* [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability @ 2022-02-11 5:36 Mario Limonciello 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello ` (2 more replies) 0 siblings, 3 replies; 11+ messages in thread From: Mario Limonciello @ 2022-02-11 5:36 UTC (permalink / raw) To: Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, Thomas Lendacky, hughsient, Martin Fernandez, linux-kernel, Mario Limonciello An upcoming change will disable the X86 SME feature flag when the kernel hasn't activated SME. Avoid relying upon that when determining whether to call `native_wbinvd` by directly calling the CPUID that indicates it. Suggested-by: Borislav Petkov <bp@alien8.de> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> --- arch/x86/kernel/process.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 81d8ef036637..e131d71b3cae 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -765,8 +765,11 @@ void stop_this_cpu(void *dummy) * without the encryption bit, they don't race each other when flushed * and potentially end up with the wrong entry being committed to * memory. + * + * Test the CPUID bit directly because the machine might've cleared + * X86_FEATURE_SME due to cmdline options. */ - if (boot_cpu_has(X86_FEATURE_SME)) + if (cpuid_eax(0x8000001f) & BIT(0)) native_wbinvd(); for (;;) { /* -- 2.34.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 5:36 [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Mario Limonciello @ 2022-02-11 5:36 ` Mario Limonciello 2022-02-11 8:31 ` Borislav Petkov 2022-02-11 14:46 ` Tom Lendacky 2022-02-11 8:28 ` [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Borislav Petkov 2022-02-11 14:55 ` Tom Lendacky 2 siblings, 2 replies; 11+ messages in thread From: Mario Limonciello @ 2022-02-11 5:36 UTC (permalink / raw) To: Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, Thomas Lendacky, hughsient, Martin Fernandez, linux-kernel, Mario Limonciello Currently SME/SEV/SEV_ES features are reflective of whether the CPU supports the features but not whether they have been activated by the kernel. Change this around to clear the features if the kernel is not using them so userspace can determine if they are available and in use from `/proc/cpuinfo`. Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> --- arch/x86/kernel/cpu/amd.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 4edb6f0f628c..4a7d4801fa0b 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) if (!(msr & MSR_K7_HWCR_SMMLOCK)) goto clear_sev; + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT)) + goto clear_all; + if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) + goto clear_sev; + if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) + goto clear_sev_es; + return; clear_all: setup_clear_cpu_cap(X86_FEATURE_SME); clear_sev: setup_clear_cpu_cap(X86_FEATURE_SEV); +clear_sev_es: setup_clear_cpu_cap(X86_FEATURE_SEV_ES); } } -- 2.34.1 ^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello @ 2022-02-11 8:31 ` Borislav Petkov 2022-02-11 19:43 ` Limonciello, Mario 2022-02-11 14:46 ` Tom Lendacky 1 sibling, 1 reply; 11+ messages in thread From: Borislav Petkov @ 2022-02-11 8:31 UTC (permalink / raw) To: Mario Limonciello Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Kees Cook, Thomas Lendacky, hughsient, Martin Fernandez, linux-kernel On Thu, Feb 10, 2022 at 11:36:52PM -0600, Mario Limonciello wrote: > Currently SME/SEV/SEV_ES features are reflective of whether the CPU > supports the features but not whether they have been activated by the > kernel. > > Change this around to clear the features if the kernel is not using > them so userspace can determine if they are available and in use > from `/proc/cpuinfo`. > > Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > --- > arch/x86/kernel/cpu/amd.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index 4edb6f0f628c..4a7d4801fa0b 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > if (!(msr & MSR_K7_HWCR_SMMLOCK)) > goto clear_sev; > > + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT)) > + goto clear_all; > + if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) > + goto clear_sev; > + if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) > + goto clear_sev_es; The cc_platform stuff is to be used in generic code - I think you can safely read MSR_AMD64_SEV here and look at the bits, just like the rest of this code does. Also, why is this a separate patch? I.e., one single patch should be just fine. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 8:31 ` Borislav Petkov @ 2022-02-11 19:43 ` Limonciello, Mario 0 siblings, 0 replies; 11+ messages in thread From: Limonciello, Mario @ 2022-02-11 19:43 UTC (permalink / raw) To: Borislav Petkov Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Kees Cook, Thomas Lendacky, hughsient, Martin Fernandez, linux-kernel On 2/11/2022 02:31, Borislav Petkov wrote: > On Thu, Feb 10, 2022 at 11:36:52PM -0600, Mario Limonciello wrote: >> Currently SME/SEV/SEV_ES features are reflective of whether the CPU >> supports the features but not whether they have been activated by the >> kernel. >> >> Change this around to clear the features if the kernel is not using >> them so userspace can determine if they are available and in use >> from `/proc/cpuinfo`. >> >> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> >> --- >> arch/x86/kernel/cpu/amd.c | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> >> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c >> index 4edb6f0f628c..4a7d4801fa0b 100644 >> --- a/arch/x86/kernel/cpu/amd.c >> +++ b/arch/x86/kernel/cpu/amd.c >> @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) >> if (!(msr & MSR_K7_HWCR_SMMLOCK)) >> goto clear_sev; >> >> + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT)) >> + goto clear_all; >> + if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) >> + goto clear_sev; >> + if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) >> + goto clear_sev_es; > > The cc_platform stuff is to be used in generic code - I think you can > safely read MSR_AMD64_SEV here and look at the bits, just like the rest > of this code does. Yeah I was just looking to avoid the code duplication in multiple parts of the kernel. If it's preferable to just duplicate the logic that cc_platform_has here for the AMD platform, I'll do that instead. > > Also, why is this a separate patch? I.e., one single patch should be > just fine. Very well, will squash them. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello 2022-02-11 8:31 ` Borislav Petkov @ 2022-02-11 14:46 ` Tom Lendacky 2022-02-11 19:54 ` Limonciello, Mario 1 sibling, 1 reply; 11+ messages in thread From: Tom Lendacky @ 2022-02-11 14:46 UTC (permalink / raw) To: Mario Limonciello, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel, Brijesh Singh +Brijesh (please copy him, too, on all SEV related things) On 2/10/22 23:36, Mario Limonciello wrote: > Currently SME/SEV/SEV_ES features are reflective of whether the CPU > supports the features but not whether they have been activated by the > kernel. > > Change this around to clear the features if the kernel is not using > them so userspace can determine if they are available and in use > from `/proc/cpuinfo`. > > Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > --- > arch/x86/kernel/cpu/amd.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index 4edb6f0f628c..4a7d4801fa0b 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > if (!(msr & MSR_K7_HWCR_SMMLOCK)) > goto clear_sev; > > + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT)) > + goto clear_all; > + if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) > + goto clear_sev; > + if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) > + goto clear_sev_es; > + A host/hypervisor will never see GUEST related attributes return true, you need to verify all uses of X86_FEATURE_SEV* in the kernel. I see two files where this change will break SEV hypervisor support: - arch/x86/kvm/svm/sev.c / sev_hardware_setup() - drivers/crypto/ccp/sev-dev.c / sev_dev_init() I imagine that some of this has to be re-thought a bit. The current SEV and SEV-ES feature attributes are intended for hypervsior side usage. For example, MSR MSR_K7_HWCR_SMMLOCK, which is likely never going to be provided to a guest, needs to be checked to be certain that an SEV guest can be launched, even though SEV is advertised in CPUID. Once in the guest, it is the cc_platform_has() support that determines feature support and not X86_FEATURE_SEV* Thanks, Tom > return; > > clear_all: > setup_clear_cpu_cap(X86_FEATURE_SME); > clear_sev: > setup_clear_cpu_cap(X86_FEATURE_SEV); > +clear_sev_es: > setup_clear_cpu_cap(X86_FEATURE_SEV_ES); > } > } ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 14:46 ` Tom Lendacky @ 2022-02-11 19:54 ` Limonciello, Mario 2022-02-11 20:42 ` Tom Lendacky 0 siblings, 1 reply; 11+ messages in thread From: Limonciello, Mario @ 2022-02-11 19:54 UTC (permalink / raw) To: Tom Lendacky, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel, Brijesh Singh On 2/11/2022 08:46, Tom Lendacky wrote: > +Brijesh (please copy him, too, on all SEV related things) > > On 2/10/22 23:36, Mario Limonciello wrote: >> Currently SME/SEV/SEV_ES features are reflective of whether the CPU >> supports the features but not whether they have been activated by the >> kernel. >> >> Change this around to clear the features if the kernel is not using >> them so userspace can determine if they are available and in use >> from `/proc/cpuinfo`. >> >> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> >> --- >> arch/x86/kernel/cpu/amd.c | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> >> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c >> index 4edb6f0f628c..4a7d4801fa0b 100644 >> --- a/arch/x86/kernel/cpu/amd.c >> +++ b/arch/x86/kernel/cpu/amd.c >> @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct >> cpuinfo_x86 *c) >> if (!(msr & MSR_K7_HWCR_SMMLOCK)) >> goto clear_sev; >> + if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT)) >> + goto clear_all; >> + if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) >> + goto clear_sev; >> + if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) >> + goto clear_sev_es; >> + > > A host/hypervisor will never see GUEST related attributes return true, > you need to verify all uses of X86_FEATURE_SEV* in the kernel. I see two > files where this change will break SEV hypervisor support: > Maybe it's best then to just check for/clear the SME feature at this time and let Brijesh handle plumbing the applicable removals/additions for SEV/SEV_ES separately. > - arch/x86/kvm/svm/sev.c / sev_hardware_setup() > - drivers/crypto/ccp/sev-dev.c / sev_dev_init() > > I imagine that some of this has to be re-thought a bit. The current SEV > and SEV-ES feature attributes are intended for hypervsior side usage. > For example, MSR MSR_K7_HWCR_SMMLOCK, which is likely never going to be > provided to a guest, needs to be checked to be certain that an SEV guest > can be launched, even though SEV is advertised in CPUID. > > Once in the guest, it is the cc_platform_has() support that determines > feature support and not X86_FEATURE_SEV* > > Thanks, > Tom > >> return; >> clear_all: >> setup_clear_cpu_cap(X86_FEATURE_SME); >> clear_sev: >> setup_clear_cpu_cap(X86_FEATURE_SEV); >> +clear_sev_es: >> setup_clear_cpu_cap(X86_FEATURE_SEV_ES); >> } >> } ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use 2022-02-11 19:54 ` Limonciello, Mario @ 2022-02-11 20:42 ` Tom Lendacky 0 siblings, 0 replies; 11+ messages in thread From: Tom Lendacky @ 2022-02-11 20:42 UTC (permalink / raw) To: Limonciello, Mario, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel, Brijesh Singh On 2/11/22 13:54, Limonciello, Mario wrote: > On 2/11/2022 08:46, Tom Lendacky wrote: >> +Brijesh (please copy him, too, on all SEV related things) >> >> On 2/10/22 23:36, Mario Limonciello wrote: >>> Currently SME/SEV/SEV_ES features are reflective of whether the CPU >>> supports the features but not whether they have been activated by the >>> kernel. >>> >>> Change this around to clear the features if the kernel is not using >>> them so userspace can determine if they are available and in use >>> from `/proc/cpuinfo`. >>> >>> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > > Maybe it's best then to just check for/clear the SME feature at this time > and let Brijesh handle plumbing the applicable removals/additions for > SEV/SEV_ES separately. > Yes, probably SME only is good for now. Thanks, Tom ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability 2022-02-11 5:36 [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Mario Limonciello 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello @ 2022-02-11 8:28 ` Borislav Petkov 2022-02-11 14:55 ` Tom Lendacky 2 siblings, 0 replies; 11+ messages in thread From: Borislav Petkov @ 2022-02-11 8:28 UTC (permalink / raw) To: Mario Limonciello Cc: maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT), Kees Cook, Thomas Lendacky, hughsient, Martin Fernandez, linux-kernel On Thu, Feb 10, 2022 at 11:36:51PM -0600, Mario Limonciello wrote: > An upcoming change will disable the X86 SME feature flag when the Which "upcoming change"? When patches are part of the upstream kernel tree, unclear references to something don't mean a thing - you need to be more precise. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability 2022-02-11 5:36 [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Mario Limonciello 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello 2022-02-11 8:28 ` [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Borislav Petkov @ 2022-02-11 14:55 ` Tom Lendacky 2022-02-11 19:51 ` Limonciello, Mario 2 siblings, 1 reply; 11+ messages in thread From: Tom Lendacky @ 2022-02-11 14:55 UTC (permalink / raw) To: Mario Limonciello, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel On 2/10/22 23:36, Mario Limonciello wrote: > An upcoming change will disable the X86 SME feature flag when the > kernel hasn't activated SME. Avoid relying upon that when determining > whether to call `native_wbinvd` by directly calling the CPUID that > indicates it. > > Suggested-by: Borislav Petkov <bp@alien8.de> > Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> > --- > arch/x86/kernel/process.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c > index 81d8ef036637..e131d71b3cae 100644 > --- a/arch/x86/kernel/process.c > +++ b/arch/x86/kernel/process.c > @@ -765,8 +765,11 @@ void stop_this_cpu(void *dummy) > * without the encryption bit, they don't race each other when flushed > * and potentially end up with the wrong entry being committed to > * memory. > + * > + * Test the CPUID bit directly because the machine might've cleared > + * X86_FEATURE_SME due to cmdline options. > */ > - if (boot_cpu_has(X86_FEATURE_SME)) > + if (cpuid_eax(0x8000001f) & BIT(0)) Please test this by running kexec and alternating between mem_encrypt=on boots of the kexec kernel and mem_encrypt=off boots of the kexec kernel to ensure there is no memory corruption in the newly booted kernel. This testing needs to be done on hardware that doesn't have the X86_FEATURE_SME_COHERENT feature. Or if you post the generated instructions in this area I should be able to determine if the change is safe. Thanks, Tom > native_wbinvd(); > for (;;) { > /* ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability 2022-02-11 14:55 ` Tom Lendacky @ 2022-02-11 19:51 ` Limonciello, Mario 2022-02-11 21:09 ` Tom Lendacky 0 siblings, 1 reply; 11+ messages in thread From: Limonciello, Mario @ 2022-02-11 19:51 UTC (permalink / raw) To: Tom Lendacky, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel On 2/11/2022 08:55, Tom Lendacky wrote: > On 2/10/22 23:36, Mario Limonciello wrote: >> An upcoming change will disable the X86 SME feature flag when the >> kernel hasn't activated SME. Avoid relying upon that when determining >> whether to call `native_wbinvd` by directly calling the CPUID that >> indicates it. >> >> Suggested-by: Borislav Petkov <bp@alien8.de> >> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com> >> --- >> arch/x86/kernel/process.c | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c >> index 81d8ef036637..e131d71b3cae 100644 >> --- a/arch/x86/kernel/process.c >> +++ b/arch/x86/kernel/process.c >> @@ -765,8 +765,11 @@ void stop_this_cpu(void *dummy) >> * without the encryption bit, they don't race each other when >> flushed >> * and potentially end up with the wrong entry being committed to >> * memory. >> + * >> + * Test the CPUID bit directly because the machine might've cleared >> + * X86_FEATURE_SME due to cmdline options. >> */ >> - if (boot_cpu_has(X86_FEATURE_SME)) >> + if (cpuid_eax(0x8000001f) & BIT(0)) > > Please test this by running kexec and alternating between mem_encrypt=on > boots of the kexec kernel and mem_encrypt=off boots of the kexec kernel > to ensure there is no memory corruption in the newly booted kernel. This > testing needs to be done on hardware that doesn't have the > X86_FEATURE_SME_COHERENT feature. > > Or if you post the generated instructions in this area I should be able > to determine if the change is safe. From objdump on process.o, here is the function with this patch applied, built using gcc 11.2.0: 00000000000011d0 <stop_this_cpu>: 11d0: e8 00 00 00 00 call 11d5 <stop_this_cpu+0x5> 11d5: 55 push %rbp 11d6: 48 89 e5 mov %rsp,%rbp 11d9: 41 54 push %r12 11db: 53 push %rbx 11dc: 48 83 ec 18 sub $0x18,%rsp 11e0: 65 48 8b 04 25 28 00 mov %gs:0x28,%rax 11e7: 00 00 11e9: 48 89 45 e8 mov %rax,-0x18(%rbp) 11ed: 31 c0 xor %eax,%eax 11ef: ff 14 25 00 00 00 00 call *0x0 11f6: e8 00 00 00 00 call 11fb <stop_this_cpu+0x2b> 11fb: 31 f6 xor %esi,%esi 11fd: 48 c7 c3 00 00 00 00 mov $0x0,%rbx 1204: 89 c7 mov %eax,%edi 1206: e8 00 00 00 00 call 120b <stop_this_cpu+0x3b> 120b: e8 00 00 00 00 call 1210 <stop_this_cpu+0x40> 1210: e8 00 00 00 00 call 1215 <stop_this_cpu+0x45> 1215: 41 89 c4 mov %eax,%r12d 1218: 3d ff 1f 00 00 cmp $0x1fff,%eax 121d: 77 49 ja 1268 <stop_this_cpu+0x98> 121f: 4a 03 1c e5 00 00 00 add 0x0(,%r12,8),%rbx 1226: 00 1227: 48 89 df mov %rbx,%rdi 122a: e8 00 00 00 00 call 122f <stop_this_cpu+0x5f> 122f: c7 45 d8 1f 00 00 80 movl $0x8000001f,-0x28(%rbp) 1236: 48 8d 7d d8 lea -0x28(%rbp),%rdi 123a: 48 8d 75 dc lea -0x24(%rbp),%rsi 123e: c7 45 e0 00 00 00 00 movl $0x0,-0x20(%rbp) 1245: 48 8d 55 e0 lea -0x20(%rbp),%rdx 1249: 48 8d 4d e4 lea -0x1c(%rbp),%rcx 124d: ff 14 25 00 00 00 00 call *0x0 1254: f6 45 d8 01 testb $0x1,-0x28(%rbp) 1258: 74 02 je 125c <stop_this_cpu+0x8c> 125a: 0f 09 wbinvd 125c: eb 07 jmp 1265 <stop_this_cpu+0x95> 125e: 0f 00 2d 00 00 00 00 verw 0x0(%rip) # 1265 <stop_this_cpu+0x95> 1265: f4 hlt 1266: eb f4 jmp 125c <stop_this_cpu+0x8c> 1268: 4c 89 e6 mov %r12,%rsi 126b: 48 c7 c7 00 00 00 00 mov $0x0,%rdi 1272: e8 00 00 00 00 call 1277 <stop_this_cpu+0xa7> 1277: eb a6 jmp 121f <stop_this_cpu+0x4f> 1279: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) > > Thanks, > Tom > >> native_wbinvd(); >> for (;;) { >> /* ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability 2022-02-11 19:51 ` Limonciello, Mario @ 2022-02-11 21:09 ` Tom Lendacky 0 siblings, 0 replies; 11+ messages in thread From: Tom Lendacky @ 2022-02-11 21:09 UTC (permalink / raw) To: Limonciello, Mario, Borislav Petkov, maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT) Cc: Kees Cook, hughsient, Martin Fernandez, linux-kernel On 2/11/22 13:51, Limonciello, Mario wrote: > On 2/11/2022 08:55, Tom Lendacky wrote: >> On 2/10/22 23:36, Mario Limonciello wrote: > 1254: f6 45 d8 01 testb $0x1,-0x28(%rbp) > 1258: 74 02 je 125c <stop_this_cpu+0x8c> > 125a: 0f 09 wbinvd > 125c: eb 07 jmp 1265 <stop_this_cpu+0x95> > 125e: 0f 00 2d 00 00 00 00 verw 0x0(%rip) # 1265 > <stop_this_cpu+0x95> > 1265: f4 hlt > 1266: eb f4 jmp 125c <stop_this_cpu+0x8c> That appears to be the same as today after the WBINVD is issued, so should be good. Thanks, Tom > ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2022-02-11 21:09 UTC | newest] Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-02-11 5:36 [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Mario Limonciello 2022-02-11 5:36 ` [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use Mario Limonciello 2022-02-11 8:31 ` Borislav Petkov 2022-02-11 19:43 ` Limonciello, Mario 2022-02-11 14:46 ` Tom Lendacky 2022-02-11 19:54 ` Limonciello, Mario 2022-02-11 20:42 ` Tom Lendacky 2022-02-11 8:28 ` [PATCH 1/2] x86: Use CPUID 0x8000001f to confirm SME availability Borislav Petkov 2022-02-11 14:55 ` Tom Lendacky 2022-02-11 19:51 ` Limonciello, Mario 2022-02-11 21:09 ` Tom Lendacky
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).