From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752819AbcFIQQ5 (ORCPT ); Thu, 9 Jun 2016 12:16:57 -0400 Received: from mail-bl2on0089.outbound.protection.outlook.com ([65.55.169.89]:23343 "EHLO na01-bl2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751962AbcFIQQx (ORCPT ); Thu, 9 Jun 2016 12:16:53 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v1 10/18] x86/efi: Access EFI related tables in the clear To: Matt Fleming References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> <20160426225740.13567.85438.stgit@tlendack-t1.amdoffice.net> <20160510134358.GR2839@codeblueprint.co.uk> <20160510135758.GA16783@pd.tnic> <5734C97D.8060803@amd.com> <57446B27.20406@amd.com> <20160525193011.GC2984@codeblueprint.co.uk> <5746FE16.9070408@amd.com> <20160608100713.GU2658@codeblueprint.co.uk> CC: Borislav Petkov , Leif Lindholm , Mark Salter , Daniel Kiper , , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Ingo Molnar , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov , Ard Biesheuvel From: Tom Lendacky Message-ID: <57599668.20000@amd.com> Date: Thu, 9 Jun 2016 11:16:40 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <20160608100713.GU2658@codeblueprint.co.uk> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BLUPR0401CA0040.namprd04.prod.outlook.com (10.162.114.178) To CY1PR1201MB1114.namprd12.prod.outlook.com (10.169.19.18) X-MS-Office365-Filtering-Correlation-Id: 1dfe94db-c029-4e91-95e1-08d39081754d X-Microsoft-Exchange-Diagnostics: 1;CY1PR1201MB1114;2:0JFH7z2IRPx+pOAiTy9xQH/dAV36z5QrFbuykp5h/unD1v5ZVNgkQMMIdyBhH0SPQh7HVekt9J3s1CqGkDQZsThir1dOIDJ+w82b4lQLcNebftHGxbjcybGpnH6sagfinyT1EmMcxxfyEOaVmYqtem6gtsYfKFNod6ON6wYmBaCT3Uwllritcui/jjBuBJ6+;3:TQKaw3p4HNTl+x+NRNrnrE5MsW9lZbRAEPomO0KXgFlR8e5xujCCwdPidlEzrQRfwFGPWcBQheCamL/2uyoGmPOP94KBs0Ro8yojnOLjx5CWgdV6jjmFzOcjaygIXswx X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY1PR1201MB1114; X-Microsoft-Exchange-Diagnostics: 1;CY1PR1201MB1114;25:xOT5kjpoKvF47B4f98j519RaM/3iUD5KpR7xcZWU61/uf49e9xkbPy6Zu8p9jX0ECZIqML/WzAwMHC5J6B+iYJliGZ0fWHSbmcu9jzqA5bw+v5vVP0UlD/d9epiXRAbtgZeBRL9aGvAuPAFmWxExM+lIXXtQcg/6vAZ7Zu1XUBM9Ku7n4om7cv8KyXMScpoCoOSrYP7ElBkyoM2wcShLCqE0sp/SNyh6xdkZxSoRROBAZMqpNzdmTxkA2RhTaKR8LM7OiD9VdbXuVMrCgOUGW6YjcKNHwsc5rm4Amt4Y/+I6n367CnrfAqJcjpT7AbpT5mEDVDydkpUV4xJskG1xF48Lxl4d+rdJU0GeZ3BLN13si1vfwmwNroEXN4sr4xQp3jXnI8LDn9LEp6xzsbNPmmxrn2qbd2rJrDEbn9y3FQmdPXIYT+EXnH5l5Xui0MIvGQ7XF9nSiva/CVQt1IlgmarhRZ9GJH3bQQCgrypwLQcxD059ULjwdHfL1uL69d8O7taJnzg4Hj1Y6q/dgfI9rPENrD68Um1Qcs6KY0Ou7Lm1NwGHC1G3Y+yRYhXx7ezKkIqGcWZiY/sbXCU6hSAhXAtEHeXIanIdNgfqLB11ghjIaeM6jf0gcIXSUiGH2m1YWCmanaHsGgG82Ex33Q2DY6+mFYW6bqx1gezj/eRXCrR16t8OTTzs+4jFHdE1D6/GwupkKiL2h17zKRseKziFyxz67/9sfTeYIpZRlQQCxwU= X-Microsoft-Exchange-Diagnostics: 1;CY1PR1201MB1114;20:UvU6HcKmp2gxG9/UyoJSHC3zuvHKYdOdVYC9rSCiyhLgElUGi1SCS7tXcU6GAWkACHLjEv7n0JMExPbjdoezQiBpRJ8ah2cYXp4fqzsIEFbQpmbSn0InzzE6025+BSUkwsS6HhvKR04xWbge40Fjrd1l7GY1Y6aOZOXK9Nk/cdh2iGJZSH17++YvXygdCekXa2P8TPyCjdwN/RzfUjn/Ip1zj+U1+TSDyTKa9omPxhe/u2OvFjM26SUQsIrGKPowjzN3p7TF/sbHjT6kosLR4HlDw6uUGY1lTz5yk5/fSaHPGb27Xmke59tQRnVPzAos4dH+G+BQBVK+5hbTV9reNQvFtwobsVb59s+468/fnwXcQsVvqxLuKgPTrvNoZsAqAAIBA2zTAWH7eRPCQDDM6Riz8PrwbkEzwikNPxaQLw2GLqsVdQrEIrwlYXMgyyCRlwd8GbDvgxEeGuScOFa4XvfW7jelIMihA854SQRlZM3/8rUP8JYOHa3lJp3g+ql2;4:5ixYoIH8We+S0/uj6BcWysldpx2GlLPAFlRw1rZuLYgp/ijUMCmu5a/oJpy9tg7KSpvdAra5voi/6PJxP1ukjNpgd8bCv8sme9Eu6lhV8PoyOr8XhgxU2w+nNqwHhle/NWmsD9B36K/1L14JizP939MSD8ZbVwMksDKHh/LG4bUjwUL37f7edOx+lw/gKIaEC+2TTvBwXtLDMVDQHkbZhls//ec48EiF/Syvj/xM/EEzAWOus9alKmBlJFg9px4CmgHyMod9t3qHJ37HvTrPm36btAw5VCCuDd/qq/QFkvI0Za0Y8EbV/yhd30E2mFAo+sfoxUVk2wAfhVMZ2mEhfK0KB8qUv11Y3+LRjsCs54cJXUO8c7ZSlhSiIDptCwg/HKhQaUUoIFxN7MUZMBsOYg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026);SRVR:CY1PR1201MB1114;BCL:0;PCL:0;RULEID:;SRVR:CY1PR1201MB1114; X-Forefront-PRVS: 0968D37274 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(199003)(189002)(24454002)(69224002)(377454003)(47776003)(77096005)(101416001)(64126003)(2906002)(42186005)(83506001)(3846002)(586003)(23746002)(6116002)(189998001)(65956001)(93886004)(4001350100001)(76176999)(65806001)(230700001)(50466002)(110136002)(97736004)(122286003)(106356001)(65816999)(50986999)(8676002)(36756003)(68736007)(92566002)(66066001)(5004730100002)(54356999)(81156014)(86362001)(2950100001)(117636001)(81166006)(105586002)(5890100001)(4326007)(5008740100001)(217873001)(62816006);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR1201MB1114;H:[10.236.18.82];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;CY1PR1201MB1114;23:4q0zvKa+XprEzVmo5hxMIpChUCstt6AnB7/?= =?Windows-1252?Q?z4dVi4zC0Kia8Ebl2h/fiGW4AEqoAQ6N3YG9hy8nDinwLuvwIzkjIyZr?= =?Windows-1252?Q?IDQ49HgUyD54S/FF1l+Zb8lLLEuENDzEyJrjX+XoIX9Mk35BYPX9Aelt?= =?Windows-1252?Q?blroXIMRfthjK3XxTs4nDvJSPZnN22tk1qUS6g4vk/8Xt+A79RpreoAU?= =?Windows-1252?Q?MToFzvPdBr14OIDC0/4Rw77xBQmxtEa35n1Isglh1ZbaSOcN/NyX5yLp?= =?Windows-1252?Q?22Ie4ASzD1uxKJGLte4PI4rfu6sTyr8pj3UxH9cDiRm5xGKNf75A0m5g?= =?Windows-1252?Q?dfnt20o//gk15zHoGdBg9bRe7cNUZdmbGhVp0GlchjYDf0Odpu1V+vpY?= =?Windows-1252?Q?tvj4iwEc3PCGC7ORBeDPZjmhJA7V71NKONavlYiyC2xa5J7DSZcDWjkd?= =?Windows-1252?Q?sU/cs290HTeVQsVlys+dWY+T/RfghSvAV6svBxDCUGOaggAAtQdoVP7r?= =?Windows-1252?Q?hREvgz1TTxZRrE1oCdhqmyp4UuLu/z2MRt9kfG1oETyofkBxIJylzbXH?= =?Windows-1252?Q?rydrsFn3lB8hPwcyEefUA1sp12/+ykVz/1BMlCYbJpOOiMNZ6uxfgkXA?= =?Windows-1252?Q?gwq4kwDeBmPBv7K+49SH7BU1MCo64C62Lbaro/xt0v6+RRlVI7D/eUw5?= =?Windows-1252?Q?HG3NuLvy5t8+LfHiTdzTQNYB74Swset5UgvOXjKmNBUdWjenruXJFQ00?= =?Windows-1252?Q?/qm/IwXgl1fCExQbGm4Rn7MlTr0VKjE+/uWOL+8F5LaxyqvlVct0TkYJ?= =?Windows-1252?Q?HacnRG5u9j5V9qluLBWdWjMh9HshqQnHlWtp9gV0CoWAeVWPg2rVQNdm?= =?Windows-1252?Q?suyf6G8ryxuotp5aLBVkBk9sB4wZ4VJwcxx517WxWBcfguN9O/YsaZAi?= =?Windows-1252?Q?cgcS/vB3baRflYQe4k1FcjPNy1t/5k3XFKo+50pz2KF+IGNgMHsXSJ0E?= =?Windows-1252?Q?cGkHjDjqAeVB5QeHkJSLYeTWzuqNbn02Zk4VN+6czAlSm+eH+PsdA2SF?= =?Windows-1252?Q?3IkImYwGTDbE2a5Q/YIJ9Grc3ORJMhkdbVyY41gQ4YpP25XtQsxhp7CJ?= =?Windows-1252?Q?h5n/xWbd8zARxY2Vygou65PZjam7APGqzl9xTm2SoMxWeButuwX9s0OL?= =?Windows-1252?Q?ki4IEuAqJKDVJHRJm9b963VPKV2iJEQSKb3hWxIriX9MEyyKVcEA0v1E?= =?Windows-1252?Q?mmPhQCOOc1arOHFkUriW0+7l/j/jpipmZPrYzHeLX7aCmkuIeHtJSvrj?= =?Windows-1252?Q?aLHz71UrRPfLopjnpRNwyTY/ElQACCniWtj4s++mwy4fG2HssMvWqPRe?= =?Windows-1252?Q?mviHsiJF6WZ4VO1QFvAWTp9aNm8xth7D/ZA=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1;CY1PR1201MB1114;5:UJqcFktC7mkKLAELhSpX7Ma4an9CdBkqNJsVQ3gXBZxeTS7vxe4Sgvs3oOQ7UWYCSyowL/gjzcl4xf2V5aYN2VJRj3h8QU/aWM7gWiMcsifHR79kmIHjrDuFQZ+w4sdNUAAOOGtIcMjJgktXaw6zrw==;24:jrfnbsQGv/1O9KIXNcgmBXaLz1QAhF4rF4n702o+7dmt9Q+Y7mtv19wB3oiHFQGIVKcayVNprHY7nESoETYyy44YdfL1DEpDy8j3qQ65WQE=;7:pJhJcdCtU0ImcuFLZele82AgLYFlPHmc3KiEKd0YpJr8xQHu2oOPWG1WV40fQ6o9imu2NjGMBDaS2Lq9w4y9Keqw2Eby9DFUmEP5kGj+ougYbID1RIZcEFSuRTEQiArg5/Eqx86UD1AAcl6Uar5i8pTItBxrj7hQQVY5vTzMC9lYBHePFx6cYmrvq4sH6ZCb0gQK2gie63aC5vfXe0nCZm3aBCo0x4l5L61xLVUq0Pc=;20:GdrYWyAdlodZ4xq49qxXNoZQiFXRRIk05o5lmayTvLm7qE7LrQFLVPd55ocFK9uIdsmeTeOSptiMXhgkFlab6wQMZE49XMvwgNNumXVvBfO1RD5xkHQ/NS0Byd9ftCjUY+He4lCt+5MjXUwG9GB4Y7HD9iu3eU6DRn0fKCAeHsgZpOzJRTu70Iv2ZzjoNz1/NVH6KbNpY3m7Wa0wFi7tdZ0rulZXdyQ9Fxja3bn0KTN2TkOH3ygntHyDsZXBGu6Z SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2016 16:16:45.5695 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR1201MB1114 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/08/2016 05:07 AM, Matt Fleming wrote: > (Sorry for the delay) No worries, thanks for all the feedback. > > On Thu, 26 May, at 08:45:58AM, Tom Lendacky wrote: >> >> The patch in question is patch 6/18 where PAGE_KERNEL is changed to >> include the _PAGE_ENC attribute (the encryption mask). This now >> makes FIXMAP_PAGE_NORMAL contain the encryption mask while >> FIXMAP_PAGE_IO does not. In this way, anything mapped using the >> early_ioremap call won't be mapped encrypted. > > There are semantics attached to early_ioremap() that do not apply in > this case; that you're mapping an MMIO region but for EFI we just care > about noting where the firmware (not the kernel) populated the region > with data. Similar problems exist for other early boot code such as > the devicetree stuff. > > early_ioremap() is not the answer. > > What you really want is just some way to distinguish kernel-owned > regions from those owned by "somebody else". > > I have no problem updating early_memremap() to take a @flags argument > to make that distinction, provided that the naming is generic and not > tied to AMD's SME technology via an "sme" prefix/suffix. So maybe something along the lines of an enum that would have entries (initially) like KERNEL_DATA (equal to zero) and EFI_DATA. Others could be added later as needed. Would you then want to allow the protection attributes to be updated by architecture specific code through something like a __weak function? In the x86 case I can add this function as a non-SME specific function that would initially just have the SME-related mask modification in it. Thanks, Tom > > And making it generic should allow it to be easily sprinkled into the > shared architecture code in drivers/firmware/efi/ without issue. > > I'm going to follow up with some additional comments/questions on > PATCH 10. >