From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756852AbcIGOTz (ORCPT ); Wed, 7 Sep 2016 10:19:55 -0400 Received: from mail-co1nam03on0085.outbound.protection.outlook.com ([104.47.40.85]:34336 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756490AbcIGOTs (ORCPT ); Wed, 7 Sep 2016 10:19:48 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Subject: Re: [RFC PATCH v2 07/20] x86: Provide general kernel support for memory encryption To: Borislav Petkov References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> <20160822223646.29880.28794.stgit@tlendack-t1.amdoffice.net> <20160905152211.GD18856@pd.tnic> CC: , , , , , , , , , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Andrey Ryabinin , Ingo Molnar , Andy Lutomirski , "H. Peter Anvin" , Paolo Bonzini , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <74f3288f-afc7-2170-89ff-a0334451da82@amd.com> Date: Wed, 7 Sep 2016 09:19:36 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <20160905152211.GD18856@pd.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR17CA0046.namprd17.prod.outlook.com (10.175.189.32) To CY4PR12MB1141.namprd12.prod.outlook.com (10.168.163.149) X-MS-Office365-Filtering-Correlation-Id: c1706ba0-f229-4c6e-510e-08d3d72a03e8 X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;2:vWPYH7809KJAkMgHcic4LDKWHuRTtdJQzKU5EFisGX5OqrhkzClwTzvdEn5vd234VXixplVM7ztpU5SW9dxzGEFk18GNqwYR2utWWbLUvbNfqSDTzt64B+lOcW0AYa21fWOjrwZ8Wen9QHjKY94uy39iFArkjFC5Kwn+UXjvhKHZoh+Inysqs6rYCaEVRVlA;3:JNwTAvPGZQCTTvuAtnsK518uqKLaJowSU3VqB6ncrfEUeee1CNynYDnq+mlZsmMqXekkO0MdllJEVcNTzz9JV/a3C8N/C5sfxdazT6L/4zam4uTEnTj5Uoa44N2GCBfY;25:fPlvhTDg7s2I4XD4YO7xdIeMHC74FG3QIbQUi469/bH3ARVSTUi296qZwynvRrOXlFGC4xMa/ScEeTBelbf0sSWV+keNRQSLs3/7q5WG6s6dK1GTcpT6hNXsxQW6lAvMBNJPJOgVktc8snPR/TBLtfVJY7fNnn4rX8FKAG+GecvqUqWNey7K/7dXaa3QZRfNVcHadCXOH+WqdcnNVN8QUHzu9UfIgOQRVxqLFhmcPfbRpSKa3PzqNh5Mni8tuZ3H+6HtjVvmq+exLVixf9qedcv0RZKeI3CpMw0w86pxsUu95wd0q2kSAv2fC/qy0rBzwKU8670PkDNblnd3aHF70rTjz0CDp25/nnaky2Qt4NUhuamTT7wTHMqyg8XMI97vH8K3VIY7L4hX8wwsmWUUsg==;31:oQKEYibhfsYRJr8WKyigUrzB4LtZS/tR6YCjjxQREJSQ00kVDkqRx1Dyg4i3y0aIK9EIHfco0QjV5Ah7Wtij8dFYOFwRdd7+aQ8uMUxnfwcMme3R8LyOuD8L1B3xEPVOp6weymIHVQnCWMoZ5vwZpWLcUdMWl/Qfye2zYmuDlCG11No4UVDlM3PKA1ZdfsR5CrjOgTFJjKXu+6uBzHYYyIpz7YLJkqRqVthlVlpBiaA= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:X7lQefs3ySjfDTlns+I+gDwUh0Se6XRatMd4gd2s9RLWe4FPIED+tC5amThHOdoEnTkkOU4Aylm/9WokCWwPzh8PqCUG5GXzREnJV5YwZpQTEXemJluCNua65pUDXFdfEqIqXdaUxjYvMIJgtz7SGcUYnIhtV3PnOOWi25qihhTgq8K8hMaOdZ0rxYnd2/gNNA3QksN87EvWeCP4zKeBz3fxl3S3U4rqRBi06f1ENZ/EiSqJ3qv1zXY16s0hxHTfkDrQByJpUPE5UhK34ip6s6XcRWHA1Gq6NzFp8nkutLa0PyQX+Xl5o8i+tJrKXn+tWyVNq0OacPaBnJi405bzP1S079QlvEc3VyYdK5ugRS6gd/WDN7BnGgrjyZLCJlbEv+vP/0jha4oIn/Z6qInaYTcs9zlL/G/iQ2jxofVXet2cUe8uNCuR50yQVDH6zeg4Xvd3E5F3itHdOlkmy6NM++WTMAywDS1kalXlO1UNXuiYRn+hiORu+s8T+qSimgFq;4:/qUhbI36QbgRzNCn1wfrhNEmD3QKwZh+OTgZuLIQY9n7yifUalSAuiW3/8qKLXXQy8iubHTa/sAjRUqf5znac+exAhxHTrqjhyiDvXPwDTcKn2mhyin5VOHV6odV9JN5G4TBDhJhSBw+y9i7E2OmncRoAgf9eRHhqo5qtnldajNx8QahZ2dOulm6815mh4YVjweIHkGP752btTuyfAg+r+Eb0/c/kyXfvdJFKSqmgTNh43EcVBSUI/nbWbYMCk/ft+I7T575a+/0LikuSrLjLYJ9WgJZjOwedWItnldfeVB+Tspo5UmvGCStN+UVb9wSQd2X8UNvZqbzFXpmNjpH/Q/ngvXUeK3A70k9DkpBjW3hge/RiUymWuV9052uh2OG0Tekfb2I4gOKHC3wXA1aLV/NlDMeRcJPFqyxWYzmctpyBYECWW5c9L/95TVJoHOK X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026);SRVR:CY4PR12MB1141;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1141; X-Forefront-PRVS: 0058ABBBC7 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(199003)(24454002)(377454003)(50986999)(586003)(6116002)(110136002)(189998001)(86362001)(83506001)(36756003)(2950100001)(19580395003)(77096005)(5660300001)(31696002)(19580405001)(230700001)(50466002)(2906002)(64126003)(4326007)(31686004)(8676002)(81156014)(3846002)(81166006)(106356001)(65806001)(7846002)(47776003)(7736002)(42186005)(7416002)(105586002)(68736007)(23676002)(101416001)(33646002)(66066001)(54356999)(97736004)(76176999)(65956001)(4001350100001)(65826007)(305945005)(92566002)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1141;H:[10.236.18.82];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQxOzIzOjFpM3FnSHhVakhGQ0JlREhFTVVsOEpobTZz?= =?utf-8?B?WlN1Nk9lMDRUSlFqY291OVFFOEpaaFNsNjhuMXN3UTdVUVNXMlBWd0ZRU1pp?= =?utf-8?B?YVBUcFhGMGhrQUUydENOY0w1d05TcFpBZWEzdGNnR09QUGxzeTdUUFBFRXEr?= =?utf-8?B?aytHZjF4dEpWNEFiaDhyN1FWZDg4Zng3Z1ZUTjVKWFpNMnJFbk45NG5ZOWQ5?= =?utf-8?B?czlySWZ2dnBDL0dyUWFUblNFTVY2RjJob1RHYUQxQzFBdGk5aXdIMjlTNndj?= =?utf-8?B?V3hrajFVNVp1K3huTk1NQ3JsTk5SMkd3ZGxwZHRnZXhhcXlGTWIyZHNSKzg5?= =?utf-8?B?TFl5TDM3NUV2VzZNV0UrQmFOZDBqdlBYM2UxbTViNzhFY2ZFNXpDQ0kvNjA2?= =?utf-8?B?anNHUjA2NURraHRVTkkzckU2QXBkbTZkUUF4Z3l5aStsRnNZc1Uwc0NMQ0JE?= =?utf-8?B?UW8zbnd0T0tySjRDbWhXU0dBWktiU2Z0NmR3VWlDaWVqNUpmRFVZZUx5MkZ3?= =?utf-8?B?Skk5QjEzYnd2bTl2UnlDRkFpcFhFTVJqMzhudUVpUFhaNzFNRDhYemIvRVhk?= =?utf-8?B?VDUxU1Q4aGFDRXFKYWg4dnNxQWhPTmRhV3Y2a081SE4yVUdCQkJSL2VXYngw?= =?utf-8?B?QThSSGROTEdDMmxXY2t0VjZ2ZUVCSU1peFFtMzNnK0tyQXBvVy9vUnZ1ekRP?= =?utf-8?B?TVYraEN2UlBZL0IvWWYybktqR05YRmhsaUp5S3NBUTFqRUlpR3lJVFNydjNq?= =?utf-8?B?MWlvc2l4TE4xeVMzeDRwcHlIdEoxb3pNajBUb2xmVmhkWThQRlFiMENmYUtp?= =?utf-8?B?bXc3S2NlSGZnakFkMFNJbGFFSkl4TlpKbmZ3NmVqSXhMZGxaNDV5VkZ2U1Ns?= =?utf-8?B?ckg4d2cxSWl3a0RGZHRKSHBCSUFFK1EzUmVvdGt2b3FSaGNacFNOWkhDV0xk?= =?utf-8?B?RWh3S083QnlvTlBlZS9iV3daV3hWVmlqTm5PbnEyLzJMbFVDSjhVUUdXSFBZ?= =?utf-8?B?QndLV28vMW8xM1RkaStzZm1JZlJQUCtKd3ZieW11NnVPeEtyclduaTFGVGsr?= =?utf-8?B?N21UTlpPVzhnc2laaUlmWmttczZKT0pRYXRnRVFFWUJKR01lNFdJTmhDS2M5?= =?utf-8?B?eDhMYTBveWd4ZTJ2dzUzdFo5ekZqUngxOEZvQnpNYWNOdUNleW5rYmdmbGt0?= =?utf-8?B?d0h3UXhGcnh2aUxWKy9yWjA2NjZNcEVuQW4yQ0hXY3IwVGlMV3V3UG9CaXpJ?= =?utf-8?B?Q3AwVmdVc2N0d21aSlo3dERzZDF1azViSlJOWFgrL2tDdU00TzRCZ0cvaHBR?= =?utf-8?B?R0hqcDFZTXlmVnBiS1RPWFVZWVE3R0xERys3U1BuRXVpd2RGRFVEL0tIcFVV?= =?utf-8?B?cWlrSmE2Qzl2dGNOSVRtOGd6WjZHeWhKeU5jSmQvL1JPYitSdzJnVWo5cElv?= =?utf-8?B?eFlpTVVKS0pqTUozcUwxTVh4dnhrbmR4VkhWMHFSZm90bFJjSkdtSVRtL2N5?= =?utf-8?B?SWRycnFhYy8wWFVWSHptV2dYRzNSbk1BY1pzMnQvQzZ4cWRCZzd4M2orRkww?= =?utf-8?B?NTFUMXdGbVZYclExZlBiTUU2K0RkSGtjSHNERTRGeUxtN1NjWkNKUVNEUEh0?= =?utf-8?B?OGhjMW53QjVnSUxGV1NTZ1pnTU9yWUhSNEdydllpNzVzbWRsZVV5OG85NS8w?= =?utf-8?B?M2FYQjhLbm1HakFtZTZkdEYzV09GODEySGNKU2wyRmRERHRJZ0NrcGVFRFVs?= =?utf-8?B?WUMvNFRoMHpMczNXb0lubEJjK3dkNzVwN1VMQTBhNGJERldaVWdSK25wbnor?= =?utf-8?Q?3g3GOVjtOZdlB?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;6:t2CewLRp3O+RHAF6+iGleia2Z7mAvB9d4MZzdGzIgHo19smurO/YGOY8v3hX7yzHn92LdLJF5TD+4Dxzgy+vJ5cYsX8cuY9zY8uPiiGE1VnXw6VucBxQ/SMs5V0U5tt3AaE4/PB7Ky1mQMjCQMYfRRYX1cfzyufbrr3h7P1naw5aW2xHYOqTtUikhPeSRP3bIzpy3iKlPb2qj++7xMXK47pf9vXvQEGxecY7/3RlQ5sS5eJ6jlpbFeiTwPLuXjiomjnOufSk/QCeYECXfNU/YrGopdwIYxnk+QCulrsS3o8WdrlgAEoGff10LlGWHLebHSTi+VnQw+F2zjOnlIQ7zA==;5:F7fMn5f+wKTVb+7++d+cyrzy+KEAAZOz5BXzdQp7zL4bENPlwzoePiPzK4t92cxvUQLfBfCDiqS2QERu9ZFxAsvzb/j4WuntMPA3MBGb337Bcjn3tmkrJzf9UaB2ilTheyc4WG8+A2EckB8vvsBooA==;24:txRVe94JzcHKATHzzJIJOyic962+gQn8Z9P6c2sHIX/RY5G5LYI99Wnce/3ayIhx3BVOonKdFieEu/C47flNipYoeb3wp3iuoXMSn4s+vLk=;7:S4kLuQui8HWebLdIr5G4ZxTyQD1JmYhVIjc/AxaJtLZNmSK3YQXqsrXJKRNWwcV1OT+3VrrEbt6+4EpwRdopwM0LJ7rHe3G1cx/TjJvAo5EgpzAndSqULmzAoBTAcD+F4cV+dqnit34BdePS1QjFS+gaIINQ3NqVBWz3iDE/iEso1Uju1A/bzKsbK6YMmG8jFVpUr3B8PtoYsTo6v/+XJ4l6TXVBEH7m6Jg6/YY/xDcijSfxWwKoaaR6maXllmE8 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1141;20:TEv9d/3QEJxBu+uOiKFl6rXfYgxA1uE/X7UFrkYjU/cTVNy62Qze97jdhCw5NQGFR2ueDlTm9t65EAGgwZpP/3VURI6fSf+O/xuT9oURXgFPYwIkuff/oMT3wfsGD03+Kn632GZ/3Tf46P7NX9opu2TjeelgzQBnZezxRKgKbqR/ig1xH8hVrCWiHX79B/OshZwMN8/R1aSGq/uosh6J3Uqwdn8BrXMONXYkDfc5WsJ/5NjpGEBX+5cPIDfHs4q1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2016 14:19:41.7615 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1141 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/05/2016 10:22 AM, Borislav Petkov wrote: > On Mon, Aug 22, 2016 at 05:36:46PM -0500, Tom Lendacky wrote: >> Adding general kernel support for memory encryption includes: >> - Modify and create some page table macros to include the Secure Memory >> Encryption (SME) memory encryption mask >> - Update kernel boot support to call an SME routine that checks for and >> sets the SME capability (the SME routine will grow later and for now >> is just a stub routine) >> - Update kernel boot support to call an SME routine that encrypts the >> kernel (the SME routine will grow later and for now is just a stub >> routine) >> - Provide an SME initialization routine to update the protection map with >> the memory encryption mask so that it is used by default >> >> Signed-off-by: Tom Lendacky > > ... > >> diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S >> index c98a559..30f7715 100644 >> --- a/arch/x86/kernel/head_64.S >> +++ b/arch/x86/kernel/head_64.S >> @@ -95,6 +95,13 @@ startup_64: >> jnz bad_address >> >> /* >> + * Enable memory encryption (if available). Add the memory encryption >> + * mask to %rbp to include it in the the page table fixup. >> + */ >> + call sme_enable >> + addq sme_me_mask(%rip), %rbp >> + >> + /* >> * Fixup the physical addresses in the page table >> */ >> addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) >> @@ -116,7 +123,8 @@ startup_64: >> movq %rdi, %rax >> shrq $PGDIR_SHIFT, %rax >> >> - leaq (4096 + _KERNPG_TABLE)(%rbx), %rdx >> + leaq (4096 + __KERNPG_TABLE)(%rbx), %rdx >> + addq sme_me_mask(%rip), %rdx /* Apply mem encryption mask */ > > Please add comments over the line and not at the side... Ok, will do. Thanks, Tom >