From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756594AbcHVXtz (ORCPT ); Mon, 22 Aug 2016 19:49:55 -0400 Received: from mail-by2nam03on0054.outbound.protection.outlook.com ([104.47.42.54]:58815 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754177AbcHVXtv (ORCPT ); Mon, 22 Aug 2016 19:49:51 -0400 X-Greylist: delayed 526 seconds by postgrey-1.27 at vger.kernel.org; Mon, 22 Aug 2016 19:49:51 EDT Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Subject: [RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:24:19 -0400 Message-ID: <147190825949.9523.11406635622434950066.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: CY1PR13CA0032.namprd13.prod.outlook.com (10.162.30.170) To BY2PR12MB0663.namprd12.prod.outlook.com (10.163.113.152) X-MS-Office365-Filtering-Correlation-Id: 563c970e-e05c-46f9-bb37-08d3cae3754b X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0663;2:pJ6+vrJCEdjxcy6FY5Ngo2VzjAoJJpNKZTWoeJsezIIiKt8hOTSUOHQqXOCDJCjpFUFVRoYblppHPsMSytC9+ske9Soo0E8wwN163l2YoZauErsHDFy8aVUXbMlOlquUTfqRw8RhuezHUz3HjojwWEomWTB0MgMTBT1T8SONDD+MgKDpUVDAPnBo0F3Lup7+;3:d/DuRfskc0yTD31UsJJ11rI/D9UI05aVay8pJ0ebtQVbtpe+fujVnGVV4q9kS5KRBJmSfsvhFLsinBv2YMC+9f7p1O7CR6DzWXDJTiZrikCXg+PFr69AtdHgT203zfT+;25:QIzmdX2mSQkR/YaSYv8pNu9Z8QcFnDXQB4q/lPlY0+p+pgL6Ifkyf9r2vyUVqYgsBo5uvsrdJEObCL3BiQZeBAuOt5C9dVXAIQz3xCuyYcACM+jzCGtzyr06Wl3+IRR0P+68jhLLeH/RUd8o/Ni3FKS3D1uMDYz1MVJN0qE2gdCy4UQK0KH3pK8nniIRsfincmG+zuxw1m5/fXxj6NsGFYAq/ZTE1dovWkbHV4diGQXKZJzorGFWbimGGg/nO24kEOIjOlvfR+1+T3euhgWdwSwAvzS0Gl6FIXXJazVOCysHZxxHDrAUmHlikO3ewoUlB94OOnDTTmGipkNcYScDOoYIu3wHM3zXkZAHcVn55nJPMJW7gmVpitk7VCV1MCyBeUzqAlV9y+5e7le11BQB6+GbBD1tEkov3vanRagBkT0= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR12MB0663; X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0663;31:/YaecHn+F0ZPVQ6c/6AMY0Rfc3HbcnkOi1CuG0hkb4OUECeCB4IChKFJDZl/NHtrnDr5HyO28gkuuNBuzpMlYR8HjtUAncPP/pQh4aEtlQGm+MzYwlTT76uhf2QJ/G7+YZPjxuDdBGZq4Ai9LUls3TlV/urATvQHSwdC+v7ME3XIIsAjgZy+sU0XduUt2PXKrwbQ0GJQEBCHJUvGKxQ7p7k6YYqkbKD5nCbBN+VKot0=;20:xcvIJeNeTq4kzJriPYyQ9MXj9AUDKXt4t8OGZULjwlU8VdB3uDz3stncwfG5rwNI02U/NDGtvf3NsSoOfv5+9eIth7f1lsqVSsjuD4zrEdGfg0ZVaXwKak3G5dHtQDufNdXJQqw5gcEXN4M2o5jNx4Ox8lQN/fErOg+T2OmO4G2+XCZBf/kuUX/WUQsi6rVb9W/X+O7Uddr7ZTuX4BzN/kSPY0iQ0OWJ0ddtwvWvY9oLdATgkpk4orlFpQAGulbfNsNAvlwarlB3NlCMSMuTNdfu+/KTmVP7Wm9EjkKMfX0H/U7kW83R5GPtrpEykBdUZqlKe1BkqI4uczpPJ29yMPL8I0wSjoazPWYd8rg4uvQBqZwPgfWKHxzTeF9PsdOju3SPfGYpNh81EnAfFAnmrde1VTbjKnP+Kagf3qQWi6PYBH9sWBI/LT48/KP32NcaTddwS4rsm0BqdtP4TBAWxwZCM8Hc+Tcv6DXZdOYyqGUvN1Fx1LGfk2eG9kPO9MbI X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026);SRVR:BY2PR12MB0663;BCL:0;PCL:0;RULEID:;SRVR:BY2PR12MB0663; X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0663;4:68I6lu+ZjnkY0vnJBFHooamt5e0gf5vDjHqsQOii7YsD+cwc4+AwXIcaqw3UVF1quJNvdhmIhR3/D5h/KiBA1Ga0IZOlvjDHEvpAStpVOk2SQ+hxXEyOU9G+YSGxjWJtwq/tbqTtxQw/A4ceC3w+2H5o5BmFuRqnQmZJ+yTaEPXbUa/EXfRJPR4oc/PFlm2u2F+4HWoGGzCqxUQXN5FayqiC1ndYj1lKNOrHFoOvo79DWpZuU+a7qld13SvvvQu1l9daPrDEtiFG3loeqX8MPbwgamcfxWlTO0wPV50uGhzG/fx+qSIkNFxiM7UFrMeTQWiYOJD5Hct51synraJgImZUdmuvkIneAfdDRHxu+qqnVHCgX2dCWKs32ikGi0zs+TtrUvxtcXvGBqLcAK5PCVHxABIKuECeAbDtebYReGk63fQ0MyJ7jW43QTSynDSo X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(7916002)(189002)(199003)(33646002)(7416002)(92566002)(50466002)(77096005)(42186005)(7406005)(230700001)(575784001)(19580395003)(101416001)(83506001)(19580405001)(2950100001)(9686002)(76176999)(54356999)(81156014)(4001350100001)(586003)(106356001)(50986999)(86362001)(47776003)(81166006)(305945005)(105586002)(97736004)(5001770100001)(7846002)(229853001)(23676002)(189998001)(8676002)(2906002)(7736002)(3846002)(2201001)(6116002)(33716001)(66066001)(103116003)(107886002)(68736007)(5660300001)(921003)(217873001)(83996005)(2101003)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR12MB0663;H:[127.0.1.1];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwNjYzOzIzOkNkb3pQR055RlhRYTlDMlpyYWZuUUhQQm5Y?= =?utf-8?B?aW9hdXFqTk9wNUdyNzZCMUtWOTE1VGYraXFXMTlUN0x0TVN4akN3a1VIcndD?= =?utf-8?B?cGJWNlN1dnoyTEQ0K3BXMG9ldVdNMzVuTzQzUk5TcmdqaGMzZStmcFhDdVdv?= =?utf-8?B?ME9ORlZnbDU0RkltbXFmWkU3WDRSTWZUeUNuUVVjVkMvRDNRY01xRjFKenF4?= =?utf-8?B?THc5YVB3TlhDdTFBbElrdUo1VERWWjZraVNzMjl1dHYxYk9aak1yQmhHdEkz?= =?utf-8?B?SUNhV1FBb1VvNURwdzRKRHJ6WmcvOEJUWCs4aENhNGdOMjBKVzhaeHVSWHZj?= =?utf-8?B?NCtra2E1anIzdHo5OTZ6andmQ2RRNEw0MU03MzQyeXdyNWZzODFMV2NSczc1?= =?utf-8?B?NWVTTDBRdWtQUW43eEhTM2dyZ0draG9kdTJILzd6RTNXTUpZZnZUUE1yaVRy?= =?utf-8?B?RkV2NnVVa2wvUGYwa3g4ZFUwVS9GZ2ZnZEoxbHRQVDhqRWEydHJPWlhzTno2?= =?utf-8?B?MC85NlFZZ2g3aEV3a1BGSmRsbmFWdXNCczRoRXhsNm1NaUVLVXVjRkllOXh0?= =?utf-8?B?dXg0ZHFCWUdXNzROVmc5OFM2d2djRDlmam50Um42MVVxR1BiSFNaM0FXWjZu?= =?utf-8?B?Qi82dFc3MDRtcEJNdnMyR0FsMi9lUkdOOFo3dDdiSnFJbTVPZCtWdGo5Wkw2?= =?utf-8?B?cHhmTDA0dmd1dEVtdGZYVkJuVjRqcXREOUtFTlVNYnpjcG1EVHpMV0l1SnpI?= =?utf-8?B?UW9tYmV5Z3RwTWNHT3F1T3djUFZROGFBR2hNSlZFYS8zT3VybyttaUNqTmls?= =?utf-8?B?aFBkV0lkTXB2OXYvamJPbWtNOXdUcG9TdFdxVnNHUzRUSnhXRUhFOFdOekds?= =?utf-8?B?WFhlUk9CZ3lkVG4wUDhVMTdqb3NGYXQrNUI4VmRNUHpSeVJXVDNZRzAyNFp6?= =?utf-8?B?UDFJME8zbTMwd3pEK1dtR3orQkFWY2k1Ti82eTVkaXpoN2VCWGZyR0FBQmJL?= =?utf-8?B?QlA1b3lpcjhFQU5MWTdLK0x2VXlsbmxUZUdFNlA1d1BJSzFWc2EzaXBzNS8z?= =?utf-8?B?Zy9TcUtGVHM2L3JXTFppTlVmUGp0eG5wa29aZW1SL0NtcURFYjNnUlREZXk5?= =?utf-8?B?UnJ1NGhGMmZ4Smw2MHBEMXB3TEZMZ2RkaS9Vb29Rc3RhYm9zMHBrcnZKZGZ2?= =?utf-8?B?R2FKUURFTWk0VVhLMEdWSms5QlBWS3NQRjJsTU1rMVhsakRDTS9QVU5zYk8r?= =?utf-8?B?dXpCNkhRTEtMcGRIZG5wM3prT1p2bzBUWmpVclhOOHpEUm4wNzYrekJkdVZn?= =?utf-8?B?MnM1anhXYi8veXZOcEoweGN5eFNjUEU3Z0ZGNmdHMTY0Z0VpQ1JRMVQ5eGsz?= =?utf-8?B?RWRIZjI1dVBTY0srdmxNOGhpb3l6WVJ5OE90SGJLZGg4VHVZZEVKMjZaSG5J?= =?utf-8?B?blQ2aHpJczIzMjJMYkE5TTVnc2RGcEZad09iSkkvNmtjVDBydk5BRXBrcktS?= =?utf-8?B?WXJLSVg4MXd5S0hmdDBvME9maVdjR0s5NENWUWRqQ2tpSXVqaEZhWmwzR290?= =?utf-8?B?REZnOXc1K0pRKzIrYnVKTHY4V2VqMWNaeHlaNWR1R1BnUUhaUXN0ZnBRRDBh?= =?utf-8?B?a1Nxa1ROdW5nSzhsVjc0M3F0ZktCcEVuNUxDbDJPZVI0R1haV1pUamRMYWJ2?= =?utf-8?B?WnNNRlhwQitZV3FjaU43bEx0N2tQZDNlR0x0Smc2b3RmQjN3dVBYTmpUaldX?= =?utf-8?B?bXdiM1pTcmxEOVdPQVZXYWZyMVVUMFpKL0RJRUhNTTMrVmFlck9jdFJzUlZt?= =?utf-8?B?dEMxU2JoSVk3cTJBWWtoeFV4K1VrUFBlSjdiUnN6RnRIYVZCUnRLRzlrdisw?= =?utf-8?Q?VIlk03zQFZQ=3D?= X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0663;6:q86Qw/GBDr4QF7TBQ5DmrDez5icvzzOaFNcGfQh3JzEk0YthL0KOWlur32x6pitPpRGOxggA9ns1fSLNaB9rv4BINNbry0jVci2TxoZo1mUwHI6Nrkn363J1IuAv/EDxE463Pe/ZTXZBHc2gIjV+nPsGKrse0ofcRzWgvILdcJOFt85TggBOV/TsKLRNAU/+8BglNPXw6Z5AsbIKNGbkx1xgHJReWgSDF7G/3vTw0GFK3VOioYatwHzUdx8X4ytDfg0htYkgSOEfi2IpCLT3JVqMfLlaWENYtykuUbKD88mpiFvAtVp4qTGMuqoCTFN/xGNvgga88CJkm5UG423Kxg==;5:b151EKDGtjDDPQjUopAb37pwHTt37Fdig4ROntQLprR0cguk+DaRbkmt6FW+8UefjNjiKzITQuaSUGm8ed5YdFDIrFSeIJaZjbHslJ4d51VIIZm8cxyLkyUZPBkgHL8fAMF1XHn9IOm/ONCg4HUVWQ==;24:7Xs0fdOxz/KlNu+ZK3zD12+n8CvyWxglWzYXin+zv9+hQVBquxhPKSPeKnxlk5ZH5cKbhk5jHnaD5XMGZj4QIwber4I7F874XR/aS0OFEHA=;7:nQBXy5vC1GkQ4tcNj6riZ3lCSJ9wg6MSpY3s/edBtwYeZlpSGKMUdpT2xgqqTIhBVph8EdA/l57+mhx3kdEwiYtLetRxL9ASwjfnDwmxqrcMtqBkG2luHvCRc6b7wMVwRUbg3FTeaKaSPuZADWuc0Pg5VdBeNVnINjslZUR4a58FWpE3TyQgz+PwALpAYQcCuJHjpb56XJIsijQx2I/OzREN6JU3S4HkLU7oXanO1DGVOia7Saq7r5iaz5fDM3Tv SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BY2PR12MB0663;20:fss5K4WuDXlv9ePRq2DEajZGLTXuDeBfZ2A3XIHP/lD+mwnG9yDaeDqMW9+Q5v3JrQl9SATwYdQmfyocHUlRi3cLxnfn0kWUFNO9YR2wdE8cYJdZJpLMzIRMHaaZ5Jw18M0BDThTYgCvWGlkbVZBpuco35uMcuRjaHAOwiesPMKRmat95xLVjVktmc3zz7WzAfNM7eLzEBtguc5LJMj4rEgs2royuq6bcZolB5Ru4Ch0xT9ugN9fde2N3OAOMpX/;23:szVsm7juV29ny4dqvw4558hwExJlVzEDlaJRXW/PyCYF0ci+uPBS9KVSLMzuw9rKDEUwFsVMsTfqQlStZbnY0u7SFBPMQxlk5st86EJHZC8kqKbkqFLc5LqEJKT6lsfA3NDPK/pDsSJEeDpXTBE1/B65U5FbqhMAX5hgv3ESnQNrv5M9mFAIYXGWGwfCTtpD X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:24:23.7034 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0663 X-OriginatorOrg: amd.com Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 3 +++ arch/x86/kernel/mem_encrypt.S | 8 ++++++++ arch/x86/kernel/x8664_ksyms_64.c | 1 + 3 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index e395729..9c592d1 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -20,6 +20,7 @@ #ifdef CONFIG_AMD_MEM_ENCRYPT extern unsigned long sme_me_mask; +extern unsigned int sev_active; u8 sme_get_me_loss(void); @@ -50,6 +51,8 @@ void swiotlb_set_mem_dec(void *vaddr, unsigned long size); #define sme_me_mask 0UL +#define sev_active 0 + static inline u8 sme_get_me_loss(void) { return 0; diff --git a/arch/x86/kernel/mem_encrypt.S b/arch/x86/kernel/mem_encrypt.S index bf9f6a9..6a8cd18 100644 --- a/arch/x86/kernel/mem_encrypt.S +++ b/arch/x86/kernel/mem_encrypt.S @@ -96,6 +96,10 @@ ENDPROC(sme_enable) ENTRY(sme_encrypt_kernel) #ifdef CONFIG_AMD_MEM_ENCRYPT + /* If SEV is active then the kernel is already encrypted */ + cmpl $0, sev_active(%rip) + jnz .Lencrypt_exit + /* If SME is not active then no need to encrypt the kernel */ cmpq $0, sme_me_mask(%rip) jz .Lencrypt_exit @@ -334,6 +338,10 @@ sme_me_loss: .byte 0x00 .align 8 +ENTRY(sev_active) + .word 0x00000000 + .align 8 + mem_encrypt_enable_option: .asciz "mem_encrypt=on" .align 8 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c index 651c4c8..14bfc0b 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -88,4 +88,5 @@ EXPORT_SYMBOL(___preempt_schedule_notrace); #ifdef CONFIG_AMD_MEM_ENCRYPT EXPORT_SYMBOL_GPL(sme_me_mask); EXPORT_SYMBOL_GPL(sme_get_me_loss); +EXPORT_SYMBOL_GPL(sev_active); #endif From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support Date: Mon, 22 Aug 2016 19:24:19 -0400 Message-ID: <147190825949.9523.11406635622434950066.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linus.walleij@linaro.org, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounin List-Id: linux-efi@vger.kernel.org From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 3 +++ arch/x86/kernel/mem_encrypt.S | 8 ++++++++ arch/x86/kernel/x8664_ksyms_64.c | 1 + 3 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index e395729..9c592d1 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -20,6 +20,7 @@ #ifdef CONFIG_AMD_MEM_ENCRYPT extern unsigned long sme_me_mask; +extern unsigned int sev_active; u8 sme_get_me_loss(void); @@ -50,6 +51,8 @@ void swiotlb_set_mem_dec(void *vaddr, unsigned long size); #define sme_me_mask 0UL +#define sev_active 0 + static inline u8 sme_get_me_loss(void) { return 0; diff --git a/arch/x86/kernel/mem_encrypt.S b/arch/x86/kernel/mem_encrypt.S index bf9f6a9..6a8cd18 100644 --- a/arch/x86/kernel/mem_encrypt.S +++ b/arch/x86/kernel/mem_encrypt.S @@ -96,6 +96,10 @@ ENDPROC(sme_enable) ENTRY(sme_encrypt_kernel) #ifdef CONFIG_AMD_MEM_ENCRYPT + /* If SEV is active then the kernel is already encrypted */ + cmpl $0, sev_active(%rip) + jnz .Lencrypt_exit + /* If SME is not active then no need to encrypt the kernel */ cmpq $0, sme_me_mask(%rip) jz .Lencrypt_exit @@ -334,6 +338,10 @@ sme_me_loss: .byte 0x00 .align 8 +ENTRY(sev_active) + .word 0x00000000 + .align 8 + mem_encrypt_enable_option: .asciz "mem_encrypt=on" .align 8 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c index 651c4c8..14bfc0b 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -88,4 +88,5 @@ EXPORT_SYMBOL(___preempt_schedule_notrace); #ifdef CONFIG_AMD_MEM_ENCRYPT EXPORT_SYMBOL_GPL(sme_me_mask); EXPORT_SYMBOL_GPL(sme_get_me_loss); +EXPORT_SYMBOL_GPL(sev_active); #endif -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support Date: Mon, 22 Aug 2016 19:24:19 -0400 Message-ID: <147190825949.9523.11406635622434950066.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org List-Id: kvm.vger.kernel.org From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 3 +++ arch/x86/kernel/mem_encrypt.S | 8 ++++++++ arch/x86/kernel/x8664_ksyms_64.c | 1 + 3 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index e395729..9c592d1 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -20,6 +20,7 @@ #ifdef CONFIG_AMD_MEM_ENCRYPT extern unsigned long sme_me_mask; +extern unsigned int sev_active; u8 sme_get_me_loss(void); @@ -50,6 +51,8 @@ void swiotlb_set_mem_dec(void *vaddr, unsigned long size); #define sme_me_mask 0UL +#define sev_active 0 + static inline u8 sme_get_me_loss(void) { return 0; diff --git a/arch/x86/kernel/mem_encrypt.S b/arch/x86/kernel/mem_encrypt.S index bf9f6a9..6a8cd18 100644 --- a/arch/x86/kernel/mem_encrypt.S +++ b/arch/x86/kernel/mem_encrypt.S @@ -96,6 +96,10 @@ ENDPROC(sme_enable) ENTRY(sme_encrypt_kernel) #ifdef CONFIG_AMD_MEM_ENCRYPT + /* If SEV is active then the kernel is already encrypted */ + cmpl $0, sev_active(%rip) + jnz .Lencrypt_exit + /* If SME is not active then no need to encrypt the kernel */ cmpq $0, sme_me_mask(%rip) jz .Lencrypt_exit @@ -334,6 +338,10 @@ sme_me_loss: .byte 0x00 .align 8 +ENTRY(sev_active) + .word 0x00000000 + .align 8 + mem_encrypt_enable_option: .asciz "mem_encrypt=on" .align 8 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c index 651c4c8..14bfc0b 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -88,4 +88,5 @@ EXPORT_SYMBOL(___preempt_schedule_notrace); #ifdef CONFIG_AMD_MEM_ENCRYPT EXPORT_SYMBOL_GPL(sme_me_mask); EXPORT_SYMBOL_GPL(sme_get_me_loss); +EXPORT_SYMBOL_GPL(sev_active); #endif -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-f70.google.com (mail-oi0-f70.google.com [209.85.218.70]) by kanga.kvack.org (Postfix) with ESMTP id A17176B0269 for ; Mon, 22 Aug 2016 19:24:30 -0400 (EDT) Received: by mail-oi0-f70.google.com with SMTP id c189so37894597oia.1 for ; Mon, 22 Aug 2016 16:24:30 -0700 (PDT) Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0043.outbound.protection.outlook.com. [104.47.34.43]) by mx.google.com with ESMTPS id w56si156643otw.124.2016.08.22.16.24.29 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 22 Aug 2016 16:24:29 -0700 (PDT) Subject: [RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support From: Brijesh Singh Date: Mon, 22 Aug 2016 19:24:19 -0400 Message-ID: <147190825949.9523.11406635622434950066.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linus.walleij@linaro.org, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, devel@linuxdriverproject.org, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounine@idt.com, kuleshovmail@gmail.com, linux-kernel@vger.kernel.org, mcgrof@kernel.org, linux-crypto@vger.kernel.org, pbonzini@redhat.com, akpm@linux-foundation.org, davem@davemloft.net From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 3 +++ arch/x86/kernel/mem_encrypt.S | 8 ++++++++ arch/x86/kernel/x8664_ksyms_64.c | 1 + 3 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index e395729..9c592d1 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -20,6 +20,7 @@ #ifdef CONFIG_AMD_MEM_ENCRYPT extern unsigned long sme_me_mask; +extern unsigned int sev_active; u8 sme_get_me_loss(void); @@ -50,6 +51,8 @@ void swiotlb_set_mem_dec(void *vaddr, unsigned long size); #define sme_me_mask 0UL +#define sev_active 0 + static inline u8 sme_get_me_loss(void) { return 0; diff --git a/arch/x86/kernel/mem_encrypt.S b/arch/x86/kernel/mem_encrypt.S index bf9f6a9..6a8cd18 100644 --- a/arch/x86/kernel/mem_encrypt.S +++ b/arch/x86/kernel/mem_encrypt.S @@ -96,6 +96,10 @@ ENDPROC(sme_enable) ENTRY(sme_encrypt_kernel) #ifdef CONFIG_AMD_MEM_ENCRYPT + /* If SEV is active then the kernel is already encrypted */ + cmpl $0, sev_active(%rip) + jnz .Lencrypt_exit + /* If SME is not active then no need to encrypt the kernel */ cmpq $0, sme_me_mask(%rip) jz .Lencrypt_exit @@ -334,6 +338,10 @@ sme_me_loss: .byte 0x00 .align 8 +ENTRY(sev_active) + .word 0x00000000 + .align 8 + mem_encrypt_enable_option: .asciz "mem_encrypt=on" .align 8 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c index 651c4c8..14bfc0b 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -88,4 +88,5 @@ EXPORT_SYMBOL(___preempt_schedule_notrace); #ifdef CONFIG_AMD_MEM_ENCRYPT EXPORT_SYMBOL_GPL(sme_me_mask); EXPORT_SYMBOL_GPL(sme_get_me_loss); +EXPORT_SYMBOL_GPL(sev_active); #endif -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org