From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932936AbcFONcr (ORCPT ); Wed, 15 Jun 2016 09:32:47 -0400 Received: from mail-bn1on0070.outbound.protection.outlook.com ([157.56.110.70]:8111 "EHLO na01-bn1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932130AbcFONcm (ORCPT ); Wed, 15 Jun 2016 09:32:42 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v1 10/18] x86/efi: Access EFI related tables in the clear To: Matt Fleming References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> <20160426225740.13567.85438.stgit@tlendack-t1.amdoffice.net> <20160608111844.GV2658@codeblueprint.co.uk> <5759B67A.4000800@amd.com> <20160613135110.GC2658@codeblueprint.co.uk> CC: , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <57615561.4090502@amd.com> Date: Wed, 15 Jun 2016 08:17:21 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <20160613135110.GC2658@codeblueprint.co.uk> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BLUPR0401CA0037.namprd04.prod.outlook.com (10.162.114.175) To BN3PR1201MB1107.namprd12.prod.outlook.com (10.165.77.19) X-MS-Office365-Filtering-Correlation-Id: a8454dbc-3973-46fc-b26e-08d3951f68a1 X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1107;2:wqyHYwCxA4e6x5+g0sil/WjnfQ8rRzC+V5nAJ7WnnNu7bu9cx5+7uJsNqCJsgo+et46AZ65Og5A9oF3GpKA5j0lS65mBWfYfm7aFrtHV9umi5E12S3Latb2YnLMxSZZYrQ6dirBFe20caBQVcT0nbTCaXm50amkRz0wbeFtXX/bzJUlO5aqMvOnucTPhbl5D;3:H/EHGCa8G3ifuViTWM2Nm87b1lkxsSOSaZBIEs/XIw5S0ylZEG/TdyFAIs+XxIOaD1JYfKuM9TGbeQZYbRv2CAZFAjcXlFWsRHBBrmemk5vCKnpWUOtTJcwnrKmtkdT0 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR1201MB1107; X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1107;25:iOdhAtsQnGqQja4WkCMLmAwryEa+8qJ/LZqUM0SpBBADHBt6JAe+zQ7RBYN6+tSVgAn7UZRk5NEc1J17b3bOUNhUyWEeszbgG/mHxTtdXXaVJvyynYxx7FeQ/0zemE9hLghuhyQ8AxQp2W0NS2pMfNk/zrQdjmU0Nkyce/7Y75qq6sgKlZ62+h0MvouHTAqULoBKbjBR8ZZZe0+TtJJq5ssOdEPAGK0rBb5IcFiM/uC8X2KmMhrNmmTa7vy4q8TV7av4ise8O1tCiQELmdgoaFGFxBfH8JScwSqeMwb0HS8H7Hcmu/fj/lVrZdJ09/r90lLa8YTNnNP+zuqI/ttKZAZ6YnfltAFPvnHC3z8jaR0vySWYF7OT46GhYEoCFqS6ds3U2x0IFeVGtxScQoqZ/hFdbvalE1Yvf/NnoUywW6MwD76r60ZqCP55cpgUPN+Xeodoo0cwipThlA6MeflPBkinaAtcKCocPQXlZOYYtT3lqnI7YjFQgJRsb7Tzy3wei/TAx+v0GM/emj9+BZFTwMBal4ZKNw1ax8tKng8mlfTAUvafeVDW0uqn0jnG+RY9WkhIV4JLqqAt3DWQHrsanatB8IXlATboie5KfVZDE4FAEC8mF4P8BagHg/HemohWs2Ik922C+gSr9ezryAQRJL2NyIm9iSHtmBpjFZi6UWwlulDQ03v3uY8O6IXnVwxtFbM/4b9f0fFJgSYVpICf2N47Sii1clnN4u7IjCWshRXgPJKdMZXO6PEinw1tT4Jz X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1107;20:FN0e/puB0FstaRQc1tPzsEEYAOt7R0ph/4yy0VvjHi7QcRO0denf+D0kkR5tDF+giQYUCv8/J4Ml/t58V7132UicNhHHU2Ef3IK6ZVsXV2K1epbPxYwtTOvWGDODt8X+jWYLt6k5owAVGekYnCZsQxGj6eiBqdOQfBrtT4seMz6BN+JT9RgaBwduta8vH61JKuSAGosatIGU/njbqyeoulknOjauCkqv7dg8jAgJUsKKb6dlW3+kIOqRAr3j8dnmoSFR87mia3M7xT+0tFzSiNddQjs0u355A78azoG5HSXNLSxz3+PiluoZQOU4FZEauCSqb0WSiGeJHdsxJEmv3RGT67tMNeJ994jhgElNdDo/BUbtKlpDPr7Qa8d4P3drUTvuH09ejlWklU2yLqsop36c0zSFBIdJsBlUk9KkjBHq68Eo+1ncvxXbtBlnP5GL2jE80MSsbxdZmtWAh0OGGFbtBIwlddbjRjB4ScnjABBkWDTeCVW/eDkRPuPjafaS;4:XpYJQhRPwqyiuo9a5W11CV25CKaI85KdCmKr/HvAu425pG9Zew56ejDTMGaQrehQISXFg+Q1firOcUMDKroHG8ZaVYbXwRH4DezRSPVgUK35YVomVW1z+TFKlA3h8KDXZso6pSVRss8AplXZJIP+g0zXBhhSiSlgi47DYgB6FWrgViEUqdBE4+aFDjXRO08D4pUYSFCqYaMXEW8V9qvSJNoIyg4jxkIvBeEHJryw6Y6yHqmSbg2xSIh4WW5LGKDy/oCzHeqIR7E2HRLgwfinHAAkRv3Nj+IgeDUwgaBWg/S8a7Gf3Hb4L7lF7S8Au5tvo+ZxlHl12UWCPlZQ/1WTDenEn4N8CcGjSbuZ+nmAO7lcVvFdPMlp6GnaZMhXD3+ekmvICzFjxrCW4iowFoGnqA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026);SRVR:BN3PR1201MB1107;BCL:0;PCL:0;RULEID:;SRVR:BN3PR1201MB1107; X-Forefront-PRVS: 09749A275C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(377454003)(189002)(199003)(24454002)(101416001)(2950100001)(50466002)(99136001)(81166006)(8676002)(5004730100002)(2906002)(4326007)(81156014)(77096005)(5008740100001)(117636001)(68736007)(3846002)(586003)(97736004)(4001350100001)(47776003)(230700001)(59896002)(6116002)(106356001)(87266999)(50986999)(54356999)(76176999)(65816999)(65806001)(189998001)(83506001)(105586002)(42186005)(86362001)(23746002)(93886004)(92566002)(122286003)(64126003)(110136002)(65956001)(36756003)(66066001)(217873001)(62816006);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR1201MB1107;H:[10.236.18.82];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;CAT:NONE;LANG:en;CAT:NONE; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;BN3PR1201MB1107;23:JtAZySzWCFZ0FzCdy2kHFOfCpMiS4UROlMp?= =?Windows-1252?Q?h8fmztxlOARF6lLDHl0adrWI1OhFOYRaCOaZc490Zwtt42KKscMRR40T?= =?Windows-1252?Q?8XtmaHgyrYorNO65FMD6xk3iwUDT2XweztKwGutkzD7DZHpGZOD60JML?= =?Windows-1252?Q?enk2CinI4/cCb6T8FbPPtH/bu5AwWMhSzpIhfUIHc4zOolnEZMxyhmwb?= =?Windows-1252?Q?U/AMo/QviFkOWS1tDrI+PJKVJwE+wqP3hsNDkik0bnrsPUDuorKEoLBz?= =?Windows-1252?Q?Io0v29VMTPhIU9rThPK+QQSC8Uz/Z0PZ054S8qZSJjgPq+WJ4An9u6OB?= =?Windows-1252?Q?RdRzOR1jrTiEB279iMjH+Uv4aUtQfQg0iYTS3tlJdHKlii7FKZpgVlAf?= =?Windows-1252?Q?MwQDYepvmE0U7mQp2rl1Vl2cwdTqyyNiE8xnDzHKPl3jrjNiHjdqbaEy?= =?Windows-1252?Q?N5xerDWOFo7XFO53DngByL+uAYenB3jWpwv557lm8r9/J88m0gg1A/J3?= =?Windows-1252?Q?sliV053MwhhkyT7GLo1oPxePxbXVrGdgk5TYW4bFyBUZ/nDCiPwxWQ0q?= =?Windows-1252?Q?B+ryhAjfOAO4DOFqwKQfVKheZbNOZ0g+EJUXoCfFxMReEzGWRXglKD1j?= =?Windows-1252?Q?/u6BW6i+HQz62CXY0wOxSv+A1BsGL4veLKObpnswob2+S1p9tqtWC/Ix?= =?Windows-1252?Q?/YFMV7eRFBbK3aY7sS1xeDuDbpCcE/UrnzvErEYA0a7mVX+F5pBeAbdG?= =?Windows-1252?Q?2nIdanjuIyvr/Whra2BhwkO0C8WFVWVfd6RUUuhVwmNdqQpQNxn7mogy?= =?Windows-1252?Q?3yOErnqkphZFBsdccEvcWP0dNzjbAs9lhlqfHzhrfNFyMue2N805+74I?= =?Windows-1252?Q?4ncGWX3zOuuUM2wOJjZY1I6xvmOK8kmISWlJR8azQMxgxWS42x/Wpza9?= =?Windows-1252?Q?GIeKxiDG3A/pC2Qtc7lwE00IIwNZsoTETuHdVujdvGKGVI923qWSIEPw?= =?Windows-1252?Q?oCuOWWzg6VkutmHywxeQNvWrGKhnOX4nEjCX+rDrfaVrkZK1GOAnO74b?= =?Windows-1252?Q?Su875/P9XWUaTdVu1OtsdR/a140HeApB60IhhNYBCwqUMBu8PFg4Ns7/?= =?Windows-1252?Q?rRkQtCFGzN8mg1ly2hKfO510YF9xoyo1LqI5YbSTiR/OFyLw+SrVJons?= =?Windows-1252?Q?xWx9x5bpMj6ZOWDiIJFn08IfILHxgLyfwsxXPYSzJdRn3BqWGVQCb1ms?= =?Windows-1252?Q?G6tybrI6SjIUtq27cwo6DvGFbvSPvJal1H20UR63q5MlY9gIw79GcIpi?= =?Windows-1252?Q?rOy+jC24UNZbtwyGvE0URtssfNk5A27F+XedFcY3EfhMA1pUKYgvM/Zk?= =?Windows-1252?Q?LrxyWfj5G2ROER2jAaM07P3ykb7pHJbHMYbJ8ARpDqzIfJqbTXl6IRiI?= =?Windows-1252?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1107;6:gY7q14q4h6WdKbKEcftFKqwTvFlc1VJndhBb288Gzu6TwwNVgpEh0CB3JxbajJuNQ/pl++8w6ygBUcqCDyItC4lE514UmqcNpTkENRxRgISpreuN1YqSGN8uVXdYWBC+Bheh4ZTPIkzA1pMYTv8kbkm0+DKWykdLEpdIQUG7Bv/DnflV1jgmNtsUwaRsBdrNX19f7ahO5ehXqYNphbmIs391lBLjQzftCU730FKhBm3zrm7y2FJRKA3KsRyOglP/gBZWTAqc5aBu/L2lCmiOzEetxuGybisP4kSbagXfVu7CHCFsnt3bFmzTK1aFiViI;5:Qp0w3mgWzCcuetuRD1WbxIK0N3J97BTRtXnvoU6L5dzmH8AAGgyTYAMGy8K6ksMz/TnIfdY+G4hWi92ErKjFb2aTR/x1ZcbOR6w+w5lLramZuKfqga4PUgzmhQI/qT/CDJIVYEJMynoymss0LIlwDw==;24:EsyLdN76yuLtNE5vSJtiL/PETFrZuDGTHLPvahndJIwCMLQjPowIGX+ZLCFxa4mViadJJlChc5YpIKksjohOKOLCpb3/9zCjDWTiJyTpyqo=;7:vJPgprBVB3QJpyzGvmReU8UknsMjtOTuTF3S9fw/uhvcuJ135q5Ekzw3aX8TxdU593xP/fh8a2AZb2kGt75nR79/UZ060Gxog4Dep+bJlotKvPb+wD6jhAI38mlE9IS5CsMgOT1BjdX8/LBLzpPFSn4hKbFf2uzZMB3j/AZQvvvCOSMYbfF6GQDrqCTGgJ2RzlhiUmr/BLbjsHY99+xD4Q== SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1107;20:xOiSR+OGgWWaYoPJWn8oiu+kI3yl5cbIZmnnk6UKy7e0p2M7GQXifO05dSmGJidCdaAze9qHyGfnOaFqPK4JLT8r2xBJJs+gHNP1TYy6NxBgLYaUIOnavyFjaxhANuwO776HmU/rxWryk6YU3e72fTih7Cz06OcVmuHrWxAsaA/bQMneKqt2NB2T32RlvNttVnuY43RCPrYBiP2KqIez6CP1uAKXEXWCt2lmnAY29zGJN8wPs3vYWhD5Dko+JiuJ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jun 2016 13:17:30.8823 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR1201MB1107 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/13/2016 08:51 AM, Matt Fleming wrote: > On Thu, 09 Jun, at 01:33:30PM, Tom Lendacky wrote: >> >> I was trying to play it safe here, but as you say, the firmware should >> be using our page tables so we can get rid of this call. The problem >> will actually be if we transition to a 32-bit efi. The encryption bit >> will be lost in cr3 and so the pgd table will have to be un-encrypted. >> The entries in the pgd can have the encryption bit set so I would only >> need to worry about the pgd itself. I'll have to update the >> efi_alloc_page_tables routine. > > Interesting, I hadn't expected 32-bit EFI to be an option for > platforms with the SME technology. I'd assumed we could just ignore > that. We may be able to do that. > > Are you saying that the encryption bit isn't supported in 32-bit > compatibility mode? We don't do a "full" switch to 32-bit protected > mode when in mixed mode, just load a 32-bit code segment descriptor. > The page tables are not modified at all. The encryption bit is supported in 32-bit compatibility mode and since we're not doing the "full" switch the cr3 register will remain as a 64-bit register so we can leave the pgd table encrypted. > >> The encryption bit in the cr3 register will indicate if the pgd table >> is encrypted or not. Based on my comment above about the pgd having >> to be un-encrypted in case we have to transition to 32-bit efi, this >> can be removed. > > I'm not (yet) sure that the pgd needs to be unencrypted for 32-bit EFI > when running a 64-bit kernel. In the AMD Programmer's Manual, Section > 7.10.3 Operating Modes seems to indicate that running encrypted should > work fine. > >> I'll look into this a bit more. From looking at it I don't want the >> _PAGE_ENC bit set for the memmap unless it gets re-allocated (which >> I missed in these patches). Let me see what I can do with this. > > I don't understand your comment about re-allocating the memmap. > > The kernel builds its own EFI memory map at runtime, initially based > on the memory map provided by the firmware. We always allocate a new > memory map. Sorry, I mis-interpreted the efi_map_regions function/loop and see that the memmap is always allocated by the kernel. > > In efi_setup_page_tables() we're building our own page tables, which > should be encrypted, and mapping EFI regions described by the memmap > into those page tables. > > So unless we're mapping an MMIO region (in which case _PAGE_PCD is set > in @flags for kernel_map_pages_in_pgd()) I would expect _PAGE_ENC to > be set. > >> I'll look further into this, but I saw that this area of virtual memory >> was mapped un-encrypted and after freeing the boot services the >> mappings were somehow reused as un-encrypted for DMA which assumes >> (unless using swiotlb) encrypted. This resulted in DMA data being >> transferred in as encrypted and then accessed un-encrypted. > > That the mappings were re-used isn't a surprise. > > efi_free_boot_services() lifts the reservation that was put in place > during efi_reserve_boot_services() and releases the pages to the > kernel's memory allocators. > > What is surprising is that they were marked unencrypted at all. > There's nothing special about these pages as far as the __va() region > is concerned. Right, let me keep looking into this to see if I can pin down what was (or is) happening. Thanks, Tom >