From: Tom Lendacky <thomas.lendacky@amd.com>
To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
<kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<x86@kernel.org>, <linux-kernel@vger.kernel.org>,
<kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
<iommu@lists.linux-foundation.org>
Cc: "Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
Date: Wed, 9 Nov 2016 18:38:38 -0600 [thread overview]
Message-ID: <20161110003838.3280.23327.stgit@tlendack-t1.amdoffice.net> (raw)
In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
This patch adds the support to check if SME has been enabled and if the
mem_encrypt=on command line option is set. If both of these conditions
are true, then the encryption mask is set and the kernel is encrypted
"in place."
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/head_64.S | 1 +
arch/x86/kernel/mem_encrypt_init.c | 60 +++++++++++++++++++++++++++++++++++-
arch/x86/mm/mem_encrypt.c | 2 +
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e8a7272..c225433 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -100,6 +100,7 @@ startup_64:
* to include it in the page table fixups.
*/
push %rsi
+ movq %rsi, %rdi
call sme_enable
pop %rsi
movq %rax, %r12
diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c
index 7bdd159..c94ceb8 100644
--- a/arch/x86/kernel/mem_encrypt_init.c
+++ b/arch/x86/kernel/mem_encrypt_init.c
@@ -16,9 +16,14 @@
#include <linux/mm.h>
#include <asm/sections.h>
+#include <asm/processor-flags.h>
+#include <asm/msr.h>
+#include <asm/cmdline.h>
#ifdef CONFIG_AMD_MEM_ENCRYPT
+static char sme_cmdline_arg[] __initdata = "mem_encrypt=on";
+
extern void sme_encrypt_execute(unsigned long, unsigned long, unsigned long,
void *, pgd_t *);
@@ -219,7 +224,60 @@ unsigned long __init sme_get_me_mask(void)
return sme_me_mask;
}
-unsigned long __init sme_enable(void)
+unsigned long __init sme_enable(void *boot_data)
{
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ struct boot_params *bp = boot_data;
+ unsigned int eax, ebx, ecx, edx;
+ u64 msr;
+ unsigned long cmdline_ptr;
+ void *cmdline_arg;
+
+ /* Check for an AMD processor */
+ eax = 0;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if ((ebx != 0x68747541) || (edx != 0x69746e65) || (ecx != 0x444d4163))
+ goto out;
+
+ /* Check for the SME support leaf */
+ eax = 0x80000000;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (eax < 0x8000001f)
+ goto out;
+
+ /*
+ * Check for the SME feature:
+ * CPUID Fn8000_001F[EAX] - Bit 0
+ * Secure Memory Encryption support
+ * CPUID Fn8000_001F[EBX] - Bits 5:0
+ * Pagetable bit position used to indicate encryption
+ */
+ eax = 0x8000001f;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (!(eax & 1))
+ goto out;
+
+ /* Check if SME is enabled */
+ msr = native_read_msr(MSR_K8_SYSCFG);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ goto out;
+
+ /*
+ * Fixups have not been to applied phys_base yet, so we must obtain
+ * the address to the SME command line option in the following way.
+ */
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+ : "=r" (cmdline_arg)
+ : "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
+
+out:
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
return sme_me_mask;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index e351003..d0bc3f5 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -251,6 +251,8 @@ void __init mem_encrypt_init(void)
/* Make SWIOTLB use an unencrypted DMA area */
swiotlb_clear_encryption();
+
+ pr_info("AMD Secure Memory Encryption active\n");
}
void swiotlb_set_mem_unenc(void *vaddr, unsigned long size)
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com>
To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
linux-mm@kvack.org, iommu@lists.linux-foundation.org
Cc: "Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
Date: Wed, 9 Nov 2016 18:38:38 -0600 [thread overview]
Message-ID: <20161110003838.3280.23327.stgit@tlendack-t1.amdoffice.net> (raw)
In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
This patch adds the support to check if SME has been enabled and if the
mem_encrypt=on command line option is set. If both of these conditions
are true, then the encryption mask is set and the kernel is encrypted
"in place."
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/head_64.S | 1 +
arch/x86/kernel/mem_encrypt_init.c | 60 +++++++++++++++++++++++++++++++++++-
arch/x86/mm/mem_encrypt.c | 2 +
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e8a7272..c225433 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -100,6 +100,7 @@ startup_64:
* to include it in the page table fixups.
*/
push %rsi
+ movq %rsi, %rdi
call sme_enable
pop %rsi
movq %rax, %r12
diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c
index 7bdd159..c94ceb8 100644
--- a/arch/x86/kernel/mem_encrypt_init.c
+++ b/arch/x86/kernel/mem_encrypt_init.c
@@ -16,9 +16,14 @@
#include <linux/mm.h>
#include <asm/sections.h>
+#include <asm/processor-flags.h>
+#include <asm/msr.h>
+#include <asm/cmdline.h>
#ifdef CONFIG_AMD_MEM_ENCRYPT
+static char sme_cmdline_arg[] __initdata = "mem_encrypt=on";
+
extern void sme_encrypt_execute(unsigned long, unsigned long, unsigned long,
void *, pgd_t *);
@@ -219,7 +224,60 @@ unsigned long __init sme_get_me_mask(void)
return sme_me_mask;
}
-unsigned long __init sme_enable(void)
+unsigned long __init sme_enable(void *boot_data)
{
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ struct boot_params *bp = boot_data;
+ unsigned int eax, ebx, ecx, edx;
+ u64 msr;
+ unsigned long cmdline_ptr;
+ void *cmdline_arg;
+
+ /* Check for an AMD processor */
+ eax = 0;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if ((ebx != 0x68747541) || (edx != 0x69746e65) || (ecx != 0x444d4163))
+ goto out;
+
+ /* Check for the SME support leaf */
+ eax = 0x80000000;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (eax < 0x8000001f)
+ goto out;
+
+ /*
+ * Check for the SME feature:
+ * CPUID Fn8000_001F[EAX] - Bit 0
+ * Secure Memory Encryption support
+ * CPUID Fn8000_001F[EBX] - Bits 5:0
+ * Pagetable bit position used to indicate encryption
+ */
+ eax = 0x8000001f;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (!(eax & 1))
+ goto out;
+
+ /* Check if SME is enabled */
+ msr = native_read_msr(MSR_K8_SYSCFG);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ goto out;
+
+ /*
+ * Fixups have not been to applied phys_base yet, so we must obtain
+ * the address to the SME command line option in the following way.
+ */
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+ : "=r" (cmdline_arg)
+ : "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
+
+out:
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
return sme_me_mask;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index e351003..d0bc3f5 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -251,6 +251,8 @@ void __init mem_encrypt_init(void)
/* Make SWIOTLB use an unencrypted DMA area */
swiotlb_clear_encryption();
+
+ pr_info("AMD Secure Memory Encryption active\n");
}
void swiotlb_set_mem_unenc(void *vaddr, unsigned long size)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com>
To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org,
kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com,
linux-mm@kvack.org, iommu@lists.linux-foundation.org
Cc: "Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
Date: Wed, 9 Nov 2016 18:38:38 -0600 [thread overview]
Message-ID: <20161110003838.3280.23327.stgit@tlendack-t1.amdoffice.net> (raw)
Message-ID: <20161110003838.HaDL3-w6NzoaOTdPRxsATXFxALIP6O9LZsLfWLhfJ7Y@z> (raw)
In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
This patch adds the support to check if SME has been enabled and if the
mem_encrypt=on command line option is set. If both of these conditions
are true, then the encryption mask is set and the kernel is encrypted
"in place."
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/head_64.S | 1 +
arch/x86/kernel/mem_encrypt_init.c | 60 +++++++++++++++++++++++++++++++++++-
arch/x86/mm/mem_encrypt.c | 2 +
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e8a7272..c225433 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -100,6 +100,7 @@ startup_64:
* to include it in the page table fixups.
*/
push %rsi
+ movq %rsi, %rdi
call sme_enable
pop %rsi
movq %rax, %r12
diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c
index 7bdd159..c94ceb8 100644
--- a/arch/x86/kernel/mem_encrypt_init.c
+++ b/arch/x86/kernel/mem_encrypt_init.c
@@ -16,9 +16,14 @@
#include <linux/mm.h>
#include <asm/sections.h>
+#include <asm/processor-flags.h>
+#include <asm/msr.h>
+#include <asm/cmdline.h>
#ifdef CONFIG_AMD_MEM_ENCRYPT
+static char sme_cmdline_arg[] __initdata = "mem_encrypt=on";
+
extern void sme_encrypt_execute(unsigned long, unsigned long, unsigned long,
void *, pgd_t *);
@@ -219,7 +224,60 @@ unsigned long __init sme_get_me_mask(void)
return sme_me_mask;
}
-unsigned long __init sme_enable(void)
+unsigned long __init sme_enable(void *boot_data)
{
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ struct boot_params *bp = boot_data;
+ unsigned int eax, ebx, ecx, edx;
+ u64 msr;
+ unsigned long cmdline_ptr;
+ void *cmdline_arg;
+
+ /* Check for an AMD processor */
+ eax = 0;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if ((ebx != 0x68747541) || (edx != 0x69746e65) || (ecx != 0x444d4163))
+ goto out;
+
+ /* Check for the SME support leaf */
+ eax = 0x80000000;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (eax < 0x8000001f)
+ goto out;
+
+ /*
+ * Check for the SME feature:
+ * CPUID Fn8000_001F[EAX] - Bit 0
+ * Secure Memory Encryption support
+ * CPUID Fn8000_001F[EBX] - Bits 5:0
+ * Pagetable bit position used to indicate encryption
+ */
+ eax = 0x8000001f;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (!(eax & 1))
+ goto out;
+
+ /* Check if SME is enabled */
+ msr = native_read_msr(MSR_K8_SYSCFG);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ goto out;
+
+ /*
+ * Fixups have not been to applied phys_base yet, so we must obtain
+ * the address to the SME command line option in the following way.
+ */
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+ : "=r" (cmdline_arg)
+ : "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
+
+out:
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
return sme_me_mask;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index e351003..d0bc3f5 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -251,6 +251,8 @@ void __init mem_encrypt_init(void)
/* Make SWIOTLB use an unencrypted DMA area */
swiotlb_clear_encryption();
+
+ pr_info("AMD Secure Memory Encryption active\n");
}
void swiotlb_set_mem_unenc(void *vaddr, unsigned long size)
WARNING: multiple messages have this Message-ID (diff)
From: Tom Lendacky <thomas.lendacky@amd.com>
To: <linux-arch@vger.kernel.org>, <linux-efi@vger.kernel.org>,
<kvm@vger.kernel.org>, <linux-doc@vger.kernel.org>,
<x86@kernel.org>, <linux-kernel@vger.kernel.org>,
<kasan-dev@googlegroups.com>, <linux-mm@kvack.org>,
<iommu@lists.linux-foundation.org>
Cc: "Rik van Riel" <riel@redhat.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Arnd Bergmann" <arnd@arndb.de>,
"Jonathan Corbet" <corbet@lwn.net>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Joerg Roedel" <joro@8bytes.org>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Alexander Potapenko" <glider@google.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Dmitry Vyukov" <dvyukov@google.com>
Subject: [RFC PATCH v3 20/20] x86: Add support to make use of Secure Memory Encryption
Date: Wed, 9 Nov 2016 18:38:38 -0600 [thread overview]
Message-ID: <20161110003838.3280.23327.stgit@tlendack-t1.amdoffice.net> (raw)
In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net>
This patch adds the support to check if SME has been enabled and if the
mem_encrypt=on command line option is set. If both of these conditions
are true, then the encryption mask is set and the kernel is encrypted
"in place."
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/kernel/head_64.S | 1 +
arch/x86/kernel/mem_encrypt_init.c | 60 +++++++++++++++++++++++++++++++++++-
arch/x86/mm/mem_encrypt.c | 2 +
3 files changed, 62 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index e8a7272..c225433 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -100,6 +100,7 @@ startup_64:
* to include it in the page table fixups.
*/
push %rsi
+ movq %rsi, %rdi
call sme_enable
pop %rsi
movq %rax, %r12
diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c
index 7bdd159..c94ceb8 100644
--- a/arch/x86/kernel/mem_encrypt_init.c
+++ b/arch/x86/kernel/mem_encrypt_init.c
@@ -16,9 +16,14 @@
#include <linux/mm.h>
#include <asm/sections.h>
+#include <asm/processor-flags.h>
+#include <asm/msr.h>
+#include <asm/cmdline.h>
#ifdef CONFIG_AMD_MEM_ENCRYPT
+static char sme_cmdline_arg[] __initdata = "mem_encrypt=on";
+
extern void sme_encrypt_execute(unsigned long, unsigned long, unsigned long,
void *, pgd_t *);
@@ -219,7 +224,60 @@ unsigned long __init sme_get_me_mask(void)
return sme_me_mask;
}
-unsigned long __init sme_enable(void)
+unsigned long __init sme_enable(void *boot_data)
{
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+ struct boot_params *bp = boot_data;
+ unsigned int eax, ebx, ecx, edx;
+ u64 msr;
+ unsigned long cmdline_ptr;
+ void *cmdline_arg;
+
+ /* Check for an AMD processor */
+ eax = 0;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if ((ebx != 0x68747541) || (edx != 0x69746e65) || (ecx != 0x444d4163))
+ goto out;
+
+ /* Check for the SME support leaf */
+ eax = 0x80000000;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (eax < 0x8000001f)
+ goto out;
+
+ /*
+ * Check for the SME feature:
+ * CPUID Fn8000_001F[EAX] - Bit 0
+ * Secure Memory Encryption support
+ * CPUID Fn8000_001F[EBX] - Bits 5:0
+ * Pagetable bit position used to indicate encryption
+ */
+ eax = 0x8000001f;
+ ecx = 0;
+ native_cpuid(&eax, &ebx, &ecx, &edx);
+ if (!(eax & 1))
+ goto out;
+
+ /* Check if SME is enabled */
+ msr = native_read_msr(MSR_K8_SYSCFG);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ goto out;
+
+ /*
+ * Fixups have not been to applied phys_base yet, so we must obtain
+ * the address to the SME command line option in the following way.
+ */
+ asm ("lea sme_cmdline_arg(%%rip), %0"
+ : "=r" (cmdline_arg)
+ : "p" (sme_cmdline_arg));
+ cmdline_ptr = bp->hdr.cmd_line_ptr | ((u64)bp->ext_cmd_line_ptr << 32);
+ if (cmdline_find_option_bool((char *)cmdline_ptr, cmdline_arg))
+ sme_me_mask = 1UL << (ebx & 0x3f);
+
+out:
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
return sme_me_mask;
}
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index e351003..d0bc3f5 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -251,6 +251,8 @@ void __init mem_encrypt_init(void)
/* Make SWIOTLB use an unencrypted DMA area */
swiotlb_clear_encryption();
+
+ pr_info("AMD Secure Memory Encryption active\n");
}
void swiotlb_set_mem_unenc(void *vaddr, unsigned long size)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-11-10 0:54 UTC|newest]
Thread overview: 244+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-10 0:34 [RFC PATCH v3 00/20] x86: Secure Memory Encryption (AMD) Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` [RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory Encryption (SME) Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 10:51 ` Borislav Petkov
2016-11-10 10:51 ` Borislav Petkov
2016-11-14 17:15 ` Tom Lendacky
2016-11-14 17:15 ` Tom Lendacky
2016-11-14 17:15 ` Tom Lendacky
2016-11-10 0:34 ` [RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 13:14 ` Borislav Petkov
2016-11-10 13:14 ` Borislav Petkov
2016-11-11 1:26 ` Kani, Toshimitsu
2016-11-11 1:26 ` Kani, Toshimitsu
2016-11-11 1:26 ` Kani, Toshimitsu
2016-11-14 16:51 ` Tom Lendacky
2016-11-14 16:51 ` Tom Lendacky
2016-11-14 16:51 ` Tom Lendacky
2016-11-14 16:51 ` Tom Lendacky
2016-11-10 0:34 ` [RFC PATCH v3 03/20] x86: Add the Secure Memory Encryption cpu feature Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-10 0:34 ` Tom Lendacky
2016-11-11 11:53 ` Borislav Petkov
2016-11-11 11:53 ` Borislav Petkov
2016-11-10 0:35 ` [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-15 12:10 ` Joerg Roedel
2016-11-15 12:10 ` Joerg Roedel
2016-11-15 12:10 ` Joerg Roedel
2016-11-15 12:14 ` Borislav Petkov
2016-11-15 12:14 ` Borislav Petkov
2016-11-15 14:40 ` Tom Lendacky
2016-11-15 14:40 ` Tom Lendacky
2016-11-15 15:33 ` Borislav Petkov
2016-11-15 15:33 ` Borislav Petkov
2016-11-15 15:33 ` Borislav Petkov
2016-11-15 16:06 ` Tom Lendacky
2016-11-15 16:06 ` Tom Lendacky
2016-11-15 16:06 ` Tom Lendacky
2016-11-15 16:33 ` Borislav Petkov
2016-11-15 16:33 ` Borislav Petkov
2016-11-15 17:08 ` Tom Lendacky
2016-11-15 17:08 ` Tom Lendacky
2016-11-15 17:08 ` Tom Lendacky
2016-11-15 21:22 ` Tom Lendacky
2016-11-15 21:22 ` Tom Lendacky
2016-11-15 21:22 ` Tom Lendacky
2016-11-15 21:33 ` Borislav Petkov
2016-11-15 21:33 ` Borislav Petkov
2016-11-15 21:33 ` Borislav Petkov
2016-11-15 22:01 ` Tom Lendacky
2016-11-15 22:01 ` Tom Lendacky
2016-11-15 14:32 ` Tom Lendacky
2016-11-15 14:32 ` Tom Lendacky
2016-11-15 14:32 ` Tom Lendacky
2016-11-10 0:35 ` [RFC PATCH v3 05/20] x86: Add Secure Memory Encryption (SME) support Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-14 17:29 ` Borislav Petkov
2016-11-14 17:29 ` Borislav Petkov
2016-11-14 18:18 ` Tom Lendacky
2016-11-14 18:18 ` Tom Lendacky
2016-11-14 18:18 ` Tom Lendacky
2016-11-14 20:01 ` Borislav Petkov
2016-11-14 20:01 ` Borislav Petkov
2016-11-10 0:35 ` [RFC PATCH v3 07/20] x86: Provide general kernel support for memory encryption Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:35 ` Tom Lendacky
2016-11-10 0:36 ` [RFC PATCH v3 08/20] x86: Add support for early encryption/decryption of memory Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-16 10:46 ` Borislav Petkov
2016-11-16 10:46 ` Borislav Petkov
2016-11-16 19:22 ` Tom Lendacky
2016-11-16 19:22 ` Tom Lendacky
2016-11-16 19:22 ` Tom Lendacky
2016-11-10 0:36 ` [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-17 12:20 ` Borislav Petkov
2016-11-17 12:20 ` Borislav Petkov
2016-11-19 18:12 ` Tom Lendacky
2016-11-19 18:12 ` Tom Lendacky
2016-11-10 0:36 ` [RFC PATCH v3 10/20] Add support to access boot related data in the clear Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-11 16:17 ` Kani, Toshimitsu
2016-11-11 16:17 ` Kani, Toshimitsu
2016-11-14 16:24 ` Tom Lendacky
2016-11-14 16:24 ` Tom Lendacky
2016-11-14 16:24 ` Tom Lendacky
2016-11-17 15:55 ` Borislav Petkov
2016-11-17 15:55 ` Borislav Petkov
2016-11-19 18:33 ` Tom Lendacky
2016-11-19 18:33 ` Tom Lendacky
2016-11-19 18:33 ` Tom Lendacky
2016-11-20 23:04 ` Borislav Petkov
2016-11-20 23:04 ` Borislav Petkov
2016-12-07 13:19 ` Matt Fleming
2016-12-07 13:19 ` Matt Fleming
2016-12-07 13:19 ` Matt Fleming
2016-12-09 14:26 ` Tom Lendacky
2016-12-09 14:26 ` Tom Lendacky
2016-12-09 14:26 ` Tom Lendacky
2016-11-10 0:36 ` [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-10 0:36 ` Tom Lendacky
2016-11-17 17:39 ` Borislav Petkov
2016-11-17 17:39 ` Borislav Petkov
2016-11-19 18:48 ` Tom Lendacky
2016-11-19 18:48 ` Tom Lendacky
2016-11-21 8:27 ` Borislav Petkov
2016-11-21 8:27 ` Borislav Petkov
2016-11-10 0:37 ` [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-17 18:09 ` Borislav Petkov
2016-11-17 18:09 ` Borislav Petkov
2016-11-19 18:50 ` Tom Lendacky
2016-11-19 18:50 ` Tom Lendacky
2016-11-10 0:37 ` [RFC PATCH v3 13/20] x86: DMA support for memory encryption Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-15 14:39 ` Radim Krčmář
2016-11-15 14:39 ` Radim Krčmář
2016-11-15 14:39 ` Radim Krčmář
2016-11-15 17:02 ` Tom Lendacky
2016-11-15 17:02 ` Tom Lendacky
2016-11-15 17:02 ` Tom Lendacky
2016-11-15 17:02 ` Tom Lendacky
2016-11-15 18:17 ` Radim Krčmář
2016-11-15 18:17 ` Radim Krčmář
2016-11-15 18:17 ` Radim Krčmář
2016-11-15 18:17 ` Radim Krčmář
2016-11-15 20:33 ` Tom Lendacky
2016-11-15 20:33 ` Tom Lendacky
2016-11-15 20:33 ` Tom Lendacky
2016-11-15 20:33 ` Tom Lendacky
2016-11-15 15:16 ` Michael S. Tsirkin
2016-11-15 15:16 ` Michael S. Tsirkin
2016-11-15 15:16 ` Michael S. Tsirkin
2016-11-15 18:29 ` Tom Lendacky
2016-11-15 18:29 ` Tom Lendacky
2016-11-15 18:29 ` Tom Lendacky
2016-11-15 19:16 ` Michael S. Tsirkin
2016-11-15 19:16 ` Michael S. Tsirkin
2016-11-15 19:16 ` Michael S. Tsirkin
2016-11-22 11:38 ` Borislav Petkov
2016-11-22 11:38 ` Borislav Petkov
2016-11-22 11:38 ` Borislav Petkov
2016-11-22 15:22 ` Michael S. Tsirkin
2016-11-22 15:22 ` Michael S. Tsirkin
2016-11-22 15:22 ` Michael S. Tsirkin
2016-11-22 15:41 ` Borislav Petkov
2016-11-22 15:41 ` Borislav Petkov
2016-11-22 20:41 ` Michael S. Tsirkin
2016-11-22 20:41 ` Michael S. Tsirkin
2016-11-22 20:41 ` Michael S. Tsirkin
2016-11-10 0:37 ` [RFC PATCH v3 14/20] iommu/amd: Disable AMD IOMMU if memory encryption is active Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-14 16:32 ` Joerg Roedel
2016-11-14 16:32 ` Joerg Roedel
2016-11-14 16:32 ` Joerg Roedel
2016-11-14 16:48 ` Tom Lendacky
2016-11-14 16:48 ` Tom Lendacky
2016-11-14 16:48 ` Tom Lendacky
2016-11-10 0:37 ` [RFC PATCH v3 15/20] x86: Check for memory encryption on the APs Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-22 19:25 ` Borislav Petkov
2016-11-22 19:25 ` Borislav Petkov
2016-11-29 18:00 ` Tom Lendacky
2016-11-29 18:00 ` Tom Lendacky
2016-11-29 18:00 ` Tom Lendacky
2016-11-10 0:37 ` [RFC PATCH v3 16/20] x86: Do not specify encrypted memory for video mappings Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:37 ` Tom Lendacky
2016-11-10 0:38 ` [RFC PATCH v3 17/20] x86/kvm: Enable Secure Memory Encryption of nested page tables Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` [RFC PATCH v3 18/20] x86: Access the setup data through debugfs un-encrypted Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` [RFC PATCH v3 19/20] x86: Add support to make use of Secure Memory Encryption Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-24 12:50 ` Borislav Petkov
2016-11-24 12:50 ` Borislav Petkov
2016-11-24 12:50 ` Borislav Petkov
2016-11-29 18:40 ` Tom Lendacky
2016-11-29 18:40 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky [this message]
2016-11-10 0:38 ` [RFC PATCH v3 20/20] " Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-10 0:38 ` Tom Lendacky
2016-11-22 18:58 ` Borislav Petkov
2016-11-22 18:58 ` Borislav Petkov
2016-11-22 18:58 ` Borislav Petkov
2016-11-26 20:47 ` Borislav Petkov
2016-11-26 20:47 ` Borislav Petkov
2016-11-29 18:48 ` Tom Lendacky
2016-11-29 18:48 ` Tom Lendacky
2016-11-29 19:56 ` Borislav Petkov
2016-11-29 19:56 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161110003838.3280.23327.stgit@tlendack-t1.amdoffice.net \
--to=thomas.lendacky@amd.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.