From: Tom Lendacky <thomas.lendacky@amd.com>
To: Brian Gerst <brgerst@gmail.com>
Cc: linux-arch <linux-arch@vger.kernel.org>,
linux-efi@vger.kernel.org, kvm@vger.kernel.org,
linux-doc@vger.kernel.org,
"the arch/x86 maintainers" <x86@kernel.org>,
kexec@lists.infradead.org,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
kasan-dev@googlegroups.com, xen-devel@lists.xen.org,
Linux-MM <linux-mm@kvack.org>,
iommu@lists.linux-foundation.org,
"Brijesh Singh" <brijesh.singh@amd.com>,
"Toshimitsu Kani" <toshi.kani@hpe.com>,
"Radim Krčmář" <rkrcmar@redhat.com>,
"Matt Fleming" <matt@codeblueprint.co.uk>,
"Alexander Potapenko" <glider@google.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Larry Woodman" <lwoodman@redhat.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Joerg Roedel" <joro@8bytes.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Ingo Molnar" <mingo@redhat.com>,
"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
"Dave Young" <dyoung@redhat.com>,
"Rik van Riel" <riel@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
"Borislav Petkov" <bp@alien8.de>,
"Andy Lutomirski" <luto@kernel.org>,
"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
"Dmitry Vyukov" <dvyukov@google.com>,
"Juergen Gross" <jgross@suse.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature
Date: Mon, 10 Jul 2017 14:41:51 -0500 [thread overview]
Message-ID: <f5657d4a-aa15-9602-bb36-1a3cfe7fbcc1@amd.com> (raw)
In-Reply-To: <CAMzpN2j-gXvx2wAp3EvQB70Mr_oz0MSUzG=c-mhu-bnRiQGaFQ@mail.gmail.com>
On 7/8/2017 7:50 AM, Brian Gerst wrote:
> On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>> Update the CPU features to include identifying and reporting on the
>> Secure Memory Encryption (SME) feature. SME is identified by CPUID
>> 0x8000001f, but requires BIOS support to enable it (set bit 23 of
>> MSR_K8_SYSCFG). Only show the SME feature as available if reported by
>> CPUID and enabled by BIOS.
>>
>> Reviewed-by: Borislav Petkov <bp@suse.de>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>> arch/x86/include/asm/cpufeatures.h | 1 +
>> arch/x86/include/asm/msr-index.h | 2 ++
>> arch/x86/kernel/cpu/amd.c | 13 +++++++++++++
>> arch/x86/kernel/cpu/scattered.c | 1 +
>> 4 files changed, 17 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
>> index 2701e5f..2b692df 100644
>> --- a/arch/x86/include/asm/cpufeatures.h
>> +++ b/arch/x86/include/asm/cpufeatures.h
>> @@ -196,6 +196,7 @@
>>
>> #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
>> #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
>> +#define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */
>
> Given that this feature is available only in long mode, this should be
> added to disabled-features.h as disabled for 32-bit builds.
I can add that. If the series needs a re-spin then I'll include this
change in the series, otherwise I can send a follow-on patch to handle
the feature for 32-bit builds if that works.
>
>> #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
>> #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
>> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
>> index 18b1623..460ac01 100644
>> --- a/arch/x86/include/asm/msr-index.h
>> +++ b/arch/x86/include/asm/msr-index.h
>> @@ -352,6 +352,8 @@
>> #define MSR_K8_TOP_MEM1 0xc001001a
>> #define MSR_K8_TOP_MEM2 0xc001001d
>> #define MSR_K8_SYSCFG 0xc0010010
>> +#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23
>> +#define MSR_K8_SYSCFG_MEM_ENCRYPT BIT_ULL(MSR_K8_SYSCFG_MEM_ENCRYPT_BIT)
>> #define MSR_K8_INT_PENDING_MSG 0xc0010055
>> /* C1E active bits in int pending message */
>> #define K8_INTP_C1E_ACTIVE_MASK 0x18000000
>> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
>> index bb5abe8..c47ceee 100644
>> --- a/arch/x86/kernel/cpu/amd.c
>> +++ b/arch/x86/kernel/cpu/amd.c
>> @@ -611,6 +611,19 @@ static void early_init_amd(struct cpuinfo_x86 *c)
>> */
>> if (cpu_has_amd_erratum(c, amd_erratum_400))
>> set_cpu_bug(c, X86_BUG_AMD_E400);
>> +
>> + /*
>> + * BIOS support is required for SME. If BIOS has not enabled SME
>> + * then don't advertise the feature (set in scattered.c)
>> + */
>> + if (cpu_has(c, X86_FEATURE_SME)) {
>> + u64 msr;
>> +
>> + /* Check if SME is enabled */
>> + rdmsrl(MSR_K8_SYSCFG, msr);
>> + if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
>> + clear_cpu_cap(c, X86_FEATURE_SME);
>> + }
>
> This should be conditional on CONFIG_X86_64.
If I make the scattered feature support conditional on CONFIG_X86_64
(based on comment below) then cpu_has() will always be false unless
CONFIG_X86_64 is enabled. So this won't need to be wrapped by the
#ifdef.
>
>> }
>>
>> static void init_amd_k8(struct cpuinfo_x86 *c)
>> diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
>> index 23c2350..05459ad 100644
>> --- a/arch/x86/kernel/cpu/scattered.c
>> +++ b/arch/x86/kernel/cpu/scattered.c
>> @@ -31,6 +31,7 @@ struct cpuid_bit {
>> { X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 },
>> { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 },
>> { X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 },
>> + { X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
>
> This should also be conditional. We don't want to set this feature on
> 32-bit, even if the processor has support.
Can do. See comment above about re-spin vs. follow-on patch.
Thanks,
Tom
>
>> { 0, 0, 0, 0, 0 }
>> };
>
> --
> Brian Gerst
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-07-10 19:42 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-07 13:38 [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 01/38] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-07-08 12:50 ` Brian Gerst
2017-07-10 19:41 ` Tom Lendacky [this message]
2017-07-11 5:07 ` Brian Gerst
2017-07-11 5:56 ` Borislav Petkov
2017-07-11 15:14 ` Tom Lendacky
2017-07-11 15:12 ` Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 05/38] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 06/38] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap() Tom Lendacky
2017-07-08 12:57 ` Brian Gerst
2017-07-10 19:50 ` Tom Lendacky
2017-07-11 4:58 ` Brian Gerst
2017-07-11 8:35 ` Arnd Bergmann
2017-07-11 12:00 ` Brian Gerst
2017-07-11 15:02 ` Tom Lendacky
2017-07-11 15:38 ` Brian Gerst
2017-07-11 15:44 ` Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 08/38] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 09/38] x86/mm: Simplify p[g4um]d_page() macros Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 10/38] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 11/38] x86/mm: Add SME support for read_cr3_pa() Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 12/38] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 13/38] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 14/38] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 15/38] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 16/38] efi: Add an EFI table address match function Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 17/38] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 18/38] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 19/38] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 20/38] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 21/38] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 22/38] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 24/38] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 25/38] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 28/38] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 31/38] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 32/38] xen/x86: Remove SME feature in PV guests Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 33/38] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4 Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 35/38] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 36/38] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-07-07 13:45 ` [PATCH v9 37/38] compiler-gcc.h: Introduce __nostackp function attribute Tom Lendacky
2017-07-07 13:45 ` [PATCH v9 38/38] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-07-08 9:24 ` [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) Ingo Molnar
2017-07-10 18:04 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5657d4a-aa15-9602-bb36-1a3cfe7fbcc1@amd.com \
--to=thomas.lendacky@amd.com \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=brijesh.singh@amd.com \
--cc=corbet@lwn.net \
--cc=dvyukov@google.com \
--cc=dyoung@redhat.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jgross@suse.com \
--cc=joro@8bytes.org \
--cc=kasan-dev@googlegroups.com \
--cc=kexec@lists.infradead.org \
--cc=konrad.wilk@oracle.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=matt@codeblueprint.co.uk \
--cc=mingo@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=riel@redhat.com \
--cc=rkrcmar@redhat.com \
--cc=tglx@linutronix.de \
--cc=toshi.kani@hpe.com \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).