linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Tom Lendacky <thomas.lendacky@amd.com>
To: Brian Gerst <brgerst@gmail.com>
Cc: linux-arch <linux-arch@vger.kernel.org>,
	linux-efi@vger.kernel.org, kvm@vger.kernel.org,
	linux-doc@vger.kernel.org,
	"the arch/x86 maintainers" <x86@kernel.org>,
	kexec@lists.infradead.org,
	"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
	kasan-dev@googlegroups.com, xen-devel@lists.xen.org,
	Linux-MM <linux-mm@kvack.org>,
	iommu@lists.linux-foundation.org,
	"Brijesh Singh" <brijesh.singh@amd.com>,
	"Toshimitsu Kani" <toshi.kani@hpe.com>,
	"Radim Krčmář" <rkrcmar@redhat.com>,
	"Matt Fleming" <matt@codeblueprint.co.uk>,
	"Alexander Potapenko" <glider@google.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	"Larry Woodman" <lwoodman@redhat.com>,
	"Jonathan Corbet" <corbet@lwn.net>,
	"Joerg Roedel" <joro@8bytes.org>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Andrey Ryabinin" <aryabinin@virtuozzo.com>,
	"Dave Young" <dyoung@redhat.com>,
	"Rik van Riel" <riel@redhat.com>, "Arnd Bergmann" <arnd@arndb.de>,
	"Konrad Rzeszutek Wilk" <konrad.wilk@oracle.com>,
	"Borislav Petkov" <bp@alien8.de>,
	"Andy Lutomirski" <luto@kernel.org>,
	"Boris Ostrovsky" <boris.ostrovsky@oracle.com>,
	"Dmitry Vyukov" <dvyukov@google.com>,
	"Juergen Gross" <jgross@suse.com>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature
Date: Mon, 10 Jul 2017 14:41:51 -0500	[thread overview]
Message-ID: <f5657d4a-aa15-9602-bb36-1a3cfe7fbcc1@amd.com> (raw)
In-Reply-To: <CAMzpN2j-gXvx2wAp3EvQB70Mr_oz0MSUzG=c-mhu-bnRiQGaFQ@mail.gmail.com>

On 7/8/2017 7:50 AM, Brian Gerst wrote:
> On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky <thomas.lendacky@amd.com> wrote:
>> Update the CPU features to include identifying and reporting on the
>> Secure Memory Encryption (SME) feature.  SME is identified by CPUID
>> 0x8000001f, but requires BIOS support to enable it (set bit 23 of
>> MSR_K8_SYSCFG).  Only show the SME feature as available if reported by
>> CPUID and enabled by BIOS.
>>
>> Reviewed-by: Borislav Petkov <bp@suse.de>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> ---
>>   arch/x86/include/asm/cpufeatures.h |    1 +
>>   arch/x86/include/asm/msr-index.h   |    2 ++
>>   arch/x86/kernel/cpu/amd.c          |   13 +++++++++++++
>>   arch/x86/kernel/cpu/scattered.c    |    1 +
>>   4 files changed, 17 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
>> index 2701e5f..2b692df 100644
>> --- a/arch/x86/include/asm/cpufeatures.h
>> +++ b/arch/x86/include/asm/cpufeatures.h
>> @@ -196,6 +196,7 @@
>>
>>   #define X86_FEATURE_HW_PSTATE  ( 7*32+ 8) /* AMD HW-PState */
>>   #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
>> +#define X86_FEATURE_SME                ( 7*32+10) /* AMD Secure Memory Encryption */
> 
> Given that this feature is available only in long mode, this should be
> added to disabled-features.h as disabled for 32-bit builds.

I can add that.  If the series needs a re-spin then I'll include this
change in the series, otherwise I can send a follow-on patch to handle
the feature for 32-bit builds if that works.

> 
>>   #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
>>   #define X86_FEATURE_INTEL_PT   ( 7*32+15) /* Intel Processor Trace */
>> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
>> index 18b1623..460ac01 100644
>> --- a/arch/x86/include/asm/msr-index.h
>> +++ b/arch/x86/include/asm/msr-index.h
>> @@ -352,6 +352,8 @@
>>   #define MSR_K8_TOP_MEM1                        0xc001001a
>>   #define MSR_K8_TOP_MEM2                        0xc001001d
>>   #define MSR_K8_SYSCFG                  0xc0010010
>> +#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT  23
>> +#define MSR_K8_SYSCFG_MEM_ENCRYPT      BIT_ULL(MSR_K8_SYSCFG_MEM_ENCRYPT_BIT)
>>   #define MSR_K8_INT_PENDING_MSG         0xc0010055
>>   /* C1E active bits in int pending message */
>>   #define K8_INTP_C1E_ACTIVE_MASK                0x18000000
>> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
>> index bb5abe8..c47ceee 100644
>> --- a/arch/x86/kernel/cpu/amd.c
>> +++ b/arch/x86/kernel/cpu/amd.c
>> @@ -611,6 +611,19 @@ static void early_init_amd(struct cpuinfo_x86 *c)
>>           */
>>          if (cpu_has_amd_erratum(c, amd_erratum_400))
>>                  set_cpu_bug(c, X86_BUG_AMD_E400);
>> +
>> +       /*
>> +        * BIOS support is required for SME. If BIOS has not enabled SME
>> +        * then don't advertise the feature (set in scattered.c)
>> +        */
>> +       if (cpu_has(c, X86_FEATURE_SME)) {
>> +               u64 msr;
>> +
>> +               /* Check if SME is enabled */
>> +               rdmsrl(MSR_K8_SYSCFG, msr);
>> +               if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
>> +                       clear_cpu_cap(c, X86_FEATURE_SME);
>> +       }
> 
> This should be conditional on CONFIG_X86_64.

If I make the scattered feature support conditional on CONFIG_X86_64
(based on comment below) then cpu_has() will always be false unless
CONFIG_X86_64 is enabled. So this won't need to be wrapped by the
#ifdef.

> 
>>   }
>>
>>   static void init_amd_k8(struct cpuinfo_x86 *c)
>> diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
>> index 23c2350..05459ad 100644
>> --- a/arch/x86/kernel/cpu/scattered.c
>> +++ b/arch/x86/kernel/cpu/scattered.c
>> @@ -31,6 +31,7 @@ struct cpuid_bit {
>>          { X86_FEATURE_HW_PSTATE,        CPUID_EDX,  7, 0x80000007, 0 },
>>          { X86_FEATURE_CPB,              CPUID_EDX,  9, 0x80000007, 0 },
>>          { X86_FEATURE_PROC_FEEDBACK,    CPUID_EDX, 11, 0x80000007, 0 },
>> +       { X86_FEATURE_SME,              CPUID_EAX,  0, 0x8000001f, 0 },
> 
> This should also be conditional.  We don't want to set this feature on
> 32-bit, even if the processor has support.

Can do.  See comment above about re-spin vs. follow-on patch.

Thanks,
Tom

> 
>>          { 0, 0, 0, 0, 0 }
>>   };
> 
> --
> Brian Gerst
> 

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

  reply	other threads:[~2017-07-10 19:42 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-07 13:38 [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 01/38] x86: Document AMD Secure Memory Encryption (SME) Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings Tom Lendacky
2017-07-07 13:38 ` [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature Tom Lendacky
2017-07-08 12:50   ` Brian Gerst
2017-07-10 19:41     ` Tom Lendacky [this message]
2017-07-11  5:07       ` Brian Gerst
2017-07-11  5:56         ` Borislav Petkov
2017-07-11 15:14           ` Tom Lendacky
2017-07-11 15:12         ` Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 05/38] x86/CPU/AMD: Handle SME reduction in physical address size Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 06/38] x86/mm: Add Secure Memory Encryption (SME) support Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap() Tom Lendacky
2017-07-08 12:57   ` Brian Gerst
2017-07-10 19:50     ` Tom Lendacky
2017-07-11  4:58       ` Brian Gerst
2017-07-11  8:35         ` Arnd Bergmann
2017-07-11 12:00           ` Brian Gerst
2017-07-11 15:02         ` Tom Lendacky
2017-07-11 15:38           ` Brian Gerst
2017-07-11 15:44             ` Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 08/38] x86/mm: Add support to enable SME in early boot processing Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 09/38] x86/mm: Simplify p[g4um]d_page() macros Tom Lendacky
2017-07-07 13:39 ` [PATCH v9 10/38] x86/mm: Provide general kernel support for memory encryption Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 11/38] x86/mm: Add SME support for read_cr3_pa() Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 12/38] x86/mm: Extend early_memremap() support with additional attrs Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 13/38] x86/mm: Add support for early encrypt/decrypt of memory Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 14/38] x86/mm: Insure that boot memory areas are mapped properly Tom Lendacky
2017-07-07 13:40 ` [PATCH v9 15/38] x86/boot/e820: Add support to determine the E820 type of an address Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 16/38] efi: Add an EFI table address match function Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 17/38] efi: Update efi_mem_type() to return an error rather than 0 Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 18/38] x86/efi: Update EFI pagetable creation to work with SME Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 19/38] x86/mm: Add support to access boot related data in the clear Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 20/38] x86, mpparse: Use memremap to map the mpf and mpc data Tom Lendacky
2017-07-07 13:41 ` [PATCH v9 21/38] x86/mm: Add support to access persistent memory in the clear Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 22/38] x86/mm: Add support for changing the memory encryption attribute Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 24/38] x86, swiotlb: Add memory encryption support Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 25/38] swiotlb: Add warnings for use of bounce buffers with SME Tom Lendacky
2017-07-07 13:42 ` [PATCH v9 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 28/38] x86, realmode: Check for memory encryption on the APs Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM Tom Lendacky
2017-07-07 13:43 ` [PATCH v9 31/38] x86/mm, kexec: Allow kexec to be used with SME Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 32/38] xen/x86: Remove SME feature in PV guests Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 33/38] x86/mm: Use proper encryption attributes with /dev/mem Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4 Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 35/38] x86/mm: Add support to encrypt the kernel in-place Tom Lendacky
2017-07-07 13:44 ` [PATCH v9 36/38] x86/boot: Add early cmdline parsing for options with arguments Tom Lendacky
2017-07-07 13:45 ` [PATCH v9 37/38] compiler-gcc.h: Introduce __nostackp function attribute Tom Lendacky
2017-07-07 13:45 ` [PATCH v9 38/38] x86/mm: Add support to make use of Secure Memory Encryption Tom Lendacky
2017-07-08  9:24 ` [PATCH v9 00/38] x86: Secure Memory Encryption (AMD) Ingo Molnar
2017-07-10 18:04   ` Tom Lendacky

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f5657d4a-aa15-9602-bb36-1a3cfe7fbcc1@amd.com \
    --to=thomas.lendacky@amd.com \
    --cc=arnd@arndb.de \
    --cc=aryabinin@virtuozzo.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=bp@alien8.de \
    --cc=brgerst@gmail.com \
    --cc=brijesh.singh@amd.com \
    --cc=corbet@lwn.net \
    --cc=dvyukov@google.com \
    --cc=dyoung@redhat.com \
    --cc=glider@google.com \
    --cc=hpa@zytor.com \
    --cc=iommu@lists.linux-foundation.org \
    --cc=jgross@suse.com \
    --cc=joro@8bytes.org \
    --cc=kasan-dev@googlegroups.com \
    --cc=kexec@lists.infradead.org \
    --cc=konrad.wilk@oracle.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@kernel.org \
    --cc=lwoodman@redhat.com \
    --cc=matt@codeblueprint.co.uk \
    --cc=mingo@redhat.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=riel@redhat.com \
    --cc=rkrcmar@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=toshi.kani@hpe.com \
    --cc=x86@kernel.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).