From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> To: Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Andy Lutomirski <luto@amacapital.net>, David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Kai Huang <kai.huang@linux.intel.com>, Jacob Pan <jacob.jun.pan@linux.intel.com>, Alison Schofield <alison.schofield@intel.com>, linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com> Subject: [PATCH, RFC 24/62] keys/mktme: Preparse the MKTME key payload Date: Wed, 08 May 2019 14:43:44 +0000 [thread overview] Message-ID: <20190508144422.13171-25-kirill.shutemov@linux.intel.com> (raw) In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> From: Alison Schofield <alison.schofield@intel.com> It is a requirement of the Kernel Keys subsystem to provide a preparse method that validates payloads before key instantiate methods are called. Verify that userspace provides valid MKTME options and prepare the payload for use at key instantiate time. Create a method to free the preparsed payload. The Kernel Key subsystem will that to clean up after the key is instantiated. Signed-off-by: Alison Schofield <alison.schofield@intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> --- include/keys/mktme-type.h | 39 +++++++++ security/keys/mktme_keys.c | 165 +++++++++++++++++++++++++++++++++++++ 2 files changed, 204 insertions(+) create mode 100644 include/keys/mktme-type.h diff --git a/include/keys/mktme-type.h b/include/keys/mktme-type.h new file mode 100644 index 000000000000..032905b288b4 --- /dev/null +++ b/include/keys/mktme-type.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* Key service for Multi-KEY Total Memory Encryption */ + +#ifndef _KEYS_MKTME_TYPE_H +#define _KEYS_MKTME_TYPE_H + +#include <linux/key.h> + +/* + * The AES-XTS 128 encryption algorithm requires 128 bits for each + * user supplied data key and tweak key. + */ +#define MKTME_AES_XTS_SIZE 16 /* 16 bytes, 128 bits */ + +enum mktme_alg { + MKTME_ALG_AES_XTS_128, +}; + +const char *const mktme_alg_names[] = { + [MKTME_ALG_AES_XTS_128] = "aes-xts-128", +}; + +enum mktme_type { + MKTME_TYPE_ERROR = -1, + MKTME_TYPE_USER, + MKTME_TYPE_CPU, + MKTME_TYPE_NO_ENCRYPT, +}; + +const char *const mktme_type_names[] = { + [MKTME_TYPE_USER] = "user", + [MKTME_TYPE_CPU] = "cpu", + [MKTME_TYPE_NO_ENCRYPT] = "no-encrypt", +}; + +extern struct key_type key_type_mktme; + +#endif /* _KEYS_MKTME_TYPE_H */ diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index b5e8289f041b..92a047caa829 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -6,6 +6,10 @@ #include <linux/key.h> #include <linux/key-type.h> #include <linux/mm.h> +#include <linux/parser.h> +#include <linux/string.h> +#include <asm/intel_pconfig.h> +#include <keys/mktme-type.h> #include <keys/user-type.h> #include "internal.h" @@ -69,8 +73,169 @@ int mktme_keyid_from_key(struct key *key) return 0; } +enum mktme_opt_id { + OPT_ERROR, + OPT_TYPE, + OPT_KEY, + OPT_TWEAK, + OPT_ALGORITHM, +}; + +static const match_table_t mktme_token = { + {OPT_TYPE, "type=%s"}, + {OPT_KEY, "key=%s"}, + {OPT_TWEAK, "tweak=%s"}, + {OPT_ALGORITHM, "algorithm=%s"}, + {OPT_ERROR, NULL} +}; + +struct mktme_payload { + u32 keyid_ctrl; /* Command & Encryption Algorithm */ + u8 data_key[MKTME_AES_XTS_SIZE]; + u8 tweak_key[MKTME_AES_XTS_SIZE]; +}; + +/* Make sure arguments are correct for the TYPE of key requested */ +static int mktme_check_options(struct mktme_payload *payload, + unsigned long token_mask, enum mktme_type type) +{ + if (!token_mask) + return -EINVAL; + + switch (type) { + case MKTME_TYPE_USER: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + if ((test_bit(OPT_KEY, &token_mask)) && + (test_bit(OPT_TWEAK, &token_mask))) + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_DIRECT; + else + return -EINVAL; + break; + + case MKTME_TYPE_CPU: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_RANDOM; + break; + + case MKTME_TYPE_NO_ENCRYPT: + payload->keyid_ctrl |= MKTME_KEYID_NO_ENCRYPT; + break; + + default: + return -EINVAL; + } + return 0; +} + +/* Parse the options and store the key programming data in the payload. */ +static int mktme_get_options(char *options, struct mktme_payload *payload) +{ + enum mktme_type type = MKTME_TYPE_ERROR; + substring_t args[MAX_OPT_ARGS]; + unsigned long token_mask = 0; + char *p = options; + int ret, token; + + while ((p = strsep(&options, " \t"))) { + if (*p = '\0' || *p = ' ' || *p = '\t') + continue; + token = match_token(p, mktme_token, args); + if (token = OPT_ERROR) + return -EINVAL; + if (test_and_set_bit(token, &token_mask)) + return -EINVAL; + + switch (token) { + case OPT_KEY: + ret = hex2bin(payload->data_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TWEAK: + ret = hex2bin(payload->tweak_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TYPE: + type = match_string(mktme_type_names, + ARRAY_SIZE(mktme_type_names), + args[0].from); + if (type < 0) + return -EINVAL; + break; + + case OPT_ALGORITHM: + ret = match_string(mktme_alg_names, + ARRAY_SIZE(mktme_alg_names), + args[0].from); + if (ret < 0) + return -EINVAL; + break; + + default: + return -EINVAL; + } + } + return mktme_check_options(payload, token_mask, type); +} + +void mktme_free_preparsed_payload(struct key_preparsed_payload *prep) +{ + kzfree(prep->payload.data[0]); +} + +/* + * Key Service Method to preparse a payload before a key is created. + * Check permissions and the options. Load the proposed key field + * data into the payload for use by the instantiate method. + */ +int mktme_preparse_payload(struct key_preparsed_payload *prep) +{ + struct mktme_payload *mktme_payload; + size_t datalen = prep->datalen; + char *options; + int ret; + + if (datalen <= 0 || datalen > 1024 || !prep->data) + return -EINVAL; + + options = kmemdup_nul(prep->data, datalen, GFP_KERNEL); + if (!options) + return -ENOMEM; + + mktme_payload = kzalloc(sizeof(*mktme_payload), GFP_KERNEL); + if (!mktme_payload) { + ret = -ENOMEM; + goto out; + } + ret = mktme_get_options(options, mktme_payload); + if (ret < 0) { + kzfree(mktme_payload); + goto out; + } + prep->quotalen = sizeof(mktme_payload); + prep->payload.data[0] = mktme_payload; +out: + kzfree(options); + return ret; +} + struct key_type key_type_mktme = { .name = "mktme", + .preparse = mktme_preparse_payload, + .free_preparse = mktme_free_preparsed_payload, .describe = user_describe, }; -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> To: Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Andy Lutomirski <luto@amacapital.net>, David Howells <dhowells@redhat.com> Cc: Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@intel.com>, Kai Huang <kai.huang@linux.intel.com>, Jacob Pan <jacob.jun.pan@linux.intel.com>, Alison Schofield <alison.schofield@intel.com>, linux-mm@kvack.org, kvm@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com> Subject: [PATCH, RFC 24/62] keys/mktme: Preparse the MKTME key payload Date: Wed, 8 May 2019 17:43:44 +0300 [thread overview] Message-ID: <20190508144422.13171-25-kirill.shutemov@linux.intel.com> (raw) In-Reply-To: <20190508144422.13171-1-kirill.shutemov@linux.intel.com> From: Alison Schofield <alison.schofield@intel.com> It is a requirement of the Kernel Keys subsystem to provide a preparse method that validates payloads before key instantiate methods are called. Verify that userspace provides valid MKTME options and prepare the payload for use at key instantiate time. Create a method to free the preparsed payload. The Kernel Key subsystem will that to clean up after the key is instantiated. Signed-off-by: Alison Schofield <alison.schofield@intel.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> --- include/keys/mktme-type.h | 39 +++++++++ security/keys/mktme_keys.c | 165 +++++++++++++++++++++++++++++++++++++ 2 files changed, 204 insertions(+) create mode 100644 include/keys/mktme-type.h diff --git a/include/keys/mktme-type.h b/include/keys/mktme-type.h new file mode 100644 index 000000000000..032905b288b4 --- /dev/null +++ b/include/keys/mktme-type.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* Key service for Multi-KEY Total Memory Encryption */ + +#ifndef _KEYS_MKTME_TYPE_H +#define _KEYS_MKTME_TYPE_H + +#include <linux/key.h> + +/* + * The AES-XTS 128 encryption algorithm requires 128 bits for each + * user supplied data key and tweak key. + */ +#define MKTME_AES_XTS_SIZE 16 /* 16 bytes, 128 bits */ + +enum mktme_alg { + MKTME_ALG_AES_XTS_128, +}; + +const char *const mktme_alg_names[] = { + [MKTME_ALG_AES_XTS_128] = "aes-xts-128", +}; + +enum mktme_type { + MKTME_TYPE_ERROR = -1, + MKTME_TYPE_USER, + MKTME_TYPE_CPU, + MKTME_TYPE_NO_ENCRYPT, +}; + +const char *const mktme_type_names[] = { + [MKTME_TYPE_USER] = "user", + [MKTME_TYPE_CPU] = "cpu", + [MKTME_TYPE_NO_ENCRYPT] = "no-encrypt", +}; + +extern struct key_type key_type_mktme; + +#endif /* _KEYS_MKTME_TYPE_H */ diff --git a/security/keys/mktme_keys.c b/security/keys/mktme_keys.c index b5e8289f041b..92a047caa829 100644 --- a/security/keys/mktme_keys.c +++ b/security/keys/mktme_keys.c @@ -6,6 +6,10 @@ #include <linux/key.h> #include <linux/key-type.h> #include <linux/mm.h> +#include <linux/parser.h> +#include <linux/string.h> +#include <asm/intel_pconfig.h> +#include <keys/mktme-type.h> #include <keys/user-type.h> #include "internal.h" @@ -69,8 +73,169 @@ int mktme_keyid_from_key(struct key *key) return 0; } +enum mktme_opt_id { + OPT_ERROR, + OPT_TYPE, + OPT_KEY, + OPT_TWEAK, + OPT_ALGORITHM, +}; + +static const match_table_t mktme_token = { + {OPT_TYPE, "type=%s"}, + {OPT_KEY, "key=%s"}, + {OPT_TWEAK, "tweak=%s"}, + {OPT_ALGORITHM, "algorithm=%s"}, + {OPT_ERROR, NULL} +}; + +struct mktme_payload { + u32 keyid_ctrl; /* Command & Encryption Algorithm */ + u8 data_key[MKTME_AES_XTS_SIZE]; + u8 tweak_key[MKTME_AES_XTS_SIZE]; +}; + +/* Make sure arguments are correct for the TYPE of key requested */ +static int mktme_check_options(struct mktme_payload *payload, + unsigned long token_mask, enum mktme_type type) +{ + if (!token_mask) + return -EINVAL; + + switch (type) { + case MKTME_TYPE_USER: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + if ((test_bit(OPT_KEY, &token_mask)) && + (test_bit(OPT_TWEAK, &token_mask))) + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_DIRECT; + else + return -EINVAL; + break; + + case MKTME_TYPE_CPU: + if (test_bit(OPT_ALGORITHM, &token_mask)) + payload->keyid_ctrl |= MKTME_AES_XTS_128; + else + return -EINVAL; + + payload->keyid_ctrl |= MKTME_KEYID_SET_KEY_RANDOM; + break; + + case MKTME_TYPE_NO_ENCRYPT: + payload->keyid_ctrl |= MKTME_KEYID_NO_ENCRYPT; + break; + + default: + return -EINVAL; + } + return 0; +} + +/* Parse the options and store the key programming data in the payload. */ +static int mktme_get_options(char *options, struct mktme_payload *payload) +{ + enum mktme_type type = MKTME_TYPE_ERROR; + substring_t args[MAX_OPT_ARGS]; + unsigned long token_mask = 0; + char *p = options; + int ret, token; + + while ((p = strsep(&options, " \t"))) { + if (*p == '\0' || *p == ' ' || *p == '\t') + continue; + token = match_token(p, mktme_token, args); + if (token == OPT_ERROR) + return -EINVAL; + if (test_and_set_bit(token, &token_mask)) + return -EINVAL; + + switch (token) { + case OPT_KEY: + ret = hex2bin(payload->data_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TWEAK: + ret = hex2bin(payload->tweak_key, args[0].from, + MKTME_AES_XTS_SIZE); + if (ret < 0) + return -EINVAL; + break; + + case OPT_TYPE: + type = match_string(mktme_type_names, + ARRAY_SIZE(mktme_type_names), + args[0].from); + if (type < 0) + return -EINVAL; + break; + + case OPT_ALGORITHM: + ret = match_string(mktme_alg_names, + ARRAY_SIZE(mktme_alg_names), + args[0].from); + if (ret < 0) + return -EINVAL; + break; + + default: + return -EINVAL; + } + } + return mktme_check_options(payload, token_mask, type); +} + +void mktme_free_preparsed_payload(struct key_preparsed_payload *prep) +{ + kzfree(prep->payload.data[0]); +} + +/* + * Key Service Method to preparse a payload before a key is created. + * Check permissions and the options. Load the proposed key field + * data into the payload for use by the instantiate method. + */ +int mktme_preparse_payload(struct key_preparsed_payload *prep) +{ + struct mktme_payload *mktme_payload; + size_t datalen = prep->datalen; + char *options; + int ret; + + if (datalen <= 0 || datalen > 1024 || !prep->data) + return -EINVAL; + + options = kmemdup_nul(prep->data, datalen, GFP_KERNEL); + if (!options) + return -ENOMEM; + + mktme_payload = kzalloc(sizeof(*mktme_payload), GFP_KERNEL); + if (!mktme_payload) { + ret = -ENOMEM; + goto out; + } + ret = mktme_get_options(options, mktme_payload); + if (ret < 0) { + kzfree(mktme_payload); + goto out; + } + prep->quotalen = sizeof(mktme_payload); + prep->payload.data[0] = mktme_payload; +out: + kzfree(options); + return ret; +} + struct key_type key_type_mktme = { .name = "mktme", + .preparse = mktme_preparse_payload, + .free_preparse = mktme_free_preparsed_payload, .describe = user_describe, }; -- 2.20.1
next prev parent reply other threads:[~2019-05-08 14:43 UTC|newest] Thread overview: 324+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-05-08 14:43 [PATCH, RFC 00/62] Intel MKTME enabling Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 01/62] mm: Do no merge VMAs with different encryption KeyIDs Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 02/62] mm: Add helpers to setup zero page mappings Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 7:21 ` Mike Rapoport 2019-05-08 14:43 ` [PATCH, RFC 03/62] mm/ksm: Do not merge pages with different KeyIDs Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-10 18:07 ` Dave Hansen 2019-05-10 18:07 ` Dave Hansen 2019-05-13 14:27 ` Kirill A. Shutemov 2019-05-13 14:27 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 04/62] mm/page_alloc: Unify alloc_hugepage_vma() Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 05/62] mm/page_alloc: Handle allocation for encrypted memory Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 12:47 ` Kirill A. Shutemov 2019-05-29 12:47 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 06/62] mm/khugepaged: Handle encrypted pages Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 07/62] x86/mm: Mask out KeyID bits from page table entry pfn Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 08/62] x86/mm: Introduce variables to store number, shift and mask of KeyIDs Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 09/62] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 9:15 ` Peter Zijlstra 2019-06-14 9:15 ` Peter Zijlstra 2019-06-14 13:03 ` Kirill A. Shutemov 2019-06-14 13:03 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 10/62] x86/mm: Detect MKTME early Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 11/62] x86/mm: Add a helper to retrieve KeyID for a page Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 12/62] x86/mm: Add a helper to retrieve KeyID for a VMA Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 13/62] x86/mm: Add hooks to allocate and free encrypted pages Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 9:34 ` Peter Zijlstra 2019-06-14 9:34 ` Peter Zijlstra 2019-06-14 11:04 ` Peter Zijlstra 2019-06-14 11:04 ` Peter Zijlstra 2019-06-14 13:28 ` Kirill A. Shutemov 2019-06-14 13:28 ` Kirill A. Shutemov 2019-06-14 13:43 ` Peter Zijlstra 2019-06-14 13:43 ` Peter Zijlstra 2019-06-14 22:41 ` Kirill A. Shutemov 2019-06-14 22:41 ` Kirill A. Shutemov 2019-06-17 9:25 ` Peter Zijlstra 2019-06-17 9:25 ` Peter Zijlstra 2019-06-14 13:14 ` Kirill A. Shutemov 2019-06-14 13:14 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 14/62] x86/mm: Map zero pages into encrypted mappings correctly Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 15/62] x86/mm: Rename CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 16/62] x86/mm: Allow to disable MKTME after enumeration Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 17/62] x86/mm: Calculate direct mapping size Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 18/62] x86/mm: Implement syncing per-KeyID direct mappings Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 9:51 ` Peter Zijlstra 2019-06-14 9:51 ` Peter Zijlstra 2019-06-14 22:43 ` Kirill A. Shutemov 2019-06-14 22:43 ` Kirill A. Shutemov 2019-06-17 9:27 ` Peter Zijlstra 2019-06-17 9:27 ` Peter Zijlstra 2019-06-17 14:43 ` Kirill A. Shutemov 2019-06-17 14:43 ` Kirill A. Shutemov 2019-06-17 14:51 ` Peter Zijlstra 2019-06-17 14:51 ` Peter Zijlstra 2019-06-17 15:17 ` Kirill A. Shutemov 2019-06-17 15:17 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 19/62] x86/mm: Handle encrypted memory in page_to_virt() and __pa() Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 11:10 ` Peter Zijlstra 2019-06-14 11:10 ` Peter Zijlstra 2019-05-08 14:43 ` [PATCH, RFC 20/62] mm/page_ext: Export lookup_page_ext() symbol Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 11:12 ` Peter Zijlstra 2019-06-14 11:12 ` Peter Zijlstra 2019-06-14 22:44 ` Kirill A. Shutemov 2019-06-14 22:44 ` Kirill A. Shutemov 2019-06-17 9:30 ` Peter Zijlstra 2019-06-17 9:30 ` Peter Zijlstra 2019-06-17 11:01 ` Kai Huang 2019-06-17 11:01 ` Kai Huang 2019-06-17 11:01 ` Kai Huang 2019-06-17 11:13 ` Huang, Kai 2019-06-17 11:13 ` Huang, Kai 2019-05-08 14:43 ` [PATCH, RFC 21/62] mm/rmap: Clear vma->anon_vma on unlink_anon_vmas() Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 22/62] x86/pconfig: Set a valid encryption algorithm for all MKTME commands Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 23/62] keys/mktme: Introduce a Kernel Key Service for MKTME Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov [this message] 2019-05-08 14:43 ` [PATCH, RFC 24/62] keys/mktme: Preparse the MKTME key payload Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 25/62] keys/mktme: Instantiate and destroy MKTME keys Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 26/62] keys/mktme: Move the MKTME payload into a cache aligned structure Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-06-14 11:35 ` Peter Zijlstra 2019-06-14 11:35 ` Peter Zijlstra 2019-06-14 17:10 ` Alison Schofield 2019-06-14 17:10 ` Alison Schofield 2019-05-08 14:43 ` [PATCH, RFC 27/62] keys/mktme: Strengthen the entropy of CPU generated MKTME keys Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 28/62] keys/mktme: Set up PCONFIG programming targets for " Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 29/62] keys/mktme: Program MKTME keys into the platform hardware Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 30/62] keys/mktme: Set up a percpu_ref_count for MKTME keys Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 31/62] keys/mktme: Require CAP_SYS_RESOURCE capability " Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 32/62] keys/mktme: Store MKTME payloads if cmdline parameter allows Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 33/62] acpi: Remove __init from acpi table parsing functions Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 34/62] acpi/hmat: Determine existence of an ACPI HMAT Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 35/62] keys/mktme: Require ACPI HMAT to register the MKTME Key Service Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 36/62] acpi/hmat: Evaluate topology presented in ACPI HMAT for MKTME Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 37/62] keys/mktme: Do not allow key creation in unsafe topologies Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 38/62] keys/mktme: Support CPU hotplug for MKTME key service Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:43 ` [PATCH, RFC 39/62] keys/mktme: Find new PCONFIG targets during memory hotplug Kirill A. Shutemov 2019-05-08 14:43 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 40/62] keys/mktme: Program new PCONFIG targets with MKTME keys Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 41/62] keys/mktme: Support memory hotplug for " Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 42/62] mm: Generalize the mprotect implementation to support extensions Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 43/62] syscall/x86: Wire up a system call for MKTME encryption keys Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 18:12 ` Alison Schofield 2019-05-29 18:12 ` Alison Schofield 2019-05-08 14:44 ` [PATCH, RFC 44/62] x86/mm: Set KeyIDs in encrypted VMAs for MKTME Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 11:44 ` Peter Zijlstra 2019-06-14 11:44 ` Peter Zijlstra 2019-06-14 17:33 ` Alison Schofield 2019-06-14 17:33 ` Alison Schofield 2019-06-14 18:26 ` Dave Hansen 2019-06-14 18:26 ` Dave Hansen 2019-06-14 18:46 ` Alison Schofield 2019-06-14 18:46 ` Alison Schofield 2019-06-14 19:11 ` Dave Hansen 2019-06-14 19:11 ` Dave Hansen 2019-06-17 9:10 ` Peter Zijlstra 2019-06-17 9:10 ` Peter Zijlstra 2019-05-08 14:44 ` [PATCH, RFC 45/62] mm: Add the encrypt_mprotect() system call " Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 11:47 ` Peter Zijlstra 2019-06-14 11:47 ` Peter Zijlstra 2019-06-14 17:35 ` Alison Schofield 2019-06-14 17:35 ` Alison Schofield 2019-06-14 11:51 ` Peter Zijlstra 2019-06-14 11:51 ` Peter Zijlstra 2019-06-15 0:32 ` Alison Schofield 2019-06-15 0:32 ` Alison Schofield 2019-06-17 9:08 ` Peter Zijlstra 2019-06-17 9:08 ` Peter Zijlstra 2019-06-17 15:07 ` Andy Lutomirski 2019-06-17 15:07 ` Andy Lutomirski 2019-06-17 15:07 ` Andy Lutomirski 2019-06-17 15:28 ` Dave Hansen 2019-06-17 15:28 ` Dave Hansen 2019-06-17 15:46 ` Andy Lutomirski 2019-06-17 15:46 ` Andy Lutomirski 2019-06-17 15:46 ` Andy Lutomirski 2019-06-17 18:27 ` Dave Hansen 2019-06-17 18:27 ` Dave Hansen 2019-06-17 19:12 ` Andy Lutomirski 2019-06-17 19:12 ` Andy Lutomirski 2019-06-17 19:12 ` Andy Lutomirski 2019-06-17 21:36 ` Dave Hansen 2019-06-17 21:36 ` Dave Hansen 2019-06-18 0:48 ` Kai Huang 2019-06-18 0:48 ` Kai Huang 2019-06-18 0:48 ` Kai Huang 2019-06-18 1:50 ` Andy Lutomirski 2019-06-18 1:50 ` Andy Lutomirski 2019-06-18 1:50 ` Andy Lutomirski 2019-06-18 2:11 ` Kai Huang 2019-06-18 2:11 ` Kai Huang 2019-06-18 2:11 ` Kai Huang 2019-06-18 4:24 ` Andy Lutomirski 2019-06-18 4:24 ` Andy Lutomirski 2019-06-18 4:24 ` Andy Lutomirski 2019-06-18 14:19 ` Dave Hansen 2019-06-18 14:19 ` Dave Hansen 2019-06-18 0:05 ` Kai Huang 2019-06-18 0:05 ` Kai Huang 2019-06-18 0:05 ` Kai Huang 2019-06-18 0:15 ` Andy Lutomirski 2019-06-18 0:15 ` Andy Lutomirski 2019-06-18 0:15 ` Andy Lutomirski 2019-06-18 1:35 ` Kai Huang 2019-06-18 1:35 ` Kai Huang 2019-06-18 1:35 ` Kai Huang 2019-06-18 1:43 ` Andy Lutomirski 2019-06-18 1:43 ` Andy Lutomirski 2019-06-18 1:43 ` Andy Lutomirski 2019-06-18 2:23 ` Kai Huang 2019-06-18 2:23 ` Kai Huang 2019-06-18 2:23 ` Kai Huang 2019-06-18 9:12 ` Peter Zijlstra 2019-06-18 9:12 ` Peter Zijlstra 2019-06-18 14:09 ` Dave Hansen 2019-06-18 14:09 ` Dave Hansen 2019-06-18 16:15 ` Kirill A. Shutemov 2019-06-18 16:15 ` Kirill A. Shutemov 2019-06-18 16:22 ` Dave Hansen 2019-06-18 16:22 ` Dave Hansen 2019-06-18 16:36 ` Andy Lutomirski 2019-06-18 16:36 ` Andy Lutomirski 2019-06-18 16:48 ` Dave Hansen 2019-06-18 16:48 ` Dave Hansen 2019-06-18 14:13 ` Dave Hansen 2019-06-18 14:13 ` Dave Hansen 2019-06-17 23:59 ` Kai Huang 2019-06-17 23:59 ` Kai Huang 2019-06-17 23:59 ` Kai Huang 2019-06-18 1:34 ` Lendacky, Thomas 2019-06-18 1:34 ` Lendacky, Thomas 2019-06-18 1:40 ` Andy Lutomirski 2019-06-18 1:40 ` Andy Lutomirski 2019-06-18 1:40 ` Andy Lutomirski 2019-06-18 2:02 ` Lendacky, Thomas 2019-06-18 2:02 ` Lendacky, Thomas 2019-06-18 4:19 ` Andy Lutomirski 2019-06-18 4:19 ` Andy Lutomirski 2019-06-18 4:19 ` Andy Lutomirski 2019-05-08 14:44 ` [PATCH, RFC 46/62] x86/mm: Keep reference counts on encrypted VMAs " Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 11:54 ` Peter Zijlstra 2019-06-14 11:54 ` Peter Zijlstra 2019-06-14 18:39 ` Alison Schofield 2019-06-14 18:39 ` Alison Schofield 2019-05-08 14:44 ` [PATCH, RFC 47/62] mm: Restrict MKTME memory encryption to anonymous VMAs Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 11:55 ` Peter Zijlstra 2019-06-14 11:55 ` Peter Zijlstra 2019-06-15 0:07 ` Alison Schofield 2019-06-15 0:07 ` Alison Schofield 2019-05-08 14:44 ` [PATCH, RFC 48/62] selftests/x86/mktme: Test the MKTME APIs Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 17:09 ` Alison Schofield 2019-05-08 17:09 ` Alison Schofield 2019-05-08 14:44 ` [PATCH, RFC 49/62] mm, x86: export several MKTME variables Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 11:56 ` Peter Zijlstra 2019-06-14 11:56 ` Peter Zijlstra 2019-06-17 3:14 ` Kai Huang 2019-06-17 3:14 ` Kai Huang 2019-06-17 3:14 ` Kai Huang 2019-06-17 7:46 ` Peter Zijlstra 2019-06-17 7:46 ` Peter Zijlstra 2019-06-17 8:39 ` Kai Huang 2019-06-17 8:39 ` Kai Huang 2019-06-17 8:39 ` Kai Huang 2019-06-17 11:25 ` Kirill A. Shutemov 2019-06-17 11:25 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 50/62] kvm, x86, mmu: setup MKTME keyID to spte for given PFN Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 51/62] iommu/vt-d: Support MKTME in DMA remapping Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-06-14 12:04 ` Peter Zijlstra 2019-06-14 12:04 ` Peter Zijlstra 2019-05-08 14:44 ` [PATCH, RFC 52/62] x86/mm: introduce common code for mem encryption Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 16:58 ` Christoph Hellwig 2019-05-08 16:58 ` Christoph Hellwig 2019-05-08 20:52 ` Jacob Pan 2019-05-08 20:52 ` Jacob Pan 2019-05-08 21:21 ` Kirill A. Shutemov 2019-05-08 21:21 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 53/62] x86/mm: Use common code for DMA memory encryption Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 54/62] x86/mm: Disable MKTME on incompatible platform configurations Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 55/62] x86/mm: Disable MKTME if not all system memory supports encryption Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 56/62] x86: Introduce CONFIG_X86_INTEL_MKTME Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 57/62] x86/mktme: Overview of Multi-Key Total Memory Encryption Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 7:21 ` Mike Rapoport 2019-05-29 18:13 ` Alison Schofield 2019-05-29 18:13 ` Alison Schofield 2019-07-14 18:16 ` Randy Dunlap 2019-07-14 18:16 ` Randy Dunlap 2019-07-15 9:02 ` Kirill A. Shutemov 2019-07-15 9:02 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 58/62] x86/mktme: Document the MKTME provided security mitigations Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 59/62] x86/mktme: Document the MKTME kernel configuration requirements Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 60/62] x86/mktme: Document the MKTME Key Service API Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 61/62] x86/mktme: Document the MKTME API for anonymous memory encryption Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-08 14:44 ` [PATCH, RFC 62/62] x86/mktme: Demonstration program using the MKTME APIs Kirill A. Shutemov 2019-05-08 14:44 ` Kirill A. Shutemov 2019-05-29 7:30 ` [PATCH, RFC 00/62] Intel MKTME enabling Mike Rapoport 2019-05-29 7:30 ` Mike Rapoport 2019-05-29 18:20 ` Alison Schofield 2019-05-29 18:20 ` Alison Schofield 2019-06-14 12:15 ` Peter Zijlstra 2019-06-14 12:15 ` Peter Zijlstra
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190508144422.13171-25-kirill.shutemov@linux.intel.com \ --to=kirill.shutemov@linux.intel.com \ --cc=akpm@linux-foundation.org \ --cc=alison.schofield@intel.com \ --cc=bp@alien8.de \ --cc=dave.hansen@intel.com \ --cc=dhowells@redhat.com \ --cc=hpa@zytor.com \ --cc=jacob.jun.pan@linux.intel.com \ --cc=kai.huang@linux.intel.com \ --cc=keescook@chromium.org \ --cc=keyrings@vger.kernel.org \ --cc=kvm@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@amacapital.net \ --cc=mingo@redhat.com \ --cc=peterz@infradead.org \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.