From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934153AbcECQAN (ORCPT ); Tue, 3 May 2016 12:00:13 -0400 Received: from mail-by2on0057.outbound.protection.outlook.com ([207.46.100.57]:8064 "EHLO na01-by2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933407AbcECQAC (ORCPT ); Tue, 3 May 2016 12:00:02 -0400 Authentication-Results: google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=none action=none header.from=amd.com; Subject: Re: [RFC PATCH v1 15/18] x86: Enable memory encryption on the APs To: "Huang, Kai" , , , , , , , , , References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> <20160426225833.13567.55695.stgit@tlendack-t1.amdoffice.net> CC: =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , Paolo Bonzini , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov From: Tom Lendacky Message-ID: <5728CAF7.7000007@amd.com> Date: Tue, 3 May 2016 10:59:51 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BY2PR21CA0041.namprd21.prod.outlook.com (10.162.74.179) To BN3PR1201MB1105.namprd12.prod.outlook.com (10.165.77.17) X-MS-Office365-Filtering-Correlation-Id: 15c9c49d-3a6f-4d4d-e3db-08d3736bfa82 X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1105;2:L/gD+G8MPrccG+MBGjQ2VwyCnzxN+hcj67hvGBq59MmRWR5y/KJLZR2A9pRVIN6YwwDXHU+h64TLOHu+0IayD2W1Ybfd4BW2AsWpwKdVI+qutfustWHxLVI/kxBf89Re9Iy7rPeKGc8a2w3IfDO7LLQ9Rl8b0O4CSlBfgqq2mkY1Fvb08GZBDBDyPQBoSaEm;3:8vyCHH/2EN3V1JtErUy03jj9jhhKmb4e5qET5Yz9Ew4zsKPzz4GL8fBobls1feBQmeWZOnyoJ/Klf02fY6eJ9ufkiK7p51pdDHXGF5Jhl7HBKFy34SH0GGzaaU+08DFA X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR1201MB1105; X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1105;25:gF59WIDhMwKoLynvmViMUy64zVmRhvrlX4nePq4a8kPiniSmJMyTn7Zho/PhdfV/7NKPqhv9huo0rrzee15+6BKbwUbIn0rh3ayCuICoHitB/G4feDAkWoD95C+araW/EHP+/WjKnWbCN7Qlzi7SUdS3/SObNdTZWhRzsWqUGsyrLbJrwPJ4Mrom98npPwYZWmd7GXMYgzQ0n+q025p5TuWHGjA4IDMApS9jM9aFUNTH6Y3t/kFihYpa8WUO1p/ayfOfuP5JZ9IqOVb/hyC/FTG1wghAvRQbMatKhl9ZeFri1+minLbW/AV+rweuxELUl6EpO/Z46C+2qu0/8Jx+oXOfsurRwVw06zt7IAPq8XU0uks9olsb3oDh+v/d5AiblH/6QKzhTNaWnjGvgJDNzd0VvVkrEscEYs6eaf2VkrNL6Dy3gAaxE98pLA2kQ6wI3TIiWeX2nrjlLvNzFMTkhBRyglbDXRxf9y1lTDj5oCMKUWFqatPTHNF3Jqr0rY4RPIpIVkLDwn5tPMlbhfDRHeP6JBkRvZ7N6lOMjzm0Kdx8CQGEmXOzWrUPNx78k9Z33i9sUJPtqTr0uAXtuR7c3TngvxPCKSPQsHIuKpVZf9eMXlwRUteadTS3wxbJyAi9Cj0xwRwl9VveJvP95hqLCD11L0s++AB+Ta1isDCUxRU7ZrSeeincNaHWj7PmvFYeDhVukIpkg5Sg94T8OSgWtD32i2Dkbd5OB3IyD8s/xXI= X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1105;20:MShyvWhfKgdPzcCC6F4Nqioum98UkiY6Hu6z03oE5N4QgQ6UbOpjE/iFAn9KIdiTKIKMlUeUenTj14kcK4GY2scz/twgkUwaGRTrgi7eyvp7nubk71Tvc8Yczodip6RwPhE6BbK9WW7ooYqrqCND064yTXmsX+l/Aw+BOUA7Q0PQd/wERKLxeeIFjBNCysKVtX10Ia587wVI/xaM2qwttpMDXcyKdE/Owc+RUki6RugfgHeZAkUtOTN10YehB3s6m4emJmzuvAHNwP8PwIv17QMLdcQwRnurNxtv/QdR3HwPRu96e/6wbwtoUabhd9nTq+WZCRc1kgaDwAxwlirBVfSvKUq+1iIyWEjwCxruWZtEVmSJ8MFehyqUxQ7hZPDwXBTgYyPT5ckYh7yyWQr1DwA7XyaBtj4rhUuqABkllx1vTE6MoMvH+6lfbg9vDfU951602NNG+S/7hJvdf0Jh5vP/nnI+WqzKAiGGGNo4YtgpI8ymBXBIhbsIKQo+O/dz;4:S2n6Bfb3717SOLCEobH90n+40pomoCA9dqaKXtEzztd6is+nNKwn9jvAy5I+lgMnrhplLIuWY+NCDT3KFeXQwvVFuYLBhs8QC1ITkkWumW9MUqbuPL8jgUUwWa7xYmpsxbOKr4t/mXrLrF3eogWCoh5RiyhF9Zp45sClkCuZcZ94Xlv6KEWCGowSAXcHiUJVt2GGzrDofCOx+7Ie6EiZE9Za/WP3y6Vg7ktaQcUlN9ThDSrR5FKFna/O+VHWBCl6CQs84SN3sgUBdzJCrhIDAOQb0BIfDbg6pDevuyKC7LnY2DXVh4UDiTjWalKKKzwymHAo+cS3rb9rm753QgcPz6rVFVRDVd7F7lYlNOfYc/YxCgNkcJ5XJzMutGXIOvA/najpBQZsnRxOn8K6ILhoL8O8EHRqxEgbCmi66P+Mgi8= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(9101521096)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026);SRVR:BN3PR1201MB1105;BCL:0;PCL:0;RULEID:;SRVR:BN3PR1201MB1105; X-Forefront-PRVS: 0931CB1479 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(6049001)(377454003)(43544003)(24454002)(42186005)(230700001)(33656002)(189998001)(3846002)(77096005)(5004730100002)(83506001)(586003)(86362001)(6116002)(66066001)(59896002)(2201001)(65806001)(47776003)(65816999)(50466002)(81166005)(65956001)(76176999)(36756003)(4326007)(50986999)(54356999)(4001350100001)(23676002)(64126003)(92566002)(5001770100001)(2950100001)(19580395003)(19580405001)(80316001)(5008740100001)(921003)(217873001)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN3PR1201MB1105;H:[10.236.18.82];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjNQUjEyMDFNQjExMDU7MjM6cUJialRzNE02L0ZTVVRpcGZ4MUY4elRl?= =?utf-8?B?aHE4dlgyRUhvWC83ZEMyb1BRWHkxL2JyWXk2VzVnelFoVFFCL2VxalhDMCs2?= =?utf-8?B?QUZQbEtKcUtxTlJsUU1CWlBuK1BpdVE3L0pISU00N1pvN2JWdWxibmpWNkQx?= =?utf-8?B?a0phYTI2bVNmL21kRmh3S3JlS2xrWWRoUVpJOHVMRHNSOXJxWit0Nk4vTmdO?= =?utf-8?B?U3d2NE9iUGdEZ2tOS0orZnI2SHBUdDNlTmcyYzF4aUcwNlVzcU1hbXBreVZR?= =?utf-8?B?QVRkWklUcS9NaWhFTWMzR2FKbjhoQ0UxbVIrVW1lZkd0SUlUR0lBQ2VYRmUz?= =?utf-8?B?bEdWRWZGZnFTTTE4S3dET0VIY2ppZWhOZFdoVi96Z2RBZ3VDQkNTc25uMEJl?= =?utf-8?B?dFBFUkhsbmpXY0QydzEzZG5KWGdOZXV1U0xJZlFGVzQ2YmxiV1A1VWxiRHFq?= =?utf-8?B?L1RwOEhyRmNWQ2tQay9QSEt2eVN6WEV4cFpES2JIRkhZTFV4SjFPNVc3eVZR?= =?utf-8?B?SjZhYzJPbDYxVXo0bHRpY3huNnAydWJLVUFINE95RmFHT2dhNS92U1lYYUN5?= =?utf-8?B?dG8wUmZLRUV0TmJCeUpZU0dNSDBTMEJ5b2RqaG1lZk1DY0d0VmlZNnNycDdk?= =?utf-8?B?eTdtTm9DVElYVjNFR0pXSVZNTUNpNkpnQ0RJMnYwQkk4dWU4amxjU0tjbEI3?= =?utf-8?B?aVBNcEtpK0ZKNmN2S29kZVRQNjJZRmh6NkpjQ0FiVUpJZnZLVnJGRlhkSzhV?= =?utf-8?B?MlpROG1Md1hRZUVNaEhUZmw3R3B2amxtQjVpL1RobkdqN2pkdHRjK1lqV25i?= =?utf-8?B?Z1ZSTXA2Zm1YaHcwdC9lODViWFlKV2d3NE9EVEphNEVCU0dlSFhBa1V2MFVq?= =?utf-8?B?WjRybUZIbWduTWpMNnd2QWVxNWVOY0NCSHlWcURUY1VKT1JyTWJhVWxIRVdU?= =?utf-8?B?Yyt2MEVuRGg5b255b2UzUkhLNEszOU43MGxUdXozUUVZTVRVYVhwZFQ4NzdS?= =?utf-8?B?T0FucU9hb3hDcWdTODdsWWs3bW5TNkhJSXRlTWU3V1c4N3VJakYxS2lFMGJk?= =?utf-8?B?NjlhYVBjQ0lkR1M1WVVLU2V5elVZOVR1OWRBMmJlekkrYVJmYjUrb2xGNmVh?= =?utf-8?B?US9wTTZVbGFJOGsrRUhYdzU1MHczZ1dvU0dQZEJ1TWhyU0xDNW9hZ0VDNWdh?= =?utf-8?B?ditBTVNPeU1NUXA5U09WUnpVU295YTdvTWo4akNFeHRRaEQvRkh3RlFERzdv?= =?utf-8?B?Z0QzNGNCczhNbW5CZGRZUmN1QTBpelQvR0NNdUQwWm1HVU5jYVRjREVoWFha?= =?utf-8?B?VWVNUTFIbkppdkVnNFl2L090d3hwMnF2M2xHQTBmK21pTlRoZHJRV0NpQmhS?= =?utf-8?B?V1R2UndjRVJqbXhhczROT3o4Snd2d1BmMzFYZVZSMjBqeCsyUmRERDBQVGRZ?= =?utf-8?B?cllXcDhHbVBEMngva256aW1BTVRqT2pZWENlcDhpUitCMUpOTTd6UWlsamtm?= =?utf-8?B?VTg1WFFkYUdiaUFnaktFcjNaZDZ4cGtDM3BXRXN6QUZ5TEhITzI0R29tbWU4?= =?utf-8?B?WUdxRUljWUZFUVlWU2VOK0JLM0lDQnY0dz09?= X-Microsoft-Exchange-Diagnostics: 1;BN3PR1201MB1105;5:ZzaQrV9DpU1pdg76OVy2C8/n+OORE1YWdGgrKAhDrb6NU77pM+9wUBcLzDMCKMMIyaBs2hA1ylDvHKyX+nbTZ6cqy8WphoqClE60kXDoEl+m1Y2oZYzJmW1jWDOnwQY03h6/IWQCNhyQatLgBqURJw==;24:Bzixv4am6j7g05f7iPSFm91lIdzWu0gTmHQV5ODLlDAqJB3Cjeha2GdRWkmT8uelkQg7LGhq4Q41rdXVWNloSm3BeZvO3ovVLdtef6McFw4=;7:4A72IPWhRu2xaWLvTI556nw7J1cQI8qRm3Wm45M0BFw+7HWDVGJmN2HXLvvd9iDywVsmm2I1gc+HOXe1yGqkm0ITa82R8u3hYCcvsA3NvYDxga31gOD76GiUZDr7HcSGe7n0pgPEKCjZdkbJsLaRekQrIwwbRm4GNaoEL60iA3RYhUfbiwVLZR57dcdQTEem;20:Xgwy+wdRD9/MkKrsKdThKQ9HNPOl768x72oVELhZ7wm490D32SynL5B7xTFhbj6Z+GquvXYfFHYAo17jw3sb23fFDC1IwAiR8Z9Q6cnI9BN7e6Kj9xjONCrUonKJBAzYaMxHIC/R3Smh/5vmSndlkRTq1LjhsGzoYYjSOisO9kfyKitiLOsTWBn7QHaSjM5jjxQ3vDHWhQHKqGEjnemMMpu6Ay6KmarXJlqXAf6RiR6VeB3DR3kCKOrFJ87LEpfH SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 May 2016 15:59:56.2666 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR1201MB1105 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05/01/2016 05:10 PM, Huang, Kai wrote: > > > On 4/27/2016 10:58 AM, Tom Lendacky wrote: >> Add support to set the memory encryption enable flag on the APs during >> realmode initialization. When an AP is started it checks this flag, and >> if set, enables memory encryption on its core. >> >> Signed-off-by: Tom Lendacky >> --- >> arch/x86/include/asm/msr-index.h | 2 ++ >> arch/x86/include/asm/realmode.h | 12 ++++++++++++ >> arch/x86/realmode/init.c | 4 ++++ >> arch/x86/realmode/rm/trampoline_64.S | 14 ++++++++++++++ >> 4 files changed, 32 insertions(+) >> >> diff --git a/arch/x86/include/asm/msr-index.h >> b/arch/x86/include/asm/msr-index.h >> index 94555b4..b73182b 100644 >> --- a/arch/x86/include/asm/msr-index.h >> +++ b/arch/x86/include/asm/msr-index.h >> @@ -349,6 +349,8 @@ >> #define MSR_K8_TOP_MEM1 0xc001001a >> #define MSR_K8_TOP_MEM2 0xc001001d >> #define MSR_K8_SYSCFG 0xc0010010 >> +#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23 >> +#define MSR_K8_SYSCFG_MEM_ENCRYPT (1ULL << >> MSR_K8_SYSCFG_MEM_ENCRYPT_BIT) >> #define MSR_K8_INT_PENDING_MSG 0xc0010055 >> /* C1E active bits in int pending message */ >> #define K8_INTP_C1E_ACTIVE_MASK 0x18000000 >> diff --git a/arch/x86/include/asm/realmode.h >> b/arch/x86/include/asm/realmode.h >> index 9c6b890..e24d2ec 100644 >> --- a/arch/x86/include/asm/realmode.h >> +++ b/arch/x86/include/asm/realmode.h >> @@ -1,6 +1,15 @@ >> #ifndef _ARCH_X86_REALMODE_H >> #define _ARCH_X86_REALMODE_H >> >> +/* >> + * Flag bit definitions for use with the flags field of the >> trampoline header >> + * when configured for X86_64 >> + */ >> +#define TH_FLAGS_MEM_ENCRYPT_BIT 0 >> +#define TH_FLAGS_MEM_ENCRYPT (1ULL << TH_FLAGS_MEM_ENCRYPT_BIT) > > Would mind change it to a more vendor specific name, such as > AMD_MEM_ENCRYPT, or SME_MEM_ENCRYPT? Yup, that can be done. > >> + >> +#ifndef __ASSEMBLY__ >> + >> #include >> #include >> >> @@ -38,6 +47,7 @@ struct trampoline_header { >> u64 start; >> u64 efer; >> u32 cr4; >> + u32 flags; >> #endif >> }; >> >> @@ -61,4 +71,6 @@ extern unsigned char secondary_startup_64[]; >> void reserve_real_mode(void); >> void setup_real_mode(void); >> >> +#endif /* __ASSEMBLY__ */ >> + >> #endif /* _ARCH_X86_REALMODE_H */ >> diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c >> index 85b145c..657532b 100644 >> --- a/arch/x86/realmode/init.c >> +++ b/arch/x86/realmode/init.c >> @@ -84,6 +84,10 @@ void __init setup_real_mode(void) >> trampoline_cr4_features = &trampoline_header->cr4; >> *trampoline_cr4_features = __read_cr4(); >> >> + trampoline_header->flags = 0; >> + if (sme_me_mask) >> + trampoline_header->flags |= TH_FLAGS_MEM_ENCRYPT; >> + >> trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); >> trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd; >> trampoline_pgd[511] = init_level4_pgt[511].pgd; >> diff --git a/arch/x86/realmode/rm/trampoline_64.S >> b/arch/x86/realmode/rm/trampoline_64.S >> index dac7b20..8d84167 100644 >> --- a/arch/x86/realmode/rm/trampoline_64.S >> +++ b/arch/x86/realmode/rm/trampoline_64.S >> @@ -30,6 +30,7 @@ >> #include >> #include >> #include >> +#include >> #include "realmode.h" >> >> .text >> @@ -109,6 +110,18 @@ ENTRY(startup_32) >> movl $(X86_CR0_PG | X86_CR0_WP | X86_CR0_PE), %eax >> movl %eax, %cr0 >> >> + # Check for and enable memory encryption support >> + movl pa_tr_flags, %eax >> + bt $TH_FLAGS_MEM_ENCRYPT_BIT, pa_tr_flags > > pa_tr_flags -> %eax ? Otherwise looks the previous line is useless. Yes, I overlooked that. I'll take care of it. Thanks, Tom > > Thanks, > -Kai > >> + jnc .Ldone >> + movl $MSR_K8_SYSCFG, %ecx >> + rdmsr >> + bt $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax >> + jc .Ldone >> + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax >> + wrmsr >> +.Ldone: >> + >> /* >> * At this point we're in long mode but in 32bit compatibility mode >> * with EFER.LME = 1, CS.L = 0, CS.D = 1 (and in turn >> @@ -147,6 +160,7 @@ GLOBAL(trampoline_header) >> tr_start: .space 8 >> GLOBAL(tr_efer) .space 8 >> GLOBAL(tr_cr4) .space 4 >> + GLOBAL(tr_flags) .space 4 >> END(trampoline_header) >> >> #include "trampoline_common.S" >> >>