From: Tom Lendacky <thomas.lendacky@amd.com>
To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
linux-mm@kvack.org, iommu@lists.linux-foundation.org
Cc: "Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Alexander Potapenko" <glider@google.com>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Larry Woodman" <lwoodman@redhat.com>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: [RFC PATCH v4 09/28] x86: Add support for early encryption/decryption of memory
Date: Thu, 16 Feb 2017 09:43:58 -0600 [thread overview]
Message-ID: <20170216154358.19244.6082.stgit@tlendack-t1.amdoffice.net> (raw)
In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net>
Add support to be able to either encrypt or decrypt data in place during
the early stages of booting the kernel. This does not change the memory
encryption attribute - it is used for ensuring that data present in either
an encrypted or decrypted memory area is in the proper state (for example
the initrd will have been loaded by the boot loader and will not be
encrypted, but the memory that it resides in is marked as encrypted).
The early_memmap support is enhanced to specify encrypted and decrypted
mappings with and without write-protection. The use of write-protection is
necessary when encrypting data "in place". The write-protect attribute is
considered cacheable for loads, but not stores. This implies that the
hardware will never give the core a dirty line with this memtype.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/include/asm/mem_encrypt.h | 15 +++++++
arch/x86/mm/mem_encrypt.c | 79 ++++++++++++++++++++++++++++++++++++
2 files changed, 94 insertions(+)
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
index 547989d..3c9052c 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -26,6 +26,11 @@ static inline bool sme_active(void)
return (sme_me_mask) ? true : false;
}
+void __init sme_early_encrypt(resource_size_t paddr,
+ unsigned long size);
+void __init sme_early_decrypt(resource_size_t paddr,
+ unsigned long size);
+
void __init sme_early_init(void);
#define __sme_pa(x) (__pa((x)) | sme_me_mask)
@@ -42,6 +47,16 @@ static inline bool sme_active(void)
}
#endif
+static inline void __init sme_early_encrypt(resource_size_t paddr,
+ unsigned long size)
+{
+}
+
+static inline void __init sme_early_decrypt(resource_size_t paddr,
+ unsigned long size)
+{
+}
+
static inline void __init sme_early_init(void)
{
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d71df97..ac3565c 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -14,6 +14,9 @@
#include <linux/init.h>
#include <linux/mm.h>
+#include <asm/tlbflush.h>
+#include <asm/fixmap.h>
+
extern pmdval_t early_pmd_flags;
/*
@@ -24,6 +27,82 @@
unsigned long sme_me_mask __section(.data) = 0;
EXPORT_SYMBOL_GPL(sme_me_mask);
+/* Buffer used for early in-place encryption by BSP, no locking needed */
+static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE);
+
+/*
+ * This routine does not change the underlying encryption setting of the
+ * page(s) that map this memory. It assumes that eventually the memory is
+ * meant to be accessed as either encrypted or decrypted but the contents
+ * are currently not in the desired stated.
+ *
+ * This routine follows the steps outlined in the AMD64 Architecture
+ * Programmer's Manual Volume 2, Section 7.10.8 Encrypt-in-Place.
+ */
+static void __init __sme_early_enc_dec(resource_size_t paddr,
+ unsigned long size, bool enc)
+{
+ void *src, *dst;
+ size_t len;
+
+ if (!sme_me_mask)
+ return;
+
+ local_flush_tlb();
+ wbinvd();
+
+ /*
+ * There are limited number of early mapping slots, so map (at most)
+ * one page at time.
+ */
+ while (size) {
+ len = min_t(size_t, sizeof(sme_early_buffer), size);
+
+ /*
+ * Create write protected mappings for the current format
+ * of the memory.
+ */
+ src = enc ? early_memremap_decrypted_wp(paddr, len) :
+ early_memremap_encrypted_wp(paddr, len);
+
+ /*
+ * Create mappings for the desired format of the memory.
+ */
+ dst = enc ? early_memremap_encrypted(paddr, len) :
+ early_memremap_decrypted(paddr, len);
+
+ /*
+ * If a mapping can't be obtained to perform the operation,
+ * then eventual access of that area will in the desired
+ * mode will cause a crash.
+ */
+ BUG_ON(!src || !dst);
+
+ /*
+ * Use a temporary buffer, of cache-line multiple size, to
+ * avoid data corruption as documented in the APM.
+ */
+ memcpy(sme_early_buffer, src, len);
+ memcpy(dst, sme_early_buffer, len);
+
+ early_memunmap(dst, len);
+ early_memunmap(src, len);
+
+ paddr += len;
+ size -= len;
+ }
+}
+
+void __init sme_early_encrypt(resource_size_t paddr, unsigned long size)
+{
+ __sme_early_enc_dec(paddr, size, true);
+}
+
+void __init sme_early_decrypt(resource_size_t paddr, unsigned long size)
+{
+ __sme_early_enc_dec(paddr, size, false);
+}
+
void __init sme_early_init(void)
{
unsigned int i;
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-02-16 15:44 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-16 15:41 [RFC PATCH v4 00/28] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-02-16 15:42 ` [RFC PATCH v4 01/28] x86: Documentation for AMD Secure Memory Encryption (SME) Tom Lendacky
[not found] ` <20170216154211.19244.76656.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-16 17:56 ` Borislav Petkov
2017-02-16 19:48 ` Tom Lendacky
2017-02-16 15:42 ` [RFC PATCH v4 02/28] x86: Set the write-protect cache mode for full PAT support Tom Lendacky
[not found] ` <20170216154225.19244.96438.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-17 11:07 ` Borislav Petkov
2017-02-17 15:56 ` Tom Lendacky
2017-02-16 15:42 ` [RFC PATCH v4 03/28] x86: Add the Secure Memory Encryption CPU feature Tom Lendacky
[not found] ` <20170216154236.19244.7580.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-16 18:13 ` Borislav Petkov
2017-02-16 19:42 ` Tom Lendacky
[not found] ` <a1a6a6d7-3aac-3138-1e75-6160f0427a6b-5C7GfCeVMHo@public.gmane.org>
2017-02-16 20:06 ` Borislav Petkov
2017-02-16 15:42 ` [RFC PATCH v4 04/28] x86: Handle reduction in physical address size with SME Tom Lendacky
2017-02-17 11:04 ` Borislav Petkov
2017-02-16 15:43 ` [RFC PATCH v4 05/28] x86: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-02-17 12:00 ` Borislav Petkov
2017-02-25 15:29 ` Borislav Petkov
2017-02-28 23:01 ` Tom Lendacky
2017-02-16 15:43 ` [RFC PATCH v4 06/28] x86: Add support to enable SME during early boot processing Tom Lendacky
[not found] ` <20170216154319.19244.7863.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 12:51 ` Borislav Petkov
2017-02-21 14:55 ` Tom Lendacky
[not found] ` <a23be4fa-d7ef-4e7a-5b6b-73e120a5ca80-5C7GfCeVMHo@public.gmane.org>
2017-02-21 15:10 ` Borislav Petkov
2017-02-16 15:43 ` [RFC PATCH v4 07/28] x86: Provide general kernel support for memory encryption Tom Lendacky
[not found] ` <20170216154332.19244.55451.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 15:21 ` Borislav Petkov
2017-02-21 17:18 ` Tom Lendacky
2017-02-22 12:08 ` Borislav Petkov
2017-02-20 18:38 ` Borislav Petkov
2017-02-22 16:43 ` Tom Lendacky
2017-02-22 18:13 ` Dave Hansen
2017-02-23 23:12 ` Tom Lendacky
2017-02-22 18:13 ` Dave Hansen
2017-02-16 15:43 ` [RFC PATCH v4 08/28] x86: Extend the early_memremap support with additional attrs Tom Lendacky
[not found] ` <20170216154348.19244.11884.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 15:43 ` Borislav Petkov
2017-02-22 15:42 ` Tom Lendacky
2017-02-16 15:43 ` Tom Lendacky [this message]
[not found] ` <20170216154358.19244.6082.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 18:22 ` [RFC PATCH v4 09/28] x86: Add support for early encryption/decryption of memory Borislav Petkov
2017-02-22 15:48 ` Tom Lendacky
2017-02-16 15:44 ` [RFC PATCH v4 10/28] x86: Insure that boot memory areas are mapped properly Tom Lendacky
[not found] ` <20170216154411.19244.99258.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 19:45 ` Borislav Petkov
2017-02-22 18:34 ` Tom Lendacky
2017-02-16 15:44 ` [RFC PATCH v4 11/28] x86: Add support to determine the E820 type of an address Tom Lendacky
[not found] ` <20170216154430.19244.95519.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-20 20:09 ` Borislav Petkov
2017-02-28 22:34 ` Tom Lendacky
2017-03-03 9:52 ` Borislav Petkov
2017-02-16 15:44 ` [RFC PATCH v4 12/28] efi: Add an EFI table address match function Tom Lendacky
2017-02-16 15:44 ` [RFC PATCH v4 13/28] efi: Update efi_mem_type() to return defined EFI mem types Tom Lendacky
2017-02-21 12:05 ` Matt Fleming
2017-02-23 17:27 ` Tom Lendacky
2017-02-24 9:57 ` Matt Fleming
2017-02-16 15:45 ` [RFC PATCH v4 14/28] Add support to access boot related data in the clear Tom Lendacky
[not found] ` <20170216154508.19244.58580.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-21 15:06 ` Borislav Petkov
2017-02-23 21:34 ` Tom Lendacky
2017-02-24 10:21 ` Borislav Petkov
2017-02-24 15:04 ` Tom Lendacky
2017-02-24 15:22 ` Borislav Petkov
2017-03-08 6:55 ` Dave Young
2017-03-17 19:50 ` Tom Lendacky
2017-02-16 15:45 ` [RFC PATCH v4 15/28] Add support to access persistent memory " Tom Lendacky
2017-03-17 22:58 ` Elliott, Robert (Persistent Memory)
2017-03-23 21:02 ` Tom Lendacky
2017-02-16 15:45 ` [RFC PATCH v4 16/28] x86: Add support for changing memory encryption attribute Tom Lendacky
2017-02-22 18:52 ` Borislav Petkov
2017-02-28 22:46 ` Tom Lendacky
2017-02-16 15:45 ` [RFC PATCH v4 17/28] x86: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-02-16 15:46 ` [RFC PATCH v4 18/28] x86: DMA support for memory encryption Tom Lendacky
2017-02-25 17:10 ` Borislav Petkov
2017-03-06 17:47 ` Tom Lendacky
2017-02-16 15:46 ` [RFC PATCH v4 19/28] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-02-17 15:59 ` Konrad Rzeszutek Wilk
2017-02-17 16:51 ` Tom Lendacky
2017-03-02 17:01 ` Paolo Bonzini
2017-02-27 17:52 ` Borislav Petkov
2017-02-28 23:19 ` Tom Lendacky
2017-03-01 11:17 ` Borislav Petkov
2017-02-16 15:46 ` [RFC PATCH v4 20/28] iommu/amd: Disable AMD IOMMU if memory encryption is active Tom Lendacky
2017-02-16 15:46 ` [RFC PATCH v4 21/28] x86: Check for memory encryption on the APs Tom Lendacky
[not found] ` <20170216154647.19244.18733.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-27 18:17 ` Borislav Petkov
2017-02-28 23:28 ` Tom Lendacky
[not found] ` <5f461d57-9232-1cb3-d4d9-9b8a39d00b12-5C7GfCeVMHo@public.gmane.org>
2017-03-01 11:17 ` Borislav Petkov
2017-02-16 15:47 ` [RFC PATCH v4 22/28] x86: Do not specify encrypted memory for video mappings Tom Lendacky
2017-02-16 15:47 ` [RFC PATCH v4 23/28] x86/kvm: Enable Secure Memory Encryption of nested page tables Tom Lendacky
2017-02-16 15:47 ` [RFC PATCH v4 24/28] x86: Access the setup data through debugfs decrypted Tom Lendacky
2017-03-08 7:04 ` Dave Young
2017-03-17 19:54 ` Tom Lendacky
2017-02-16 15:47 ` [RFC PATCH v4 25/28] x86: Access the setup data through sysfs decrypted Tom Lendacky
2017-03-08 7:09 ` Dave Young
2017-03-17 20:09 ` Tom Lendacky
2017-02-16 15:47 ` [RFC PATCH v4 26/28] x86: Allow kexec to be used with SME Tom Lendacky
2017-02-17 15:57 ` Konrad Rzeszutek Wilk
2017-02-17 16:43 ` Tom Lendacky
2017-03-01 9:25 ` Dave Young
2017-03-01 9:27 ` Dave Young
2017-03-06 17:58 ` Tom Lendacky
2017-03-06 18:04 ` Tom Lendacky
2017-03-08 8:12 ` Dave Young
2017-02-28 10:35 ` Borislav Petkov
2017-03-01 15:36 ` Tom Lendacky
2017-02-16 15:48 ` [RFC PATCH v4 27/28] x86: Add support to encrypt the kernel in-place Tom Lendacky
[not found] ` <20170216154808.19244.475.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-03-01 17:36 ` Borislav Petkov
2017-03-02 18:30 ` Tom Lendacky
2017-03-02 18:51 ` Borislav Petkov
2017-02-16 15:48 ` [RFC PATCH v4 28/28] x86: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-03-01 18:40 ` Borislav Petkov
2017-03-07 16:05 ` Tom Lendacky
2017-03-07 17:42 ` Borislav Petkov
2017-03-08 15:05 ` Borislav Petkov
[not found] ` <20170216154158.19244.66630.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org>
2017-02-18 18:12 ` [RFC PATCH v4 00/28] x86: Secure Memory Encryption (AMD) Borislav Petkov
2017-02-21 15:09 ` Tom Lendacky
2017-02-21 17:42 ` Rik van Riel
[not found] ` <1487698965.17158.8.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-21 17:53 ` Borislav Petkov
2017-03-01 9:17 ` Dave Young
2017-03-01 17:51 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170216154358.19244.6082.stgit@tlendack-t1.amdoffice.net \
--to=thomas.lendacky@amd.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox