lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <70f8097f-7222-fe18-78b4-9372c21bfc9d@ozlabs.ru>
Date:   Thu, 18 Jul 2019 18:11:48 +1000
From:   Alexey Kardashevskiy <aik@...abs.ru>
To:     Thiago Jung Bauermann <bauerman@...ux.ibm.com>,
        linuxppc-dev@...ts.ozlabs.org
Cc:     linux-kernel@...r.kernel.org,
        Anshuman Khandual <anshuman.linux@...il.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Christoph Hellwig <hch@....de>,
        Michael Ellerman <mpe@...erman.id.au>,
        Mike Anderson <andmike@...ux.ibm.com>,
        Paul Mackerras <paulus@...ba.org>,
        Ram Pai <linuxram@...ibm.com>,
        Claudio Carvalho <cclaudio@...ux.ibm.com>
Subject: Re: [PATCH v2 03/13] powerpc/prom_init: Add the ESM call to prom_init



On 13/07/2019 16:00, Thiago Jung Bauermann wrote:
> From: Ram Pai <linuxram@...ibm.com>
> 
> Make the Enter-Secure-Mode (ESM) ultravisor call to switch the VM to secure
> mode. Add "svm=" command line option to turn on switching to secure mode.
> 
> Signed-off-by: Ram Pai <linuxram@...ibm.com>
> [ andmike: Generate an RTAS os-term hcall when the ESM ucall fails. ]
> Signed-off-by: Michael Anderson <andmike@...ux.ibm.com>
> [ bauerman: Cleaned up the code a bit. ]
> Signed-off-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
> ---
>   .../admin-guide/kernel-parameters.txt         |  5 +
>   arch/powerpc/include/asm/ultravisor-api.h     |  1 +
>   arch/powerpc/kernel/prom_init.c               | 99 +++++++++++++++++++
>   3 files changed, 105 insertions(+)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 7b15abf7db21..c611891b5992 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4585,6 +4585,11 @@
>   			/sys/power/pm_test). Only available when CONFIG_PM_DEBUG
>   			is set. Default value is 5.
>   
> +	svm=		[PPC]
> +			Format: { on | off | y | n | 1 | 0 }
> +			This parameter controls use of the Protected
> +			Execution Facility on pSeries.
> +
>   	swapaccount=[0|1]
>   			[KNL] Enable accounting of swap in memory resource
>   			controller if no parameter or 1 is given or disable
> diff --git a/arch/powerpc/include/asm/ultravisor-api.h b/arch/powerpc/include/asm/ultravisor-api.h
> index c8180427fa01..fe9a0d8d7673 100644
> --- a/arch/powerpc/include/asm/ultravisor-api.h
> +++ b/arch/powerpc/include/asm/ultravisor-api.h
> @@ -19,6 +19,7 @@
>   
>   /* opcodes */
>   #define UV_WRITE_PATE			0xF104
> +#define UV_ESM				0xF110
>   #define UV_RETURN			0xF11C
>   #define UV_REGISTER_MEM_SLOT		0xF120
>   #define UV_UNREGISTER_MEM_SLOT		0xF124
> diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
> index a3fb90bb5a39..6389a992451b 100644
> --- a/arch/powerpc/kernel/prom_init.c
> +++ b/arch/powerpc/kernel/prom_init.c
> @@ -44,6 +44,7 @@
>   #include <asm/sections.h>
>   #include <asm/machdep.h>
>   #include <asm/asm-prototypes.h>
> +#include <asm/ultravisor-api.h>
>   
>   #include <linux/linux_logo.h>
>   
> @@ -175,6 +176,10 @@ static bool __prombss prom_radix_disable;
>   static bool __prombss prom_xive_disable;
>   #endif
>   
> +#ifdef CONFIG_PPC_SVM
> +static bool __prombss prom_svm_enable;
> +#endif
> +
>   struct platform_support {
>   	bool hash_mmu;
>   	bool radix_mmu;
> @@ -816,6 +821,17 @@ static void __init early_cmdline_parse(void)
>   		prom_debug("XIVE disabled from cmdline\n");
>   	}
>   #endif /* CONFIG_PPC_PSERIES */
> +
> +#ifdef CONFIG_PPC_SVM
> +	opt = prom_strstr(prom_cmd_line, "svm=");
> +	if (opt) {
> +		bool val;
> +
> +		opt += sizeof("svm=") - 1;
> +		if (!prom_strtobool(opt, &val))
> +			prom_svm_enable = val;
> +	}
> +#endif /* CONFIG_PPC_SVM */
>   }
>   
>   #ifdef CONFIG_PPC_PSERIES
> @@ -1716,6 +1732,43 @@ static void __init prom_close_stdin(void)
>   	}
>   }
>   
> +#ifdef CONFIG_PPC_SVM
> +static int prom_rtas_hcall(uint64_t args)
> +{
> +	register uint64_t arg1 asm("r3") = H_RTAS;
> +	register uint64_t arg2 asm("r4") = args;
> +
> +	asm volatile("sc 1\n" : "=r" (arg1) :
> +			"r" (arg1),
> +			"r" (arg2) :);
> +	return arg1;
> +}
> +
> +static struct rtas_args __prombss os_term_args;
> +
> +static void __init prom_rtas_os_term(char *str)
> +{
> +	phandle rtas_node;
> +	__be32 val;
> +	u32 token;
> +
> +	prom_debug("%s: start...\n", __func__);
> +	rtas_node = call_prom("finddevice", 1, 1, ADDR("/rtas"));
> +	prom_debug("rtas_node: %x\n", rtas_node);
> +	if (!PHANDLE_VALID(rtas_node))
> +		return;
> +
> +	val = 0;
> +	prom_getprop(rtas_node, "ibm,os-term", &val, sizeof(val));
> +	token = be32_to_cpu(val);
> +	prom_debug("ibm,os-term: %x\n", token);
> +	if (token == 0)
> +		prom_panic("Could not get token for ibm,os-term\n");
> +	os_term_args.token = cpu_to_be32(token);
> +	prom_rtas_hcall((uint64_t)&os_term_args);
> +}
> +#endif /* CONFIG_PPC_SVM */
> +
>   /*
>    * Allocate room for and instantiate RTAS
>    */
> @@ -3172,6 +3225,49 @@ static void unreloc_toc(void)
>   #endif
>   #endif
>   
> +#ifdef CONFIG_PPC_SVM
> +/*
> + * Perform the Enter Secure Mode ultracall.
> + */
> +static int enter_secure_mode(unsigned long kbase, unsigned long fdt)
> +{
> +	register uint64_t func asm("r3") = UV_ESM;
> +	register uint64_t arg1 asm("r4") = (uint64_t)kbase;
> +	register uint64_t arg2 asm("r5") = (uint64_t)fdt;



What does UV do with kbase and fdt precisely? Few words in the commit 
log will do.


> +
> +	asm volatile("sc 2\n"
> +		     : "=r"(func)
> +		     : "0"(func), "r"(arg1), "r"(arg2)
> +		     :);
> +
> +	return (int)func;


And why "func"? Is it "function"? Weird name. Thanks,


> +}
> +
> +/*
> + * Call the Ultravisor to transfer us to secure memory if we have an ESM blob.
> + */
> +static void setup_secure_guest(unsigned long kbase, unsigned long fdt)
> +{
> +	int ret;
> +
> +	if (!prom_svm_enable)
> +		return;
> +
> +	/* Switch to secure mode. */
> +	prom_printf("Switching to secure mode.\n");
> +
> +	ret = enter_secure_mode(kbase, fdt);
> +	if (ret != U_SUCCESS) {
> +		prom_printf("Returned %d from switching to secure mode.\n", ret);
> +		prom_rtas_os_term("Switch to secure mode failed.\n");
> +	}
> +}
> +#else
> +static void setup_secure_guest(unsigned long kbase, unsigned long fdt)
> +{
> +}
> +#endif /* CONFIG_PPC_SVM */
> +
>   /*
>    * We enter here early on, when the Open Firmware prom is still
>    * handling exceptions and the MMU hash table for us.
> @@ -3370,6 +3466,9 @@ unsigned long __init prom_init(unsigned long r3, unsigned long r4,
>   	unreloc_toc();
>   #endif
>   
> +	/* Move to secure memory if we're supposed to be secure guests. */
> +	setup_secure_guest(kbase, hdr);
> +
>   	__start(hdr, kbase, 0, 0, 0, 0, 0);
>   
>   	return 0;
> 

-- 
Alexey

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ