From: Ross Philipson <ross.philipson@oracle.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, luto@amacapital.net, trenchboot-devel@googlegroups.com Subject: [PATCH v2 08/12] kexec: Secure Launch kexec SEXIT support Date: Fri, 18 Jun 2021 12:12:53 -0400 [thread overview] Message-ID: <1624032777-7013-9-git-send-email-ross.philipson@oracle.com> (raw) In-Reply-To: <1624032777-7013-1-git-send-email-ross.philipson@oracle.com> Prior to running the next kernel via kexec, the Secure Launch code closes down private SMX resources and does an SEXIT. This allows the next kernel to start normally without any issues starting the APs etc. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- arch/x86/kernel/slaunch.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++ kernel/kexec_core.c | 4 +++ 2 files changed, 75 insertions(+) diff --git a/arch/x86/kernel/slaunch.c b/arch/x86/kernel/slaunch.c index a24d384..8db557a 100644 --- a/arch/x86/kernel/slaunch.c +++ b/arch/x86/kernel/slaunch.c @@ -470,3 +470,74 @@ void __init slaunch_setup(void) vendor[3] == INTEL_CPUID_MFGID_EDX) slaunch_setup_intel(); } + +static inline void smx_getsec_sexit(void) +{ + asm volatile (".byte 0x0f,0x37\n" + : : "a" (SMX_X86_GETSEC_SEXIT)); +} + +void slaunch_finalize(int do_sexit) +{ + void __iomem *config; + u64 one = TXT_REGVALUE_ONE, val; + + if ((slaunch_get_flags() & (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)) != + (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)) + return; + + config = ioremap(TXT_PRIV_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT private reqs\n"); + return; + } + + /* Clear secrets bit for SEXIT */ + memcpy_toio(config + TXT_CR_CMD_NO_SECRETS, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Unlock memory configurations */ + memcpy_toio(config + TXT_CR_CMD_UNLOCK_MEM_CONFIG, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Close the TXT private register space */ + memcpy_toio(config + TXT_CR_CMD_CLOSE_PRIVATE, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* + * Calls to iounmap are not being done because of the state of the + * system this late in the kexec process. Local IRQs are disabled and + * iounmap causes a TLB flush which in turn causes a warning. Leaving + * thse mappings is not an issue since the next kernel is going to + * completely re-setup memory management. + */ + + /* Map public registers and do a final read fence */ + config = ioremap(TXT_PUB_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT public reqs\n"); + return; + } + + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + pr_emerg("TXT clear secrets bit and unlock memory complete."); + + if (!do_sexit) + return; + + if (smp_processor_id() != 0) { + pr_emerg("Error TXT SEXIT must be called on CPU 0\n"); + return; + } + + /* Disable SMX mode */ + cr4_set_bits(X86_CR4_SMXE); + + /* Do the SEXIT SMX operation */ + smx_getsec_sexit(); + + pr_emerg("TXT SEXIT complete."); +} diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index f099bae..1dcf20c 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -38,6 +38,7 @@ #include <linux/hugetlb.h> #include <linux/objtool.h> #include <linux/kmsg_dump.h> +#include <linux/slaunch.h> #include <asm/page.h> #include <asm/sections.h> @@ -1178,6 +1179,9 @@ int kernel_kexec(void) cpu_hotplug_enable(); pr_notice("Starting new kernel\n"); machine_shutdown(); + + /* Finalize TXT registers and do SEXIT */ + slaunch_finalize(1); } kmsg_dump(KMSG_DUMP_SHUTDOWN); -- 1.8.3.1
WARNING: multiple messages have this Message-ID (diff)
From: Ross Philipson <ross.philipson@oracle.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, iommu@lists.linux-foundation.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org Cc: dpsmith@apertussolutions.com, ross.philipson@oracle.com, luto@amacapital.net, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, tglx@linutronix.de, trenchboot-devel@googlegroups.com Subject: [PATCH v2 08/12] kexec: Secure Launch kexec SEXIT support Date: Fri, 18 Jun 2021 12:12:53 -0400 [thread overview] Message-ID: <1624032777-7013-9-git-send-email-ross.philipson@oracle.com> (raw) In-Reply-To: <1624032777-7013-1-git-send-email-ross.philipson@oracle.com> Prior to running the next kernel via kexec, the Secure Launch code closes down private SMX resources and does an SEXIT. This allows the next kernel to start normally without any issues starting the APs etc. Signed-off-by: Ross Philipson <ross.philipson@oracle.com> --- arch/x86/kernel/slaunch.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++ kernel/kexec_core.c | 4 +++ 2 files changed, 75 insertions(+) diff --git a/arch/x86/kernel/slaunch.c b/arch/x86/kernel/slaunch.c index a24d384..8db557a 100644 --- a/arch/x86/kernel/slaunch.c +++ b/arch/x86/kernel/slaunch.c @@ -470,3 +470,74 @@ void __init slaunch_setup(void) vendor[3] == INTEL_CPUID_MFGID_EDX) slaunch_setup_intel(); } + +static inline void smx_getsec_sexit(void) +{ + asm volatile (".byte 0x0f,0x37\n" + : : "a" (SMX_X86_GETSEC_SEXIT)); +} + +void slaunch_finalize(int do_sexit) +{ + void __iomem *config; + u64 one = TXT_REGVALUE_ONE, val; + + if ((slaunch_get_flags() & (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)) != + (SL_FLAG_ACTIVE|SL_FLAG_ARCH_TXT)) + return; + + config = ioremap(TXT_PRIV_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT private reqs\n"); + return; + } + + /* Clear secrets bit for SEXIT */ + memcpy_toio(config + TXT_CR_CMD_NO_SECRETS, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Unlock memory configurations */ + memcpy_toio(config + TXT_CR_CMD_UNLOCK_MEM_CONFIG, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Close the TXT private register space */ + memcpy_toio(config + TXT_CR_CMD_CLOSE_PRIVATE, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* + * Calls to iounmap are not being done because of the state of the + * system this late in the kexec process. Local IRQs are disabled and + * iounmap causes a TLB flush which in turn causes a warning. Leaving + * thse mappings is not an issue since the next kernel is going to + * completely re-setup memory management. + */ + + /* Map public registers and do a final read fence */ + config = ioremap(TXT_PUB_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT public reqs\n"); + return; + } + + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + pr_emerg("TXT clear secrets bit and unlock memory complete."); + + if (!do_sexit) + return; + + if (smp_processor_id() != 0) { + pr_emerg("Error TXT SEXIT must be called on CPU 0\n"); + return; + } + + /* Disable SMX mode */ + cr4_set_bits(X86_CR4_SMXE); + + /* Do the SEXIT SMX operation */ + smx_getsec_sexit(); + + pr_emerg("TXT SEXIT complete."); +} diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index f099bae..1dcf20c 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -38,6 +38,7 @@ #include <linux/hugetlb.h> #include <linux/objtool.h> #include <linux/kmsg_dump.h> +#include <linux/slaunch.h> #include <asm/page.h> #include <asm/sections.h> @@ -1178,6 +1179,9 @@ int kernel_kexec(void) cpu_hotplug_enable(); pr_notice("Starting new kernel\n"); machine_shutdown(); + + /* Finalize TXT registers and do SEXIT */ + slaunch_finalize(1); } kmsg_dump(KMSG_DUMP_SHUTDOWN); -- 1.8.3.1 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu
next prev parent reply other threads:[~2021-06-18 16:07 UTC|newest] Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-06-18 16:12 [PATCH v2 00/12] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 01/12] x86/boot: Place kernel_info at a fixed offset Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 02/12] x86: Secure Launch Kconfig Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 03/12] x86: Secure Launch main header file Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 04/12] x86: Add early SHA support for Secure Launch early measurements Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 05/12] x86: Secure Launch kernel early boot stub Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 06/12] x86: Secure Launch kernel late " Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 07/12] x86: Secure Launch SMP bringup support Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` Ross Philipson [this message] 2021-06-18 16:12 ` [PATCH v2 08/12] kexec: Secure Launch kexec SEXIT support Ross Philipson 2021-06-18 16:12 ` [PATCH v2 09/12] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 10/12] x86: Secure Launch late initcall platform module Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 11/12] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 16:12 ` [PATCH v2 12/12] iommu: Do not allow IOMMU passthrough with " Ross Philipson 2021-06-18 16:12 ` Ross Philipson 2021-06-18 18:32 ` Robin Murphy 2021-06-18 18:32 ` Robin Murphy 2021-06-21 17:51 ` Ross Philipson 2021-06-21 17:51 ` Ross Philipson 2021-06-21 21:15 ` Andy Lutomirski 2021-06-21 21:15 ` Andy Lutomirski 2021-06-30 9:50 ` Ross Philipson 2021-06-30 9:50 ` Ross Philipson 2021-08-04 3:05 ` Daniel P. Smith 2021-08-04 3:05 ` Daniel P. Smith 2021-06-22 11:06 ` Robin Murphy 2021-06-22 11:06 ` Robin Murphy 2021-06-30 9:47 ` Ross Philipson 2021-06-30 9:47 ` Ross Philipson
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1624032777-7013-9-git-send-email-ross.philipson@oracle.com \ --to=ross.philipson@oracle.com \ --cc=bp@alien8.de \ --cc=dpsmith@apertussolutions.com \ --cc=hpa@zytor.com \ --cc=iommu@lists.linux-foundation.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=luto@amacapital.net \ --cc=mingo@redhat.com \ --cc=tglx@linutronix.de \ --cc=trenchboot-devel@googlegroups.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.