From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751969AbdFTPxJ (ORCPT ); Tue, 20 Jun 2017 11:53:09 -0400 Received: from mail-sn1nam01on0057.outbound.protection.outlook.com ([104.47.32.57]:45824 "EHLO NAM01-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751056AbdFTPxD (ORCPT ); Tue, 20 Jun 2017 11:53:03 -0400 Authentication-Results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=amd.com; Subject: Re: [PATCH v7 08/36] x86/mm: Add support to enable SME in early boot processing To: Borislav Petkov Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, xen-devel@lists.xen.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Brijesh Singh , Toshimitsu Kani , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Matt Fleming , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , Thomas Gleixner , Paolo Bonzini References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> <20170616185115.18967.79622.stgit@tlendack-t1.amdoffice.net> <20170620073845.nteivabsgcdy7gv4@pd.tnic> From: Tom Lendacky Message-ID: <49c62e8c-c4ae-6d05-e2a4-aa1fc6e2d717@amd.com> Date: Tue, 20 Jun 2017 10:52:48 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <20170620073845.nteivabsgcdy7gv4@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR14CA0010.namprd14.prod.outlook.com (10.173.157.148) To MWHPR12MB1149.namprd12.prod.outlook.com (10.169.204.13) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8da133f4-7bd5-488b-b48c-08d4b7f46c05 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500055)(300135000095)(300000501055)(300135300095)(300000502055)(300135100095)(22001)(300000503055)(300135400095)(48565401081)(201703131423075)(201703031133081)(300000504055)(300135200095)(300000505055)(300135600095);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;3:66LSQgE87R6U2po/bmKhFUzfvYXn7BC3DG4LsR8eri5P/p2A4gUSR0/y/COob9H4rOq0TloFNh1UOfsdOdvmDk2Baodrm/jrNRfzSAeyAziJzw3C3piIqlAQ09Uco2t/nBckWLL9vPQZFPjRRtIon7DGoqiHiJXRbq9AjjEiL8alYEgWBYhzqYfZ93vN1Nvh7E5VLEBX875bFZbcBbh19N/qnDMlusSlSg0DlYCLBx0up7DSJ0URZw725xF4XDwL9pZqlrlsu0UkrB4z5TxIdzlrweXupxPG8xJY1sNUT9DXuxXdPM5/LWVJo2A8IPCZ0QUCA5/p1QSXis8EpZh+2AoUvRjsGwthkfqTxY6LRY7EQuOYKbaIjQeUpyRTuEhlaVunwQfG+HgMrZ7h2DY+XkXiCHiuZOaGGD4ZY70jaMcmFsbuBiRsoD8ftLCqqP5C9437zGZAvFiOOnkAkwdFuIFGX1iSzC1axJh993DFZ9ghvJcB0IvvCGcFQ7y2ECaT41LffzAZ+tM9tZRsLLaoANHT4QHUMSQbJ13nUQ2Cz2gDyPChLgdxOo+EjnW1lsQkod3LbZPcb0fjuUatCilOPNxVE5bHQ7tUkHgsAWxXdrDTYCM6dSziIr9oeKIO5i7nLuObYTJoDsRxZ5VGCXVfFaIg7jV0cyA9ruZBOM4Zeb9JEc70taTlh8N3XRvqABJsUot/ofQsSPXe3ZjodC3ydQ== X-MS-TrafficTypeDiagnostic: MWHPR12MB1149: X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;25:DegdRI4xpI2bDXEONHJRmlvsBAYzM/en4xE/dDKTZihCX/dGkWCzfTl+p+u2nlvjcBqoJwBnfT/CeLlng0YGc+wDUyiPZohBUjSd5mvm509WLV53IGfvFuLW2y05maHEsKbssaL+9Azx1Xl0v95NM3E7xotSeGCXt4jayliUKsL9JzOOnf3RvwIGRuoWvHpal1q9EzdRD5D1i7lCyd6Eo5tZCQvUAt8Aa5V2IM/iuDnqWpPv+4LsRZqRPd8DJ7kIuQdbJMANuc9veLRUlGo5LxZozMU0VcickNlDIW4hbIHZTlO70r+ZK1W0/bWatk7u/0hu1+txEc8V+FknA9CXTxCdaNkeCT6oXF9GA9xwdZdUT2LU302St3h0JhpzNXrcuh4VmEgxeiaGx40TzsDy5hxtMGqqhcT3c2w6K6vL+kgYDo5E7qCWqxL+hF6g9EwKJXZILDNBZ4artyUuVXfuq1gd2oIOyj58JFt11mUckv4DirWW+T8PEqdpDuJy7Mkc5z4iqdZXXYoteYnEdiibUCKfYdnO7BA5lUwfaKtcvznUyNRDrDoMWMwlazGhX339iWWDknFy7vdsorkEs/b8Kfdsxvf9UzwBheJuAmcMGoTP8fVwlxfjWs4igf0yxMhOhVNXqNlYush/8E0R4GJ6b7B8xMwdS2MPFvBjVhQrT3C2C5fbKHpgr/T6UzjFlzm6RSKBJ+fYqro2oXl8r1K57OPkLsAwyQM6cf+N8S3pDdNz9WS+vZIAKIGPo9sQeFxrDdbbga/tVUa/iNir+2Wb/GgYSkvBDYB26ZAhUlwfk6u12JU44HUJg/XB3ii8i49x5SfCl5hfVwp4mGm668OZJOI6tTTX38Hrfsg/bjphCJlaM6jJE36P2NUQO9gRAl/sTrLiA95aAJ28xp3YmfDZgw44uKsMr0/FjsJ1jroJ9Vw= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;31:3PrdaM9MmtBgUWtKsM10pMobE+E4AukSYr6pSCz1LvIhxhGVnEAQ2UBEd+W+u7x+2pyKnCIwPclFQuHuK0fa/htaEauhG1p+O6rta6xx4wrXVDodjWUdtQZpyewZgOzHzmuIyuvaaNr6gn8X2/XS5j9hlG72pHGsQ2BJzNRg4ndYDaHmSUUFwh5sTX7xmQWhp7Ubdp4MUy/EB2GVr9LfHoZaWcXHAwO1dr/ocguG4k9/QsQ9rUAhDlO6xukUuEGfIiYH+A4IM0rpH2feAV6udYNd3Eb1ig8WlTz/4TcS/o09OqL2PKWxJN/sHDM3UJNLVZyqUR70O+WkKYXDpK+HbWp+B1UAhqwxvamThTQrXL5Aw4niM+EVaE17LiU//vU8NOwZTr4cmMov8+akCrMeTICdQfKxqOM0r9hEwBNGPqwSASCVKphsdWeK86MZbL611U5PwG7Q+7KrX4+Nh0o5Lb/r4cQea8cYCkkqrJFiQL8ktcb/5ermIwV/YBI5W0odiEtXyL8NFrvE99Vp21nJDoL/jKUSoR+9sd1HPpkQzgu7sBbUbAawtdpmxV2Hfas19wtxaoErMqKVz5oInXvRaeReSeLIspKJ6AfXkGroPRV8jY6FniStTGCSQqtbxGBwEEK4S8D+fCFYRdTvX0oAxiWVd1b5+sE2/WpHalP0mSA= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:IRpCydeBpuwHDY6NLIshIgNjpoBukmOmP9R9jyE0I7kihEsQBU9VNYsmIMohjykxpGLBUPNpUDDDoP0F0uISts2zQ2RIFqc2TODgpKe8utnmneC95e+PzIU49Jj2k56gVTo5zZLgHTyYV09/fiZfCr9h7NK9+/m6/XupwWJOohO0e9uNQznr5aggoBTgv1/Ty/eKwLp1NSNUYwpryinLnxdO+in9EtAJV/NOHIkXFzMWGk2+fohSyE/l9fZqHoe9ouR7C59U/llppnlqgYXNY4rgW2IXnDOHmPYjPSSYSaxupak9Az/yLcg678fOoUNxnC9Z3sADKziE1N4kHADhmRvhKn7K71MiWJLPMQQdvX01RxDqW2jSfe86501DN8RazytdKJaY7MVfKIlvOq//UbfaZJn55Z+geI7PK/5qHZ2kIxmO+sZv7hZUQnhs0TypJVsEgxXL5kI1Rhq2ALznrio8SspC51d8q+NAnICrzVvpV0RqASJXEDqHU+rWFb65 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:MWHPR12MB1149;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:MWHPR12MB1149; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzQ6NnI4QitVdW54M0JlUVNtbmE4ZGJaRmlWdVRM?= =?utf-8?B?SlduU0RYOE5FckxtZi9jbVZ1YTBwMm5zZXppOCt6Mzk1TWVWdGdKZUd4MHBU?= =?utf-8?B?M203S3lRN05EV2Y5WkJwdkNnd1ZCRGxrc3NjdzFmbE85ekRTcjRJdTl0ek9t?= =?utf-8?B?YTlvb3JzS24zWmd1U0tXVnFyTk1lWWF6aUZkbU1GN0JNV2s4ZElMSHdZb2dx?= =?utf-8?B?NTNlNWMwSndOejArUW8ycjFyL1RZYW85ZENjRllnVVFrZDBBREFmREh2Z2pV?= =?utf-8?B?djJDSEpscld6WnRYa2ZaSENwQXZhTTBXQnJ2NnpOVEcyb05jZjFUT1h4cE5q?= =?utf-8?B?ODloRjFLQUt2dXBtMC83M2tzUDBJc3hHdHJHV1lhM1Y1MkZVTjhyZmE0YnF3?= =?utf-8?B?cDZHWW9Wakc2OWFNS0R1bVFHS0dpMTN1WmdIa3ZzbTVCWmdsNG41U1dZN0dt?= =?utf-8?B?RnpJelVUTzhwRjQrUWlFUmFBQWp1QitpM1NZVUxMZEV0STJpTW1hM21ZY2pv?= =?utf-8?B?Tmo0YnhBb2lCQUo1bW0zUDgzMnFLZXMzOHZuNVl4T3VuTGV1QktUYlgzZzla?= =?utf-8?B?NFZxUFpOUGJQdkJ1T3UvWXdocWFWNndUTGR4OUlNRU5oZThrR1FJYnBLZjhl?= =?utf-8?B?b1NULzJIa0QwcGdxdk9yTFl1eEU1d2ZseEMzaklTMDQ3bGxaQmhrdkk3K0RV?= =?utf-8?B?M0RYYTFXRXd5aTFmQ1lPTWtmMXdsdDZzcTAyMTBudTQxd2FEc1BGUG1oeHA1?= =?utf-8?B?R1VKK2JFUTJQQXNIc2xJZVdaOGhpZjA4L0M4WWlMQWhqRVNwRnFKK2YrcEVU?= =?utf-8?B?bXgycXdpK29GaEtmUmNQR2E5VW5RUzdYVDVBdkJLYU1KWVYxMXVXdEt1K0Vt?= =?utf-8?B?YmU5UTZ1RHZxenhxS0g4bjhMMnBCRVA2alJzeTRONXBXRlBnK1dHWCtlcTlH?= =?utf-8?B?YUZxS0g3YStCTlUrYnV0RlhzdUNOaVRHSVVPV29PdlpQWld6MDQrZnc0Qy9p?= =?utf-8?B?UE80bDJ3SzRZU0l2NjI5Zm1qTzBtVDhjTnVIUit2NTRVYjdXQjFJSXFBR3hP?= =?utf-8?B?Tjkydi85RjF3RDRLQ1hFN3JwS2t4aFFHUEp3RUJGd3Vhb2ltOVlvcXlmV0J3?= =?utf-8?B?dVhvUG50UlRmZUFqN2JqcUpFaVRyRU91TzViUlRrd3M3Q2YyWFNsYlo3dSs2?= =?utf-8?B?a0RDQWIrOUVOMnpkeU5zalRVZTAvbzlaV0oyOFJZNnpMWTkzUnh3RlY0cG5o?= =?utf-8?B?R3pTUnBJMFFQVFlqWTRkMVNLd2dEcFRueFJFc2RMQXdDamo3QWNlekhJVE1S?= =?utf-8?B?ZmFTdzR2VjZ1eFR5UnFFQ3VQMVdRaGYyVGprYUpHUGpNeXQ3aTl0TnlNV0dR?= =?utf-8?B?cHVHQ3BiV0JMU1ZOemlnQzZpZldJcjYvZmk4YTNERzJ5WG5MaXJ6MU1UMkRM?= =?utf-8?B?MjVlQ21SU2plbmx5VmVlSEJWMGRheGdCZXhNS3NDdmwxQnMrRzVsVGtmc0x3?= =?utf-8?B?aG5Yb0oyWXNxZVA1MzJwZnAvcWNXMGlDOFBNUzJoYllOYm80d09vTnVrN01z?= =?utf-8?B?cjU0NjVPdC9iSlZuWWlTTitDYS9JaGpjUDRZQnhrVmNvRFVUL3g1U1hmcHNK?= =?utf-8?Q?gy/HExX7tF13UIVb0QT?= X-Forefront-PRVS: 03449D5DD1 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6049001)(6009001)(39860400002)(39400400002)(39850400002)(39410400002)(39840400002)(39450400003)(377454003)(24454002)(50466002)(54906002)(7406005)(7416002)(4326008)(72206003)(47776003)(65956001)(66066001)(81166006)(478600001)(90366009)(8676002)(6246003)(77096006)(42186005)(76176999)(6486002)(31686004)(54356999)(36756003)(64126003)(23676002)(33646002)(50986999)(189998001)(38730400002)(110136004)(2950100002)(229853002)(305945005)(7736002)(4001350100001)(6916009)(6666003)(5660300001)(6116002)(3846002)(2906002)(31696002)(3260700006)(83506001)(230700001)(25786009)(86362001)(53546009)(53936002);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1149;H:[10.236.64.250];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzIzOnBIVHdNK1JRWjVsdWtUam1HcFAzTHJTdWJC?= =?utf-8?B?ODJhb29hTjlDYVlGSkQ5ejRSK3ZKS1J5QjlZSWo5MWoxWkdxLzR0MVlDSHF2?= =?utf-8?B?cHZpdVRiOHJrbW9ZWVdNYk1uSnVGTDVpUHlGdG9vMFFGQkhpejRTLzQwdnhE?= =?utf-8?B?aWw1V3BhdWhCZ25qVmtwakx1RFJVU3ZRcWhHVEdYTm1sUmR2LzhxdlRTekt4?= =?utf-8?B?TUZ6MVU0QXh1OW9YMlFxMnRtbDFxMHZFRHF3c2ZUdTJTTTNrbWhwTE0zSWxw?= =?utf-8?B?Wm1XYXpsR2plVy96SGs4Y0MzbC9aSm5USkRoOXFwTDQ4YTE5YldwUkJ5dlcw?= =?utf-8?B?YUVRR09qTG5SSXBJUDF1VlFYRlJmU3hJNXJWSjVPUWE3TEtrMkdkT09aT0kx?= =?utf-8?B?cEVydDA1eWU1THlreGR5SENFK2VTbjV6OXkvMm9QeDVSUjNaREhJVlZlVmxB?= =?utf-8?B?UmRZd3NYYndyTWFDaE5FT0N6YTZ3MWsvSEw3TEVIRU1zNUJvMytmQTQ0MkJI?= =?utf-8?B?d2pFV3I2NlNxMVJoYWx6WjlIUFQ0ZktGUW5ZSm5HTm9Sc0ZNNXBTb21FV25k?= =?utf-8?B?VkFhNnFBQzJTOU1DUGJkV1BKK2t1TlVnbEhhZy83Rm9Uc2pTTXZqSU1pTmgy?= =?utf-8?B?M05uTWpLTmtreWc0OTByMi9pWTF5Z0JjaThJTzBYeE9RWURhcHd6NXdSRUZD?= =?utf-8?B?K1RFOWZLamNrTGdYYVN5VVM1bWdUd2ZVaThVNm00MGFSd3JkTkpZVTZJQUdM?= =?utf-8?B?bkd5K2NtaGlKTlBkNlU0R20ycWlDTUFidEhRdmRzT2pNeHhTNHlCTmRQTWFl?= =?utf-8?B?NWZzTzczdER2Ujc5endRa2RRbi9SL3RWdHJyTUpKSjNPQVQxSkVZUGV5eEVh?= =?utf-8?B?MFZUYW5GUERvdURUT0lXeW1Cb2hOUHh0blRkOHIvdUY0MGFncy9iVEtGRkE5?= =?utf-8?B?OG5YL09yS3lhdklRWVdlbW9VTC9IUmlwNmRWQWl0K0prWGlvais2VVJvT3h3?= =?utf-8?B?TVR6QWxzZEZ1NHhXZi8zZWRYb2VoOTFLa3dBSm9zc0dTVzdtUlRLem9vNkFn?= =?utf-8?B?WnZCYk1SQ2NFeTFsTmVjTUx0NkUrVkdSc21ZTkdUdFgvUW9ZR05JdzRQR3R0?= =?utf-8?B?UGJOSitxdnVmNU4wVVh3QVJ4a3R3Mlk5YzFZamI0VEM0aVRGSUNCZzlHcHVj?= =?utf-8?B?VXZXdnM5ckh6NlRhTDNmSTVya3lzQitncUdrZEZqaUJmeGJSbUpGWk5TRmli?= =?utf-8?B?a0FVeUhzZ3dnMStWTFlBM1RlK1dFUHBhbmNPVHJ3QklNZW5JUFVjd2VBSHhr?= =?utf-8?B?dm10TGFqWVVQMW55NXJzL0VLYVRQRmdQa2U5dExFcFJMZ2Y3QmNMRUFINTJW?= =?utf-8?B?anZzTVMwKzhNd0huODd2N1doWk9scDlVR1IvSG8vVUIySitoRVFFNTd2Z3Nt?= =?utf-8?B?SVBaSFlENTAxVTAxUjlBODVxTDBqWHMzRWJFNDlSZUhRMHo4dVFrcURSZzN0?= =?utf-8?B?MEI5LzhHNVJMWUtEbkF4YzlUNXh5ZTNJZWwvOWFtU3FLdXNmc0p3S1dhRC9X?= =?utf-8?B?Q1VMRzlSVm85eWcwSmdBMHpZcjRXZHFGamx5T3hvYXVpdEd6S05wRGF0Sm9M?= =?utf-8?B?V1p5ZmJ3OWF6SkZEQnMydVNqclQ0TFBQd2pRVTQ0NUJoeHhnY1Vka0YvZEg5?= =?utf-8?B?S2xlRzZUQUZFUHkxOHk0NkZwTHRCaVgzWTZtWm9NOVFRLzdxTjFCWVNhS1hY?= =?utf-8?B?aGV6RmJkdnVNRVQveHUyWllvN0NKVVZRTnVZMnpzZlhIR3ZTdmJyV29KSE9O?= =?utf-8?B?Yy9qekxjaTE1cStCaU4yV2pxbllrQXlqNkI5eXk5Rm9tcm5iRlhFbEpGbWFL?= =?utf-8?B?NVpRVUNLUDJLTmFuOVYxczZWRGZ6MXY3RXB0bjBqQXA3ZEZsQ1pMMWJ5TTgx?= =?utf-8?B?bFNPTlVGTENBPT0=?= X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMTQ5OzY6Y3cyekdZcXpZdEJZS3dlRlZBYzFOK3NUWWVl?= =?utf-8?B?TEszYVl5R2N3QjUyYXNQRzhreXA4cFVXc0dPRFZEZFRZWXZoK0xBZ3YvTXYx?= =?utf-8?B?enFXZWMzTDl0ejhjcDFhREVzKzNTSXlqYys5c3Z0ZTNWUWtOTDZvNVI5cGFp?= =?utf-8?B?a1FlbWlxNGhGektRcWhBTW84ditVRmhhM3pHU1hUVzgydVp6MHJpRHFHUUNI?= =?utf-8?B?WVdtWS9qTkxkSHgzWWdaRWVGVEV3L2NUL0pvN2txMVdpYlJuWGx1N1BDRmtS?= =?utf-8?B?L2JZUlhvV2NnYUFDWlVUT01kMTM1SU8vNXRnSE83TEk3RlB0bXZLbWRtNUpD?= =?utf-8?B?WnNEcXFGT2Z2ZlAyM1FpaSthWFNIS3lQNTB3NEd0ZlZwSi9QMUtOVUF5a0xy?= =?utf-8?B?cnZCVkEzbzRKcE83b1dZOXpNeVZ4MTVJQllZdzJrNGV5TE9uRldMRTl0Y3hq?= =?utf-8?B?RWNEeEpNTDFPcDhPT0hHTUJFMVl2aWFUZkxaNkNraVVVbXlTcUhHNDEra1R4?= =?utf-8?B?QzVwSnRNcW43L3hIYU5NdEpDRC9HUVJpbWNBaW9zVUFyYkFyR3VPZzlwL1Qw?= =?utf-8?B?ZDN5L3lnTm85eXVXazJJYjZmV1pZZC9yTEpya1pTSzhWYjFBNmxXRmkyajI4?= =?utf-8?B?YUhZZ0d6MHJtVjhGMzVVUkxEMTAzUkRmUmI0UlRMYUF3NUoxcHp1VTlMUzlv?= =?utf-8?B?UlNxK3BaYkYySEUvbDJmMHczQzc4MFlvR2xiY1lPMW5UNzhHcTdJVlBFZytj?= =?utf-8?B?YmtlcVcwV21MUHFxYVdkdDhXM1RwMEQzVktUUE9UY29oNE50UW5sL3NuMEkv?= =?utf-8?B?dTh5MmhKdVB5TlhrYUR1bkZqVUFkM3FBNldpcXIvN3pQNko4MFUwam5CYnFi?= =?utf-8?B?NjV2SkZmUVNPMXhXUHdEejNMSGFZdmtZc1gyNEhPUnIyNStiUWJLMjQ3ajNS?= =?utf-8?B?QytIWkxGL2ZrbTE2Sm1BdlFSS1RpY2JKcWZRUmkxbkpIMXV1M3J6QTJ1NXpV?= =?utf-8?B?OFRCU2dDbmhNSlpwbXZEYlVxV1FKa2I3TjUwYnduUTRPbmphY3N5WVYrSzZO?= =?utf-8?B?VE84ajlvbnNDamdhaEwrUmxzdVpYeHBlanRnTk1UWjVuS1MyemJzc3YwS0w3?= =?utf-8?B?bnE3bEZkanZPTHJSMTZmUlFqNUJ3WUwzbEgvUklESFQrUk1pcVE4Zk51MGs2?= =?utf-8?B?cVpEWmJ5RW1YSERxanhjNk5ubVZrQm5jdHVOY01XVHFMNmxWa3BybzJkSDh3?= =?utf-8?B?N3htbnF6KzgybEZsU2RCVmZKT3R4Q3pGTjlDcnd1V3R0Nkowcy95RmtHWEM0?= =?utf-8?B?N1JNSHBnTzZ3OVNnaVFxTUJ0YnNWSGQrblJ4S1I5NHhPZm1MU2NXeWdqc1B4?= =?utf-8?Q?dKESYul?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;5:mMtQ2Xpb+lLZN8MKFOmHT50wGCpzwwaMvKLTTjr5MvWVgtIp7kvjbVMPHrVVbQqa1lR1XX6uMWL+2ByWPgeZR2Hom45+MtGSVLrQ3Y2iYtJOag7uQJKF1p9W4Aqt+0URBVRzYqwUD96CzqMzsHC97hzUvZYg0iGfPAVv5z4gb2Yhx/b5Ior3w35/b/V/sDzZWQL76e3uUwU3jewmxFmwgVqK+Zdna44RE4R81+eWgInKsBQd0nPOkaAT8WVArIMWyd6R3DtE7uvtR7FRShRkF/G1btfIw89p3nSrzJQSpEB/2brpaGYWrLBZGU0ssCVzNC8P6LBHekJppZbJ4abkAc1SsGamFyC4dnDQ/TZRsF5LFAL3YhEdtB9v9lt3ATY4xGMBiTujNAY0FH6XFApitnfiLNE/CW4SpWJXF/JzE/rZTX3y5WjPX4TWkRZUXskcPuZhpy3rzjrtxgKU03mWVUxas/mI68nMI2QX2id0DGIvx3slrGFHizqTSx9kPxLi;24:pEJ48Om2kEzwVwXfpLgKKnIaBGu60MYYGQ0CKPAz3UBd1lGNz3Wfe30KX9mn3kTmcnXnBUx3k02Chr322aV6OwUl5iFWZHmBOYHix61hqgE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;7:/kr/2JnajSUg5shPE6DQotlk14RjEXG7gLC3tChIZTGj8emuYZiav0Ixas68BsLoMqqoFuCd3g37gmi34NU/20W8VoTiFSLKzy8VxWIIHZkNjATHOUM3/4cyHQYRAJFso9KujILS1Hs5gyM9vVhcll5V9sAbFLmkOebzsCAdWDqOHsnTKIaMKWFsDkepsQ23e0SvSbkQxN83tclTtxjYuRDeA9YrRJY8gC2+yQOy3GwL0HQJFY3ch8xwusXLOpMqFsbHtlgHpuP/NF/1f1hQmHM6+2vjz+AWu9I8ojkfkQtJelQz5ePUsUFnjcAGvi7sad+vr2jPdBEZobcNncSCnfqS1E9lFI1Ewtc1kdTlg+MNimwmshomK2zXRXBwwGsPfp3yWtkR2JreHSNAiIoLQ3mJVF4WHf2fyB+NKjj6SK4lJCVL+qpWj+jPrH/RM3vTmjKtIOR+TuwdRYskIYxWDfAM/A5zdiqloIhZWG2FtGCvKs9guqJtOKYJ4di3oZ/vWKaiMlV3WuADU/4tjSIM/CaJ8A2Od2hV67lLf7iuJvoXIhHexVWDB0EWYFQX9j6ff3UqfXcVQzNyvF/wFhValkmcLWLro8KDlS9KUuefve028nXhB1YYFs8tQhr3GiKyt/YYAYoR7l5FQkg2XfkHghFUFlQ0DMmrQnJ6jJNmlYLiwEmxOhPXAqLdAHvCK+1CBij6tgGcTbeffzu7TeviNfHLx3BPPYnypr0kfVilqAy1k5Yg9vOt6KPyrE0LTPlkS1INumaGTSpWCKdTX/eksxoHcizCqSHvRtLNVXOjLjw= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1149;20:n/y4OMiTro0/OJkI9eyfAfaD+o7IX4tfHbPVvfk/K5G0DshRj0EdcK8yAs8NWcYvmDX04KpHol6o8dkSaYlmXq9vz4mT71afN1SD0oyzCb2wTBS+cGKO2rwwKV9bFR0b9gYyUmGc7wQJc52PMJBaSuYpDTtkFnH5HKSlvCMdiOqbZe/wDElCVKEst5tWkt6lsbGoTx9e44kJPTpI9NKWlS1DnxzmBiLK5SSPX9iPYeDzfguefn5azz6BAgVX3HWc X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2017 15:52:53.1999 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/20/2017 2:38 AM, Borislav Petkov wrote: > On Fri, Jun 16, 2017 at 01:51:15PM -0500, Tom Lendacky wrote: >> Add support to the early boot code to use Secure Memory Encryption (SME). >> Since the kernel has been loaded into memory in a decrypted state, encrypt >> the kernel in place and update the early pagetables with the memory >> encryption mask so that new pagetable entries will use memory encryption. >> >> The routines to set the encryption mask and perform the encryption are >> stub routines for now with functionality to be added in a later patch. >> >> Because of the need to have the routines available to head_64.S, the >> mem_encrypt.c is always built and #ifdefs in mem_encrypt.c will provide >> functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/mem_encrypt.h | 8 +++++++ >> arch/x86/kernel/head64.c | 33 +++++++++++++++++++++--------- >> arch/x86/kernel/head_64.S | 39 ++++++++++++++++++++++++++++++++++-- >> arch/x86/mm/Makefile | 4 +--- >> arch/x86/mm/mem_encrypt.c | 24 ++++++++++++++++++++++ >> 5 files changed, 93 insertions(+), 15 deletions(-) > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index b99d469..9a78277 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -11,6 +11,9 @@ >> */ >> >> #include >> +#include >> + >> +#ifdef CONFIG_AMD_MEM_ENCRYPT >> >> /* >> * Since SME related variables are set early in the boot process they must >> @@ -19,3 +22,24 @@ >> */ >> unsigned long sme_me_mask __section(.data) = 0; >> EXPORT_SYMBOL_GPL(sme_me_mask); >> + >> +void __init sme_encrypt_kernel(void) >> +{ >> +} > > Just the minor: > > void __init sme_encrypt_kernel(void) { } > > in case you have to respin. I have to re-spin for the kbuild test error. But given that this function will be filled in later it's probably not worth doing the space savings here. Thanks, Tom > > Reviewed-by: Borislav Petkov > From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Lendacky Subject: Re: [PATCH v7 08/36] x86/mm: Add support to enable SME in early boot processing Date: Tue, 20 Jun 2017 10:52:48 -0500 Message-ID: <49c62e8c-c4ae-6d05-e2a4-aa1fc6e2d717@amd.com> References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> <20170616185115.18967.79622.stgit@tlendack-t1.amdoffice.net> <20170620073845.nteivabsgcdy7gv4@pd.tnic> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170620073845.nteivabsgcdy7gv4-fF5Pk5pvG8Y@public.gmane.org> Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: iommu-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Borislav Petkov Cc: linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Brijesh Singh , Toshimitsu Kani , linux-doc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Matt Fleming , x86-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kvm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Jonathan Corbet , "Michael S. Tsirkin" , kasan-dev-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org, Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org, linux-ker List-Id: linux-efi@vger.kernel.org On 6/20/2017 2:38 AM, Borislav Petkov wrote: > On Fri, Jun 16, 2017 at 01:51:15PM -0500, Tom Lendacky wrote: >> Add support to the early boot code to use Secure Memory Encryption (SME). >> Since the kernel has been loaded into memory in a decrypted state, encrypt >> the kernel in place and update the early pagetables with the memory >> encryption mask so that new pagetable entries will use memory encryption. >> >> The routines to set the encryption mask and perform the encryption are >> stub routines for now with functionality to be added in a later patch. >> >> Because of the need to have the routines available to head_64.S, the >> mem_encrypt.c is always built and #ifdefs in mem_encrypt.c will provide >> functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/mem_encrypt.h | 8 +++++++ >> arch/x86/kernel/head64.c | 33 +++++++++++++++++++++--------- >> arch/x86/kernel/head_64.S | 39 ++++++++++++++++++++++++++++++++++-- >> arch/x86/mm/Makefile | 4 +--- >> arch/x86/mm/mem_encrypt.c | 24 ++++++++++++++++++++++ >> 5 files changed, 93 insertions(+), 15 deletions(-) > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index b99d469..9a78277 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -11,6 +11,9 @@ >> */ >> >> #include >> +#include >> + >> +#ifdef CONFIG_AMD_MEM_ENCRYPT >> >> /* >> * Since SME related variables are set early in the boot process they must >> @@ -19,3 +22,24 @@ >> */ >> unsigned long sme_me_mask __section(.data) = 0; >> EXPORT_SYMBOL_GPL(sme_me_mask); >> + >> +void __init sme_encrypt_kernel(void) >> +{ >> +} > > Just the minor: > > void __init sme_encrypt_kernel(void) { } > > in case you have to respin. I have to re-spin for the kbuild test error. But given that this function will be filled in later it's probably not worth doing the space savings here. Thanks, Tom > > Reviewed-by: Borislav Petkov > From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-it0-f69.google.com (mail-it0-f69.google.com [209.85.214.69]) by kanga.kvack.org (Postfix) with ESMTP id 9EE3F6B02B4 for ; Tue, 20 Jun 2017 11:53:03 -0400 (EDT) Received: by mail-it0-f69.google.com with SMTP id o66so98721158ita.5 for ; Tue, 20 Jun 2017 08:53:03 -0700 (PDT) Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0057.outbound.protection.outlook.com. [104.47.32.57]) by mx.google.com with ESMTPS id r63si14521915itc.134.2017.06.20.08.53.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 20 Jun 2017 08:53:02 -0700 (PDT) Subject: Re: [PATCH v7 08/36] x86/mm: Add support to enable SME in early boot processing References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> <20170616185115.18967.79622.stgit@tlendack-t1.amdoffice.net> <20170620073845.nteivabsgcdy7gv4@pd.tnic> From: Tom Lendacky Message-ID: <49c62e8c-c4ae-6d05-e2a4-aa1fc6e2d717@amd.com> Date: Tue, 20 Jun 2017 10:52:48 -0500 MIME-Version: 1.0 In-Reply-To: <20170620073845.nteivabsgcdy7gv4@pd.tnic> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Borislav Petkov Cc: linux-arch@vger.kernel.org, linux-efi@vger.kernel.org, kvm@vger.kernel.org, linux-doc@vger.kernel.org, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, xen-devel@lists.xen.org, linux-mm@kvack.org, iommu@lists.linux-foundation.org, Brijesh Singh , Toshimitsu Kani , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Matt Fleming , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , Thomas Gleixner , Paolo Bonzini On 6/20/2017 2:38 AM, Borislav Petkov wrote: > On Fri, Jun 16, 2017 at 01:51:15PM -0500, Tom Lendacky wrote: >> Add support to the early boot code to use Secure Memory Encryption (SME). >> Since the kernel has been loaded into memory in a decrypted state, encrypt >> the kernel in place and update the early pagetables with the memory >> encryption mask so that new pagetable entries will use memory encryption. >> >> The routines to set the encryption mask and perform the encryption are >> stub routines for now with functionality to be added in a later patch. >> >> Because of the need to have the routines available to head_64.S, the >> mem_encrypt.c is always built and #ifdefs in mem_encrypt.c will provide >> functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/mem_encrypt.h | 8 +++++++ >> arch/x86/kernel/head64.c | 33 +++++++++++++++++++++--------- >> arch/x86/kernel/head_64.S | 39 ++++++++++++++++++++++++++++++++++-- >> arch/x86/mm/Makefile | 4 +--- >> arch/x86/mm/mem_encrypt.c | 24 ++++++++++++++++++++++ >> 5 files changed, 93 insertions(+), 15 deletions(-) > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index b99d469..9a78277 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -11,6 +11,9 @@ >> */ >> >> #include >> +#include >> + >> +#ifdef CONFIG_AMD_MEM_ENCRYPT >> >> /* >> * Since SME related variables are set early in the boot process they must >> @@ -19,3 +22,24 @@ >> */ >> unsigned long sme_me_mask __section(.data) = 0; >> EXPORT_SYMBOL_GPL(sme_me_mask); >> + >> +void __init sme_encrypt_kernel(void) >> +{ >> +} > > Just the minor: > > void __init sme_encrypt_kernel(void) { } > > in case you have to respin. I have to re-spin for the kbuild test error. But given that this function will be filled in later it's probably not worth doing the space savings here. Thanks, Tom > > Reviewed-by: Borislav Petkov > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail-sn1nam01on0061.outbound.protection.outlook.com ([104.47.32.61] helo=NAM01-SN1-obe.outbound.protection.outlook.com) by casper.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dNLT2-0005bb-BB for kexec@lists.infradead.org; Tue, 20 Jun 2017 15:53:26 +0000 Subject: Re: [PATCH v7 08/36] x86/mm: Add support to enable SME in early boot processing References: <20170616184947.18967.84890.stgit@tlendack-t1.amdoffice.net> <20170616185115.18967.79622.stgit@tlendack-t1.amdoffice.net> <20170620073845.nteivabsgcdy7gv4@pd.tnic> From: Tom Lendacky Message-ID: <49c62e8c-c4ae-6d05-e2a4-aa1fc6e2d717@amd.com> Date: Tue, 20 Jun 2017 10:52:48 -0500 MIME-Version: 1.0 In-Reply-To: <20170620073845.nteivabsgcdy7gv4@pd.tnic> Content-Language: en-US List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: Borislav Petkov Cc: linux-efi@vger.kernel.org, Brijesh Singh , Toshimitsu Kani , linux-doc@vger.kernel.org, Matt Fleming , x86@kernel.org, linux-mm@kvack.org, =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Alexander Potapenko , "H. Peter Anvin" , Larry Woodman , linux-arch@vger.kernel.org, kvm@vger.kernel.org, Jonathan Corbet , Joerg Roedel , "Michael S. Tsirkin" , kasan-dev@googlegroups.com, Ingo Molnar , Andrey Ryabinin , Dave Young , Rik van Riel , Arnd Bergmann , Konrad Rzeszutek Wilk , Andy Lutomirski , Boris Ostrovsky , Dmitry Vyukov , Juergen Gross , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, xen-devel@lists.xen.org, iommu@lists.linux-foundation.org, Thomas Gleixner , Paolo Bonzini On 6/20/2017 2:38 AM, Borislav Petkov wrote: > On Fri, Jun 16, 2017 at 01:51:15PM -0500, Tom Lendacky wrote: >> Add support to the early boot code to use Secure Memory Encryption (SME). >> Since the kernel has been loaded into memory in a decrypted state, encrypt >> the kernel in place and update the early pagetables with the memory >> encryption mask so that new pagetable entries will use memory encryption. >> >> The routines to set the encryption mask and perform the encryption are >> stub routines for now with functionality to be added in a later patch. >> >> Because of the need to have the routines available to head_64.S, the >> mem_encrypt.c is always built and #ifdefs in mem_encrypt.c will provide >> functionality or stub routines depending on CONFIG_AMD_MEM_ENCRYPT. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/mem_encrypt.h | 8 +++++++ >> arch/x86/kernel/head64.c | 33 +++++++++++++++++++++--------- >> arch/x86/kernel/head_64.S | 39 ++++++++++++++++++++++++++++++++++-- >> arch/x86/mm/Makefile | 4 +--- >> arch/x86/mm/mem_encrypt.c | 24 ++++++++++++++++++++++ >> 5 files changed, 93 insertions(+), 15 deletions(-) > > ... > >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index b99d469..9a78277 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -11,6 +11,9 @@ >> */ >> >> #include >> +#include >> + >> +#ifdef CONFIG_AMD_MEM_ENCRYPT >> >> /* >> * Since SME related variables are set early in the boot process they must >> @@ -19,3 +22,24 @@ >> */ >> unsigned long sme_me_mask __section(.data) = 0; >> EXPORT_SYMBOL_GPL(sme_me_mask); >> + >> +void __init sme_encrypt_kernel(void) >> +{ >> +} > > Just the minor: > > void __init sme_encrypt_kernel(void) { } > > in case you have to respin. I have to re-spin for the kbuild test error. But given that this function will be filled in later it's probably not worth doing the space savings here. Thanks, Tom > > Reviewed-by: Borislav Petkov > _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec