From patchwork Fri Jun 16 18:56:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9793351 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3442B60325 for ; Fri, 16 Jun 2017 18:58:48 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 25A0F2865B for ; Fri, 16 Jun 2017 18:58:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1920E28670; Fri, 16 Jun 2017 18:58:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id F22542865B for ; Fri, 16 Jun 2017 18:58:46 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLwQ5-0005L5-G1; Fri, 16 Jun 2017 18:56:33 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dLwQ4-0005KM-Mk for xen-devel@lists.xen.org; Fri, 16 Jun 2017 18:56:32 +0000 Received: from [85.158.139.211] by server-1.bemta-5.messagelabs.com id FD/D1-01992-0E924495; Fri, 16 Jun 2017 18:56:32 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA1VSa0gUYRTtm9eO4sbnbuJtqTY3w0f5CiyJfkj 5Q6EX1Y+0HzWbozO2D5tZQ4no4Zq9lSyrbYu1kkrSwCIjIdLYIFvDiozKwkwtpSXNwkqJZhzt 8f2655x7zr0XPpY0uBkTyxe7eMnB2SxMKCUkRa1J6IrLyE6+WRebdmn4IpWOMv3NY8RalEOLD quzeAstHPnwjim8X4qKX3b5dHvQw22HUChLYTcJD24MMypAuApB/YvjpAoMuIyA2jcDCghhGb wQOoNfCbU24pXw/lg/rdYzsI+AnmqsGkgcZODu4wCjCgSeBb4LtYqZVWbMh1OVW1RajzMh0OA lVDoEZ0HZW0qlDQpd/mN0oo7Ac+DqMzettYfDwzO9lNpO4ji4fidJpUlshqagd2IzwHOhaXSU 0epyBNfGHVpkNHhGOnQaPxv87V5Kq1eBr/7exAaA50Gbe7VG74K+7nOUegjgGhJqvUcn8+Nhb OAjoQk9OnjybIieBDT0tB9hNHCLgjPeX5QWa4P9gSzNnQaHa8aR1hOgof9bxWRUJYb26iG6Ei V4/rnU8/dSzz+X+hBZh2JkXtrBSwlpiVZJzBdcdk60JaQkpybaeVnm8nkbZ5UTtzrtjUj5EtO Udxu1lK5oRTNZwhKh/9y7Itsw3erMLRE4WdgsFdl4uRXFsCy+4N+33kQ5nA7eAvq+2IxsQ7jE 5/PFeaJN+WJTncCGWWboc6MVWS8XcnZZzNekNhRlitTXqD6sCkKR449t6nM+RbNNRj1SdjKEF fKSXXT9rw+iSBZZjPp1MUpKmOhw/UkfVAYTyuB1HenqYBf3VzLtQTvNptSj93RlXLku51XGmu Dz7hG+QBzsNFcsqouKPrAsrZtuPk0udy5JNe9teF4qJK63d2aKPz0lZzsWjOfdWrZ7w8n0lqL sCuF8rpFam7nx4gF/ULCf7L67+BSqqtrUY93+o8Lv+fL90ekGc2fWlVLp7cE5r9+d+FRQvfRy oHG620LJApcST0oy9xufHVi3lwMAAA== X-Env-Sender: Thomas.Lendacky@amd.com X-Msg-Ref: server-2.tower-206.messagelabs.com!1497639387!83191415!1 X-Originating-IP: [104.47.33.79] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.19; banners=-,-,- X-VirusChecked: Checked Received: (qmail 56789 invoked from network); 16 Jun 2017 18:56:28 -0000 Received: from mail-bn3nam01on0079.outbound.protection.outlook.com (HELO NAM01-BN3-obe.outbound.protection.outlook.com) (104.47.33.79) by server-2.tower-206.messagelabs.com with AES256-SHA256 encrypted SMTP; 16 Jun 2017 18:56:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=opaePQUn9s7KZMYV2IlQREGySikbfV01ZIqSuo6ofiM=; b=Bs6PjmNVibdUNOCRAuYmtcmHvSnlweGPdPpQWC653EANkFB9Q27NS8biDiH9rcWYtu4qimJ2EbfZrU+cFuVjyuE60i9agrQ+zikg2ccy2EGu/Wk214/als4//drLPxC5U/g9mcpkJHBRLx/kOyYubf7zt3qn/URLeRGQSHcywdI= Received: from tlendack-t1.amdoffice.net (165.204.77.1) by MWHPR12MB1151.namprd12.prod.outlook.com (10.169.204.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.14; Fri, 16 Jun 2017 18:56:22 +0000 From: Tom Lendacky To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, xen-devel@lists.xen.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org Date: Fri, 16 Jun 2017 13:56:19 -0500 Message-ID: <20170616185619.18967.38945.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR20CA0033.namprd20.prod.outlook.com (10.171.161.147) To MWHPR12MB1151.namprd12.prod.outlook.com (10.169.204.15) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bc53a744-0d24-43e6-ba01-08d4b4e962f8 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(201703131423075)(201703031133081); SRVR:MWHPR12MB1151; X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 3:8XB7vyDh0de5zkzCv1eDPqmh/WDqMld19Opbe7ahzKv3NKd0oj0fnWAGZ9yMtaAQtt5qtQCM4B3/WwifklKkRSScs+yuA4T3tRcq06u1ZlVmMsVgPRXCj9VZOsmv5uU3/sERKtb/kP4nuXdKg7p/eHL7uggv5bteawo2OugPkE2bNEXBogSaLXQkNoltXnqIl/hJsJAc0incDluJLq4td9VpiaasQ+dBB3VLmapMOCCF0fl941dKWzPNrJStjB4XGfHeEIonNj32yZAvf1XLAtfUbU1lCTbVjHKHkZtQa7fFBh3KoFctVshpwbe4odGANkxDSLywe1zSYLlzQDdJlSWjggQBDe0g9gQh7BLNnEM= X-MS-TrafficTypeDiagnostic: MWHPR12MB1151: X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 25:nt49jxUE44eoqSl9EohIADlUOjQ+RRuU5IlE6m3e6xOEnjOShSt9X5Y1bY+3xbowNAvuyFhkOcV6qQsTkK1fM9dJpNZf+qfXEZ2jcazmsQZWYixKEDkU6jhQt0sD2npBZoNVbMuh0r6gOuRXf2mON3bQTlRw9K/fDR5LmADmo3IVsczZDzMqQCuTo8mPE9d+XwEe00VXdvWSaPaGkIDgZpe52ktxqB9LL+wjyY/WlcBC3K9FSyGnpmOQTZ80dHWOp/g8dK6Te1lUhXvKSN6wfCNZRSkuo+XyaXpMVf9DE+EvaUKRZmaC1wC0gwl/Uk7jAvenkbEBmQQEWcd+9VO+yhSUrdg2Dd6MD4hc9+Gyw5y2McsOWkpmo3REeMZ96rDcCnSxoeVfrgV1B+whiXyKRs+rc9WQPf/WgL88lJ6hibDENeXHSl6dQajNHlxvB8xDZDLJ4ajnKinW6yTQ3CReHazn3dNUXl8KQMtbTB0qwUkf18K6lfAqYxK5MgE408DcIfmHrk6oASoC31fuLFvZnG7agjL/GXnekz+Ttj7mctaTH1MPll3SEviFlSUFH2r41d7acSOZLA6Q2cDIX+tcqqqFmvhBKUQiclI/e7l0UJkU/uUTCmtf5938aZb8/AMfpIN9vRjpBGhVN0+DWMnEfsIvDmSHqqoczifHpihlW7s5Orz98Vzb286lZPR3nCX34OmEC+aJC8Ba52DBFjMAndSY5HQci3zOyY7AWtnbOIy2OilQxiOwi9hkMs4m3CnrhJXxxJuSwl+C7B3dS1ZtloVEuBbRRpan8UHoOG9FFhLQ8laaVCwtjiUiviZMLE9qKhWl08mKprNwyDXMAc1WFZm1/E5AZa+ia402ovVAbBksNcOL9gvbSDbzn3Jq2wM0L98jCvMD4OpF6+M83xzTnOpfiizuoe5tL94EZuNaojc= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 31:fKGdI6QzV8PErb9u2VGJbibR+AmocKGxl2LBkoMfVgTuoJ+ySr50nrz6qH/tr+T6uSpIBYs8H1R4KLg0RbqvdruVCRPPTHG8bWd1R4uNl01oCEWmRtAgfLxkXV59IbZboD+ru87ZK7Fqzc0Ho0iAfFQ646I6JjK+6OErUAbk9uA6lfaodGv1k9Q/OD+8hpgTbG3jk+roAn79Oq5wUX1MFqmBxksxF/xsQW+POHQ12aaU452v1y/fAUG5GeUHXQfhjo6cXJRBOBxvnBLcdc9IoQ0bzmE01TUbYz72pqS5J80Toy9Ef3ibK/ga8CEGNMjHtLO582xiYZdKrLtLvEO/53W7lH7nXGcqJHoeGWqEIrZ0g9O2HvY6fLvYwFp4UhC9x+3zMY8ADFhG+0/6s3ClDpTag5tsQaTq42NwZuWrUt9t2xJ6rLRo6LRpd4NBN7aI+jNFZPDz85RCbPKRwXwF22hcdv16zuapmupRYMXPF/fm6TPwh5LCUfSqG4R7V21x3zox8zCDD46c9zHmzDAAkNlA0h+3WPlYkOr7FTw1I7p8e8XfmKjJdDE+J8pf1bvCKrffzsECJh/xlkCJ4qyQBijNRjIMkI5Kva34iFdFect/V0UxLvDf+VpjZkuE2rt67F/DyTpOndrn4dPv+Ukmc0Pqxv++OyANzRUI+Pp3Meg= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 20:ZlLJTXEgr6mQSmmFIMNv9X8qWwuq3H9IcNpI4qXLTVBaWIfDK/DhkZBc5v9fBTyDeC9HU6XKRmnhOFq3s/rC2tGcUfVZi4XBoee8+qslFtym9j7qsPpzFJ0arCo/6LMGt/zxmFFIZriNqk0n4jfwU6kr4buc/m0r8U+s+vClL7Eokv0BuTEzGWAZn0ocL4a4BRCSJ9HaWyVv/QAd1rtbmtP5BmkyP2h904exQRCyJ5gjLTRDhdDfmJkeh48B8QKvNTSiwx9SFya4SbYmbAxgiWecX+XZ+Gm3pmuOcnFae8TCnYl86DJEd9HrZR9K3Sds6lpPoowKkG8Aa9K3COQ57BpJXx3vTxuJxHezrIzLQhuNodW2OXRKpe6eMcNd0ckf9hwdHcGrSyW1pVW94zijlhcu+PPIKgB1nQu/Vak+aVa5GUmoiOTCi9w1wkrAjIMLAF9Bmqa+N0u9D8XKc8JdKjrjNza2a1amNwKO/+Er8iXQZBDWKKgAfB/tu8HqI9Ix X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123558100)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR12MB1151; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR12MB1151; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUxOzQ6V3Y0WUxZRlo0WXFSVjAzb3hnSUY1aUxES05t?= =?utf-8?B?TEJ5NlI4clIrRUcyN2FPeXpXdkQybnV5NmRpRU1NQ21yMHk3citIMEEvYkpm?= =?utf-8?B?amdaWjlmYXdVZ0RWSGI1QWZYd3QrOG1hUDNDbXRlSm13L0RDeHBJZVBENGg2?= =?utf-8?B?ZjJEbkV3R2VLUXdqbnJYeHN6SjAxa3VIYXNBYVNQNVl5TnFmV1VpdmwvazQ5?= =?utf-8?B?K2RlMCtDWTBObzliazBmY3R4ak9EbGs5SzBmNjk4d0tMYjBvdjZjSkY2M0Vr?= =?utf-8?B?cDdXOXZVTnJIczBiMy9iVHV3ZzdERitoemxOZFpxM25MYVdCVzdmR0FISjRu?= =?utf-8?B?TGo0eTVaUklKYTR2b0RaaXZaV0lqWm1nYkdySXBYV3g5cTgvZ0Nxb285empU?= =?utf-8?B?bnBmREV6QWRpOVl6NW4wZDNvYzJjdEtJUk5LM3g0QXBjejFLSmVKTEgxN2I1?= =?utf-8?B?aVdMa0VRT2QwTVBVWi9IS2dkZFdJYk9HQjdDNVJTSEJ2S1VXa20yL2owQmxO?= =?utf-8?B?WTRKeWtMcXVNSy9ZbU1CZG40NU1icGgzc2tFekFER2MrKy9VNGNMaWZxcWlm?= =?utf-8?B?SGRnaFVrVEE5NW9PVDVkaDBkYUxFQ2ZFZWVnM0wwT3YzOUJpSEhyakhFWFpk?= =?utf-8?B?dStvTUlMRXdoL3Q1bUFBa2lTSnlOUFdOaXlJanRsY3l5OERVM01pdHh2QUJa?= =?utf-8?B?SlFSaVZ0WWVVbUxDVXZnNVJ6VTlGUWVzS1luWGkxTUVQSGVSR3Z5SjhQbktz?= =?utf-8?B?WEtrQnFFNGRjR3F1VDk2eFJxTUMxUUlkeVZQTnNiRHNqclhHRyt5NVdGd3B3?= =?utf-8?B?R1pxMTRVbk1IQWZKd0E4cVdyYStVV1M2WC80MytLNCtFR2VwVjJ0djRFaG5z?= =?utf-8?B?dVZhZFg2Tno5UWJCWGE5WXRNeSt0aTlUS3dkYms0R0Ewc2VsaFF6NTBuTVNE?= =?utf-8?B?N2UrSTR6aXhTVCtzZld3aDNTc0E1VTFoVkFBUDQvTm5FSjBnSmN6K29qK1I2?= =?utf-8?B?N3laUUlHL2pHMUtwYWNMNzhUai8xMFNTYkx4YitOckw0dEtVYnlvRU1qZGdW?= =?utf-8?B?SHhaVGVUVUtIQlc5RnIvUEdTS3pvUS9NdUViekQzcGh5NmxmUXZ6RVcyYnht?= =?utf-8?B?MHJoUHNEWTF4MjRCWmRJWVhwZy8rRzlUVUM1ZllBbE5jdXRucEZDSjNDRmY2?= =?utf-8?B?MU8yWWVnYVdQRFo1K2t6eTJhS3ZwbXJXcEdaVDlJYVpzN0lRaHN5ZGlRZVlu?= =?utf-8?B?SnVIQmwycDhoZDZLVVJFQmRNS1p5SEx2RW4wZURSMFRtbEhnNGpWOEp6Y2J1?= =?utf-8?B?REdzYkxQblRaUmlXZ2o4Z1hWdVNrZmFWdFlFVllBektYY1M5Y3FubXB1elBi?= =?utf-8?B?K0g5OVIyQXR3K3NJYTlwaTRyVkIwV1pLd1lBNEUwL3ZXTE5mQ1RtRStkWDdw?= =?utf-8?B?VDRxZXExZDAyelZDVHluSG9DVEo1aUFRQ1ZNOWsxQVhTYkRGVC9RYmVqRWpy?= =?utf-8?B?N1hBelYvWGFsdDJPMEkyc0l3RzJJOEFvdS9pbXNKcjF5TnVIdGZ4UEJMcEhK?= =?utf-8?B?VGxoMVdGTUcrM3UxN0l5ay9LdkhtN1A1bVMvMFA5ajc0UWJJZ2xFZ3RoZHR2?= =?utf-8?Q?79RZaYpwCpGEv709t6G?= X-Forefront-PRVS: 0340850FCD X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(39400400002)(39410400002)(39850400002)(39450400003)(39840400002)(39860400002)(9686003)(7406005)(305945005)(110136004)(38730400002)(83506001)(86362001)(5660300001)(81166006)(7416002)(103116003)(55016002)(8676002)(54906002)(25786009)(53936002)(4326008)(1076002)(230700001)(53416004)(42186005)(72206003)(76176999)(4001350100001)(2906002)(54356999)(6506006)(6116002)(6666003)(66066001)(3846002)(7736002)(33646002)(50986999)(2950100002)(47776003)(50466002)(23676002)(189998001)(478600001)(921003)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR12MB1151; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUxOzIzOklxMytLZ0lIejhNRTFXOUVrQ00zQWdwOXY5?= =?utf-8?B?dDhkZmdNdnVkZUN4Vk5BUEsyR3gzSnoxc1VlTVp1WHd4dVkzN2RBM3hpYkVH?= =?utf-8?B?by96T1o2S0hMQStPZHF2MG5TVVA0bEdZKzg2d3BvazJFSnpPeldMUlFscE5N?= =?utf-8?B?aml2UFduMzA4bkdhVDYwaFZNSmo1MmVac3hYeFNkQ3JHZkRsMmFTMjdEU09E?= =?utf-8?B?YjRjazZUelFoNk8ybW1XSlFUSHhJeStnSHpLcVJSQ2s4eXJ1ekc3WTVyMWJD?= =?utf-8?B?Y3poWnUwdzB2RVNWZGJ5aVlWLzB1cER1ZlhkQXlMOGxxUkQ4blkrOWZEa2Vp?= =?utf-8?B?TFp3dlNmT21CamNMTTVZd3N1ZTF6L1h2RExSS1h1azlsK2lzQXY0SEE2eGJr?= =?utf-8?B?ajA2WC83QUYxbkQyODAvb1JKNDQ5d3FWS0V0bzAvL2IyT1gyVFlOM0pET0s0?= =?utf-8?B?OUp4Q3lENzVpUG5IWFV5RFFyQmQ4bTlaUk5WMjlOOW9wODRZV2lsb01iZGR3?= =?utf-8?B?bWhHdm54Z0NEbmlIR1VVMUp0WURlU0pCUG9teXdZUVF1MmhwbjB6ejVsaUts?= =?utf-8?B?L2hNTFl6TVBqLzhlbTdSajU3bk55L295c3N1eWUyekxqVmlUK1FDWlVPWEJZ?= =?utf-8?B?ZUlVM3p2ZVp5ZXJYZVhHMWJnUGV4L2NFU3B2UW14Rzl6VHlzS2hBQ2VlU0lq?= =?utf-8?B?RzdyWXh1SVVCOXFWMmhKSktWRFR0MzF3eDRCc1NTSWIrNUxLdVl4YWFOS1Fy?= =?utf-8?B?eE5pYjNkUDFXZlJRek5ZQVp5aEVWTFBDSTBCV1p2KzdFd2YyN2RGL0Ewaktn?= =?utf-8?B?L2hMVHdDOSsvNXRDdVd3ZVNTU3VjRVdldzNHQzlVVTd5a0szZTJUUnhYdUIr?= =?utf-8?B?b3lrY3JxOC9PSTMvVkpoZTNZelRZeG9oeks0cngzcmF2Z1VrdnhsK2pSVmdv?= =?utf-8?B?Ky9Tc0dkc2hsdXFDcElpc2F4K0s4R3JVaWQ1WUtkMGZmb2ZubGxrV051SkZY?= =?utf-8?B?YXV6Um0zK1NaYzlaeDhqbHVaNkx1aWhpenNWTmM2TTliNHFqcTgyL1gzTWg3?= =?utf-8?B?NHdMbGovODlmalBVbkR3USs2WjByR1NrSXpWVHRTQlgvcEY5LzlVMmFWUll0?= =?utf-8?B?dFMxMTljdForYWNTbXpLWElXZmU2akRJWUNLVWFxUmhXZ2lySWFZbEdsZmJt?= =?utf-8?B?WURYSm1vREhpQUJjUTUwb1JwOEJCekM3L2ZqU080U1lLZWVFT3JCYTJlR1pR?= =?utf-8?B?VHpMZXlwRVBqYlAzMDJyTVJRdTRha01maDFOaHpxOWhLRFhnTDc4V1I0bm1M?= =?utf-8?B?bDVTZndnMHRkZkZ0NmFkNGlmcjJ3R0cwMHJNdFVteVBLakNTV2hNaFB1a2JE?= =?utf-8?B?L0V0SStoVHZvaTRNdlQyaE9IenJIb3NYc3lXRlluQzQxMTlKSVZvKzJEMTFJ?= =?utf-8?B?WGk2TTE0amxSWUp4T1pQcGJOWS9aeWVRRGRnaXZteVM3M053b3IvSzJ2MXhR?= =?utf-8?B?Qkc2L0RiMkZGa2ZBZ0xURTRxSzlhaDRid215WExpdjFYNGUyN0RjMmM3alhw?= =?utf-8?B?LzJUTjBjTzcrSlBnWitJTVRUdHh5WHNJMFRVWVFINjFJb0p1Z2xlQzdGR2lv?= =?utf-8?B?ejJiaTFJWitBUjJHenZnamVaVlJ3eGtuZ24xQmJqYmFGUG1TVWVuTWR3PT0=?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUxOzY6UjNuWnFORFIvK01NaUpnRUxIUXBWNkxqSHhD?= =?utf-8?B?bFF3aGdsZ2pVdi84WUE4VEZzNnpnUjNnN21sSWxuL242WlBIR0M3SjhPMlBw?= =?utf-8?B?K0dBWWhOT0ZPSlRDMkp2Uk9iNEhWWDJHZU5IanhoY25rczlxTEdNQ1hrVU5F?= =?utf-8?B?NHlrRWxuVDNLYTV3MkJOaDIrclhyU1V0UzBNOFlmT0JseGRaRTRYL3ozTUFz?= =?utf-8?B?ckV5SVZ3bm9TUnp0KzBKOWp4NkZLcEpxbFk5bWE4Q3pXbzRiLzZxNHQ0RHkr?= =?utf-8?B?dk5WK0VIWUZLZ1c5NVowVVFtVzlnUkNFZWE1bHVoRVlINnJpN2FPNmRmQlk2?= =?utf-8?B?azhKeTBWM1VCNFA0M3hJUkt4cDErQXl0Qjl3YkVmVnh3a3pTS1F1K1lyd1Yv?= =?utf-8?B?K2RrNDJyZ0dFU283aW9aM1RPRkVWNHRnOFE1MkJ4VWlPVWJtRjM5Q1J3ekNk?= =?utf-8?B?OWsySjFMWUZlTmw4eHN2ZFY5cER1eER5dC91L1lmRUNvSjdOdEZiSncvTmg0?= =?utf-8?B?OEo1bGQ5UlhHN2JBbkRSbW1na090ZndpT2pSNHJyMjkzaXRXVVUrMkNJYk9Y?= =?utf-8?B?SVhaZTFPR09FSzBOQkdoMk1YVjB0SWZIekJZK2pmNXBsSTFmVmNBclNqZ2cz?= =?utf-8?B?ZlhNSTlldy9DRGxURnFlNkVOdFVUOUxlaCtJcGpCRHpwdGZlU1l6cDZFdzBI?= =?utf-8?B?ODFJQm1IMVNaWG5KRm9xWUV2c01vK1RaalJIWnpYMnpxaDc0SzRMZnJ4ZUhM?= =?utf-8?B?cDhXVmFzaDJpK3dMR2MzWkdHVEtuVXZJdVVmZnkyMGpmNGVkU2ZXZTU0UXJl?= =?utf-8?B?a00vZHJYRHZ1a080am1rRHk4alhKaEdodm5LdmN3WFVLOGlsZ1dWcFo3NWNV?= =?utf-8?B?NWw3bTlJV0NQOXpIb1VqRDNSbmJ5OG5lSmdEWkx3eDloVFRZckFsNU5lc0FI?= =?utf-8?B?cXBlU2tLY1hESFJPK1lIb2tzTHNhRXdTTGlQMTdNMGd2MkRTajdMYmplUEtF?= =?utf-8?B?VjdOZXV4N2dyZjlQVm9kZVV6OXpiSml2N2RUQ09ZWlRpVlFFajZQcVQzenFH?= =?utf-8?B?WGtUSmhMZnNqRjkxL2RWNTUyMzB5bCtMOFhET29penZQUkFtTzF0ck1jVEtQ?= =?utf-8?B?WTd5TnI3Yi9ZRzdBSzJZQU1aRndXVDhVZkMzVlZ5T1owSVFZTFB1OUdYY3NF?= =?utf-8?B?ZGRLS3FGQTVtWllQUGxTTE5NaVdLTEt0RVRnK1pkbzVYdXJpMVg1OXRTeWRk?= =?utf-8?B?alVEOGFoNU9ZM0lCem9GM2ZlaHNUa3JIc0ZIdGNhTjBtVUlzZU1sakFIcWRC?= =?utf-8?B?cnVmT053SjQ1R0d6bHFMejhCTGFiWEUwU1BiaGpQblZESHloYlo4N05IUmdZ?= =?utf-8?Q?nAMaRda?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 5:eMTiSjfHhIvkAvgll271wiM23QVDCq+NhktxfxTiOV4Sr2accM22xW7k5tX8wY0Hh/ksL9qQ/aiEGz1uVrsCxATUQy3/RnR47upHjSAzr/gLl7R65os1Xm4s3Skg11upR7O2XjeKHRWvpejfjR7jI1m2+S4lLnO/0W0iHc/cAjSvPkZa9Ti+MX9XXIjIlUvEuL/9NczwSHzssaP3tW7b0pQ31Fu8mtxbA9ccZYXrwIJ3kJ8amRb5zSisVGEERA+eImgXrONEmnK17nLM/oHKNS1yAMZPGn3fRpYpZWdyiGJCSiyjYdRpNTinsbzXLEt4z2lLDC4YwP3/Twew88IPCgdsPwOunzMhTV61lGBbEooWvEvy2+8W3lUmDd3Gm+INdL7pifzANV88G+x0Sj2Os94DV2VP4W5bgRi4BeLC6Nlm3CHslXaR3dALsEdkPl5peRYND1GKtv+py5xH3zhrQ+QuNVhVnXVKllg+XBD5fAxcDbudfdZzd/oj9TUOhRJD; 24:7NX5kuF8lA9eDw4mqwzf3uKYG7uOFZzW390MjH6nIab6giZgYlz35w/tsByoeSTrLQ2mLEpKBxa+pYWGxXxKInGrRGaQrK1CW7JMCgK3TmM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 7:L4kDiTc49L7ItcKq0R2YvL7cL8BftLGSyVGfWCOJfEJqL6rAlOhT/SQHAfgQqOTeeCcotp2ROjaAGg2nhrPD4OnYrPPa2sHe8s1Lm0IwuiIDRFiFKCX1SSy8F5h2lM59VSYEQDApuM/zNkiP4wCA9PHklcdzHrS7Dv4h7+L40ocXLD7GF7Es7OmLRlzqw7KMckC2tL1D1kb9bsBXIUZiZhG6QQ5av6m6yR2dui7vcP3HejKjyjt3wFa99BeFhxgyr2m2Hm/YSySXGWQg+N5yEgoFmnp6AQ7gxyV5nsVVNfjR4ntUpJ6QtoCM5idfHeTJKpVkzyj0hqhEOelcg370dNcFky/VIOEYKSkxRrSlF8dnzdqTibHJ/Sc78MIp2o0yn1lh3WkP38fgCFRbUnDVf8oveKOWPcHlwUykxs+N/Ms3h/g+IqrfuvfOTgIESgm+9FRVvQZPUEA7l1RK4qQnRldrrmuiSSF2yRLwL9eKpy0z22Y7kGMNVIBtVWyBEGH2fjIjPnlrsJfE7oyuk46gNmJx3Vnjcb117ZiErnYI6+KsP6GuHjK6QD0bJueULrcWKFps1ilMvazB1mIHLyUhcXEpbZV75MmAPkTZpAsuYtAYj4XsWx68cIIU421UAmqi+iHtBNv+159RFbpGWgvCgCYmibb8KIKUevS8HCXdQbulT/275gtJ4D9178JPp1OMVPA4jNE+HcvA2zhIO/3X7z9t0DK+4Yf/nH68ffHOb8L+JU0lW6tUuaKsaqeW8l/MGhIHDu4j/nryhuAb7XiPjhZBxe9f0U6qHHH+Y/6lnoI= X-Microsoft-Exchange-Diagnostics: 1; MWHPR12MB1151; 20:hCYEFpCjUm9U2ckRkl+3Jwu1sBFkMXjT1yuiQsDSe7qRedfb5zrFPqU+likRQY6ZunF13NzMRX7H9OezvJX9o56/BoN+xYdNRww6eo/sTkobszaz9IJl3lDDT7oGLCVb21sEKbdCcESVj9d5zxSo3vJsWtlM3xwdVdpNEHjc/+EHjNzOZ95gCa/qGVqbe9uaJv1apzwbUNwI2Y/77G6Z2vjV3ORQ23oAljq8RGcZstReg7k3KuHLngq0FlRPUOJ4 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2017 18:56:22.5451 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1151 Cc: Brijesh Singh , Toshimitsu Kani , "Michael S. Tsirkin" , Matt Fleming , Alexander Potapenko , "H. Peter Anvin" , Boris Ostrovsky , Jonathan Corbet , Joerg Roedel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Larry Woodman , Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Borislav Petkov , Andy Lutomirski , Thomas Gleixner , Dmitry Vyukov , Juergen Gross , Paolo Bonzini Subject: [Xen-devel] [PATCH v7 34/36] x86/mm: Add support to encrypt the kernel in-place X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 6 + arch/x86/mm/Makefile | 2 arch/x86/mm/mem_encrypt.c | 314 ++++++++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt_boot.S | 150 +++++++++++++++++ 4 files changed, 472 insertions(+) create mode 100644 arch/x86/mm/mem_encrypt_boot.S diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index af835cf..7da6de3 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -21,6 +21,12 @@ extern unsigned long sme_me_mask; +void sme_encrypt_execute(unsigned long encrypted_kernel_vaddr, + unsigned long decrypted_kernel_vaddr, + unsigned long kernel_len, + unsigned long encryption_wa, + unsigned long encryption_pgd); + void __init sme_early_encrypt(resource_size_t paddr, unsigned long size); void __init sme_early_decrypt(resource_size_t paddr, diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 9e13841..0633142 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -38,3 +38,5 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o obj-$(CONFIG_X86_INTEL_MPX) += mpx.o obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o + +obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 842c8a6..6e87662 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include /* * Since SME related variables are set early in the boot process they must @@ -209,8 +211,320 @@ void swiotlb_set_mem_attributes(void *vaddr, unsigned long size) set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT); } +static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, + unsigned long end) +{ + unsigned long pgd_start, pgd_end, pgd_size; + pgd_t *pgd_p; + + pgd_start = start & PGDIR_MASK; + pgd_end = end & PGDIR_MASK; + + pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1); + pgd_size *= sizeof(pgd_t); + + pgd_p = pgd_base + pgd_index(start); + + memset(pgd_p, 0, pgd_size); +} + +#ifndef CONFIG_X86_5LEVEL +#define native_make_p4d(_x) (p4d_t) { .pgd = native_make_pgd(_x) } +#endif + +#define PGD_FLAGS _KERNPG_TABLE_NOENC +#define P4D_FLAGS _KERNPG_TABLE_NOENC +#define PUD_FLAGS _KERNPG_TABLE_NOENC +#define PMD_FLAGS (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) + +static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, + unsigned long vaddr, pmdval_t pmd_val) +{ + pgd_t *pgd_p; + p4d_t *p4d_p; + pud_t *pud_p; + pmd_t *pmd_p; + + pgd_p = pgd_base + pgd_index(vaddr); + if (native_pgd_val(*pgd_p)) { + if (IS_ENABLED(CONFIG_X86_5LEVEL)) + p4d_p = (p4d_t *)(native_pgd_val(*pgd_p) & ~PTE_FLAGS_MASK); + else + pud_p = (pud_t *)(native_pgd_val(*pgd_p) & ~PTE_FLAGS_MASK); + } else { + pgd_t pgd; + + if (IS_ENABLED(CONFIG_X86_5LEVEL)) { + p4d_p = pgtable_area; + memset(p4d_p, 0, sizeof(*p4d_p) * PTRS_PER_P4D); + pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; + + pgd = native_make_pgd((pgdval_t)p4d_p + PGD_FLAGS); + } else { + pud_p = pgtable_area; + memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); + pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; + + pgd = native_make_pgd((pgdval_t)pud_p + PGD_FLAGS); + } + native_set_pgd(pgd_p, pgd); + } + + if (IS_ENABLED(CONFIG_X86_5LEVEL)) { + p4d_p += p4d_index(vaddr); + if (native_p4d_val(*p4d_p)) { + pud_p = (pud_t *)(native_p4d_val(*p4d_p) & ~PTE_FLAGS_MASK); + } else { + p4d_t p4d; + + pud_p = pgtable_area; + memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); + pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; + + p4d = native_make_p4d((p4dval_t)pud_p + P4D_FLAGS); + native_set_p4d(p4d_p, p4d); + } + } + + pud_p += pud_index(vaddr); + if (native_pud_val(*pud_p)) { + if (native_pud_val(*pud_p) & _PAGE_PSE) + goto out; + + pmd_p = (pmd_t *)(native_pud_val(*pud_p) & ~PTE_FLAGS_MASK); + } else { + pud_t pud; + + pmd_p = pgtable_area; + memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD); + pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; + + pud = native_make_pud((pudval_t)pmd_p + PUD_FLAGS); + native_set_pud(pud_p, pud); + } + + pmd_p += pmd_index(vaddr); + if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) + native_set_pmd(pmd_p, native_make_pmd(pmd_val)); + +out: + return pgtable_area; +} + +static unsigned long __init sme_pgtable_calc(unsigned long len) +{ + unsigned long p4d_size, pud_size, pmd_size; + unsigned long total; + + /* + * Perform a relatively simplistic calculation of the pagetable + * entries that are needed. That mappings will be covered by 2MB + * PMD entries so we can conservatively calculate the required + * number of P4D, PUD and PMD structures needed to perform the + * mappings. Incrementing the count for each covers the case where + * the addresses cross entries. + */ + if (IS_ENABLED(CONFIG_X86_5LEVEL)) { + p4d_size = (ALIGN(len, PGDIR_SIZE) / PGDIR_SIZE) + 1; + p4d_size *= sizeof(p4d_t) * PTRS_PER_P4D; + pud_size = (ALIGN(len, P4D_SIZE) / P4D_SIZE) + 1; + pud_size *= sizeof(pud_t) * PTRS_PER_PUD; + } else { + p4d_size = 0; + pud_size = (ALIGN(len, PGDIR_SIZE) / PGDIR_SIZE) + 1; + pud_size *= sizeof(pud_t) * PTRS_PER_PUD; + } + pmd_size = (ALIGN(len, PUD_SIZE) / PUD_SIZE) + 1; + pmd_size *= sizeof(pmd_t) * PTRS_PER_PMD; + + total = p4d_size + pud_size + pmd_size; + + /* + * Now calculate the added pagetable structures needed to populate + * the new pagetables. + */ + if (IS_ENABLED(CONFIG_X86_5LEVEL)) { + p4d_size = ALIGN(total, PGDIR_SIZE) / PGDIR_SIZE; + p4d_size *= sizeof(p4d_t) * PTRS_PER_P4D; + pud_size = ALIGN(total, P4D_SIZE) / P4D_SIZE; + pud_size *= sizeof(pud_t) * PTRS_PER_PUD; + } else { + p4d_size = 0; + pud_size = ALIGN(total, PGDIR_SIZE) / PGDIR_SIZE; + pud_size *= sizeof(pud_t) * PTRS_PER_PUD; + } + pmd_size = ALIGN(total, PUD_SIZE) / PUD_SIZE; + pmd_size *= sizeof(pmd_t) * PTRS_PER_PMD; + + total += p4d_size + pud_size + pmd_size; + + return total; +} + void __init sme_encrypt_kernel(void) { + unsigned long workarea_start, workarea_end, workarea_len; + unsigned long execute_start, execute_end, execute_len; + unsigned long kernel_start, kernel_end, kernel_len; + unsigned long pgtable_area_len; + unsigned long paddr, pmd_flags; + unsigned long decrypted_base; + void *pgtable_area; + pgd_t *pgd; + + if (!sme_active()) + return; + + /* + * Prepare for encrypting the kernel by building new pagetables with + * the necessary attributes needed to encrypt the kernel in place. + * + * One range of virtual addresses will map the memory occupied + * by the kernel as encrypted. + * + * Another range of virtual addresses will map the memory occupied + * by the kernel as decrypted and write-protected. + * + * The use of write-protect attribute will prevent any of the + * memory from being cached. + */ + + /* Physical addresses gives us the identity mapped virtual addresses */ + kernel_start = __pa_symbol(_text); + kernel_end = ALIGN(__pa_symbol(_end), PMD_PAGE_SIZE); + kernel_len = kernel_end - kernel_start; + + /* Set the encryption workarea to be immediately after the kernel */ + workarea_start = kernel_end; + + /* + * Calculate required number of workarea bytes needed: + * executable encryption area size: + * stack page (PAGE_SIZE) + * encryption routine page (PAGE_SIZE) + * intermediate copy buffer (PMD_PAGE_SIZE) + * pagetable structures for the encryption of the kernel + * pagetable structures for workarea (in case not currently mapped) + */ + execute_start = workarea_start; + execute_end = execute_start + (PAGE_SIZE * 2) + PMD_PAGE_SIZE; + execute_len = execute_end - execute_start; + + /* + * One PGD for both encrypted and decrypted mappings and a set of + * PUDs and PMDs for each of the encrypted and decrypted mappings. + */ + pgtable_area_len = sizeof(pgd_t) * PTRS_PER_PGD; + pgtable_area_len += sme_pgtable_calc(execute_end - kernel_start) * 2; + + /* PUDs and PMDs needed in the current pagetables for the workarea */ + pgtable_area_len += sme_pgtable_calc(execute_len + pgtable_area_len); + + /* + * The total workarea includes the executable encryption area and + * the pagetable area. + */ + workarea_len = execute_len + pgtable_area_len; + workarea_end = workarea_start + workarea_len; + + /* + * Set the address to the start of where newly created pagetable + * structures (PGDs, PUDs and PMDs) will be allocated. New pagetable + * structures are created when the workarea is added to the current + * pagetables and when the new encrypted and decrypted kernel + * mappings are populated. + */ + pgtable_area = (void *)execute_end; + + /* + * Make sure the current pagetable structure has entries for + * addressing the workarea. + */ + pgd = (pgd_t *)native_read_cr3_pa(); + paddr = workarea_start; + while (paddr < workarea_end) { + pgtable_area = sme_populate_pgd(pgd, pgtable_area, + paddr, + paddr + PMD_FLAGS); + + paddr += PMD_PAGE_SIZE; + } + + /* Flush the TLB - no globals so cr3 is enough */ + native_write_cr3(__native_read_cr3()); + + /* + * A new pagetable structure is being built to allow for the kernel + * to be encrypted. It starts with an empty PGD that will then be + * populated with new PUDs and PMDs as the encrypted and decrypted + * kernel mappings are created. + */ + pgd = pgtable_area; + memset(pgd, 0, sizeof(*pgd) * PTRS_PER_PGD); + pgtable_area += sizeof(*pgd) * PTRS_PER_PGD; + + /* Add encrypted kernel (identity) mappings */ + pmd_flags = PMD_FLAGS | _PAGE_ENC; + paddr = kernel_start; + while (paddr < kernel_end) { + pgtable_area = sme_populate_pgd(pgd, pgtable_area, + paddr, + paddr + pmd_flags); + + paddr += PMD_PAGE_SIZE; + } + + /* + * A different PGD index/entry must be used to get different + * pagetable entries for the decrypted mapping. Choose the next + * PGD index and convert it to a virtual address to be used as + * the base of the mapping. + */ + decrypted_base = (pgd_index(workarea_end) + 1) & (PTRS_PER_PGD - 1); + decrypted_base <<= PGDIR_SHIFT; + + /* Add decrypted, write-protected kernel (non-identity) mappings */ + pmd_flags = (PMD_FLAGS & ~_PAGE_CACHE_MASK) | (_PAGE_PAT | _PAGE_PWT); + paddr = kernel_start; + while (paddr < kernel_end) { + pgtable_area = sme_populate_pgd(pgd, pgtable_area, + paddr + decrypted_base, + paddr + pmd_flags); + + paddr += PMD_PAGE_SIZE; + } + + /* Add decrypted workarea mappings to both kernel mappings */ + paddr = workarea_start; + while (paddr < workarea_end) { + pgtable_area = sme_populate_pgd(pgd, pgtable_area, + paddr, + paddr + PMD_FLAGS); + + pgtable_area = sme_populate_pgd(pgd, pgtable_area, + paddr + decrypted_base, + paddr + PMD_FLAGS); + + paddr += PMD_PAGE_SIZE; + } + + /* Perform the encryption */ + sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, + kernel_len, workarea_start, (unsigned long)pgd); + + /* + * At this point we are running encrypted. Remove the mappings for + * the decrypted areas - all that is needed for this is to remove + * the PGD entry/entries. + */ + sme_clear_pgd(pgd, kernel_start + decrypted_base, + kernel_end + decrypted_base); + + sme_clear_pgd(pgd, workarea_start + decrypted_base, + workarea_end + decrypted_base); + + /* Flush the TLB - no globals so cr3 is enough */ + native_write_cr3(__native_read_cr3()); } void __init sme_enable(void) diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S new file mode 100644 index 0000000..7720b00 --- /dev/null +++ b/arch/x86/mm/mem_encrypt_boot.S @@ -0,0 +1,150 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include +#include +#include +#include +#include + + .text + .code64 +ENTRY(sme_encrypt_execute) + + /* + * Entry parameters: + * RDI - virtual address for the encrypted kernel mapping + * RSI - virtual address for the decrypted kernel mapping + * RDX - length of kernel + * RCX - virtual address of the encryption workarea, including: + * - stack page (PAGE_SIZE) + * - encryption routine page (PAGE_SIZE) + * - intermediate copy buffer (PMD_PAGE_SIZE) + * R8 - physcial address of the pagetables to use for encryption + */ + + push %rbp + push %r12 + + /* Set up a one page stack in the non-encrypted memory area */ + movq %rsp, %rbp /* Save current stack pointer */ + movq %rcx, %rax /* Workarea stack page */ + movq %rax, %rsp /* Set new stack pointer */ + addq $PAGE_SIZE, %rsp /* Stack grows from the bottom */ + addq $PAGE_SIZE, %rax /* Workarea encryption routine */ + + movq %rdi, %r10 /* Encrypted kernel */ + movq %rsi, %r11 /* Decrypted kernel */ + movq %rdx, %r12 /* Kernel length */ + + /* Copy encryption routine into the workarea */ + movq %rax, %rdi /* Workarea encryption routine */ + leaq __enc_copy(%rip), %rsi /* Encryption routine */ + movq $(.L__enc_copy_end - __enc_copy), %rcx /* Encryption routine length */ + rep movsb + + /* Setup registers for call */ + movq %r10, %rdi /* Encrypted kernel */ + movq %r11, %rsi /* Decrypted kernel */ + movq %r8, %rdx /* Pagetables used for encryption */ + movq %r12, %rcx /* Kernel length */ + movq %rax, %r8 /* Workarea encryption routine */ + addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ + + call *%rax /* Call the encryption routine */ + + movq %rbp, %rsp /* Restore original stack pointer */ + + pop %r12 + pop %rbp + + ret +ENDPROC(sme_encrypt_execute) + +ENTRY(__enc_copy) +/* + * Routine used to encrypt kernel. + * This routine must be run outside of the kernel proper since + * the kernel will be encrypted during the process. So this + * routine is defined here and then copied to an area outside + * of the kernel where it will remain and run decrypted + * during execution. + * + * On entry the registers must be: + * RDI - virtual address for the encrypted kernel mapping + * RSI - virtual address for the decrypted kernel mapping + * RDX - address of the pagetables to use for encryption + * RCX - length of kernel + * R8 - intermediate copy buffer + * + * RAX - points to this routine + * + * The kernel will be encrypted by copying from the non-encrypted + * kernel space to an intermediate buffer and then copying from the + * intermediate buffer back to the encrypted kernel space. The physical + * addresses of the two kernel space mappings are the same which + * results in the kernel being encrypted "in place". + */ + /* Enable the new page tables */ + mov %rdx, %cr3 + + /* Flush any global TLBs */ + mov %cr4, %rdx + andq $~X86_CR4_PGE, %rdx + mov %rdx, %cr4 + orq $X86_CR4_PGE, %rdx + mov %rdx, %cr4 + + /* Set the PAT register PA5 entry to write-protect */ + push %rcx + movl $MSR_IA32_CR_PAT, %ecx + rdmsr + push %rdx /* Save original PAT value */ + andl $0xffff00ff, %edx /* Clear PA5 */ + orl $0x00000500, %edx /* Set PA5 to WP */ + wrmsr + pop %rdx /* RDX contains original PAT value */ + pop %rcx + + movq %rcx, %r9 /* Save kernel length */ + movq %rdi, %r10 /* Save encrypted kernel address */ + movq %rsi, %r11 /* Save decrypted kernel address */ + + wbinvd /* Invalidate any cache entries */ + + /* Copy/encrypt 2MB at a time */ +1: + movq %r11, %rsi /* Source - decrypted kernel */ + movq %r8, %rdi /* Dest - intermediate copy buffer */ + movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ + rep movsb + + movq %r8, %rsi /* Source - intermediate copy buffer */ + movq %r10, %rdi /* Dest - encrypted kernel */ + movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ + rep movsb + + addq $PMD_PAGE_SIZE, %r11 + addq $PMD_PAGE_SIZE, %r10 + subq $PMD_PAGE_SIZE, %r9 /* Kernel length decrement */ + jnz 1b /* Kernel length not zero? */ + + /* Restore PAT register */ + push %rdx /* Save original PAT value */ + movl $MSR_IA32_CR_PAT, %ecx + rdmsr + pop %rdx /* Restore original PAT value */ + wrmsr + + ret +.L__enc_copy_end: +ENDPROC(__enc_copy)