From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-sn1nam01on0040.outbound.protection.outlook.com ([104.47.32.40] helo=NAM01-SN1-obe.outbound.protection.outlook.com) by casper.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dIgSI-0002DH-A7 for kexec@lists.infradead.org; Wed, 07 Jun 2017 19:17:24 +0000 From: Tom Lendacky Subject: [PATCH v6 23/34] x86, realmode: Decrypt trampoline area if memory encryption is active Date: Wed, 07 Jun 2017 14:17:09 -0500 Message-ID: <20170607191709.28645.69034.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> References: <20170607191309.28645.15241.stgit@tlendack-t1.amdoffice.net> MIME-Version: 1.0 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Thomas Gleixner , Rik van Riel , Brijesh Singh , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Konrad Rzeszutek Wilk , Andrey Ryabinin , Ingo Molnar , "Michael S. Tsirkin" , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Paolo Bonzini , Alexander Potapenko , Dave Young , Larry Woodman , Dmitry Vyukov When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. A recent change that added a new system_state value exposed a warning issued by early_ioreamp() when the system_state was not SYSTEM_BOOTING. At the stage where the trampoline area is decrypted, the system_state is now SYSTEM_SCHEDULING. The check was changed to issue a warning if the system_state is greater than or equal to SYSTEM_RUNNING. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c | 11 +++++++++++ mm/early_ioremap.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index a163a90..195ba29 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -6,6 +6,7 @@ #include #include #include +#include struct real_mode_header *real_mode_header; u32 *trampoline_cr4_features; @@ -130,6 +131,16 @@ static void __init set_real_mode_permissions(void) unsigned long text_start = (unsigned long) __va(real_mode_header->text_start); + /* + * If SME is active, the trampoline area will need to be in + * decrypted memory in order to bring up other processors + * successfully. + */ + if (sme_active()) { + sme_early_decrypt(__pa(base), size); + set_memory_decrypted((unsigned long)base, size >> PAGE_SHIFT); + } + set_memory_nx((unsigned long) base, size >> PAGE_SHIFT); set_memory_ro((unsigned long) base, ro_size >> PAGE_SHIFT); set_memory_x((unsigned long) text_start, text_size >> PAGE_SHIFT); diff --git a/mm/early_ioremap.c b/mm/early_ioremap.c index b1dd4a9..01d13ae 100644 --- a/mm/early_ioremap.c +++ b/mm/early_ioremap.c @@ -110,7 +110,7 @@ static int __init check_early_ioremap_leak(void) enum fixed_addresses idx; int i, slot; - WARN_ON(system_state != SYSTEM_BOOTING); + WARN_ON(system_state >= SYSTEM_RUNNING); slot = -1; for (i = 0; i < FIX_BTMAPS_SLOTS; i++) { _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec