From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1758018AbdDRVTg (ORCPT <rfc822;w@1wt.eu>);
        Tue, 18 Apr 2017 17:19:36 -0400
Received: from mail-bl2nam02on0044.outbound.protection.outlook.com ([104.47.38.44]:61361
        "EHLO NAM02-BL2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S932937AbdDRVTZ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Apr 2017 17:19:25 -0400
Authentication-Results: vger.kernel.org; dkim=none (message not signed)
 header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com;
From: Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH v5 16/32] x86/efi: Update EFI pagetable creation to work
 with SME
To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
        <kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>, <x86@kernel.org>,
        <kexec@lists.infradead.org>, <linux-kernel@vger.kernel.org>,
        <kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
        <iommu@lists.linux-foundation.org>
CC: Rik van Riel <riel@redhat.com>,
        Radim =?utf-8?b?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,
        Toshimitsu Kani <toshi.kani@hpe.com>, Arnd Bergmann <arnd@arndb.de>,
        Jonathan Corbet <corbet@lwn.net>,
        Matt Fleming <matt@codeblueprint.co.uk>,
        "Michael S. Tsirkin" <mst@redhat.com>, Joerg Roedel <joro@8bytes.org>,
        Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Larry Woodman <lwoodman@redhat.com>,
        Brijesh Singh <brijesh.singh@amd.com>, Ingo Molnar <mingo@redhat.com>,
        Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>,
        Alexander Potapenko <glider@google.com>,
        Dave Young <dyoung@redhat.com>, Thomas Gleixner <tglx@linutronix.de>,
        Dmitry Vyukov <dvyukov@google.com>
Date: Tue, 18 Apr 2017 16:19:10 -0500
Message-ID: <20170418211910.10190.38527.stgit@tlendack-t1.amdoffice.net>
In-Reply-To: <20170418211612.10190.82788.stgit@tlendack-t1.amdoffice.net>
References: <20170418211612.10190.82788.stgit@tlendack-t1.amdoffice.net>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [165.204.77.1]
X-ClientProxiedBy: MWHPR1701CA0024.namprd17.prod.outlook.com (10.172.58.34) To
 CY4PR12MB1144.namprd12.prod.outlook.com (10.168.164.136)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2a382294-2156-46b2-f576-08d486a091e6
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:CY4PR12MB1144;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;3:Pmcs/ucdUXzIGJ5sqRFDFLjaJPsvAvvj/QVIvWBxTMpc2NSLo3C0qqZ/upZH8J7IngQN7jnbPbkZmqNaFtAY//hW+Vj9UcuKFLCwi1bsBFFyKXzGAggwQejyYZ6mr3Cz/IqPyJrvcZDv4lMqvdOea83/akTWYz69UZLovFC5eeCbser8j06d+cpTDBID7vjmbh5jK84efwtlfJukn8zuEa/3MGlnbN8MLU9ZrXCGlt7R1lP53XTpzDv/FKS5swN+TRmIGHzCuLukvjn9vekDGI+feSI1JRq54diXKOQFGV3pFljz3N8n0vZ0F6bxaQWK2r0HyvPiCtquZN3nrvUpyArqqo8ZjwnqcACoCjg4kLI=;25:ZQC5XJ1yBg6Bp18s4wrKUU4I8ud/QkT82kMipjgnIjC036/xEQ9eOh1cOrkZesEPoNKeQHoqf4eTCay4cfs0wDqTEO+37fIDquKqVq6dTwmkA43tpTHWsCw7wQODaGq8zrA5leUeOerIH7ufTivUV3sIzsPClsHsR8Q7Lcbe/BreCIBsn4bJZcz3J9cVHHqRrsI5IMuzsAJp5IP6Fk7wcptrpxz8fC0q/3S47jeGNEIkAXuR4n4JR8FwN1klaDYKvnPbTFjNfRC7anW8/o+oQR8YnmVpF65dnOpW1HBh09jkuqHXixieMrluLYOVHbyXkQwVS4wlJItiD0oJqqJYJBPqIqouDWH+CrvuGY/9gdpkBGWRpGZbor8IAd/pVERZGJV2iT4CLeoABj40KNgbD2IdLkafj6el6zGqlekJbEPiqCjrR9Cqer0E+BQ1eaqytLQ/XzbSIJqJhdMoBbc9Ew==
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;31:yxOoxQu6oHGmdCLe2uloPY8Eo0vq3dwXEK1Y3lk7MIKvh/xktlWJ/uHP24ieLT6LqJ/aRfNP5wBLEQbbCpnOSB7UjhG8QSYqq6CaA0SO780siFM/6lfa7IF4inUxdg+aBnLoZg1CX8ELfrFrnoY9HCpVGX2TpnUnm6/ffCK3YlG8jvR31BA1RfVXSazO0CwzJ4tH8RhFZfYzy03552qvqdSJB/b4v8Z1xoL3Y42ZHfQ=;20:PhmpdrFk4bKccAoHqpdm5SJP4M+kkePKDfUm2S6Jw4IaMoz96IZ/C2nIe8K27CjMgfqgvpOZ3vH8xvflJJ9KHmMfGUJaJ6y9Ihox1uOoaba99zqeHMJPx4SlH0ma63qqOnDtcxKlqPtbsjimKwNlfortB2/PL1NlicEDgO/e+rLNUUPnVSaEMlUMJmyb+iOsDEG1jihnFzB7kgGFDpxmdEgCH22YKJYlTdSbbPODyoMpXx/c0eP8lRhlQzzmho6htrZ1024QGkWgLdLZ/uBqnGxWY0ZVCsxSSadYPGn7TKyZi3y9rYoiwUtEV8swptWLVrf15isVqyhWXkGsaVYQi0ilzblRCRWLUeKhA3H6EOAvo/ebL+h+YKd+VugenCEXEyXXjh9BEdk0CKQRZ+BbL07dZf8jvNxA2kZntiUXTTEY5+niSJjSw4iEs44cSDQfO9oBJwWWcei7K/A52GstAgnAjac0qg+QWxzmbky0omHJ6x60spoz2/UTTrj23X8u
X-Microsoft-Antispam-PRVS: <CY4PR12MB1144B762581376F97294C40EEC190@CY4PR12MB1144.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(20161123555025)(20161123560025)(20161123562025)(20161123564025)(6072148);SRVR:CY4PR12MB1144;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1144;
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;4:88RVzu8IYADvoWoOe33WwVUu+L3xzKs+LTDETYxEF5O0QnTyN+BhZtXw4TOpT/V/65Y4iRJH9auq2+hHjbV05eHGYcLfUrli9Fz93vVHnjxlTFivi/fG3TbpIEnnCF/+kp2i8ewiuyQ/ZnTo0ry4hlbiK5IP0SdjIBHpY/t0zHskRy8jSziPsjoLEHMP/bOCZWB6fJqTjeAS8HnUSUbaXbKXJo2SerOppN/fp+GCaaeaklTI0/g+LXPbEgFo8NyGKyu/M9xBrwJhTBblMguC52vdwlIom7fM7NiM+DPyXRTgCQco7uynd5izmnAiGvu4uKSYDcVytsHJiSy4z3ogeVO/ztVRfQAwdUW3YMJI+OjFRwasqveS9vmLQk5fj0h1z5vIBgFDFtSjBButJ2fyOoJZZbfAvPpIezH1M2IEuhLZYpYITvg5fwuFnjILujGzgtuW3sAKtyUAd9iVMQjks2uXXXrz3b6F/qMTZavl6VPyKQO4E2ALrTBMixMg3abP9HHZwTne5H4Ls/qZTl4tfzUoUQcyN9lr+qqPrvRxUcazxtjkUKND7dwhDdgMzCmla34oZzveKiNXGjEByaQlikF60fNgmDpjZPcLEsQIEI2vENB0lezJg0IPE0KgMtEtZKGhjeI9O0aVZ9maFYKRuPOdHANsC8zpf2yQtgnGrtHXZ0wMCJzh/ldjBdqrmS+sF40DELFq1qFg8x7wQ3aX5bCdJelXZEk5jbzy6PmXjQjwjk5xDdo26+QjQyV/GKWXb23jjeHrh+NW2Ozufu2hhQ==
X-Forefront-PRVS: 028166BF91
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(39850400002)(39840400002)(39410400002)(39400400002)(39860400002)(39450400003)(5660300001)(7736002)(1076002)(2201001)(97746001)(305945005)(7416002)(83506001)(2950100002)(25786009)(86362001)(3846002)(6506006)(2906002)(230700001)(7406005)(9686003)(55016002)(4001350100001)(6116002)(189998001)(54906002)(53936002)(54356999)(76176999)(15650500001)(38730400002)(33646002)(50986999)(4326008)(50466002)(66066001)(81166006)(23676002)(103116003)(8676002)(42186005)(47776003)(53416004)(921003)(71626007)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1144;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;MLV:sfv;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQ0OzIzOnlHYk9OUndablVrU1FtRC9NMWx3RnczSzVq?=
 =?utf-8?B?Ly9BM1I3VTJqLzhLYkFjSmUvUDJFKzREcTgxVy9mMHJwNjNCamNrSHZJTWJV?=
 =?utf-8?B?ZkhPemNRWHEycXVMQnUxbmhWVmQxSng0TGp1dWJSYng1RHVxYUsrSFVtQVlu?=
 =?utf-8?B?emFBeXhENW4vSFM3ZVlBdUhYd3NMK01NdVh6YXNQVU54Wk5zeHJueGYxTUVr?=
 =?utf-8?B?Z214YjRjVnI5Snk5MzJKaE00SlRZaHUwbVJCU01zNkh3eXFmM2g3bVg4bGhw?=
 =?utf-8?B?MjBMSW91RmtMYkxmNlFMNGRadkprak84cG5XcHdDQU1OSlhhZDhPdGwvWVNO?=
 =?utf-8?B?MVhJVjRKdFJuSm1xRFhMSGIvT0k2emttbUhETVJ0M1ZSMzRjSU1IK2dReGhX?=
 =?utf-8?B?WGpxZmlRdDJXL1lsOWVkZldsL2pjbm93TE1mVDg0Q0RiVjFucDRrOFJza2dJ?=
 =?utf-8?B?REQ3NEJvMjcreTk1WVB2dVZTUnVUUnlkMDBtd2RBeFJ4NFFLTGNUR1BvNUE2?=
 =?utf-8?B?RGx4cG11dXE1cnJDZks0RWl2dzFXVHlsQlphMzNDR2NwK0FaM0hqekU1bmpn?=
 =?utf-8?B?V3FCZkdSbnhaRUFYUzhZc1ZJcmlCRW1RMFFpK05DbW1nM0llekJnRXZ1Ny9x?=
 =?utf-8?B?eFhJc0J4akEzdkpzcGg3OWpVZW9RdzFXeWl6c2VxMGVMem90V3h5MUVxUmo1?=
 =?utf-8?B?Mm1ZcnBra1hwcExFZ2VMSlpWbXphS2JBeVU4NVU3UGE5ZDlVVmIzdzJFUXh4?=
 =?utf-8?B?V0RqMWU1bS9xZGt3aXZ2d2ZabmlHTk5UZ1FhTjlxeG90QmRmVU5iM1M2TkJo?=
 =?utf-8?B?Ym5FYUVQK2ZuL0JqakFNU2NrajE4NFpuSkJKdEc3djNSS2RFWFdLNFJ4dnEx?=
 =?utf-8?B?Z3lUQnpWMSt0V21Sa0tjVnVsZkVxK25RRFIzMENZUVNSUWQvN204V0lQTGZR?=
 =?utf-8?B?OHZ1cW5yREZsdjI5ZS9RYTVma09RMFdPSXhHV1VmS2l2aXdCYk5JWFVIWXZP?=
 =?utf-8?B?ZUNMY1RZVE9OM1J5enVZWlQ1OEpMR2JWZWFlNW5EeFB5UU9UZExRcGwyUEQ5?=
 =?utf-8?B?TExUUFg1MFl4MC9UNThhbU55bWxiek5uWmhpMVhDckFvRW1td2hEWEtoTjhL?=
 =?utf-8?B?UXhQUmRYK2ZWOGhaNm5uTW04c2MyR054ZHBQS25NVWtxN2ZzbThYM1ZXYmJD?=
 =?utf-8?B?Y2JRVUtTaTUwaTVweUZkQW1ydVRBRWd3UzVBalBTdWt3bXB6TWVOclZJUWxF?=
 =?utf-8?B?ZmtPa2tya1I3SU9KSjdQbE5HczdFRmJYUXdTMG53d0dGcmtaaXJzL29KRXUw?=
 =?utf-8?B?Tkp5cTFHRWVmMVE5OWE5WlFBdEdTRFBmQ3JZQXBPTUtZOUxoc25LdlpEUGI5?=
 =?utf-8?B?cWhsVlRabVJSQTJ1cm9veEFXeURlenFJckowdTR3Tzk3ZjhVRlExVHl4Ui9C?=
 =?utf-8?B?OHVIemFqc0lYYmVHODB3VEdSdnlvdFpzbUhMQ1plbDRFQ3hzR3grZ01PaXRU?=
 =?utf-8?B?dTFEVGtrdlRRN1FpQlZNTDhUdWtsN0l4OHNRQnlzSXJVSkxKMXlEN1k0UHh5?=
 =?utf-8?B?SW5rWHErb3FOK3JnZm4ySDNOT2R2NGw5NTI5OTU2WnFJaEEyNnUyaGVWV2x5?=
 =?utf-8?B?aGNrc0VQYWdIeGlYUkJJeEpTeXVNNDM5b20rRzZWZ3phWWhtN0hmblBpK2Zp?=
 =?utf-8?Q?06/54rQ8GIGxAn2DmA=3D?=
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;6:js3KGEYGvtlgI6R3MhVb3r1wsp+1gACxSz1BXOFZCiTh0avfbYxYu+cy7P0QxD65fOCvWACUEiT1Ymlq9gRlcq0gWj3YegIbEaRzqQOk9O5kTzv3zXrQufUTYV1WkEZgwc0L8JKfY6VRMF+7H/W2XT1aCwWGQxRFf6UkCRELhnQrWRTzEZ0gT96H4xCg8EFY/V0sKto3Urpgioc21wFCfrBIYJlNhc9DitqLKpHKwowFvqQqIIjR+Ej9uqf9bZaHswNmMn3y4tr1CT4tZoaijdxjYoZ2fwfUQ6YoY9pgtByR8GVEjlvUbfPHD3U+xpi/UixGn7AOZVpvcq1ENmEp2v7EvgCjRiTW1PNMYc1JmnGGNXzFoIFyYrCJ9l93V1SF7pyp9DIBViNTue4reE4bGYi9VcAlDMsLx0aLPjU3yERKrbLetT8pBCTU7+4RiALByxzrWv/uFLfBS4OA09RPZb5fmBd5fPybZCgVlCQ4TdA=;5:LJrkiqBusQx7iSyb6yO6XSTwVyHOepV77rfqxH8SZPW/qpBmYzN2OSrw3J9nQGOjlUhiS7TGeeswS6dPbQospFsio8y9Kh0/mOaw+FF675wlHfpQRWJGBWnBHd2f1hNfG1uhUBZ+wIAIPli0oe5L2w==;24:PMS6Oa20WF/kZKZEcVz5lM3GIKYiNoESsUxM55/iEBaxaixHNYwPtyqeEiVcf8ZsKxszYe2cV024zAkf/dO+x3dg5K1FtyPdCmvmN1rdDkI=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;7:to9JYcF9esbmX0VKI0LlpjQGgr8uYJo8Y0KxOJa/bn42I0AmBHDSM9yqyYraHr7oxRf3Fa6YlFoP8h5yvqfayKKIlf+ww9vbISM4KV20Ok7vMzJZmxvFWC0Oz0yXC7r1lnqc8G5cKqHXCQSOA17SdERm0bcNfbK2R1ExYS5rRTCbbIbIgb5zwVNdmMcaAm1HW5WvZrwcCgpNNNw/jLe7PnF6BNYKMyBLKKedMMyAi341a3uwGyq+g/h0eEXCay7fN7riOefcr1igkstYAp5WvDCezrYW+PGfArb+UMoNSZd6F20LOeOOGMJPUzsWLPGhquY5Jd1MZ97nZpGylUYgCg==;20:V2uOw+w20LTy8NLawaqDMw3a8u7lAImlchTMKQgJpUHIyhoIDA6oJWfwPyGFBWk33+gRmC7Xr+M5MNEt5bD8g9Tj/KK+AWUEBweCJvP2bl0f0VVo2hvVoMFJd6DCvbTXhsV1pABiwoa5Yoa1uf1r5SMDETVCpwFdEpspyrGB5OV8+d/RfBulnJntpcIo/6PhsOpQ1oa/suTt4851ZqSinzFCRaNuE3iQ8PiZDLumele9jk7vsqDX5cKI8nx57gvy
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Apr 2017 21:19:13.8190 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1144
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When SME is active, pagetable entries created for EFI need to have the
encryption mask set as necessary.

When the new pagetable pages are allocated they are mapped encrypted. So,
update the efi_pgt value that will be used in cr3 to include the encryption
mask so that the PGD table can be read successfully. The pagetable mapping
as well as the kernel are also added to the pagetable mapping as encrypted.
All other EFI mappings are mapped decrypted (tables, etc.).

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/platform/efi/efi_64.c |   15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index c488625..685881a 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -264,7 +264,7 @@ void efi_sync_low_kernel_mappings(void)
 
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
-	unsigned long pfn, text;
+	unsigned long pfn, text, pf;
 	struct page *page;
 	unsigned npages;
 	pgd_t *pgd;
@@ -272,7 +272,12 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return 0;
 
-	efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);
+	/*
+	 * Since the PGD is encrypted, set the encryption mask so that when
+	 * this value is loaded into cr3 the PGD will be decrypted during
+	 * the pagetable walk.
+	 */
+	efi_scratch.efi_pgt = (pgd_t *)__sme_pa(efi_pgd);
 	pgd = efi_pgd;
 
 	/*
@@ -282,7 +287,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	 * phys_efi_set_virtual_address_map().
 	 */
 	pfn = pa_memmap >> PAGE_SHIFT;
-	if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, _PAGE_NX | _PAGE_RW)) {
+	pf = _PAGE_NX | _PAGE_RW | _PAGE_ENC;
+	if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, pf)) {
 		pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap);
 		return 1;
 	}
@@ -325,7 +331,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	text = __pa(_text);
 	pfn = text >> PAGE_SHIFT;
 
-	if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, _PAGE_RW)) {
+	pf = _PAGE_RW | _PAGE_ENC;
+	if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, pf)) {
 		pr_err("Failed to map kernel text 1:1\n");
 		return 1;
 	}