All of lore.kernel.org
 help / color / mirror / Atom feed
From: Brijesh Singh <brijesh.singh@amd.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Borislav Petkov <bp@suse.de>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	David Laight <David.Laight@ACULAB.COM>,
	Arnd Bergmann <arnd@arndb.de>,
	Brijesh Singh <brijesh.singh@amd.com>
Subject: [Part1 PATCH v5 13/17] x86/io: Unroll string I/O when SEV is active
Date: Wed, 27 Sep 2017 10:13:25 -0500	[thread overview]
Message-ID: <20170927151329.70011-14-brijesh.singh@amd.com> (raw)
In-Reply-To: <20170927151329.70011-1-brijesh.singh@amd.com>

From: Tom Lendacky <thomas.lendacky@amd.com>

Secure Encrypted Virtualization (SEV) does not support string I/O, so
unroll the string I/O operation into a loop operating on one element at
a time.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/include/asm/io.h | 42 ++++++++++++++++++++++++++++++++++++++----
 arch/x86/mm/mem_encrypt.c |  8 ++++++++
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
index c40a95c33bb8..a785270b53e1 100644
--- a/arch/x86/include/asm/io.h
+++ b/arch/x86/include/asm/io.h
@@ -265,6 +265,20 @@ static inline void slow_down_io(void)
 
 #endif
 
+#ifdef CONFIG_AMD_MEM_ENCRYPT
+
+extern struct static_key_false __sev;
+static inline bool sev_key_active(void)
+{
+	return static_branch_unlikely(&__sev);
+}
+
+#else /* !CONFIG_AMD_MEM_ENCRYPT */
+
+static inline bool sev_key_active(void) { return false; }
+
+#endif /* CONFIG_AMD_MEM_ENCRYPT */
+
 #define BUILDIO(bwl, bw, type)						\
 static inline void out##bwl(unsigned type value, int port)		\
 {									\
@@ -295,14 +309,34 @@ static inline unsigned type in##bwl##_p(int port)			\
 									\
 static inline void outs##bwl(int port, const void *addr, unsigned long count) \
 {									\
-	asm volatile("rep; outs" #bwl					\
-		     : "+S"(addr), "+c"(count) : "d"(port) : "memory");	\
+	if (sev_key_active()) {						\
+		unsigned type *value = (unsigned type *)addr;		\
+		while (count) {						\
+			out##bwl(*value, port);				\
+			value++;					\
+			count--;					\
+		}							\
+	} else {							\
+		asm volatile("rep; outs" #bwl				\
+			     : "+S"(addr), "+c"(count)			\
+			     : "d"(port) : "memory");			\
+	}								\
 }									\
 									\
 static inline void ins##bwl(int port, void *addr, unsigned long count)	\
 {									\
-	asm volatile("rep; ins" #bwl					\
-		     : "+D"(addr), "+c"(count) : "d"(port) : "memory");	\
+	if (sev_key_active()) {						\
+		unsigned type *value = (unsigned type *)addr;		\
+		while (count) {						\
+			*value = in##bwl(port);				\
+			value++;					\
+			count--;					\
+		}							\
+	} else {							\
+		asm volatile("rep; ins" #bwl				\
+			     : "+D"(addr), "+c"(count)			\
+			     : "d"(port) : "memory");			\
+	}								\
 }
 
 BUILDIO(b, b, char)
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index bc6ba4cbe9b4..05c3cb9fb442 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -39,6 +39,8 @@ static char sme_cmdline_off[] __initdata = "off";
  */
 u64 sme_me_mask __section(.data) = 0;
 EXPORT_SYMBOL_GPL(sme_me_mask);
+DEFINE_STATIC_KEY_FALSE(__sev);
+EXPORT_SYMBOL_GPL(__sev);
 
 static bool sev_enabled;
 
@@ -311,6 +313,12 @@ void __init mem_encrypt_init(void)
 	if (sev_active())
 		dma_ops = &sev_dma_ops;
 
+	/*
+	 * With SEV, we need to unroll the rep string I/O instructions.
+	 */
+	if (sev_active())
+		static_branch_enable(&__sev);
+
 	pr_info("AMD %s active\n",
 		sev_active() ? "Secure Encrypted Virtualization (SEV)"
 			     : "Secure Memory Encryption (SME)");
-- 
2.9.5

  parent reply	other threads:[~2017-09-27 15:14 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-27 15:13 [Part1 PATCH v5 00/17] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support Brijesh Singh
2017-09-28  9:02   ` Borislav Petkov
2017-09-28 18:48     ` Brijesh Singh
2017-09-28 19:23       ` Borislav Petkov
2017-09-29 12:28         ` Brijesh Singh
2017-09-29 14:41           ` Borislav Petkov
2017-09-29 15:54             ` Brijesh Singh
2017-09-29 15:56               ` Borislav Petkov
2017-09-29 21:27     ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-30  8:49       ` Borislav Petkov
2017-09-29 23:06     ` [Part1 PATCH v5 18/18] x86/mm: add 'sme' argument in mem_encrypt= Brijesh Singh
2017-09-30 11:56       ` [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option Borislav Petkov
2017-09-30 21:17         ` Brijesh Singh
2017-09-30 21:41           ` Borislav Petkov
2017-10-01 17:00             ` Brijesh Singh
2017-10-01 17:16               ` Borislav Petkov
2017-10-01 19:45                 ` Brijesh Singh
2017-10-01 22:02                   ` Borislav Petkov
2017-10-02 11:32                     ` Brijesh Singh
2017-10-02 12:41                       ` Borislav Petkov
2017-10-02 15:07                         ` Brijesh Singh
2017-10-03 10:50                           ` Paolo Bonzini
2017-10-03 11:20                             ` Borislav Petkov
2017-10-02 13:44                 ` Tom Lendacky
2017-10-02 13:51                   ` Borislav Petkov
2017-10-02 16:35                     ` Tom Lendacky
2017-10-03 11:29                       ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 03/17] x86/mm: Don't attempt to encrypt initrd under SEV Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 04/17] x86/realmode: Don't decrypt trampoline area " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 05/17] x86/mm: Use encrypted access of boot related data with SEV Brijesh Singh
2017-09-28 11:13   ` Borislav Petkov
2017-09-28 16:20   ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 06/17] x86/mm: Include SEV for encryption memory attribute changes Brijesh Singh
2017-09-27 15:53   ` Brijesh Singh
2017-09-27 17:26     ` Borislav Petkov
2017-09-27 19:17   ` [Part1 PATCH v5.1 " Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 07/17] x86/efi: Access EFI data as encrypted when SEV is active Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 08/17] resource: Consolidate resource walking code Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 09/17] resource: Provide resource struct in resource walk callback Brijesh Singh
2017-09-27 15:13   ` Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 10/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages Brijesh Singh
2017-09-28 16:23   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 11/17] x86/mm: Add DMA support for SEV memory encryption Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 12/17] x86/boot: Add early boot support when running with SEV active Brijesh Singh
2017-09-28 17:02   ` Borislav Petkov
2017-09-27 15:13 ` Brijesh Singh [this message]
2017-09-28 17:51   ` [Part1 PATCH v5 13/17] x86/io: Unroll string I/O when SEV is active Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 14/17] x86: Add support for changing memory encryption attribute in early boot Brijesh Singh
2017-09-27 15:13 ` [Part1 PATCH v5 15/17] percpu: Introduce DEFINE_PER_CPU_DECRYPTED Brijesh Singh
2017-09-28 20:32   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 16/17] X86/KVM: Decrypt shared per-cpu variables when SEV is active Brijesh Singh
2017-09-29  5:51   ` Borislav Petkov
2017-09-27 15:13 ` [Part1 PATCH v5 17/17] X86/KVM: Clear encryption attribute " Brijesh Singh
2017-09-29  6:26 ` [Part1 PATCH v5 00/17] x86: Secure Encrypted Virtualization (AMD) Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170927151329.70011-14-brijesh.singh@amd.com \
    --to=brijesh.singh@amd.com \
    --cc=David.Laight@ACULAB.COM \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=arnd@arndb.de \
    --cc=bp@suse.de \
    --cc=hpa@zytor.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.