From patchwork Fri Nov 10 22:27:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Philipson X-Patchwork-Id: 164009 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b129:0:b0:403:3b70:6f57 with SMTP id q9csp1420614vqs; Fri, 10 Nov 2023 14:29:01 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8g+ymS78JtVOGMuOcLee8AeWqVlmPoaKSgzHRWmvpBbFd5Zb9wHinY6uXtaxtovijf2h/ X-Received: by 2002:a05:6870:5b33:b0:1d7:1533:6869 with SMTP id ds51-20020a0568705b3300b001d715336869mr457630oab.31.1699655341545; Fri, 10 Nov 2023 14:29:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699655341; cv=none; d=google.com; s=arc-20160816; b=doFthLyEgkb/rDLD9MZnElHzDJZ827zfe0reK1cCbuxPyYvPKAKOIpKeVMx/fNlOt5 qP4kfqua7z51QunCuUg4nq4ZC6Smk9m/3EU74Kr7W6jSs8nQu4Rs8tmpRuU5GtnETPeF OlFKX7+EMfXaGRaJYyU0/Dw2QtISmh/flnZN9r9Dp45+ltd/DXO0mTnpfQQWDChjWEzW 6B2Qgi7gFVXn15+gF1TcA1C43IeyUjvpW7dtKktiDByyIGoD90JpiwXRRRECRj0UhoC0 SUNYqnsL//xb3nmFUF7mx9OvUKmxYrh2yVxCJIIvR6gJFEOZLWxs83IEFrN4Qz643Sro IICw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gwoQSTFNy3RtIL8T+foWx21Moncd5kBk5OKc+70Uqks=; fh=3RswKj8aEXyBJ6DCbqm+xF4dpuJnrF7Rjf3Zdj/lhD8=; b=Egerj21ql1sQMvg6lb5pEgyhKe8iM+jmcGMGpaVENZ/qa9vWXVWFkRAaVgiYon4h4g /pnV/yt+x1J/3GSUnU6Ap/xE37tRXytRmI6SzMeVcoxl8i67suCJI7H1b7TtIRjcCPWB PTAHcFSBXx9RAUYJjckN0ZZA669B6OaH8O9sYyLUgFqeiljffBSReubyFUO/xo036JvQ WBCrXRGwhoFHAPKuF/jYke0QIcoSmv8roOiQP4gebxnQrZh1gZX7BtOaON1aCMjeGAi2 17wTnvlTLSajh1Jok8iKqn83FBSbGVcnJA+BV8Y1dKPw8ESoQbx1eQEGx8s23jjW9Yk7 RPaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=vj0hLftK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id m125-20020a633f83000000b0055793097dbesi381779pga.469.2023.11.10.14.29.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Nov 2023 14:29:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=vj0hLftK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 9E23C83D2102; Fri, 10 Nov 2023 14:28:59 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230259AbjKJW2w (ORCPT + 29 others); Fri, 10 Nov 2023 17:28:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229783AbjKJW2o (ORCPT ); Fri, 10 Nov 2023 17:28:44 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 712DA44B3; Fri, 10 Nov 2023 14:28:37 -0800 (PST) Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAHicQr030766; Fri, 10 Nov 2023 22:28:06 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2023-03-30; bh=gwoQSTFNy3RtIL8T+foWx21Moncd5kBk5OKc+70Uqks=; b=vj0hLftKmTueUFZnT7YbDXUV0ofTsfBjveVC0L+vy9cuqE6YSONESudmQYTsjBO1fpBt mAcKxOIQI+k1Lc7iufJsfjmhiOS9QsWXSZg6tWuqBp2cPuKqIyctK5d/1bB2lvBBcuMR g33y8j/NtsgSCAVzSug+aa9wbr+8F6O754fv80ZqY8y31OcU5CecewN7Y+HkShjXc1c0 FPWKBJJMAcbdwLU36mPFpPsPmgNV+GOu/oAI47l0VwVhrPv/S+CuxnlcmTag3HOFrwCd Xi4Bu6Vm3i0Es1PodeEn60iTOPm64dtyF+QLSQDLJJDmFizvbcO0xdLoigwV9nrih796 ZQ== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3u7w23q0v4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 22:28:06 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAK96dw023887; Fri, 10 Nov 2023 22:28:04 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nb2v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:04 +0000 Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3AAMRsaI039112; Fri, 10 Nov 2023 22:28:04 GMT Received: from ovs113.us.oracle.com (ovs113.us.oracle.com [10.149.224.213]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nayh-11 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:04 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, luto@amacapital.net, nivedita@alum.mit.edu, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: [PATCH v7 10/13] kexec: Secure Launch kexec SEXIT support Date: Fri, 10 Nov 2023 17:27:48 -0500 Message-Id: <20231110222751.219836-11-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231110222751.219836-1-ross.philipson@oracle.com> References: <20231110222751.219836-1-ross.philipson@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_20,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 spamscore=0 mlxscore=0 adultscore=0 malwarescore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100187 X-Proofpoint-ORIG-GUID: 43ATF9mZ3V2tyDpoBPzgW1Mws0it0kPj X-Proofpoint-GUID: 43ATF9mZ3V2tyDpoBPzgW1Mws0it0kPj X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Fri, 10 Nov 2023 14:28:59 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782217798999850499 X-GMAIL-MSGID: 1782217798999850499 Prior to running the next kernel via kexec, the Secure Launch code closes down private SMX resources and does an SEXIT. This allows the next kernel to start normally without any issues starting the APs etc. Signed-off-by: Ross Philipson --- arch/x86/kernel/slaunch.c | 73 +++++++++++++++++++++++++++++++++++++++ kernel/kexec_core.c | 4 +++ 2 files changed, 77 insertions(+) diff --git a/arch/x86/kernel/slaunch.c b/arch/x86/kernel/slaunch.c index cd5aa34e395c..32b0c24a6484 100644 --- a/arch/x86/kernel/slaunch.c +++ b/arch/x86/kernel/slaunch.c @@ -523,3 +523,76 @@ void __init slaunch_setup_txt(void) pr_info("Intel TXT setup complete\n"); } + +static inline void smx_getsec_sexit(void) +{ + asm volatile (".byte 0x0f,0x37\n" + : : "a" (SMX_X86_GETSEC_SEXIT)); +} + +/* + * Used during kexec and on reboot paths to finalize the TXT state + * and do an SEXIT exiting the DRTM and disabling SMX mode. + */ +void slaunch_finalize(int do_sexit) +{ + u64 one = TXT_REGVALUE_ONE, val; + void __iomem *config; + + if ((slaunch_get_flags() & (SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT)) != + (SL_FLAG_ACTIVE | SL_FLAG_ARCH_TXT)) + return; + + config = ioremap(TXT_PRIV_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT private reqs\n"); + return; + } + + /* Clear secrets bit for SEXIT */ + memcpy_toio(config + TXT_CR_CMD_NO_SECRETS, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Unlock memory configurations */ + memcpy_toio(config + TXT_CR_CMD_UNLOCK_MEM_CONFIG, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* Close the TXT private register space */ + memcpy_toio(config + TXT_CR_CMD_CLOSE_PRIVATE, &one, sizeof(one)); + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + /* + * Calls to iounmap are not being done because of the state of the + * system this late in the kexec process. Local IRQs are disabled and + * iounmap causes a TLB flush which in turn causes a warning. Leaving + * thse mappings is not an issue since the next kernel is going to + * completely re-setup memory management. + */ + + /* Map public registers and do a final read fence */ + config = ioremap(TXT_PUB_CONFIG_REGS_BASE, TXT_NR_CONFIG_PAGES * + PAGE_SIZE); + if (!config) { + pr_emerg("Error SEXIT failed to ioremap TXT public reqs\n"); + return; + } + + memcpy_fromio(&val, config + TXT_CR_E2STS, sizeof(val)); + + pr_emerg("TXT clear secrets bit and unlock memory complete.\n"); + + if (!do_sexit) + return; + + if (smp_processor_id() != 0) + panic("Error TXT SEXIT must be called on CPU 0\n"); + + /* Disable SMX mode */ + cr4_set_bits(X86_CR4_SMXE); + + /* Do the SEXIT SMX operation */ + smx_getsec_sexit(); + + pr_info("TXT SEXIT complete.\n"); +} diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index be5642a4ec49..98b2db21a952 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -1264,6 +1265,9 @@ int kernel_kexec(void) cpu_hotplug_enable(); pr_notice("Starting new kernel\n"); machine_shutdown(); + + /* Finalize TXT registers and do SEXIT */ + slaunch_finalize(1); } kmsg_dump(KMSG_DUMP_SHUTDOWN);