From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752498AbdFNQjO (ORCPT ); Wed, 14 Jun 2017 12:39:14 -0400 Received: from mail-bl2nam02on0042.outbound.protection.outlook.com ([104.47.38.42]:30992 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751816AbdFNQjI (ORCPT ); Wed, 14 Jun 2017 12:39:08 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=amd.com; Subject: Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active To: Borislav Petkov Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Dave Young , Thomas Gleixner , Dmitry Vyukov References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> <20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net> <20170614162416.ksa54esy5ql7sjgz@pd.tnic> From: Tom Lendacky Message-ID: Date: Wed, 14 Jun 2017 11:38:57 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <20170614162416.ksa54esy5ql7sjgz@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR15CA0045.namprd15.prod.outlook.com (10.173.226.159) To CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149) X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PR12MB1141: X-MS-Office365-Filtering-Correlation-Id: 5df173d6-c9e4-466d-aa12-08d4b343df52 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;3:p8Y+VD9hG1aABi929F9J54vyKjlAcXZupM4akisNdMY8VcVlHkh9JqK+6G+1i34H4n0NsIR8IPX/0fZ3OjIzWH7wWT/v9sG95JM9+56HWKzS14LgXgFeh4eS6DyXslcYUXWwjuxVYTZyCL1xJU6zWYuIV320TcK0XOSYbLENWs7eYZ8opaZtxOzOm/YPOwl5/k5vMSkoX2fbHmKEhskLEO3aU7iI2wVIp/nunXo9GIujR8v/YoXQzuNFEiyWjtif5xs0UHdEGecVTxsTRoHIdeUbh/50XCe0Mg1PXOoUcKDTWO2iQnmhOvyEQHGm415Rb1BBmxM48/oiUODf/kkhEu9K2vjISaHI7dijeL+xKEQ=;25:Y3dUF8D/CVxyjfJZKoUzY9k8Y256Bf9Dv8N5zKf85IdrmI5tNdVVLbWkX92L3Gr2odPmkAMCQaPmSdgsxhrWrNu+xIppGkrclshfT02e8whixpvsKO4g8PTvrrZOqSnmf3nHgPpg+qQNELzQMyOCHdtKP3ShjEctQHNOzBztV5BjT0+VKp3sQRT0kwdV1yRSA/KwQUnzCqsG3UMjWG9byxPH95ElBLIN96oD4CodXMytZVnFKlQNdYxrOX+h+zK8J44GU9XcaTEihrk9WLuvCssCJ8Qh4i4GS75s8hztzBU4BQ4h83dl8M+3sgc72x1e2BtZwLp96j41gCSYNg5HYUZaojx6HXGSNvt0Ic6wD0VRpEHZl5Tc9Gmx9wwluVsDwjVNmgmmWkQMJ9PfF89vpVLIfljXDocwXaRKJttX0FRBjj3rBeq5P5sR3W+Ryn3v6uQ6PXeLHEK6+ZzmT0+s+s1UcLj31tHUNQfqQRjUpjE= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;31:Uq9xjVqbZyWvkYSpFQuE2tFZIVPUr+pwr3Wv4iJqh0q85Y2Zf4XhBE8h41Ct+2mb9BsRPcN1FnjZLUqGzX/D2lqmJuuHz+7IZ9Eeiq68EJASGzmx1hkN1U2GSb8qGvByQEkm5mk/0+tBGS/Eg7eVBkE3SEhRtmFjzYotstKeq+BLMW+wF/zHuI3MTPGMxO9FuQsoWrInaL9Yg1CRIDWx9z/Gvn1Ji1IcCfrz4trGBTk=;20:4sxmOKvv9gZWrW542gi8IyE8vq/E/xFXMKeJxE/5BiaJDnPVMXvedp5V6zHyXixa2m4ZzqjfpQFzXGDknY3rdwzaXwlABxLfWE3THB5XL3lL4oV0v9fYYndk4fSQ/MPDfbhpOoFTrZTMbEuWaY9Ug5ZaNHmf+L84lRC708EDtUCoLdDWY9LQc9KJYlwcP0WIokupbeGPTERlmmPSS98RmI5q43JOwk9t8ULtLCvDsLzRdowWkoKir6RFJQWFScXaFIbbICAw0MgFRPEulapNvDYRL5zJw4Sqw0PgjCHcwLz9olFMjmpcFycKDOfrRCqQ8DurZehTT/COpuZZsCo7cy2NoFWihhJ503WSMg79Q6HWaPoYbGMG2K44lXAlGEKU11DWRsUYSMKMLaLXAdHS0yldQME98i502jKOTUgf13eJDcVhFIRnW/7h2Tbc1h0gHQ8kya1lCeF7m62k3MRlzED+8dRTnFWIXgIhi1a0qxj9TNCte5iJjZzEyJPdHOR5 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123560025)(20161123555025)(20161123562025)(20161123558100)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzQ6ZVJyalpaN0tlV29QMFRCZDZ4d0RmK0hXNjZp?= =?utf-8?B?OGIvRWQ2UFJ4MzFiNXRUQjZtQVV2a2h3R3BxN0VLN0tHa1IyVG52ZGhHME9K?= =?utf-8?B?aWxVR3RKSGdRTW9VL2lLNFJlSVlRUThJMllzOUdhd1kxTlo1dU9ibktZWjYv?= =?utf-8?B?VjM2Z2FERFd3dVNqYU8vTWo4aUtZRFpISGgwMGd4YXZwMm1mNzJ3a3p3WDdr?= =?utf-8?B?YVpYRDdlOUJhRlYxNllTTVoreE5CenpEYW91dXFUTjJ1bWtXbUxrOCt1OUQx?= =?utf-8?B?KzdRZzNNbGZpWXBYa0VDWVVySzk1L0MwNEQrclpCK3oyUGRoUWora3R4OUZ2?= =?utf-8?B?aXF3REdpc09TV1J3L2lsVmhwWitBWDcweWpaajhZeGtUNUF6aE5QZjFDMjBV?= =?utf-8?B?WXBtazFsNTl4OGFsNHZudm9lUXVTanNOblRCb3greU55a1hpbEhIRnIxc3FY?= =?utf-8?B?YjZ6MDgrNVhZbjVPQlR1RmpVQU5CU2J5Z2hhTzViQTBmQitVYTQzVnFFN0Fj?= =?utf-8?B?aTV2bEo4djcxYXFCa3JhYUtmWHoyZElzU0hBZ2FEb3hUM2FPSXRxUEdsMm5o?= =?utf-8?B?WXRSakt3Q09mZUxlZlJBbTZ0ZXB6VisrMEhtR3Y5aGVlSVF4b1dabHVSZDFj?= =?utf-8?B?UFVHNHpUNm9IUWRuOGlJSXNST0NWb0FnRi9EaWJJOUoxZWpFVmdZbE5oSDI1?= =?utf-8?B?MHdpWEFPVVJzRXUyVHd2MEUyRStoMVJPMXpMYXpjVXFZTFhvSnNINFJ2RkE5?= =?utf-8?B?R2g3aERNK3VyTUd3K3p1Y0dDWUZucWVkL2FiN3BZOTFQZk9hN3VGdXVlSHZ6?= =?utf-8?B?a0xxbTJjT3llMFI2WjlUaVVrRlQ0UVpmNDRDSjNveTc4TEZWY1RMVEViYlQy?= =?utf-8?B?OXNrdW5kRVBpbTBkSVpuYXRYRmlNaFR5QWNNSDR5K2NqTFBzNk94VXlic2xM?= =?utf-8?B?YW5nb3FZTC9aZ3NzTGIwa2pmbmJGcW9YQXhUQVJHbzd2dFRqOFhvVTRFK0VI?= =?utf-8?B?MW01MXN1R1F5aVQ2Q2I1dVg2SFBIU1Y0cEx4dnlBQU93cE5rOTF0V3o4d0NR?= =?utf-8?B?dUdVU2hOTDJtanFKZVNDNzF2c2Z1YmpXdGgzYktmeS8vOCtCYkgwZ2ozblpj?= =?utf-8?B?R1pQK2hQUkxEcFdqVHp6bXRFS3luUmY0b1lKQUlBNC83OHRuTXVIRTR4eEZF?= =?utf-8?B?MUxDVVdTQnhob2RPUklxK2VnNlU0Zkl0N3hyNDRwdW96eDkzUER2K2hoNVk0?= =?utf-8?B?UFF2VjRJaWtTdnU0ZEJQZFV6SWpaSGZZMEdjSHFSS2hCN2tuNGFtNXhQTDRa?= =?utf-8?B?SjZ2MGRiM200NjIyNlhUUjlzTlh5YTQ0N1BXalo0K2hMbXRYdVZlSjRIc2hG?= =?utf-8?B?aWJvWDZTZW1KcWUwZGx4LzVzVGZXdk83Z1I2bGkvQVduZ0k2NkZRNlJiSjNs?= =?utf-8?B?Wi9McHNUZDg2OTlGbVBkWVZwbmRjUHlqRENsTVJIa0NvYThZbG5KTy90d3Jt?= =?utf-8?B?MlRZeVd1Wm8rZmRrRkx0elZtbDEzMlU5Vk43d1ZpWjJmQWhkODJpWlNGUkth?= =?utf-8?B?YWdFVHR6WkEzMis4R0RBUWlKSCtHdz09?= X-Forefront-PRVS: 033857D0BD X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(39850400002)(39400400002)(39860400002)(39410400002)(39840400002)(39450400003)(377454003)(24454002)(305945005)(478600001)(7416002)(7406005)(7736002)(5660300001)(230700001)(3846002)(72206003)(33646002)(31686004)(65826007)(8676002)(81166006)(47776003)(42186005)(6116002)(66066001)(65806001)(6916009)(110136004)(38730400002)(53546009)(25786009)(4326008)(6246003)(54356999)(2950100002)(3260700006)(76176999)(6666003)(2906002)(77096006)(64126003)(189998001)(86362001)(6486002)(90366009)(229853002)(54906002)(23676002)(36756003)(31696002)(50466002)(53936002)(50986999);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.64.250];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOkFFRG9JcGtSdUo4aXNMSzIvSVhEb2U3TDNi?= =?utf-8?B?dFpHRmlIU1VWS0hHa2VHM1ZZVkJBNWpydnZ5Tm1qT0RGMTBSRWlreERJRWRG?= =?utf-8?B?cjNkR0R4aDdHV01NTVRtZ3gvQmlZWlY0a0RRR1o2b01mbDh1M0t0eVNuckdY?= =?utf-8?B?WTVhaW8rd3BxSVVRem44SFJHS3dlVzFmSDNEblBRMXJ2Sm4yT1d1S3dqZDRM?= =?utf-8?B?VmtDVWVueWFCNmZzQWp4SkQrbnNCdWJseTBuMnpkdldCNUFuVGx1RytYMGdw?= =?utf-8?B?cXcvZ1ZQendFdHdqVDU0dkNjYTdQRXFmdGVtQ3p0T1dtS010ajVFNE9ISExp?= =?utf-8?B?R0ozakJEVjhzekVlbCt4aElGYU5GektkL2o1cDN0OVBoNzRYMVozZFQ4NTh3?= =?utf-8?B?MkhLWDkrcEtyZW5Ud0JZZEFOOE5VLzhXOGplcCtrWThETWs0L0RhcTNUZ0xU?= =?utf-8?B?bjJkZm9GUjRldVpHSTJld29CMWxYVTNsQkdQdkxBanFmMFJaTi96TDdZejAw?= =?utf-8?B?aHlWOEh0cFdRRjhBMDV5d21GZkFrQnVYdGlxaVRyeW5ESEU3eWJEWkdQMlRS?= =?utf-8?B?TG5xNTlFbmtPS0prRlZ6cjlCSzJtZGxFM3d5ZldEekpEM2JMSjcxWFBNOXE3?= =?utf-8?B?bFlQOGlhR2hqcVlpQkN4ckdYY041M3M5TG9aMmRkVDg5UE4rSE85cXFld2xh?= =?utf-8?B?eDI3eG40VGp5VEF2SktYUW1jaEZTQk9XM3h1UVF2WUtMa0dFR2ptdFduUk8x?= =?utf-8?B?ZnlDeStsekdiUG9rcnV1MzUxOVVkV0VHS0p0K2R1VmV0VmhRMkoybWYveUlX?= =?utf-8?B?di92QUFId2wrZjZ5VHZ4NTBZa1E4Q2E1b3FEWFBtQXZncDJ6WmFHd0xXTlBD?= =?utf-8?B?UUhaZk5BYWs0V0Fvc0Uwb1NHRmo5cFlYYmNZNCtlS2FzNGNmZThPM3N5UGMr?= =?utf-8?B?cytoZGExd09UZVc5c2JNc1JSczNpaWUzVUlseHcyeGJXRmM1SHphNGtBR0JV?= =?utf-8?B?UmMxV1lZb295bkJZVmNkcDBSbE8reUdmeGV4QjBicXZrT0FVUE96R2VvTG5Q?= =?utf-8?B?U0ZDUlM3bFk3US9pdjA5aGltSm1qaWNHNHdWWmcwV1lCRVVBMmZ5RGIremtS?= =?utf-8?B?TVY2bXlzcXYxV3owQVhwNFdVYW5wRGdpVVQ5ekxQbFVVNWtJM29udFFRS1Qw?= =?utf-8?B?a1VtNXZmRmM4UTR0bTV4VWh4NFo3SlQ2eW1QVmxpdzI3Ly9pbTVkZzRsNUhl?= =?utf-8?B?dy9GdlF3RVkzTkhCOVJ0YzlLL3RXWDNMaWs0WUl1bFNkM0k3bm1YOTV5ZnhV?= =?utf-8?B?MDlHWlAvUENHRlczckg5bzYraFI4dlE5RmE2cWo1aG52dTNsdU1SbWVra3BN?= =?utf-8?B?VEJJWFVLNDJ2djhPaGlSbFExWTlCdVVKWjNlNmQxcTJmQmJjZTFuUnRkb1JI?= =?utf-8?B?eEt0SW5EV2l3MzI4eFhHUklHY2pSRHJQOUhWTTNDdHdpeFJ0RzkzQ25qYXNJ?= =?utf-8?B?VVdVMHBVdy9ULzJsSmVNaEk1djNocnNtcnhuUTN5VlhLZUxlUHk2bXJjbk1Y?= =?utf-8?B?K0xrWm5pcC9sMUVFdzg1cm5IczRnZFhBZHRUNlA5MG00ejVISFlRSGRKcStS?= =?utf-8?B?SHZXL2svYm5tdktuQkROamtqWDRPa21IVEM1Vk9pdUpnOGtZSHVTVjV3dGNk?= =?utf-8?B?QXdmQytvbmpQRS9uT2M5RjNuTUJVaHpaM0dYb1hqY1JjT1BwTmRzcXk2TDFo?= =?utf-8?B?NzZ1Q29BS0w3Vi9GR29WWXdHNGFkYkQveGZxWHZpSHpGb2oxWnhVTnFVeXN4?= =?utf-8?B?VnF6d2ozVVpBeGhIeVVRRzZlSmswUWNmQXF6ZVJsSGZqTU01Q0FIMENwMHd5?= =?utf-8?Q?hbl8R73Pe6E=3D?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:WgWyCFd8LCgP4tDT+wyLKJPicGWQGOn7bild54cXPUQGYb3lUDHVgOAMcGVjySpmnlGBPJEjhzt8bXer6cz6vduXzWS7SXR8wqz4vsy9SnbjaV+ZBtJg6cSZr4InlbRHpwaj8IggTy62mkujAlMDw6OqN8d8T8+FF57rRQTrxws41+SflPI2KkcdVMdXF8M+BD9v+6LkdiYxV1/nfs2jXn0mI4x/o1m8W3l8Rp0ty9IU6s8Mc/dAm2qgfEyC6URKPmgMKH+yftRztAtwR+TGLT+Gv5AxwROH24mfvAe4O7iq+TByTDSr0jjr52IlT2LQ73ZB8RYo3NqePiO8U/7mz0wCBdzVO4Zp9i4lnvWtf/PyzTGERQjeY7mo3tDp/rdzI96/4tOv/SFKxckmh5+zf5kkj1If/6a4zsC/4WCVZOZalA3ShCqXbta07rnE02p9NmQw3pZcXvU2Y7WYrWo92IHxCpvSBuwUK4Wpmk/JW0S2Piz4wF0M3bJ9+3+1SpEhJ4BCV6XwTbYjebRoRMXTjdrQ4OB9pjiovEfALKIYrd8= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;5:PBMSuFBDfQJERBfLfXHkh162XCOKjEWsrwLyLWYG3XBYfiuFw66VL/7hHRCW9U4wlRNXaxlEmKrdiuuGxW7roEvtOvHZxbjJmJTS0vGK4FCiqfKhGsn/XFciqPqR72hlZFQmUYh1YjenbT2QcUVaHy2Ur0GKCV1+IcDYimYr0bu43Qr7B8zYdgifxPZ+xcowQgxUgXk0yy5sNThszpcdoDY5dVqL759erOtVSuJ/hs0jME93SsRw+Eb5Wk0R24jX1sTnk+R44ysNgPhYo/lJSNQo4rHevX1ncngQGGPGVXZq9ANney0ssHbGCa6RLN9vA5DZ1ArHUKWfgopnhUf8jlHR6SfIkhf0239ZopCoHOTcKDtJI2NhjMQ/3ZNAxjouD8LyXqFe5fPoVKMEKSLb6YnBGGvvdNEpmcFXM6/qaue7LdEzr1n8OYVtkYCzR/loB+CmmPnlcm5oWpKUuU9DLmz2pAHZTvlJHzBjQgNlSgbISna0o5H+NpPuua1Oshwd;24:msFMiT98S9HLKANgOvP8ODloBVFrEWwGtxKxfzQjQweRiofMTJ+fxMKFqx8O1DKZxthm4yP7bit+rTc98sXLpY7V8TbSAftwwOVGSUEdeoM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;7:xFuNf39PEma9eHLXcoEt+36dE/KDORS+5+KBwaiRlmosalO9OGphZN9kIZETuM+dO/eHtvlc9beZpmjMFXZGZUJQr4W32HdspDB2Wm6kLWVhLfhj/Mo6pHBXYonsJwPJ2Uh0S/x8CdFD81J0O5QFrZM+7WETwtKQ7RbLKpB+/9hw9QE8T9GDKw43Mh4SsOYTpsxmkiNTWQwaXNiNY3eYxvPeYEmVEodqiglmFEgnvnI3V0sq1LK8VJnB1huLkn1grURRUMiIEi0/WmZ89ER20my6p/iKsApYmsFW5CEicHy5lgO0uWD2ktbHBNEXtGFsAmPy3rrGIaCmC6k+fWXIyg==;20:ZClYOp6PnKC+i8xyXq7Fef/HUWtqFcICwa/xEW6I2l1qIYFTd/Pu3sNU2TqOFsp9jRvAte6S4wJR1ox4kmkXOWYiAu4OFNa4x9raBi50jljeUI+FqrnqOXJvv6FPJW5isxPdhsNWTrP6twggUtaJSugkGvEYYv7Lz6Imk9ubeIcRv/yyAt5x+feLoLzEz0KR3obNHkqxdyHtZkUS69lfz3jQmSIS1hqc0hgPEEpVucxfgeTZ4/740Lia2+K3M8k5 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Jun 2017 16:39:02.4122 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/14/2017 11:24 AM, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: >> When Secure Memory Encryption is enabled, the trampoline area must not >> be encrypted. A CPU running in real mode will not be able to decrypt >> memory that has been encrypted because it will not be able to use addresses >> with the memory encryption mask. >> >> A recent change that added a new system_state value exposed a warning >> issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. >> At the stage where the trampoline area is decrypted, the system_state is >> now SYSTEM_SCHEDULING. The check was changed to issue a warning if the >> system_state is greater than or equal to SYSTEM_RUNNING. > > This piece along with the hunk touching system_state absolutely needs to > be a separate patch as it is unrelated. Yup, will do. Thanks, Tom > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active Date: Wed, 14 Jun 2017 11:38:57 -0500 Message-ID: References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> <20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net> <20170614162416.ksa54esy5ql7sjgz@pd.tnic> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170614162416.ksa54esy5ql7sjgz-fF5Pk5pvG8Y@public.gmane.org> Content-Language: en-US Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Borislav Petkov Cc: linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Andy List-Id: linux-efi@vger.kernel.org On 6/14/2017 11:24 AM, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: >> When Secure Memory Encryption is enabled, the trampoline area must not >> be encrypted. A CPU running in real mode will not be able to decrypt >> memory that has been encrypted because it will not be able to use addresses >> with the memory encryption mask. >> >> A recent change that added a new system_state value exposed a warning >> issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. >> At the stage where the trampoline area is decrypted, the system_state is >> now SYSTEM_SCHEDULING. The check was changed to issue a warning if the >> system_state is greater than or equal to SYSTEM_RUNNING. > > This piece along with the hunk touching system_state absolutely needs to > be a separate patch as it is unrelated. Yup, will do. Thanks, Tom > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f71.google.com (mail-pg0-f71.google.com [74.125.83.71]) by kanga.kvack.org (Postfix) with ESMTP id 04A536B0279 for ; Wed, 14 Jun 2017 12:39:09 -0400 (EDT) Received: by mail-pg0-f71.google.com with SMTP id k71so4998560pgd.6 for ; Wed, 14 Jun 2017 09:39:08 -0700 (PDT) Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0062.outbound.protection.outlook.com. [104.47.38.62]) by mx.google.com with ESMTPS id a33si309916plc.382.2017.06.14.09.39.08 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 14 Jun 2017 09:39:08 -0700 (PDT) Subject: Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> <20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net> <20170614162416.ksa54esy5ql7sjgz@pd.tnic> From: Tom Lendacky Message-ID: Date: Wed, 14 Jun 2017 11:38:57 -0500 MIME-Version: 1.0 In-Reply-To: <20170614162416.ksa54esy5ql7sjgz@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Borislav Petkov Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Rik van Riel , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Larry Woodman , Brijesh Singh , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Dave Young , Thomas Gleixner , Dmitry Vyukov On 6/14/2017 11:24 AM, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: >> When Secure Memory Encryption is enabled, the trampoline area must not >> be encrypted. A CPU running in real mode will not be able to decrypt >> memory that has been encrypted because it will not be able to use addresses >> with the memory encryption mask. >> >> A recent change that added a new system_state value exposed a warning >> issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. >> At the stage where the trampoline area is decrypted, the system_state is >> now SYSTEM_SCHEDULING. The check was changed to issue a warning if the >> system_state is greater than or equal to SYSTEM_RUNNING. > > This piece along with the hunk touching system_state absolutely needs to > be a separate patch as it is unrelated. Yup, will do. Thanks, Tom > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-bl2nam02on0072.outbound.protection.outlook.com ([104.47.38.72] helo=NAM02-BL2-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dLBKK-00018b-JD for kexec@lists.infradead.org; Wed, 14 Jun 2017 16:39:30 +0000 Subject: Re: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> <20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net> <20170614162416.ksa54esy5ql7sjgz@pd.tnic> From: Tom Lendacky Message-ID: Date: Wed, 14 Jun 2017 11:38:57 -0500 MIME-Version: 1.0 In-Reply-To: <20170614162416.ksa54esy5ql7sjgz@pd.tnic> Content-Language: en-US List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Borislav Petkov Cc: linux-efi@vger.kernel.org, Brijesh Singh , Toshimitsu Kani , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Matt Fleming , x86@kernel.org, linux-mm@kvack.org, Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch@vger.kernel.org, kvm@vger.kernel.org, Jonathan Corbet , Joerg Roedel , linux-doc@vger.kernel.org, kasan-dev@googlegroups.com, Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Andy Lutomirski , Thomas Gleixner , Dmitry Vyukov , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, "Michael S. Tsirkin" , Paolo Bonzini On 6/14/2017 11:24 AM, Borislav Petkov wrote: > On Wed, Jun 07, 2017 at 02:17:09PM -0500, Tom Lendacky wrote: >> When Secure Memory Encryption is enabled, the trampoline area must not >> be encrypted. A CPU running in real mode will not be able to decrypt >> memory that has been encrypted because it will not be able to use addresses >> with the memory encryption mask. >> >> A recent change that added a new system_state value exposed a warning >> issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. >> At the stage where the trampoline area is decrypted, the system_state is >> now SYSTEM_SCHEDULING. The check was changed to issue a warning if the >> system_state is greater than or equal to SYSTEM_RUNNING. > > This piece along with the hunk touching system_state absolutely needs to > be a separate patch as it is unrelated. Yup, will do. Thanks, Tom > _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec