From: Borislav Petkov <bp@alien8.de>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
kasan-dev@googlegroups.com, linux-mm@kvack.org,
iommu@lists.linux-foundation.org,
"Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Dave Young" <dyoung@redhat.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: Re: [PATCH v5 28/32] x86/mm, kexec: Allow kexec to be used with SME
Date: Wed, 17 May 2017 21:17:55 +0200 [thread overview]
Message-ID: <20170517191755.h2xluopk2p6suw32@pd.tnic> (raw)
In-Reply-To: <20170418212121.10190.94885.stgit@tlendack-t1.amdoffice.net>
On Tue, Apr 18, 2017 at 04:21:21PM -0500, Tom Lendacky wrote:
> Provide support so that kexec can be used to boot a kernel when SME is
> enabled.
>
> Support is needed to allocate pages for kexec without encryption. This
> is needed in order to be able to reboot in the kernel in the same manner
> as originally booted.
>
> Additionally, when shutting down all of the CPUs we need to be sure to
> flush the caches and then halt. This is needed when booting from a state
> where SME was not active into a state where SME is active (or vice-versa).
> Without these steps, it is possible for cache lines to exist for the same
> physical location but tagged both with and without the encryption bit. This
> can cause random memory corruption when caches are flushed depending on
> which cacheline is written last.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> arch/x86/include/asm/init.h | 1 +
> arch/x86/include/asm/irqflags.h | 5 +++++
> arch/x86/include/asm/kexec.h | 8 ++++++++
> arch/x86/include/asm/pgtable_types.h | 1 +
> arch/x86/kernel/machine_kexec_64.c | 35 +++++++++++++++++++++++++++++++++-
> arch/x86/kernel/process.c | 26 +++++++++++++++++++++++--
> arch/x86/mm/ident_map.c | 11 +++++++----
> include/linux/kexec.h | 14 ++++++++++++++
> kernel/kexec_core.c | 7 +++++++
> 9 files changed, 101 insertions(+), 7 deletions(-)
...
> @@ -86,7 +86,7 @@ static int init_transition_pgtable(struct kimage *image, pgd_t *pgd)
> set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
> }
> pte = pte_offset_kernel(pmd, vaddr);
> - set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
> + set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, PAGE_KERNEL_EXEC_NOENC));
> return 0;
> err:
> free_transition_pgtable(image);
> @@ -114,6 +114,7 @@ static int init_pgtable(struct kimage *image, unsigned long start_pgtable)
> .alloc_pgt_page = alloc_pgt_page,
> .context = image,
> .pmd_flag = __PAGE_KERNEL_LARGE_EXEC,
> + .kernpg_flag = _KERNPG_TABLE_NOENC,
> };
> unsigned long mstart, mend;
> pgd_t *level4p;
> @@ -597,3 +598,35 @@ void arch_kexec_unprotect_crashkres(void)
> {
> kexec_mark_crashkres(false);
> }
> +
> +int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp)
> +{
> + int ret;
> +
> + if (sme_active()) {
if (!sme_active())
return 0;
/*
* If SME...
> + /*
> + * If SME is active we need to be sure that kexec pages are
> + * not encrypted because when we boot to the new kernel the
> + * pages won't be accessed encrypted (initially).
> + */
> + ret = set_memory_decrypted((unsigned long)vaddr, pages);
> + if (ret)
> + return ret;
> +
> + if (gfp & __GFP_ZERO)
> + memset(vaddr, 0, pages * PAGE_SIZE);
This function is called after alloc_pages() which already zeroes memory
when __GFP_ZERO is supplied.
If you need to clear the memory *after* set_memory_encrypted() happens,
then you should probably mask out __GFP_ZERO before the alloc_pages()
call so as not to do it twice.
> + }
> +
> + return 0;
> +}
> +
> +void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages)
> +{
> + if (sme_active()) {
> + /*
> + * If SME is active we need to reset the pages back to being
> + * an encrypted mapping before freeing them.
> + */
> + set_memory_encrypted((unsigned long)vaddr, pages);
> + }
> +}
> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
> index 0bb8842..f4e5de6 100644
> --- a/arch/x86/kernel/process.c
> +++ b/arch/x86/kernel/process.c
> @@ -24,6 +24,7 @@
> #include <linux/cpuidle.h>
> #include <trace/events/power.h>
> #include <linux/hw_breakpoint.h>
> +#include <linux/kexec.h>
> #include <asm/cpu.h>
> #include <asm/apic.h>
> #include <asm/syscalls.h>
> @@ -355,8 +356,25 @@ bool xen_set_default_idle(void)
> return ret;
> }
> #endif
> +
> void stop_this_cpu(void *dummy)
> {
> + bool do_wbinvd_halt = false;
> +
> + if (kexec_in_progress && boot_cpu_has(X86_FEATURE_SME)) {
> + /*
> + * If we are performing a kexec and the processor supports
> + * SME then we need to clear out cache information before
> + * halting. With kexec, going from SME inactive to SME active
> + * requires clearing cache entries so that addresses without
> + * the encryption bit set don't corrupt the same physical
> + * address that has the encryption bit set when caches are
> + * flushed. Perform a wbinvd followed by a halt to achieve
> + * this.
> + */
> + do_wbinvd_halt = true;
> + }
> +
> local_irq_disable();
> /*
> * Remove this CPU:
> @@ -365,8 +383,12 @@ void stop_this_cpu(void *dummy)
> disable_local_APIC();
> mcheck_cpu_clear(this_cpu_ptr(&cpu_info));
>
> - for (;;)
> - halt();
> + for (;;) {
> + if (do_wbinvd_halt)
> + native_wbinvd_halt();
No need for that native_wbinvd_halt() thing:
for (;;) {
if (do_wbinvd)
wbinvd();
halt();
}
> /*
> diff --git a/arch/x86/mm/ident_map.c b/arch/x86/mm/ident_map.c
> index 04210a2..2c9fd3e 100644
> --- a/arch/x86/mm/ident_map.c
> +++ b/arch/x86/mm/ident_map.c
> @@ -20,6 +20,7 @@ static void ident_pmd_init(struct x86_mapping_info *info, pmd_t *pmd_page,
> static int ident_pud_init(struct x86_mapping_info *info, pud_t *pud_page,
> unsigned long addr, unsigned long end)
> {
> + unsigned long kernpg_flag = info->kernpg_flag ? : _KERNPG_TABLE;
You're already supplying a x86_mapping_info and thus you can init
kernpg_flag to default _KERNPG_TABLE and override it in the SME+kexec
case, as you already do. And this way you can simply do:
set_pud(pud, __pud(__pa(pmd) | info->kernpg_flag));
here and in the other pagetable functions I've snipped below, and save
yourself some lines.
...
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2017-05-17 19:18 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-18 21:16 [PATCH v5 00/32] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-04-18 21:16 ` [PATCH v5 01/32] x86: Documentation for AMD Secure Memory Encryption (SME) Tom Lendacky
2017-04-19 9:02 ` Borislav Petkov
2017-04-19 14:23 ` Tom Lendacky
2017-04-19 15:38 ` Borislav Petkov
2017-04-19 9:52 ` David Howells
2017-04-18 21:16 ` [PATCH v5 02/32] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-04-18 21:16 ` [PATCH v5 03/32] x86, mpparse, x86/acpi, x86/PCI, SFI: Use memremap for RAM mappings Tom Lendacky
2017-04-18 21:17 ` [PATCH v5 04/32] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-04-18 21:17 ` [PATCH v5 05/32] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-04-20 16:59 ` Borislav Petkov
2017-04-20 17:29 ` Tom Lendacky
2017-04-20 18:52 ` Borislav Petkov
2017-04-18 21:17 ` [PATCH v5 06/32] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-04-27 15:46 ` Borislav Petkov
2017-05-04 14:24 ` Tom Lendacky
2017-05-04 14:36 ` Borislav Petkov
2017-05-16 19:28 ` Tom Lendacky
2017-05-17 7:05 ` Borislav Petkov
2017-04-18 21:17 ` [PATCH v5 07/32] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-04-21 14:55 ` Borislav Petkov
2017-04-21 21:40 ` Tom Lendacky
2017-04-18 21:17 ` [PATCH v5 08/32] x86/mm: Simplify p[g4um]d_page() macros Tom Lendacky
2017-04-18 21:17 ` [PATCH v5 09/32] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-04-21 21:52 ` Dave Hansen
2017-04-24 15:53 ` Tom Lendacky
2017-04-24 15:57 ` Dave Hansen
2017-04-24 16:10 ` Tom Lendacky
2017-04-27 16:12 ` Borislav Petkov
2017-05-04 14:34 ` Tom Lendacky
2017-05-04 17:01 ` Borislav Petkov
2017-04-18 21:18 ` [PATCH v5 10/32] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-04-18 21:18 ` [PATCH v5 11/32] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-04-18 21:18 ` [PATCH v5 12/32] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-05-04 10:16 ` Borislav Petkov
2017-05-04 14:39 ` Tom Lendacky
2017-04-18 21:18 ` [PATCH v5 13/32] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-05-05 17:11 ` Borislav Petkov
2017-05-06 7:48 ` Ard Biesheuvel
2017-04-18 21:18 ` [PATCH v5 14/32] efi: Add an EFI table address match function Tom Lendacky
2017-05-15 18:09 ` Borislav Petkov
2017-05-16 21:53 ` Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 15/32] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-05-07 17:18 ` Borislav Petkov
2017-05-08 13:20 ` Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 16/32] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 17/32] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-05-15 18:35 ` Borislav Petkov
2017-05-17 18:54 ` Tom Lendacky
2017-05-18 9:02 ` Borislav Petkov
2017-05-19 20:50 ` Tom Lendacky
2017-05-21 7:16 ` Borislav Petkov
2017-05-30 16:46 ` Tom Lendacky
2017-05-31 11:31 ` Borislav Petkov
2017-05-18 19:50 ` Matt Fleming
2017-05-26 16:22 ` Tom Lendacky
2017-05-26 16:35 ` Borislav Petkov
2017-05-30 17:47 ` Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 18/32] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-05-16 8:36 ` Borislav Petkov
2017-05-17 20:26 ` Tom Lendacky
2017-05-18 9:03 ` Borislav Petkov
2017-04-18 21:19 ` [PATCH v5 19/32] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-05-16 14:04 ` Borislav Petkov
2017-05-19 19:52 ` Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 20/32] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-04-18 21:19 ` [PATCH v5 21/32] x86, realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-04-18 21:20 ` [PATCH v5 22/32] x86, swiotlb: DMA support for memory encryption Tom Lendacky
2017-05-16 14:27 ` Borislav Petkov
2017-05-19 19:54 ` Tom Lendacky
2017-04-18 21:20 ` [PATCH v5 23/32] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-05-16 14:52 ` Borislav Petkov
2017-05-19 19:55 ` Tom Lendacky
2017-04-18 21:20 ` [PATCH v5 24/32] iommu/amd: Disable AMD IOMMU if memory encryption is active Tom Lendacky
2017-04-18 21:20 ` [PATCH v5 25/32] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-04-18 21:20 ` [PATCH v5 26/32] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-05-16 17:35 ` Borislav Petkov
2017-05-30 20:07 ` Tom Lendacky
2017-04-18 21:21 ` [PATCH v5 27/32] kvm: x86: svm: Enable Secure Memory Encryption within KVM Tom Lendacky
2017-04-18 21:21 ` [PATCH v5 28/32] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-05-17 19:17 ` Borislav Petkov [this message]
2017-05-19 20:45 ` Tom Lendacky
2017-05-19 20:58 ` Borislav Petkov
2017-05-19 21:07 ` Tom Lendacky
2017-05-19 21:28 ` Borislav Petkov
2017-05-19 21:38 ` Tom Lendacky
2017-05-26 4:17 ` Xunlei Pang
2017-05-27 2:17 ` Dave Young
2017-05-30 17:46 ` Tom Lendacky
2017-05-31 10:01 ` Borislav Petkov
2017-05-31 15:03 ` Xunlei Pang
2017-05-31 15:48 ` Borislav Petkov
2017-04-18 21:21 ` [PATCH v5 29/32] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-05-18 12:46 ` Borislav Petkov
2017-05-25 22:24 ` Tom Lendacky
2017-05-26 16:25 ` Borislav Petkov
2017-05-30 16:39 ` Tom Lendacky
2017-05-31 9:51 ` Borislav Petkov
2017-05-31 13:12 ` Tom Lendacky
2017-04-18 21:22 ` [PATCH v5 30/32] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-04-18 21:22 ` [PATCH v5 31/32] x86: Add sysfs support for Secure Memory Encryption Tom Lendacky
2017-04-21 21:55 ` Dave Hansen
2017-04-27 7:25 ` Dave Young
2017-04-27 15:52 ` Dave Hansen
2017-04-28 5:32 ` Dave Young
2017-05-04 14:17 ` Tom Lendacky
2017-05-04 14:13 ` Tom Lendacky
2017-05-18 17:01 ` Borislav Petkov
2017-05-26 2:49 ` Dave Young
2017-05-26 5:04 ` Xunlei Pang
2017-05-26 15:47 ` Tom Lendacky
2017-04-18 21:22 ` [PATCH v5 32/32] x86/mm: Add support to make use of " Tom Lendacky
2017-04-21 18:56 ` Tom Lendacky
2017-05-19 11:30 ` Borislav Petkov
2017-05-19 20:16 ` Josh Poimboeuf
2017-05-19 20:29 ` Borislav Petkov
2017-05-30 15:48 ` Tom Lendacky
2017-05-31 9:15 ` Borislav Petkov
2017-05-30 15:46 ` Tom Lendacky
2017-05-19 11:27 ` Borislav Petkov
2017-05-30 14:38 ` Tom Lendacky
2017-05-30 14:55 ` Borislav Petkov
2017-05-30 15:37 ` Tom Lendacky
2017-05-31 8:49 ` Borislav Petkov
2017-05-31 13:37 ` Tom Lendacky
2017-05-31 14:12 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170517191755.h2xluopk2p6suw32@pd.tnic \
--to=bp@alien8.de \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=brijesh.singh@amd.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).