk3SElxa2xRcmdjSFJ3WkF3?= =?utf-8?B?dUhwM1ZvTXVKWXlOd0NPNyt1UjQ1QlIvU2NtakdqT3dZRThCcGRJb1FHNTNK?= =?utf-8?B?R3RLUHZSekxKWTJWcmVkd3V5T1c2WmJUVDRVTnNlVm5sWjh3bFBhWHp4KzAv?= =?utf-8?B?Ui9wMUdRaTNJYnZSQVBLSWdUMzVrQU8vV3FQQUIwbW9RNXc9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:TbvbTnznzoqo+UgfYHAzBaGutzkQYIRYPXptDdUyiNDFytpcuALDVZCSw4LwKQ+sTaxclrYRNi0nCNaUIjt2HDXw9ea5MaBv9D6Xov1BTMMcCUA3x2jUkXoR/nLQZLyOTR8U26Rr358tq3y97AoBt7xti26hUxBbrMuRHsb7qjszXbDmhfeTKfuFDopuRLWnHklEIEw/PV/yvboKtc3I3R+jISBc/rc4yIxuoJ10j1SNj2tsUeAdmpePW+4kqWW8rSASV6HE00JdYglEGRnZRBlqKtZmdpU1TQM1oJyrgNwUK/fgPppEz61YH5zTMx1sKojX1/jcRwoK+9nRJCvVXg==;5:XO62G6JmhVy1PQUFr0d1jEhfeuU8wgWlqyntmPL0N4kxnbmk+Gzqikt+sDdwvxsNNQ1Y2+Iuv9GS+b9iqJLgjCBMAVPQSGOR7dxKCQyQMR3/f8AA7LcWSCuPtaent1pPgjkJh1R0ChWNnLOaFf83KQ==;24:E30JP8qZmJTABEFl1DRFDXmbWfaQM0F8b1bqRzsJ71HHBIJGRiGnPuXPrY3R2paoltGxv8xs06VvTBtt93VodgTOrfnmZ3W3pf3DUPNu/6s=;7:svNsWntqehkb2KnU56pWQeTBRKjPdvdCyeERe67xRBqDX8t9rWA8fjXC3fnpEzua8APcrX6NhqCx+9cDYIfyjBzO42oieeKneU8/eYYPY8hA76NgD6WYyZNr/VHlDFJnMxdsCfMD7jhhOFfUw/lBmSUdiGd8ZihV4OSOXlMYTL6bpQUXK0Bsab6w72PMMp2bFQQ2hwEbKtcSrGbWoH+mkgr9nEfN++9hO9HIMqbN1vqbMtBZJLHsdlUWFElp9XJ/ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:qzRTMXLz4KDd/VULCj9yAzBBLu7ARKnL++yAhmi3YO8912xXjP+G2pDrb6YisZPORJ/1bjIJ8sAPAJ3tV1bbE+NaNfvzqfMPdQ3RbCK7O5VZBZP6ngF7UWrEjzHqfo6fFyIfKQIib4LuaD5vMdpkRnLmxDhzOJsT9DSMaXrLMMPnbHNCpbZRmo0GEp4jtfZILBXUmp+NsiB80SxW72JIb4cPSXRJCMt6lMHCMG34VwOQeIrvfXDXDTw8nowYF+fe X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2016 14:16:29.4874 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/05/2016 03:48 AM, Borislav Petkov wrote: > On Mon, Aug 22, 2016 at 05:36:46PM -0500, Tom Lendacky wrote: >> Adding general kernel support for memory encryption includes: >> - Modify and create some page table macros to include the Secure Memory >> Encryption (SME) memory encryption mask >> - Update kernel boot support to call an SME routine that checks for and >> sets the SME capability (the SME routine will grow later and for now >> is just a stub routine) >> - Update kernel boot support to call an SME routine that encrypts the >> kernel (the SME routine will grow later and for now is just a stub >> routine) >> - Provide an SME initialization routine to update the protection map with >> the memory encryption mask so that it is used by default >> >> Signed-off-by: Tom Lendacky >> --- > > ... > >> diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h >> index f1218f5..a01f0e1 100644 >> --- a/arch/x86/include/asm/pgtable_types.h >> +++ b/arch/x86/include/asm/pgtable_types.h >> @@ -3,6 +3,7 @@ >> >> #include >> #include >> +#include >> >> #define FIRST_USER_ADDRESS 0UL >> >> @@ -121,9 +122,9 @@ >> >> #define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE) >> >> -#define _PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ >> +#define __PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ >> _PAGE_ACCESSED | _PAGE_DIRTY) > > Hmm, so this naming looks confusing and error-prone: the only difference > is a single "_". > > How about this instead: > > #define _PAGE_TABLE_NO_ENC (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ > _PAGE_ACCESSED | _PAGE_DIRTY) > > #define _PAGE_TABLE (_PAGE_TABLE_NO_ENC | _PAGE_ENC) > > Or call it _PAGE_TABLE_BASE or whatever. > > Ditto for __KERNPG_TABLE. > > This way you can differentiate between the two and use the _NO_ENC one > to define _PAGE_TABLE. And it will be absolutely clear when you use the > _NO_ENC one, what you mean and that you don't want to have the enc mask > in the PTE. > > Should be less confusing IMO too. Yup, makes sense. I'll rework/rename. Thanks, Tom > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: Re: [RFC PATCH v2 07/20] x86: Provide general kernel support for memory encryption Date: Wed, 7 Sep 2016 09:16:21 -0500 Message-ID: <22bcc398-8c6f-80e0-99db-8066508bb089@amd.com> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> <20160822223646.29880.28794.stgit@tlendack-t1.amdoffice.net> <20160905084817.GB18856@pd.tnic> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160905084817.GB18856@pd.tnic> Sender: owner-linux-mm@kvack.org To: Borislav Petkov Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Andrey Ryabinin , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Paolo Bonzini , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov List-Id: linux-efi@vger.kernel.org On 09/05/2016 03:48 AM, Borislav Petkov wrote: > On Mon, Aug 22, 2016 at 05:36:46PM -0500, Tom Lendacky wrote: >> Adding general kernel support for memory encryption includes: >> - Modify and create some page table macros to include the Secure Memory >> Encryption (SME) memory encryption mask >> - Update kernel boot support to call an SME routine that checks for and >> sets the SME capability (the SME routine will grow later and for now >> is just a stub routine) >> - Update kernel boot support to call an SME routine that encrypts the >> kernel (the SME routine will grow later and for now is just a stub >> routine) >> - Provide an SME initialization routine to update the protection map with >> the memory encryption mask so that it is used by default >> >> Signed-off-by: Tom Lendacky >> --- > > ... > >> diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h >> index f1218f5..a01f0e1 100644 >> --- a/arch/x86/include/asm/pgtable_types.h >> +++ b/arch/x86/include/asm/pgtable_types.h >> @@ -3,6 +3,7 @@ >> >> #include >> #include >> +#include >> >> #define FIRST_USER_ADDRESS 0UL >> >> @@ -121,9 +122,9 @@ >> >> #define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE) >> >> -#define _PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ >> +#define __PAGE_TABLE (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ >> _PAGE_ACCESSED | _PAGE_DIRTY) > > Hmm, so this naming looks confusing and error-prone: the only difference > is a single "_". > > How about this instead: > > #define _PAGE_TABLE_NO_ENC (_PAGE_PRESENT | _PAGE_RW | _PAGE_USER | \ > _PAGE_ACCESSED | _PAGE_DIRTY) > > #define _PAGE_TABLE (_PAGE_TABLE_NO_ENC | _PAGE_ENC) > > Or call it _PAGE_TABLE_BASE or whatever. > > Ditto for __KERNPG_TABLE. > > This way you can differentiate between the two and use the _NO_ENC one > to define _PAGE_TABLE. And it will be absolutely clear when you use the > _NO_ENC one, what you mean and that you don't want to have the enc mask > in the PTE. > > Should be less confusing IMO too. Yup, makes sense. I'll rework/rename. Thanks, Tom > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org