From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932836AbdBPPrI (ORCPT ); Thu, 16 Feb 2017 10:47:08 -0500 Received: from mail-bn3nam01on0063.outbound.protection.outlook.com ([104.47.33.63]:42397 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932454AbdBPPq5 (ORCPT ); Thu, 16 Feb 2017 10:46:57 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; From: Tom Lendacky Subject: [RFC PATCH v4 21/28] x86: Check for memory encryption on the APs To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov Date: Thu, 16 Feb 2017 09:46:47 -0600 Message-ID: <20170216154647.19244.18733.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR10CA0011.namprd10.prod.outlook.com (10.172.48.21) To MWHPR12MB1150.namprd12.prod.outlook.com (10.169.204.14) X-MS-Office365-Filtering-Correlation-Id: b168b383-97a7-45f4-80a4-08d4568306b1 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:MWHPR12MB1150; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;3:J8BCJ/e/22GUY/Cx5y5QZJupvWcwRqbQjbigX2cyBvvJlvZjCoT4En3SxYIMxNz/mHVSXBvi/t8kQb1dPEoX6I2l44aiRynY5Sb0ZGqh9mDZiETldqqyMPnPR0z3TijeUspMtNNb1gpF3qiofTZu3LEJ8Yc7ivAjDp0C5kB4dSZdo+z5gfAcNr9sj44/d//cZ53ADp3zm98Mui0jA/EyobBHgRKCuSP66RDQ+LDGpjeuCJ1WwNP0vwNB1xg0CO3VKz68CWIaHZuI9Ozqnc+9qroWAGTfpQ3P18QjBiCRXaw=;25:nQpsYgELWE0Y79OFJ3JwHFeCP1IuXwZTSnzYXdEe1iGIBvjhZxWPTbOFeAE5Hxm3QZlaRNU1nTJgiE3DO+miMpyY0BGe9vnZiIBPVrs14KkEMe9uYuJQdxbvPUrC8TnRyndK3/5FRRxizCol4W0rh5xMXHUI0AtDvhljIxdAVDXYxpbu3JYcy6SXK2X5nQCHHQ6zfI+cKvkwzjfllzanP2nAwc5fmuyYiKTV0nBXHJXnqU9sID8Y/YIYUX0LrwH1ihOMtu/D3Nf1QKT1Qd3sBFmzzneFMYxxVLJw0deiB/h+q0cbC1ylnG0jfZSKHAEYv6F8uoxlk91l0Qy4lNCdiOZWmwNb88EpGnBp/auC4OKz8uexm6bV2sd2EJ10iz718i7mtfoLiv059tQVIoM8tNy3dxhxiHQhqltsU7XVCTdbR+8pHv/JM6N9ygxIjXqpDcMcGtyzXWunalIi42tIUg== X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;31:3Ev8/Ubr1ZKLPvWhUOrji0MWL3RS3Gjd4lIgfLjHwaD+4TB/gWS6faUepQuhqsUcWS9jM624ojqpEfmmRyWid9PQZ9sgCtq0e1Rh5FeP3A7XfrcZMlqfA61pwqU4IwFtAjg0yWlhmT6BRjNPJioCZFQ+iwZKOcKUsnXhGCUCwt99bCDpJ2hJLLqL14xyzAPJ1H7TlNyvsYkE9yUbHPsDqkXhSK9qzTfRffpiwaxJ37A=;20:m45C0qq2nPq61N0y0f2X9A/ZQYFrjKqALJYINhYLb3Ldb2AdvFPB1uJFelMb5Gj5blPSovM782ETqVUvzHcLXW2NdNWzvNec4L0UDINQXMz7i8IwqPP/E0vlgBtqmGbSiHYXmfl5HuMBtmrvffcuXuQ4MImXJUZfR7CwtqPmAUMu9HflBRX9h8qWM8fvSMn1PccvwM6vi7LBA5Cjz3LYURCciBburvVHUjrJg776mgeIYXBQqN7+Xalhwng12tDV541zIWBNZqFZRlPnNjib3f8tSfroWGQPUMAZkkdCyyjQu3jKHGzd64wNx1X6VrFA5R6Ei1lS2iTgKC9Ru9ivhw30kjEIpCY8PKVD2FHoT1GZ0SDPdEUZIVsGKQbiYJoaKoQT8O/xM5VqZVLw8W4juIhxb7XvibE0V/LnkCfn2bxjzmulDjPkOBUzFTXx/EG6IZT8mTBwQ0HCYZk9emxDF3bp4mtbNwv17ol/rdsezpgWE2ymzpsauualdhCqX6lM X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123560025)(20161123564025)(20161123558025)(20161123562025)(20161123555025)(6072148);SRVR:MWHPR12MB1150;BCL:0;PCL:0;RULEID:;SRVR:MWHPR12MB1150; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;4:TyMNdBY0l4GpX8qW4BhD2rk2yomcXPaAuKugW3hX9973e9nSvU6ieUBxBDmlUHPEPUOCmzXhVOWW9PKq7G3ynrjYE7sbD753WSVo4HL2G8XgOozgocgr4tdBNRtxaiki6jZqr5miuQDomVHM4dCAxm/oMYH4PSyHEHuSrjf+MXPovXiBJf5Roxf+6eON0UE0/eHLVWJ7sFx1lKfWmBlNeP18El+QC0DT8FSkpxp5EkPUKsyrCSjg1yr4l2EFBvrqV2CsnX6Uo48cAPnVqk29mRxJAAqhtBPP1docUu5aEwKpCuREI86HUI5BQGnxNOkj16jG8+ULtDSZBeZa17IP2ym4PTMve6s8bd8aCTFLEnyAH2BFI9MdTa1GDlUriISka/9IxuXQlzGLIv0jGs2+E6ilBiS072141GFa+KXa4h6YKjz8xaSvKD9wHi4wNglaSDhiN9yg5j1zsHOTBAP7piA7x00rP+CCWb+zUt52VV9lq1j4x/Kt7dnI5MS9jnraTs74vQHR6fP2AN6yD/zp7HrKfcqEZo9bktrNzs3Gi2we3QLvJ6KklGm/OCIgzyco0vzCZqt6LEB4uI89AvHYrycsQK+Dqp0TGGoregOVnDUPovSNCPQsOBxvEpGubONqj+LsKRY+WgpXp3b++N9bnu+bJNeP8Nz/mR7WYlVgBTA= X-Forefront-PRVS: 0220D4B98D X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(7916002)(39410400002)(39850400002)(39860400002)(39840400002)(39450400003)(189002)(199003)(86362001)(25786008)(33646002)(2201001)(53416004)(42186005)(5660300001)(97746001)(9686003)(54356999)(50986999)(106356001)(2906002)(55016002)(101416001)(54906002)(6506006)(76176999)(105586002)(8676002)(92566002)(81156014)(47776003)(50466002)(81166006)(103116003)(6666003)(230700001)(189998001)(83506001)(4001350100001)(38730400002)(68736007)(4326007)(23676002)(1076002)(7416002)(97736004)(305945005)(2950100002)(7736002)(6116002)(69596002)(3846002)(53936002)(389900003)(66066001)(71626007)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1150;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTUwOzIzOmZFQkorcjEvZ3JjUEJWRWNCNzRVNjlZUTRQ?= =?utf-8?B?NXpDRk9JaEVFeFRHRkc3Vlluelh1dFhWWTY5N0lLaU16SXgwRDAzRmRibUdq?= =?utf-8?B?ekQ2aHpWK3MwZVhHNkxQUnVrTDhSWjNQMXUvZDhHUnByQ2tvMVA3V2Q3Wi9y?= =?utf-8?B?ck8wSk81bGFmVEpGYUd2dCtLOGw4THlERS8wSCtHa1R4Q2ZkUERQQ1JXd2Vp?= =?utf-8?B?bnZuWGxQTHU4NkkxVEhPbDR4bytUdXpISWNKanF1SHZQQi83RGRjVDhjU0Ry?= =?utf-8?B?MGU0MFJMSTN5aGhVTTdYa0JSVzNrcWphaE9ONENVUEpoQkFYRjFoM2JjUm9k?= =?utf-8?B?ZGZFRldYYnVxTk1jY1VzeWhaVGpmaUNuSGY3czZiVmMwaGZjRjJnRE5kWXd6?= =?utf-8?B?U1MyY2F5K3Jpd3IvWS8zeVU5aDBqR2Fjb0d5Q1AyS0prQ2V5MUpFdG1PSy9Y?= =?utf-8?B?U0ZXUTl1a29iT2Y3bmNLZStlUzdFd283WVBZenVEUUxrT2pPYWVnMmhaTlZS?= =?utf-8?B?enUzNVlhbWlDN3FRYVIwMmtiaUozOEVOK0JjclJveUJnSTh3dUlkbnpPNmZt?= =?utf-8?B?MGtodURHTW5Bb04yaFNsWkt4dTRIV0pReFk5a3l2YmxLcTh4T1Bmc1dmdDQx?= =?utf-8?B?WDMvQ1UzWHRuMnJYNkhReWJrYlE3Z2N4RGh6VVJGckxURzhLditRbFVHbkJG?= =?utf-8?B?b29KNWxzNm5DL3dtNk1adTFjT3YvczluZXJraE51VEVjWkphMGFHWWtnZTFW?= =?utf-8?B?U2JJVUtEYTlEVUg3a0tNYXJWd1pqQnJTSFpCbEtHblFnOWhUK0xNelROa0Yw?= =?utf-8?B?c0pzN2xOU05uVDdubUhJa2RpbWhTUWJ3WVRZdDBDY1h6anE0TWxOdGZ2cDll?= =?utf-8?B?bHUzMnlOaG1xN256TXE3NXZpQlh3K1RFWnF4Y05CREN5QWNBMVUydk1kaWly?= =?utf-8?B?UWNCcmxMS0NFRm04N0Z0YWZOeEY1L3orWWxkYnBkQm5xbmFKUTdlbVJwbkhY?= =?utf-8?B?YWN4am8yTG1LTzVOT2J2ekJLSGk3VFhDM3p2MFgxVVpWUGtqamt1dnhWV1A1?= =?utf-8?B?YWZBcnc1UG9rN2gwM3NycTRlcVJqNE5YTHNwZFZPdWZiaUFnQmVDZ2dZR1o2?= =?utf-8?B?RG84TVlrVEFrRml5QUVWMDd2bllTWkxCQWprdEF5TWlzM3VsRVVjZUpubWd0?= =?utf-8?B?dk5uWWFjYlFuS2ZsZzRyMjhqaFFOU2FTUlRZcThHOFBhRm9zdlNWVmtvZlZS?= =?utf-8?B?OFN6RnQxTlhhQWY4R2d4c2RZR2hTMDY3ekxrMFgvckFqa2w5SWJjYWZxUUxh?= =?utf-8?B?ZjNlNEpGQzllU09kQ1djTnAvQmZYdktQMEtqNGU3dnJxU3krQkFUWlBKTTYx?= =?utf-8?B?eGJrazhqRjVFTlhRTlZKaXllNms1WlhoUXV1RWtiRUVGdGNITDdPVlAzdHFW?= =?utf-8?B?alVsTkVSNFZNVXE4NmtMdHZhYTdKR0tzTHc0dWlzV0w5YU8ySFNkdElFVndT?= =?utf-8?B?TVFoYTl1RTd1cmttNkttdlVmdXR2QTE1WGdYdERCS1dYeEVYbStrTGFRRmpt?= =?utf-8?B?Vk40YmF5UlhCTXNzbFRDdXBPK0pYcXVrRTRkWldNVHZEZlQ3d0Jzd0ZKeEhH?= =?utf-8?B?WFpSNUw5MjdmbytzbW1BM3RTMnlUbW82Vzh2ZTI0RzVzMUorelRoRlp1N2ZR?= =?utf-8?B?cjF0elBESVJEaVVWc3JMcDBZOEl4ZkhhWTA3MXo5bkxOT1p2bG1Bd21nVWxk?= =?utf-8?B?TFNkYzdmZVQxOTBzNjhobU03NndvV3NacGdmUkoxdjN3R3BXSmJmNktpVXVO?= =?utf-8?B?Mk5ndXliUTF3UzRRWDhweVFhbUx1VytDK3VNeEtYQm5weHhDUHJ6b3dBVzVI?= =?utf-8?B?TEk3blZxZ2M2L1NCMkVqUlNFTTYzOUZMTG5lenhjODhOMGRXSE92aFRCbTZL?= =?utf-8?B?TFJqRUdya21nPT0=?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;6:SWWcyXvwyk0ci3cSuL7OcwoHqObKelQk1XU3cefIbexN5R5ff5qCftxM19HpZ3DWV126L/NSHp0a6hSKiMGbmiZ6x3TOnrUZzfODGahxk/XHv99+fpyV/D0jGoIsJx5DyUPsoCnC85g2MCljQsr8QGi5MefwJMMoMy4J6d4+diLlgP8OLA5L6ILiW/rv0yS6Y7MTgfLaiTiApvNKIFDwYKjgHw5Eh48y3g0HUBJ5DFcpcQvfvkQZt2Dc6jL4XW2Aqc9YSGqEBGjipQBce8yXNwLnyqBPQ2cdmOuFxK0UOdkftfR0TP59J0d8hMsGxDzuVuN3imZigO/3u5qf0ItxF3keWEJjr0hUzYJVzwamavAGGof5OY5HF5TakCJEFa0Umbz7g3Kn7eRZP/1Qh62LoLdhZRnMjA0nRZpShlAUVPE=;5:VAhE2gXRWms1nAXvznK9X1Qeq91fdf13nRQW5hexeiLOMOfJgVvwsNjcOYhMFEr/raZhGHNraGb5LcHRdHst/QH13Aq33Jo2Hjs2yVrRPRwA7Kzh6EBWbRbL3zI67hyb7dwE+c4MyzlmA4irfDYaJw==;24:Pdo/YQPu4BltGhFD8wR66MMzbzcz7oQrj53yqtWFuR7LO0GehaGvzCRuX46zJWMCol/f+GstLsjQZ360NV849o8rMI8pufB1vxLynBmw5lA= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1150;7:6GnsD2JuHeqPVzXhYuDPfli7Q/xcq329UBIxrMVNeD+G9p2W3C05jKtp5yOnfL4J4l+8U7DUdCAOd3TQ/Cff0VnWB5TrDQIoOJ5vlIgJYN2tPfEe5bCoztRDtYcNWfFXTKelSNTVCGdJvtfNCQJioQYLKZeIKHsPrKeW0kxm2RxO1b/ZhL7FKJNu8XqaSTkDd6tFJQL9GOyfd1WLTIiXupG/13hasg9ZvPAsGUdL2mKULrlqg04WD0XfhX4nQ7cNTWtMMsU+6zP7Ko4l/IpDNsoAilEjkUTAb5BWKU5s9Rb5GGJL0kFpGLeGm/Qoj4brzIA4aoMwhCUjYnIZCwY4KQ==;20:6YXANcFDZZdGYJeFnfVH7Zfbgwlgadvld1b48zMOoZuPxdqlq8MU5FIFeWhd0x+4/WvsJCNaRWqs9AQrvHzXszxJO9P4P8uGYYbmICsEhBYTwPYthq32ITLJMXGKAX/y3nSgYb/3Fmu211z/PPLsebdmVHcSd8dJbftaRtCGqgWnZkwyg6NyINB+YushDww1ak6HF2wGb420HnFiMvozW7PPI8zTn2j74ur/OlPaeZtQUDnG0j8DYIa5n2+V7uPf X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Feb 2017 15:46:50.1818 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1150 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the SYS_CFG MSR bit to enable memory encryption on that AP and allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 17 +++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..4f7ef53 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * int the CONFIG_X86_64 variant. + */ +#define TH_FLAGS_SME_ACTIVE_BIT 0 +#define TH_FLAGS_SME_ACTIVE BIT(TH_FLAGS_SME_ACTIVE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 21d7506..5010089 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -102,6 +102,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_active()) + trampoline_header->flags |= TH_FLAGS_SME_ACTIVE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..a88c3d1 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,21 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ACTIVE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the SME enable bit for this + * CPU has has not been set. It is safe to set it, so do so. + */ + wrmsr +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +163,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S" From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: [RFC PATCH v4 21/28] x86: Check for memory encryption on the APs Date: Thu, 16 Feb 2017 09:46:47 -0600 Message-ID: <20170216154647.19244.18733.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> Sender: owner-linux-mm@kvack.org To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov List-Id: linux-efi@vger.kernel.org Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the SYS_CFG MSR bit to enable memory encryption on that AP and allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 17 +++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..4f7ef53 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * int the CONFIG_X86_64 variant. + */ +#define TH_FLAGS_SME_ACTIVE_BIT 0 +#define TH_FLAGS_SME_ACTIVE BIT(TH_FLAGS_SME_ACTIVE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 21d7506..5010089 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -102,6 +102,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_active()) + trampoline_header->flags |= TH_FLAGS_SME_ACTIVE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..a88c3d1 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,21 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ACTIVE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the SME enable bit for this + * CPU has has not been set. It is safe to set it, so do so. + */ + wrmsr +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +163,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S" -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-bn3nam01on0063.outbound.protection.outlook.com ([104.47.33.63]:42397 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932454AbdBPPq5 (ORCPT ); Thu, 16 Feb 2017 10:46:57 -0500 From: Tom Lendacky Subject: [RFC PATCH v4 21/28] x86: Check for memory encryption on the APs Date: Thu, 16 Feb 2017 09:46:47 -0600 Message-ID: <20170216154647.19244.18733.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, linux-mm@kvack.org, iommu@lists.linux-foundation.org Cc: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov Message-ID: <20170216154647.T5JkBuwd12FZ_Ml_r5kjT1OR1zPbIhLnDpwiL_J-n-E@z> Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the SYS_CFG MSR bit to enable memory encryption on that AP and allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 17 +++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..4f7ef53 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * int the CONFIG_X86_64 variant. + */ +#define TH_FLAGS_SME_ACTIVE_BIT 0 +#define TH_FLAGS_SME_ACTIVE BIT(TH_FLAGS_SME_ACTIVE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 21d7506..5010089 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -102,6 +102,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_active()) + trampoline_header->flags |= TH_FLAGS_SME_ACTIVE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..a88c3d1 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,21 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ACTIVE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the SME enable bit for this + * CPU has has not been set. It is safe to set it, so do so. + */ + wrmsr +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +163,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S" From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: [RFC PATCH v4 21/28] x86: Check for memory encryption on the APs Date: Thu, 16 Feb 2017 09:46:47 -0600 Message-ID: <20170216154647.19244.18733.stgit@tlendack-t1.amdoffice.net> References: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Toshimitsu Kani , Arnd Bergmann , Jonathan Corbet , Matt Fleming , "Michael S. Tsirkin" , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Brijesh Singh , Ingo Molnar , Alexander Potapenko , Andy Lutomirski , "H. Peter Anvin" , Borislav Petkov , Andrey Ryabinin , Thomas Gleixner , Larry Woodman , Dmitry Vyukov To: , , , , , , , , Return-path: In-Reply-To: <20170216154158.19244.66630.stgit@tlendack-t1.amdoffice.net> Sender: owner-linux-mm@kvack.org List-Id: kvm.vger.kernel.org Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the SYS_CFG MSR bit to enable memory encryption on that AP and allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 17 +++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..4f7ef53 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * int the CONFIG_X86_64 variant. + */ +#define TH_FLAGS_SME_ACTIVE_BIT 0 +#define TH_FLAGS_SME_ACTIVE BIT(TH_FLAGS_SME_ACTIVE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 21d7506..5010089 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -102,6 +102,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_active()) + trampoline_header->flags |= TH_FLAGS_SME_ACTIVE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..a88c3d1 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,21 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ACTIVE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the SME enable bit for this + * CPU has has not been set. It is safe to set it, so do so. + */ + wrmsr +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +163,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S" -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org