From: Borislav Petkov <bp@alien8.de> To: Tom Lendacky <thomas.lendacky@amd.com> Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org, "Rik van Riel" <riel@redhat.com>, "Radim Krčmář" <rkrcmar@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>, "Jonathan Corbet" <corbet@lwn.net>, "Matt Fleming" <matt@codeblueprint.co.uk>, "Joerg Roedel" <joro@8bytes.org>, "Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>, "Paolo Bonzini" <pbonzini@redhat.com>, "Larry Woodman" <lwoodman@redhat.com>, "Ingo Molnar" <mingo@redhat.com>, "Andy Lutomirski" <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, "Andrey Ryabinin" <aryabinin@virtuozzo.com>, "Alexander Potapenko" <glider@google.com>, "Thomas Gleixner" <tglx@linutronix.de>, "Dmitry Vyukov" <dvyukov@google.com> Subject: Re: [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing Date: Mon, 14 Nov 2016 18:29:30 +0100 [thread overview] Message-ID: <20161114172930.27z7p2kytmhtcbsb@pd.tnic> (raw) In-Reply-To: <20161110003543.3280.99623.stgit@tlendack-t1.amdoffice.net> On Wed, Nov 09, 2016 at 06:35:43PM -0600, Tom Lendacky wrote: > This patch adds support to the early boot code to use Secure Memory > Encryption (SME). Support is added to update the early pagetables with > the memory encryption mask and to encrypt the kernel in place. > > The routines to set the encryption mask and perform the encryption are > stub routines for now with full function to be added in a later patch. > > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> > --- > arch/x86/kernel/Makefile | 2 ++ > arch/x86/kernel/head_64.S | 35 ++++++++++++++++++++++++++++++++++- > arch/x86/kernel/mem_encrypt_init.c | 29 +++++++++++++++++++++++++++++ > 3 files changed, 65 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/kernel/mem_encrypt_init.c > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 45257cf..27e22f4 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -141,4 +141,6 @@ ifeq ($(CONFIG_X86_64),y) > > obj-$(CONFIG_PCI_MMCONFIG) += mmconf-fam10h_64.o > obj-y += vsmp_64.o > + > + obj-y += mem_encrypt_init.o > endif > diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S > index c98a559..9a28aad 100644 > --- a/arch/x86/kernel/head_64.S > +++ b/arch/x86/kernel/head_64.S > @@ -95,6 +95,17 @@ startup_64: > jnz bad_address > > /* > + * Enable Secure Memory Encryption (if available). Save the mask > + * in %r12 for later use and add the memory encryption mask to %rbp > + * to include it in the page table fixups. > + */ > + push %rsi > + call sme_enable > + pop %rsi Why %rsi? sme_enable() is void so no args in registers and returns in %rax. /me is confused. > + movq %rax, %r12 > + addq %r12, %rbp > + > + /* > * Fixup the physical addresses in the page table > */ > addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) > @@ -117,6 +128,7 @@ startup_64: > shrq $PGDIR_SHIFT, %rax > > leaq (4096 + _KERNPG_TABLE)(%rbx), %rdx > + addq %r12, %rdx > movq %rdx, 0(%rbx,%rax,8) > movq %rdx, 8(%rbx,%rax,8) > > @@ -133,6 +145,7 @@ startup_64: > movq %rdi, %rax > shrq $PMD_SHIFT, %rdi > addq $(__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL), %rax > + addq %r12, %rax > leaq (_end - 1)(%rip), %rcx > shrq $PMD_SHIFT, %rcx > subq %rdi, %rcx > @@ -163,9 +176,21 @@ startup_64: > cmp %r8, %rdi > jne 1b > > - /* Fixup phys_base */ > + /* > + * Fixup phys_base, remove the memory encryption mask from %rbp > + * to obtain the true physical address. > + */ > + subq %r12, %rbp > addq %rbp, phys_base(%rip) > > + /* > + * The page tables have been updated with the memory encryption mask, > + * so encrypt the kernel if memory encryption is active > + */ > + push %rsi > + call sme_encrypt_kernel > + pop %rsi Ditto. > + > movq $(early_level4_pgt - __START_KERNEL_map), %rax > jmp 1f > ENTRY(secondary_startup_64) > @@ -186,9 +211,17 @@ ENTRY(secondary_startup_64) > /* Sanitize CPU configuration */ > call verify_cpu > > + push %rsi > + call sme_get_me_mask > + pop %rsi Ditto. > + movq %rax, %r12 > + > movq $(init_level4_pgt - __START_KERNEL_map), %rax > 1: > > + /* Add the memory encryption mask to RAX */ I think that should say something like: /* * Add the memory encryption mask to init_level4_pgt's physical address */ or so... > + addq %r12, %rax > + > /* Enable PAE mode and PGE */ > movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx > movq %rcx, %cr4 > diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c > new file mode 100644 > index 0000000..388d6fb > --- /dev/null > +++ b/arch/x86/kernel/mem_encrypt_init.c So nothing in the commit message explains why we need a separate mem_encrypt_init.c file when we already have arch/x86/mm/mem_encrypt.c for all memory encryption code... > @@ -0,0 +1,29 @@ > +/* > + * AMD Memory Encryption Support > + * > + * Copyright (C) 2016 Advanced Micro Devices, Inc. > + * > + * Author: Tom Lendacky <thomas.lendacky@amd.com> > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License version 2 as > + * published by the Free Software Foundation. > + */ > + > +#include <linux/linkage.h> > +#include <linux/init.h> > +#include <linux/mem_encrypt.h> > + > +void __init sme_encrypt_kernel(void) > +{ > +} > + > +unsigned long __init sme_get_me_mask(void) > +{ > + return sme_me_mask; > +} > + > +unsigned long __init sme_enable(void) > +{ > + return sme_me_mask; > +} -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp-Gina5bIWoIWzQB+pC5nmwQ@public.gmane.org> To: Tom Lendacky <thomas.lendacky-5C7GfCeVMHo@public.gmane.org> Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, "Radim Krčmář" <rkrcmar-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, "Matt Fleming" <matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>, x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, "Alexander Potapenko" <glider-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, "H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>, "Larry Woodman" <lwoodman-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, "Jonathan Corbet" <corbet-T1hC0tSOHrs@public.gmane.org>, linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, "Ingo Molnar" <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, "Andrey Ryabinin" <aryabinin-5HdwGun5lf+gSpxsJD1C4w@public.gmane.org>, "Rik van Riel" <riel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, "Arnd Bergmann" <arnd-r2nGTMty4D4@public.gmane.org>, "Andy Lutomirski" <luto-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, "Thomas Gleixner" <tglx-hfZtesqFncYOwBW4kG4KsQ@public.gmane.org>, "Dmitry Vyukov" <dvyukov-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org, "Paolo Bonzini" <pbonzini-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Subject: Re: [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing Date: Mon, 14 Nov 2016 18:29:30 +0100 [thread overview] Message-ID: <20161114172930.27z7p2kytmhtcbsb@pd.tnic> (raw) In-Reply-To: <20161110003543.3280.99623.stgit-qCXWGYdRb2BnqfbPTmsdiZQ+2ll4COg0XqFh9Ls21Oc@public.gmane.org> On Wed, Nov 09, 2016 at 06:35:43PM -0600, Tom Lendacky wrote: > This patch adds support to the early boot code to use Secure Memory > Encryption (SME). Support is added to update the early pagetables with > the memory encryption mask and to encrypt the kernel in place. > > The routines to set the encryption mask and perform the encryption are > stub routines for now with full function to be added in a later patch. > > Signed-off-by: Tom Lendacky <thomas.lendacky-5C7GfCeVMHo@public.gmane.org> > --- > arch/x86/kernel/Makefile | 2 ++ > arch/x86/kernel/head_64.S | 35 ++++++++++++++++++++++++++++++++++- > arch/x86/kernel/mem_encrypt_init.c | 29 +++++++++++++++++++++++++++++ > 3 files changed, 65 insertions(+), 1 deletion(-) > create mode 100644 arch/x86/kernel/mem_encrypt_init.c > > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile > index 45257cf..27e22f4 100644 > --- a/arch/x86/kernel/Makefile > +++ b/arch/x86/kernel/Makefile > @@ -141,4 +141,6 @@ ifeq ($(CONFIG_X86_64),y) > > obj-$(CONFIG_PCI_MMCONFIG) += mmconf-fam10h_64.o > obj-y += vsmp_64.o > + > + obj-y += mem_encrypt_init.o > endif > diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S > index c98a559..9a28aad 100644 > --- a/arch/x86/kernel/head_64.S > +++ b/arch/x86/kernel/head_64.S > @@ -95,6 +95,17 @@ startup_64: > jnz bad_address > > /* > + * Enable Secure Memory Encryption (if available). Save the mask > + * in %r12 for later use and add the memory encryption mask to %rbp > + * to include it in the page table fixups. > + */ > + push %rsi > + call sme_enable > + pop %rsi Why %rsi? sme_enable() is void so no args in registers and returns in %rax. /me is confused. > + movq %rax, %r12 > + addq %r12, %rbp > + > + /* > * Fixup the physical addresses in the page table > */ > addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) > @@ -117,6 +128,7 @@ startup_64: > shrq $PGDIR_SHIFT, %rax > > leaq (4096 + _KERNPG_TABLE)(%rbx), %rdx > + addq %r12, %rdx > movq %rdx, 0(%rbx,%rax,8) > movq %rdx, 8(%rbx,%rax,8) > > @@ -133,6 +145,7 @@ startup_64: > movq %rdi, %rax > shrq $PMD_SHIFT, %rdi > addq $(__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL), %rax > + addq %r12, %rax > leaq (_end - 1)(%rip), %rcx > shrq $PMD_SHIFT, %rcx > subq %rdi, %rcx > @@ -163,9 +176,21 @@ startup_64: > cmp %r8, %rdi > jne 1b > > - /* Fixup phys_base */ > + /* > + * Fixup phys_base, remove the memory encryption mask from %rbp > + * to obtain the true physical address. > + */ > + subq %r12, %rbp > addq %rbp, phys_base(%rip) > > + /* > + * The page tables have been updated with the memory encryption mask, > + * so encrypt the kernel if memory encryption is active > + */ > + push %rsi > + call sme_encrypt_kernel > + pop %rsi Ditto. > + > movq $(early_level4_pgt - __START_KERNEL_map), %rax > jmp 1f > ENTRY(secondary_startup_64) > @@ -186,9 +211,17 @@ ENTRY(secondary_startup_64) > /* Sanitize CPU configuration */ > call verify_cpu > > + push %rsi > + call sme_get_me_mask > + pop %rsi Ditto. > + movq %rax, %r12 > + > movq $(init_level4_pgt - __START_KERNEL_map), %rax > 1: > > + /* Add the memory encryption mask to RAX */ I think that should say something like: /* * Add the memory encryption mask to init_level4_pgt's physical address */ or so... > + addq %r12, %rax > + > /* Enable PAE mode and PGE */ > movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx > movq %rcx, %cr4 > diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c > new file mode 100644 > index 0000000..388d6fb > --- /dev/null > +++ b/arch/x86/kernel/mem_encrypt_init.c So nothing in the commit message explains why we need a separate mem_encrypt_init.c file when we already have arch/x86/mm/mem_encrypt.c for all memory encryption code... > @@ -0,0 +1,29 @@ > +/* > + * AMD Memory Encryption Support > + * > + * Copyright (C) 2016 Advanced Micro Devices, Inc. > + * > + * Author: Tom Lendacky <thomas.lendacky-5C7GfCeVMHo@public.gmane.org> > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License version 2 as > + * published by the Free Software Foundation. > + */ > + > +#include <linux/linkage.h> > +#include <linux/init.h> > +#include <linux/mem_encrypt.h> > + > +void __init sme_encrypt_kernel(void) > +{ > +} > + > +unsigned long __init sme_get_me_mask(void) > +{ > + return sme_me_mask; > +} > + > +unsigned long __init sme_enable(void) > +{ > + return sme_me_mask; > +} -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2016-11-14 17:29 UTC|newest] Thread overview: 244+ messages / expand[flat|nested] mbox.gz Atom feed top 2016-11-10 0:34 [RFC PATCH v3 00/20] x86: Secure Memory Encryption (AMD) Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` [RFC PATCH v3 01/20] x86: Documentation for AMD Secure Memory Encryption (SME) Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 10:51 ` Borislav Petkov 2016-11-10 10:51 ` Borislav Petkov 2016-11-14 17:15 ` Tom Lendacky 2016-11-14 17:15 ` Tom Lendacky 2016-11-14 17:15 ` Tom Lendacky 2016-11-10 0:34 ` [RFC PATCH v3 02/20] x86: Set the write-protect cache mode for full PAT support Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 13:14 ` Borislav Petkov 2016-11-10 13:14 ` Borislav Petkov 2016-11-11 1:26 ` Kani, Toshimitsu 2016-11-11 1:26 ` Kani, Toshimitsu 2016-11-11 1:26 ` Kani, Toshimitsu 2016-11-14 16:51 ` Tom Lendacky 2016-11-14 16:51 ` Tom Lendacky 2016-11-14 16:51 ` Tom Lendacky 2016-11-14 16:51 ` Tom Lendacky 2016-11-10 0:34 ` [RFC PATCH v3 03/20] x86: Add the Secure Memory Encryption cpu feature Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-10 0:34 ` Tom Lendacky 2016-11-11 11:53 ` Borislav Petkov 2016-11-11 11:53 ` Borislav Petkov 2016-11-10 0:35 ` [RFC PATCH v3 04/20] x86: Handle reduction in physical address size with SME Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-15 12:10 ` Joerg Roedel 2016-11-15 12:10 ` Joerg Roedel 2016-11-15 12:10 ` Joerg Roedel 2016-11-15 12:14 ` Borislav Petkov 2016-11-15 12:14 ` Borislav Petkov 2016-11-15 14:40 ` Tom Lendacky 2016-11-15 14:40 ` Tom Lendacky 2016-11-15 15:33 ` Borislav Petkov 2016-11-15 15:33 ` Borislav Petkov 2016-11-15 15:33 ` Borislav Petkov 2016-11-15 16:06 ` Tom Lendacky 2016-11-15 16:06 ` Tom Lendacky 2016-11-15 16:06 ` Tom Lendacky 2016-11-15 16:33 ` Borislav Petkov 2016-11-15 16:33 ` Borislav Petkov 2016-11-15 17:08 ` Tom Lendacky 2016-11-15 17:08 ` Tom Lendacky 2016-11-15 17:08 ` Tom Lendacky 2016-11-15 21:22 ` Tom Lendacky 2016-11-15 21:22 ` Tom Lendacky 2016-11-15 21:22 ` Tom Lendacky 2016-11-15 21:33 ` Borislav Petkov 2016-11-15 21:33 ` Borislav Petkov 2016-11-15 21:33 ` Borislav Petkov 2016-11-15 22:01 ` Tom Lendacky 2016-11-15 22:01 ` Tom Lendacky 2016-11-15 14:32 ` Tom Lendacky 2016-11-15 14:32 ` Tom Lendacky 2016-11-15 14:32 ` Tom Lendacky 2016-11-10 0:35 ` [RFC PATCH v3 05/20] x86: Add Secure Memory Encryption (SME) support Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` [RFC PATCH v3 06/20] x86: Add support to enable SME during early boot processing Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-14 17:29 ` Borislav Petkov [this message] 2016-11-14 17:29 ` Borislav Petkov 2016-11-14 18:18 ` Tom Lendacky 2016-11-14 18:18 ` Tom Lendacky 2016-11-14 18:18 ` Tom Lendacky 2016-11-14 20:01 ` Borislav Petkov 2016-11-14 20:01 ` Borislav Petkov 2016-11-10 0:35 ` [RFC PATCH v3 07/20] x86: Provide general kernel support for memory encryption Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:35 ` Tom Lendacky 2016-11-10 0:36 ` [RFC PATCH v3 08/20] x86: Add support for early encryption/decryption of memory Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-16 10:46 ` Borislav Petkov 2016-11-16 10:46 ` Borislav Petkov 2016-11-16 19:22 ` Tom Lendacky 2016-11-16 19:22 ` Tom Lendacky 2016-11-16 19:22 ` Tom Lendacky 2016-11-10 0:36 ` [RFC PATCH v3 09/20] x86: Insure that boot memory areas are mapped properly Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-17 12:20 ` Borislav Petkov 2016-11-17 12:20 ` Borislav Petkov 2016-11-19 18:12 ` Tom Lendacky 2016-11-19 18:12 ` Tom Lendacky 2016-11-10 0:36 ` [RFC PATCH v3 10/20] Add support to access boot related data in the clear Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-11 16:17 ` Kani, Toshimitsu 2016-11-11 16:17 ` Kani, Toshimitsu 2016-11-14 16:24 ` Tom Lendacky 2016-11-14 16:24 ` Tom Lendacky 2016-11-14 16:24 ` Tom Lendacky 2016-11-17 15:55 ` Borislav Petkov 2016-11-17 15:55 ` Borislav Petkov 2016-11-19 18:33 ` Tom Lendacky 2016-11-19 18:33 ` Tom Lendacky 2016-11-19 18:33 ` Tom Lendacky 2016-11-20 23:04 ` Borislav Petkov 2016-11-20 23:04 ` Borislav Petkov 2016-12-07 13:19 ` Matt Fleming 2016-12-07 13:19 ` Matt Fleming 2016-12-07 13:19 ` Matt Fleming 2016-12-09 14:26 ` Tom Lendacky 2016-12-09 14:26 ` Tom Lendacky 2016-12-09 14:26 ` Tom Lendacky 2016-11-10 0:36 ` [RFC PATCH v3 11/20] x86: Add support for changing memory encryption attribute Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-10 0:36 ` Tom Lendacky 2016-11-17 17:39 ` Borislav Petkov 2016-11-17 17:39 ` Borislav Petkov 2016-11-19 18:48 ` Tom Lendacky 2016-11-19 18:48 ` Tom Lendacky 2016-11-21 8:27 ` Borislav Petkov 2016-11-21 8:27 ` Borislav Petkov 2016-11-10 0:37 ` [RFC PATCH v3 12/20] x86: Decrypt trampoline area if memory encryption is active Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-17 18:09 ` Borislav Petkov 2016-11-17 18:09 ` Borislav Petkov 2016-11-19 18:50 ` Tom Lendacky 2016-11-19 18:50 ` Tom Lendacky 2016-11-10 0:37 ` [RFC PATCH v3 13/20] x86: DMA support for memory encryption Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-15 14:39 ` Radim Krčmář 2016-11-15 14:39 ` Radim Krčmář 2016-11-15 14:39 ` Radim Krčmář 2016-11-15 17:02 ` Tom Lendacky 2016-11-15 17:02 ` Tom Lendacky 2016-11-15 17:02 ` Tom Lendacky 2016-11-15 17:02 ` Tom Lendacky 2016-11-15 18:17 ` Radim Krčmář 2016-11-15 18:17 ` Radim Krčmář 2016-11-15 18:17 ` Radim Krčmář 2016-11-15 18:17 ` Radim Krčmář 2016-11-15 20:33 ` Tom Lendacky 2016-11-15 20:33 ` Tom Lendacky 2016-11-15 20:33 ` Tom Lendacky 2016-11-15 20:33 ` Tom Lendacky 2016-11-15 15:16 ` Michael S. Tsirkin 2016-11-15 15:16 ` Michael S. Tsirkin 2016-11-15 15:16 ` Michael S. Tsirkin 2016-11-15 18:29 ` Tom Lendacky 2016-11-15 18:29 ` Tom Lendacky 2016-11-15 18:29 ` Tom Lendacky 2016-11-15 19:16 ` Michael S. Tsirkin 2016-11-15 19:16 ` Michael S. Tsirkin 2016-11-15 19:16 ` Michael S. Tsirkin 2016-11-22 11:38 ` Borislav Petkov 2016-11-22 11:38 ` Borislav Petkov 2016-11-22 11:38 ` Borislav Petkov 2016-11-22 15:22 ` Michael S. Tsirkin 2016-11-22 15:22 ` Michael S. Tsirkin 2016-11-22 15:22 ` Michael S. Tsirkin 2016-11-22 15:41 ` Borislav Petkov 2016-11-22 15:41 ` Borislav Petkov 2016-11-22 20:41 ` Michael S. Tsirkin 2016-11-22 20:41 ` Michael S. Tsirkin 2016-11-22 20:41 ` Michael S. Tsirkin 2016-11-10 0:37 ` [RFC PATCH v3 14/20] iommu/amd: Disable AMD IOMMU if memory encryption is active Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-14 16:32 ` Joerg Roedel 2016-11-14 16:32 ` Joerg Roedel 2016-11-14 16:32 ` Joerg Roedel 2016-11-14 16:48 ` Tom Lendacky 2016-11-14 16:48 ` Tom Lendacky 2016-11-14 16:48 ` Tom Lendacky 2016-11-10 0:37 ` [RFC PATCH v3 15/20] x86: Check for memory encryption on the APs Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-22 19:25 ` Borislav Petkov 2016-11-22 19:25 ` Borislav Petkov 2016-11-29 18:00 ` Tom Lendacky 2016-11-29 18:00 ` Tom Lendacky 2016-11-29 18:00 ` Tom Lendacky 2016-11-10 0:37 ` [RFC PATCH v3 16/20] x86: Do not specify encrypted memory for video mappings Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:37 ` Tom Lendacky 2016-11-10 0:38 ` [RFC PATCH v3 17/20] x86/kvm: Enable Secure Memory Encryption of nested page tables Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` [RFC PATCH v3 18/20] x86: Access the setup data through debugfs un-encrypted Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` [RFC PATCH v3 19/20] x86: Add support to make use of Secure Memory Encryption Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-24 12:50 ` Borislav Petkov 2016-11-24 12:50 ` Borislav Petkov 2016-11-24 12:50 ` Borislav Petkov 2016-11-29 18:40 ` Tom Lendacky 2016-11-29 18:40 ` Tom Lendacky 2016-11-10 0:38 ` [RFC PATCH v3 20/20] " Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-10 0:38 ` Tom Lendacky 2016-11-22 18:58 ` Borislav Petkov 2016-11-22 18:58 ` Borislav Petkov 2016-11-22 18:58 ` Borislav Petkov 2016-11-26 20:47 ` Borislav Petkov 2016-11-26 20:47 ` Borislav Petkov 2016-11-29 18:48 ` Tom Lendacky 2016-11-29 18:48 ` Tom Lendacky 2016-11-29 19:56 ` Borislav Petkov 2016-11-29 19:56 ` Borislav Petkov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20161114172930.27z7p2kytmhtcbsb@pd.tnic \ --to=bp@alien8.de \ --cc=arnd@arndb.de \ --cc=aryabinin@virtuozzo.com \ --cc=corbet@lwn.net \ --cc=dvyukov@google.com \ --cc=glider@google.com \ --cc=hpa@zytor.com \ --cc=iommu@lists.linux-foundation.org \ --cc=joro@8bytes.org \ --cc=kasan-dev@googlegroups.com \ --cc=konrad.wilk@oracle.com \ --cc=kvm@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-efi@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@kernel.org \ --cc=lwoodman@redhat.com \ --cc=matt@codeblueprint.co.uk \ --cc=mingo@redhat.com \ --cc=pbonzini@redhat.com \ --cc=riel@redhat.com \ --cc=rkrcmar@redhat.com \ --cc=tglx@linutronix.de \ --cc=thomas.lendacky@amd.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.