From: Brijesh Singh <brijesh.singh@amd.com>
To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: "Borislav Petkov" <bp@alien8.de>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"H. Peter Anvin" <hpa@zytor.com>, "Borislav Petkov" <bp@suse.de>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Laura Abbott" <labbott@redhat.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Jérôme Glisse" <jglisse@redhat.com>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Dan Williams" <dan.j.williams@intel.com>,
"Kees Cook" <keescook@chromium.org>
Subject: [Part1 PATCH v7 10/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages
Date: Fri, 20 Oct 2017 09:30:52 -0500 [thread overview]
Message-ID: <20171020143059.3291-11-brijesh.singh@amd.com> (raw)
In-Reply-To: <20171020143059.3291-1-brijesh.singh@amd.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
In order for memory pages to be properly mapped when SEV is active, we
need to use the PAGE_KERNEL protection attribute as the base protection.
This will insure that memory mapping of, e.g. ACPI tables, receives the
proper mapping attributes.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
Tested-by: Borislav Petkov <bp@suse.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "Jérôme Glisse" <jglisse@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
---
arch/x86/mm/ioremap.c | 79 ++++++++++++++++++++++++++++++++++++++++++--------
include/linux/ioport.h | 3 ++
kernel/resource.c | 19 ++++++++++++
3 files changed, 89 insertions(+), 12 deletions(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 52cc0f4ed494..6e4573b1da34 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -27,6 +27,11 @@
#include "physaddr.h"
+struct ioremap_mem_flags {
+ bool system_ram;
+ bool desc_other;
+};
+
/*
* Fix up the linear direct mapping of the kernel to avoid cache attribute
* conflicts.
@@ -56,17 +61,59 @@ int ioremap_change_attr(unsigned long vaddr, unsigned long size,
return err;
}
-static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
- void *arg)
+static bool __ioremap_check_ram(struct resource *res)
{
+ unsigned long start_pfn, stop_pfn;
unsigned long i;
- for (i = 0; i < nr_pages; ++i)
- if (pfn_valid(start_pfn + i) &&
- !PageReserved(pfn_to_page(start_pfn + i)))
- return 1;
+ if ((res->flags & IORESOURCE_SYSTEM_RAM) != IORESOURCE_SYSTEM_RAM)
+ return false;
- return 0;
+ start_pfn = (res->start + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ stop_pfn = (res->end + 1) >> PAGE_SHIFT;
+ if (stop_pfn > start_pfn) {
+ for (i = 0; i < (stop_pfn - start_pfn); ++i)
+ if (pfn_valid(start_pfn + i) &&
+ !PageReserved(pfn_to_page(start_pfn + i)))
+ return true;
+ }
+
+ return false;
+}
+
+static int __ioremap_check_desc_other(struct resource *res)
+{
+ return (res->desc != IORES_DESC_NONE);
+}
+
+static int __ioremap_res_check(struct resource *res, void *arg)
+{
+ struct ioremap_mem_flags *flags = arg;
+
+ if (!flags->system_ram)
+ flags->system_ram = __ioremap_check_ram(res);
+
+ if (!flags->desc_other)
+ flags->desc_other = __ioremap_check_desc_other(res);
+
+ return flags->system_ram && flags->desc_other;
+}
+
+/*
+ * To avoid multiple resource walks, this function walks resources marked as
+ * IORESOURCE_MEM and IORESOURCE_BUSY and looking for system RAM and/or a
+ * resource described not as IORES_DESC_NONE (e.g. IORES_DESC_ACPI_TABLES).
+ */
+static void __ioremap_check_mem(resource_size_t addr, unsigned long size,
+ struct ioremap_mem_flags *flags)
+{
+ u64 start, end;
+
+ start = (u64)addr;
+ end = start + size - 1;
+ memset(flags, 0, sizeof(*flags));
+
+ walk_mem_res(start, end, flags, __ioremap_res_check);
}
/*
@@ -87,9 +134,10 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
unsigned long size, enum page_cache_mode pcm, void *caller)
{
unsigned long offset, vaddr;
- resource_size_t pfn, last_pfn, last_addr;
+ resource_size_t last_addr;
const resource_size_t unaligned_phys_addr = phys_addr;
const unsigned long unaligned_size = size;
+ struct ioremap_mem_flags mem_flags;
struct vm_struct *area;
enum page_cache_mode new_pcm;
pgprot_t prot;
@@ -108,13 +156,12 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
return NULL;
}
+ __ioremap_check_mem(phys_addr, size, &mem_flags);
+
/*
* Don't allow anybody to remap normal RAM that we're using..
*/
- pfn = phys_addr >> PAGE_SHIFT;
- last_pfn = last_addr >> PAGE_SHIFT;
- if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL,
- __ioremap_check_ram) == 1) {
+ if (mem_flags.system_ram) {
WARN_ONCE(1, "ioremap on RAM at %pa - %pa\n",
&phys_addr, &last_addr);
return NULL;
@@ -146,7 +193,15 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
pcm = new_pcm;
}
+ /*
+ * If the page being mapped is in memory and SEV is active then
+ * make sure the memory encryption attribute is enabled in the
+ * resulting mapping.
+ */
prot = PAGE_KERNEL_IO;
+ if (sev_active() && mem_flags.desc_other)
+ prot = pgprot_encrypted(prot);
+
switch (pcm) {
case _PAGE_CACHE_MODE_UC:
default:
diff --git a/include/linux/ioport.h b/include/linux/ioport.h
index 617d8a2aac67..c04d584ab5a1 100644
--- a/include/linux/ioport.h
+++ b/include/linux/ioport.h
@@ -270,6 +270,9 @@ extern int
walk_system_ram_range(unsigned long start_pfn, unsigned long nr_pages,
void *arg, int (*func)(unsigned long, unsigned long, void *));
extern int
+walk_mem_res(u64 start, u64 end, void *arg,
+ int (*func)(struct resource *, void *));
+extern int
walk_system_ram_res(u64 start, u64 end, void *arg,
int (*func)(struct resource *, void *));
extern int
diff --git a/kernel/resource.c b/kernel/resource.c
index 8430042fa77b..54ba6de3757c 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -397,6 +397,8 @@ static int find_next_iomem_res(struct resource *res, unsigned long desc,
res->start = p->start;
if (res->end > p->end)
res->end = p->end;
+ res->flags = p->flags;
+ res->desc = p->desc;
return 0;
}
@@ -467,6 +469,23 @@ int walk_system_ram_res(u64 start, u64 end, void *arg,
arg, func);
}
+/*
+ * This function calls the @func callback against all memory ranges, which
+ * are ranges marked as IORESOURCE_MEM and IORESOUCE_BUSY.
+ */
+int walk_mem_res(u64 start, u64 end, void *arg,
+ int (*func)(struct resource *, void *))
+{
+ struct resource res;
+
+ res.start = start;
+ res.end = end;
+ res.flags = IORESOURCE_MEM | IORESOURCE_BUSY;
+
+ return __walk_iomem_res_desc(&res, IORES_DESC_NONE, true,
+ arg, func);
+}
+
#if !defined(CONFIG_ARCH_HAS_WALK_MEMORY)
/*
--
2.9.5
next prev parent reply other threads:[~2017-10-20 14:31 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-20 14:30 [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-10-20 14:30 ` [Part1 PATCH v7 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description Brijesh Singh
2017-11-07 14:42 ` [tip:x86/asm] " tip-bot for Brijesh Singh
2017-10-20 14:30 ` [Part1 PATCH v7 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support Brijesh Singh
2017-11-07 14:43 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 03/17] x86/mm: Don't attempt to encrypt initrd under SEV Brijesh Singh
2017-11-07 14:43 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 04/17] x86/realmode: Don't decrypt trampoline area " Brijesh Singh
2017-11-07 14:44 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 05/17] x86/mm: Use encrypted access of boot related data with SEV Brijesh Singh
2017-11-07 14:44 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 06/17] x86/mm: Include SEV for encryption memory attribute changes Brijesh Singh
2017-11-07 14:44 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 07/17] x86/efi: Access EFI data as encrypted when SEV is active Brijesh Singh
2017-11-07 14:45 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 08/17] resource: Consolidate resource walking code Brijesh Singh
2017-11-07 14:45 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 09/17] resource: Provide resource struct in resource walk callback Brijesh Singh
2017-11-07 14:46 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` Brijesh Singh [this message]
2017-11-07 14:46 ` [tip:x86/asm] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 11/17] x86/mm: Add DMA support for SEV memory encryption Brijesh Singh
2017-11-07 14:46 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 12/17] x86/boot: Add early boot support when running with SEV active Brijesh Singh
2017-11-07 14:47 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 13/17] x86/io: Unroll string I/O when SEV is active Brijesh Singh
2017-10-20 18:39 ` Alan Cox
2017-10-21 11:26 ` Brijesh Singh
2017-11-07 14:47 ` [tip:x86/asm] " tip-bot for Tom Lendacky
2017-10-20 14:30 ` [Part1 PATCH v7 14/17] x86: Add support for changing memory encryption attribute in early boot Brijesh Singh
2017-11-07 14:48 ` [tip:x86/asm] " tip-bot for Brijesh Singh
2017-10-20 14:30 ` [Part1 PATCH v7 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Brijesh Singh
2017-11-07 14:48 ` [tip:x86/asm] " tip-bot for Brijesh Singh
2017-10-20 14:30 ` [Part1 PATCH v7 16/17] X86/KVM: Decrypt shared per-cpu variables when SEV is active Brijesh Singh
2017-11-07 14:49 ` [tip:x86/asm] " tip-bot for Brijesh Singh
2017-10-20 14:30 ` [Part1 PATCH v7 17/17] X86/KVM: Clear encryption attribute " Brijesh Singh
2017-11-07 14:49 ` [tip:x86/asm] " tip-bot for Brijesh Singh
2017-11-15 23:57 ` [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD) Steve Rutherford
2017-11-16 10:02 ` Borislav Petkov
2017-11-16 14:41 ` Tom Lendacky
2017-11-21 23:18 ` Steve Rutherford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171020143059.3291-11-brijesh.singh@amd.com \
--to=brijesh.singh@amd.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=bp@suse.de \
--cc=dan.j.williams@intel.com \
--cc=hpa@zytor.com \
--cc=jglisse@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=labbott@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox