lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 18 Jul 2017 03:53:46 -0700
From:   tip-bot for Tom Lendacky <tipbot@...or.com>
To:     linux-tip-commits@...r.kernel.org
Cc:     glider@...gle.com, corbet@....net, linux-kernel@...r.kernel.org,
        matt@...eblueprint.co.uk, tglx@...utronix.de, bp@...en8.de,
        mst@...hat.com, pbonzini@...hat.com, konrad.wilk@...cle.com,
        thomas.lendacky@....com, torvalds@...ux-foundation.org,
        mingo@...nel.org, riel@...hat.com, lwoodman@...hat.com, bp@...e.de,
        toshi.kani@....com, brijesh.singh@....com, aryabinin@...tuozzo.com,
        peterz@...radead.org, hpa@...or.com, rkrcmar@...hat.com,
        dyoung@...hat.com, dvyukov@...gle.com, luto@...nel.org,
        arnd@...db.de
Subject: [tip:x86/mm] x86/efi: Update EFI pagetable creation to work with
 SME

Commit-ID:  38eecccdf488e38ee93690cfe9ec1914b73f512f
Gitweb:     http://git.kernel.org/tip/38eecccdf488e38ee93690cfe9ec1914b73f512f
Author:     Tom Lendacky <thomas.lendacky@....com>
AuthorDate: Mon, 17 Jul 2017 16:10:15 -0500
Committer:  Ingo Molnar <mingo@...nel.org>
CommitDate: Tue, 18 Jul 2017 11:38:02 +0200

x86/efi: Update EFI pagetable creation to work with SME

When SME is active, pagetable entries created for EFI need to have the
encryption mask set as necessary.

When the new pagetable pages are allocated they are mapped encrypted. So,
update the efi_pgt value that will be used in CR3 to include the encryption
mask so that the PGD table can be read successfully. The pagetable mapping
as well as the kernel are also added to the pagetable mapping as encrypted.
All other EFI mappings are mapped decrypted (tables, etc.).

Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Reviewed-by: Thomas Gleixner <tglx@...utronix.de>
Reviewed-by: Matt Fleming <matt@...eblueprint.co.uk>
Reviewed-by: Borislav Petkov <bp@...e.de>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brijesh Singh <brijesh.singh@....com>
Cc: Dave Young <dyoung@...hat.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Jonathan Corbet <corbet@....net>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Cc: Larry Woodman <lwoodman@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Michael S. Tsirkin <mst@...hat.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Radim Krčmář <rkrcmar@...hat.com>
Cc: Rik van Riel <riel@...hat.com>
Cc: Toshimitsu Kani <toshi.kani@....com>
Cc: kasan-dev@...glegroups.com
Cc: kvm@...r.kernel.org
Cc: linux-arch@...r.kernel.org
Cc: linux-doc@...r.kernel.org
Cc: linux-efi@...r.kernel.org
Cc: linux-mm@...ck.org
Link: http://lkml.kernel.org/r/9a8f4c502db4a84b09e2f0a1555bb75aa8b69785.1500319216.git.thomas.lendacky@amd.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
 arch/x86/platform/efi/efi_64.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
index 9bf72f5..12e8388 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
@@ -327,7 +327,7 @@ virt_to_phys_or_null_size(void *va, unsigned long size)
 
 int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 {
-	unsigned long pfn, text;
+	unsigned long pfn, text, pf;
 	struct page *page;
 	unsigned npages;
 	pgd_t *pgd;
@@ -335,7 +335,12 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	if (efi_enabled(EFI_OLD_MEMMAP))
 		return 0;
 
-	efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);
+	/*
+	 * Since the PGD is encrypted, set the encryption mask so that when
+	 * this value is loaded into cr3 the PGD will be decrypted during
+	 * the pagetable walk.
+	 */
+	efi_scratch.efi_pgt = (pgd_t *)__sme_pa(efi_pgd);
 	pgd = efi_pgd;
 
 	/*
@@ -345,7 +350,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	 * phys_efi_set_virtual_address_map().
 	 */
 	pfn = pa_memmap >> PAGE_SHIFT;
-	if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, _PAGE_NX | _PAGE_RW)) {
+	pf = _PAGE_NX | _PAGE_RW | _PAGE_ENC;
+	if (kernel_map_pages_in_pgd(pgd, pfn, pa_memmap, num_pages, pf)) {
 		pr_err("Error ident-mapping new memmap (0x%lx)!\n", pa_memmap);
 		return 1;
 	}
@@ -388,7 +394,8 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
 	text = __pa(_text);
 	pfn = text >> PAGE_SHIFT;
 
-	if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, _PAGE_RW)) {
+	pf = _PAGE_RW | _PAGE_ENC;
+	if (kernel_map_pages_in_pgd(pgd, pfn, text, npages, pf)) {
 		pr_err("Failed to map kernel text 1:1\n");
 		return 1;
 	}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ