From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752540AbdGRLCS (ORCPT ); Tue, 18 Jul 2017 07:02:18 -0400 Received: from terminus.zytor.com ([65.50.211.136]:50991 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751927AbdGRLB4 (ORCPT ); Tue, 18 Jul 2017 07:01:56 -0400 Date: Tue, 18 Jul 2017 03:53:46 -0700 From: tip-bot for Tom Lendacky Message-ID: Cc: glider@google.com, corbet@lwn.net, linux-kernel@vger.kernel.org, matt@codeblueprint.co.uk, tglx@linutronix.de, bp@alien8.de, mst@redhat.com, pbonzini@redhat.com, konrad.wilk@oracle.com, thomas.lendacky@amd.com, torvalds@linux-foundation.org, mingo@kernel.org, riel@redhat.com, lwoodman@redhat.com, bp@suse.de, toshi.kani@hpe.com, brijesh.singh@amd.com, aryabinin@virtuozzo.com, peterz@infradead.org, hpa@zytor.com, rkrcmar@redhat.com, dyoung@redhat.com, dvyukov@google.com, luto@kernel.org, arnd@arndb.de Reply-To: mingo@kernel.org, torvalds@linux-foundation.org, lwoodman@redhat.com, riel@redhat.com, bp@suse.de, toshi.kani@hpe.com, brijesh.singh@amd.com, aryabinin@virtuozzo.com, peterz@infradead.org, dyoung@redhat.com, dvyukov@google.com, hpa@zytor.com, rkrcmar@redhat.com, luto@kernel.org, arnd@arndb.de, corbet@lwn.net, glider@google.com, tglx@linutronix.de, linux-kernel@vger.kernel.org, matt@codeblueprint.co.uk, bp@alien8.de, mst@redhat.com, pbonzini@redhat.com, konrad.wilk@oracle.com, thomas.lendacky@amd.com In-Reply-To: <9a8f4c502db4a84b09e2f0a1555bb75aa8b69785.1500319216.git.thomas.lendacky@amd.com> References: <9a8f4c502db4a84b09e2f0a1555bb75aa8b69785.1500319216.git.thomas.lendacky@amd.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/mm] x86/efi: Update EFI pagetable creation to work with SME Git-Commit-ID: 38eecccdf488e38ee93690cfe9ec1914b73f512f X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: 38eecccdf488e38ee93690cfe9ec1914b73f512f Gitweb: http://git.kernel.org/tip/38eecccdf488e38ee93690cfe9ec1914b73f512f Author: Tom Lendacky AuthorDate: Mon, 17 Jul 2017 16:10:15 -0500 Committer: Ingo Molnar CommitDate: Tue, 18 Jul 2017 11:38:02 +0200 x86/efi: Update EFI pagetable creation to work with SME When SME is active, pagetable entries created for EFI need to have the encryption mask set as necessary. When the new pagetable pages are allocated they are mapped encrypted. So, update the efi_pgt value that will be used in CR3 to include the encryption mask so that the PGD table can be read successfully. The pagetable mapping as well as the kernel are also added to the pagetable mapping as encrypted. All other EFI mappings are mapped decrypted (tables, etc.). Signed-off-by: Tom Lendacky Reviewed-by: Thomas Gleixner Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Andy Lutomirski Cc: Arnd Bergmann Cc: Borislav Petkov Cc: Brijesh Singh Cc: Dave Young Cc: Dmitry Vyukov Cc: Jonathan Corbet Cc: Konrad Rzeszutek Wilk Cc: Larry Woodman Cc: Linus Torvalds Cc: Michael S. Tsirkin Cc: Paolo Bonzini Cc: Peter Zijlstra Cc: Radim Krčmář Cc: Rik van Riel Cc: Toshimitsu Kani Cc: kasan-dev@googlegroups.com Cc: kvm@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-efi@vger.kernel.org Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/9a8f4c502db4a84b09e2f0a1555bb75aa8b69785.1500319216.git.thomas.lendacky@amd.com Signed-off-by: Ingo Molnar --- arch/x86/platform/efi/efi_64.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c index 9bf72f5..12e8388 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -327,7 +327,7 @@ virt_to_phys_or_null_size(void *va, unsigned long size) int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) { - unsigned long pfn, text; + unsigned long pfn, text, pf; struct page *page; unsigned npages; pgd_t *pgd; @@ -335,7 +335,12 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) if (efi_enabled(EFI_OLD_MEMMAP)) return 0; - efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd); + /* + * Since the PGD is encrypted, set the encryption mask so that when + * this value is loaded into cr3 the PGD will be decrypted during + * the pagetable walk. + */ + efi_scratch.efi_pgt = (pgd_t *)__sme_pa(efi_pgd); pgd = efi_pgd; /* @@ -345,7 +350,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) * phys_efi_set_virtual_address_map(). */ pfn = pa_memmap >> PAGE_SHIFT; - if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, _PAGE_NX | _PAGE_RW)) { + pf = _PAGE_NX | _PAGE_RW | _PAGE_ENC; + if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, pf)) { pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap); return 1; } @@ -388,7 +394,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) text = __pa(_text); pfn = text >> PAGE_SHIFT; - if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, _PAGE_RW)) { + pf = _PAGE_RW | _PAGE_ENC; + if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, pf)) { pr_err("Failed to map kernel text 1:1\n"); return 1; }