From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755086AbcFPOiu (ORCPT ); Thu, 16 Jun 2016 10:38:50 -0400 Received: from mail-bl2on0078.outbound.protection.outlook.com ([65.55.169.78]:32019 "EHLO na01-bl2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754216AbcFPOiq (ORCPT ); Thu, 16 Jun 2016 10:38:46 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v1 10/18] x86/efi: Access EFI related tables in the clear To: Matt Fleming References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> <20160426225740.13567.85438.stgit@tlendack-t1.amdoffice.net> <20160608111844.GV2658@codeblueprint.co.uk> <5759B67A.4000800@amd.com> <20160613135110.GC2658@codeblueprint.co.uk> <57615561.4090502@amd.com> CC: , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <5762B9E7.80903@amd.com> Date: Thu, 16 Jun 2016 09:38:31 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: <57615561.4090502@amd.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY1PR14CA0005.namprd14.prod.outlook.com (10.163.13.143) To DM3PR1201MB1117.namprd12.prod.outlook.com (10.164.198.17) X-MS-Office365-Filtering-Correlation-Id: 9d641617-59b1-4607-241d-08d395f3e683 X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;2:KP+bSgDh2Ut5XXvfhp0Eq6LZdP3rknj5YgCHMZfEjZu5E1rJcFh235WSqLejRj9AQIwUA3qRYYn5+8c0VQZGK2zZ8Qn2IZAsnSSp8Y6t84S3r5qJ3j7yxDwaIuTqgKjWNBfii1K6CEFt7+9rBh43Km9rdAr4VtXukhLViaMmAvoS23FRpGbCti/vEETepj1P;3:7xr0P0rNBL116v8lpXRCj6oS0o2bBjM7wYvEkuxg9uilXYk7PqQTFcB/GgwDAq4LcXSEmaVW6UGmhcJ3tJZ+jx+SmERJomCOfK5tXVRbBuW7zwu0bYmkknrigMi75ovj X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM3PR1201MB1117; X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;25:yJpZVrizRS/0MHL9+9NeK3ueLLCB2ZurRDnxNXGxiH4fsgzp0oJYAIK9jNz7yGGMBK7wX8gP2Ic/PkKPTzXv7vc67Z1O1pwuwqu23iOEvAhFCQBNxVnZUstj9FNjf3Rcz+C5biHunsgw1jjomgRmh7O235FUbKe5E2s/njKlisKxwSD98hUXZo2/BNWag3CenmB+1qv6BfAqDdHoB3hELtWbQIEImuvIe8IYv2kI5a7kWoypzrL6Mpk701nYUjutrQylsvKdayvaDnL/+hBWAVufnnl9cM/iooQ4ElcpdiT/atgbJRn5/vm61u0xBXtNbxtNNUML34r808NNwotPc6MLXLsEviaUqWyPu8Oy1Ko5ka9tCW1a7FUG2geBKda+r/WV12AHca6pQPk6OGxqTONFmLVmgM5bsbSAadE+lYyzkT6d8laEOpvMrr51zZ6mebpMuIgCjI9/sZkWdxx6ijg6l6PaNAOtkOUTlP19goNK+2Su/S5Dy6F1NX1cdYYvl+LLIlhxPDIDTz3ZgTHT/CZV06N3uodI4Q9aowViEAgyIjAhyj+Gg/gqrahXTtjuO96DB91anyKkj2WOch/kd+9VL9uOk3Rmw1YxHl9Fvzyz27AZngh3iFaLuLGiPG18fW0M2N5ekQIguOGl4D08iIQOCQF3lcugW2GEgB0oOQtFMbTC9FBzOcbR5vJ3+dvui6NBZ6pOuxRu4mmSSJ/ADL8LZYMV9tjtLZgL1SWrFx5d/hS2miz1Q7wXz19qeLva X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;20:5dmc+9FBFwqen746OHnNF+lOZVYaH0EBKsEigFdVcAbeY60oj50dT42oy7GmxBwBNc7r/3CTKqqaj6v6DMw0ERKyrBcOPV8q3bvTgEjVTbIx78a6eY+qEm3dWTx1HL2gMHtk39890eSXERHLMeooqDeX41sqOGzDeJlKI8VnABdCuwiGJAQo8Jd5+JiP4l5x9faHOZePLr+oHThNLV9I3K2CoI9Y8s3DrKkuaUhnHBf3xKEZBIwlgjlJPM2q8xOFQxl6yAixWXjCo+bmVR9/vt2g0iUf96128FCsAyHPm6bl0YpDYaAJh5mzI1lc2w1LFWwLdgn3SFi03Q62cFlS+kIpmvMyEqx7Xm8r9v5m8lXiXwsYvMCna8IXGmG8IIjd04U2LEO14sv//iLfHVS9a2qno8Zbq3UTu372sXg5qz3myKQcGqFiOkX4SVNRYDYHd6CFGH34slRtPd9vq4gZCBgWOxhH7WOMAxoghU64PjEZv3Lmghmi0RLIkK1JcAJz;4:YgeuM9Y29lQQCoo3qbfmu0PsnF1thBqQTIII0hwy32uf6bHjbKpoB9JnNgGlw2XyT4SXc0sNMi3o+YoQ4+SSwBLxE8WqpGdzFljRKO4KFrlV6Nxw78XdANQsQHnOo6YybSzBorUbAj1sXZhJgW78c1HS46LvGfph4kO7+WBD9Jm5DS7pMCFf+MI6LeDVTTpVKBf8c33FFgs4H8lb5N7u+mTEhbvx9itRdPcGAcFv62lDO/SrEQp2AfNtJrsD2Ar144YLayviG6W2tCl81cw1pfDWYhDMdW8hlFpgqAJSJAPUPj+rxXZXT4cZv0w3JxPOD1Z71E4q6AiTFco+0XmeSIys5xGw2GaqghuzuIqjRNUTNX9DReSMdPEJlERE75pcYO2pF9RMYorajrYriyLZsw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026);SRVR:DM3PR1201MB1117;BCL:0;PCL:0;RULEID:;SRVR:DM3PR1201MB1117; X-Forefront-PRVS: 09752BC779 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(979002)(6009001)(6049001)(7916002)(189002)(24454002)(377454003)(199003)(83506001)(65816999)(101416001)(189998001)(54356999)(76176999)(50986999)(36756003)(81156014)(68736007)(8676002)(5008740100001)(50466002)(4326007)(81166006)(230700001)(64126003)(2950100001)(2906002)(65956001)(66066001)(93886004)(4001350100001)(586003)(106356001)(105586002)(33656002)(110136002)(65806001)(23746002)(97736004)(92566002)(5004730100002)(86362001)(6116002)(77096005)(42186005)(47776003)(3846002)(217873001)(969003)(989001)(999001)(1009001)(1019001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM3PR1201MB1117;H:[10.236.18.82];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;CAT:NONE;LANG:en;CAT:NONE; X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DM3PR1201MB1117;23:GXCQbWTnl5OY7lKvus8GKZzTjwS4um1R+BC?= =?Windows-1252?Q?uZK/xXo2U2BjszcEYoKI5ucu4WMm+bjJiYQ7lSAt4BiXXrZa/jp0A9+G?= =?Windows-1252?Q?fdTstGS5WQ4B/ooHZk2ExmKTfHPIrMXKNmQvLhT34SmA43qAnpxzE71y?= =?Windows-1252?Q?kxINEi9aIxBrFAXb2IKCypPyBnC6zfi7yXCHX/1dmRR3/FUNK30Mem8k?= =?Windows-1252?Q?coFerd8M1wblTDyeaXOxhXvyErjT8iGgqzjnrl4AH1+u1BcnJcX9UT2z?= =?Windows-1252?Q?RwZn2quCn6ewkGjYDeMug/L3/MiD7PsS3kp9QvSXe2JV64FX+zgrcFdn?= =?Windows-1252?Q?Ht0OLuckocuWbZdyiZ/7TgNh2o0Utg4kXNU/bRRQ1rYwNROiLnkH7Au6?= =?Windows-1252?Q?en2nBczUgsYaJ021FFv8dQYtrGK1yAlEWRwpVxBqXYL4nMcKVgY+FxAn?= =?Windows-1252?Q?6/m2Z++i67guyJK7HCJIxIO3CE6SR72uZ/nPvMyHowONfY55AgedB5tL?= =?Windows-1252?Q?l8c/WgPFE8IZ+rkvLBt1kYgsoAgfO5hJRT005cB0fV7XkudxFE+C/s1R?= =?Windows-1252?Q?xB2oH3MnaYeo4iObwDN6ffw92AzIxITrSYIV4AleaMbDuq50qibXQprl?= =?Windows-1252?Q?l3zhmmrANROo630rsIyLinZOyiYxyCNaBu/hz31KxSEjkRPgTpynr4rl?= =?Windows-1252?Q?EwJaSVm0cUfiqhqdn2FsjwiGpfCT+fijySEtbaOA5jwBHnVCXBzfuKem?= =?Windows-1252?Q?Qrv/y9QP+6IANPXtsvQtxlIpgnEE9sXOdBw/1hgaKDv1DOClQMnRY6XB?= =?Windows-1252?Q?mDrlwXVXHYv/hdMbY6FjYGNgJbx7az/V8Ot2uncWAVA43hreJz0zwNuY?= =?Windows-1252?Q?JYuKHmhkk0FTGfgIVW3iIpP5lu4yZUqmLDJIB+aYZ7WGI5zM6wGus6hm?= =?Windows-1252?Q?4J/lKUgGooToafk0n7bvSkEBOaAt44H1GOKfQ8LosQqLgSnQAbOMa9R8?= =?Windows-1252?Q?KRCfMx4qWxPfdOxgdvPJIqfZWU29cwp62sQ7d10UkyEdWU+bsjmAYDqz?= =?Windows-1252?Q?D0DLnGIj8PmRWLtWHKAHeZs0rBzKkzbQ2GvFCZ9KWIhkckLuMpY2f2Wo?= =?Windows-1252?Q?9/4BO1a4Guf4rJaoPfnwwm2tuRHsmSOCDoDtyQuef8fE7gU/G8xiYFLq?= =?Windows-1252?Q?E9j/0TjAoZrUWWzGT91yCLPiCbj8DREof3LZPBmVsw+Mex8+FU3aT76r?= =?Windows-1252?Q?vg1JEMYdzvbz7Fl5nhHXQHwFZwBsXRzaK33dOiiSDivshLjKK7N0W1sK?= =?Windows-1252?Q?DAgHij6AmPSigmlMUJMeOV9S6uPtpvqRF+zqkxuwG2ivORezGkq0vnFd?= =?Windows-1252?Q?nncSDBF0M7zvVE9CprqtBWK4DBWqVjz1hHNZErDXzFRIOVqouf+E+Av4?= =?Windows-1252?Q?=3D?= X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;6:Ml8HFZ/T7G5NL0ZMAsrq/W4Czl+h2S7S0q+qUHWgC9i1tuQiOcivfROy+conEohCvZx4f9Tz4EAKnF2kUjo9I9K/ulLWS7PjqY4LK8zWsm8DBoWvvtJcNuZkd1y2rFUcMgfIRVJzvDjOnT39vRDCHEqkN4+m5xHt/iTCuJ6362AWwnri7B5/f+QCEWdlhhQjzo2RJwWBk3XoggujEVLBRt/rroab/PtOpgiXKbLcu4AyQkZysVSa955dPaKZr3BuRWAZgrg5IQ2Cp27P2U7Tp7WLHytUT4aMpsnk/ZvvsXvrKV1qj6dbufh7EkjUGxFemK/pWwvVoESC1SWR3JbnBA==;5:5NRybHvjbsjFN/Cj2rmy3jmjBaHGgwlC0rDoWYSZJVLOkm8EYcYiWCaNo2m5nQM4HnxDwkTQM2VWMCFlYvXWEQ3YnAV5jRfygKNcOKTbNNTSW8sWzfRJLXMTSLZ9yoX0GWSfrfHsVXmzgv6KyaTFIw==;24:Ermdl3canFKSbZ9rLzpHo+EAQ7AnIrZ+xdu7EcuzZT9wUdijlfllKg8OirA5yvB0WO0FpvA00N0Q0h6yw+6VfwXN5bucn6e4P1AaK2Aw5oQ=;7:IE921yYwHb2AxIcU729MjRrDPKWt/SCwaQCeZnVZ6AuNH+GfhjOLfZvuD0R140i7J7k5tHJThn6XYZKDUJ81p6C8TJasD0wVsMuC57vy7A6ii+I1sMYL7XmQo1hS3P9GMBFSctKu5O1DbvPiOPTvJOtd+CL2K1X3L7hwJnK+cXlM6KjVHlAnCjTKwtji7UFDrFl0zZ+whJE/qDVAhmbTwA== SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;20:CKhefQH+RYU0XB+bX4iWdOLLKVvz26gKvA6UpJQjT8O42UXFQ4wXXM4seUXEnWzFovOyhqArA6UEHBErlREPl2TUJ1pkWtX0IuitVHMsk10eIZskg52iR3XbUcAeHI/Ah/6wujzFUMZ3v6mNbkM8KJ2O4UKT96IlnhWTEilhYuwxeLKTDSm+ncc9P7JiE14KF7W+0uEumL8LhvJSsXg8BdRRqJQEF5hvrBpfzbGBdiwDgE8paFsqOzqL5OucQUE6 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2016 14:38:35.2925 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR1201MB1117 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06/15/2016 08:17 AM, Tom Lendacky wrote: > On 06/13/2016 08:51 AM, Matt Fleming wrote: >> On Thu, 09 Jun, at 01:33:30PM, Tom Lendacky wrote: >>> [...] >> >>> I'll look further into this, but I saw that this area of virtual memory >>> was mapped un-encrypted and after freeing the boot services the >>> mappings were somehow reused as un-encrypted for DMA which assumes >>> (unless using swiotlb) encrypted. This resulted in DMA data being >>> transferred in as encrypted and then accessed un-encrypted. >> >> That the mappings were re-used isn't a surprise. >> >> efi_free_boot_services() lifts the reservation that was put in place >> during efi_reserve_boot_services() and releases the pages to the >> kernel's memory allocators. >> >> What is surprising is that they were marked unencrypted at all. >> There's nothing special about these pages as far as the __va() region >> is concerned. > > Right, let me keep looking into this to see if I can pin down what > was (or is) happening. Ok, I think this was happening before the commit to build our own EFI page table structures: commit 67a9108ed ("x86/efi: Build our own page table structures") Before this commit the boot services ended up mapped into the kernel page table entries as un-encrypted during efi_map_regions() and I needed to change those entries back to encrypted. With your change above, this appears to no longer be needed. Thanks, Tom > > Thanks, > Tom > >>