Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753821AbcDZW6w (ORCPT ); Tue, 26 Apr 2016 18:58:52 -0400 Received: from mail-bn1on0092.outbound.protection.outlook.com ([157.56.110.92]:15374 "EHLO na01-bn1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753803AbcDZW6r (ORCPT ); Tue, 26 Apr 2016 18:58:47 -0400 Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; From: Tom Lendacky Subject: [RFC PATCH v1 15/18] x86: Enable memory encryption on the APs To: , , , , , , , , CC: Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , "Konrad Rzeszutek Wilk" , Paolo Bonzini , "Ingo Molnar" , Borislav Petkov , "H. Peter Anvin" , Andrey Ryabinin , "Alexander Potapenko" , Thomas Gleixner , "Dmitry Vyukov" Date: Tue, 26 Apr 2016 17:58:33 -0500 Message-ID: <20160426225833.13567.55695.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> References: <20160426225553.13567.19459.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BY2PR06CA052.namprd06.prod.outlook.com (10.141.250.170) To DM3PR1201MB1117.namprd12.prod.outlook.com (10.164.198.17) X-MS-Office365-Filtering-Correlation-Id: 06b01596-0da9-48b6-1d00-08d36e264f20 X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;2:DmKdQI4qHPwN5Lzwn/DAiPz6Om+usOgOGFNvjWtXNERpeEjfzUF/JpwuYVBc5ubLdSCZxOX1opr5NMlraG7hoouM52PvwIO8mubpqQiM3J4b7xuKiQsH/T0aLWqLxMfqZBQElk/ewQ9QW/jDc9z9bIxtR2Vqq4LCnVsuIMr+vuconq8XRpglXqmMigmfHkrx;3:Yb3o4VZKeFYBpQDiDanbnEhHRsVojdcXIsmix9o1ajc12lMt4hHpWVXbhbsqc4dOXciKu0ouA8ILH74Ubw8cdAn4xfnChPVMyA9tJfjuF2qHMH3vMkDilALHfeN5wUkn;25:aG7H1fp86/gKC5urjB2TsJCg7MpdOtyYVaT3FfbEkXlez2ncKZwKwRLNtHdtIHRGTaPBcpcJ+Alf8JvdzP8q7F5TmjvpKwZ8fkVIHr1oGrJYae6h7NDLfrZq2YpJTuzcVJO0wAC+of1dzkNxn7jOLEwq1u2WOw/I4dfwpPizweHfUw62Tt2/rsuBcvD2yljzK5bASaSFcZ5bXZDJehfIu7Mu56XKL3BBhvR17CxKPgKuB6Y3iQap/Ycd9M7yfTMeGZMFWW4qdxWg4LnCLhcQpxbcLwdSrTsUJK/4EQ8S0Cl1DIxOlhvVy3+OvCa+zVcFzsT0h5JceO3NDBTOJsaMwajgP9D/SnTkUZSxvUjVxaTN9oN7eQqSYkrLjCwk9OhvGeGbVdrwwy3n91hpj7nJMkF1os/ebg+dnxr3YBWnPK24hChSRD/xQqIKdHV6/AEPz3rIZMkSB4sdxIP74IhsBL+EGh3/LVBtISgOnZpgDkxBDGmjS3agIdHzPpHchsi8WhMREfMqnJ2k4iKONBK2FVnavTcGhvRgjVYmUIxsGP7Ue7c6vUuM1ua8W/gs/p4Ktz2UoHQ5PLJ+XSrkMOinYsFygqxCJkP6EQBt+AFcslNjRVD3p9Hh3SO9Sqtz0SV7 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM3PR1201MB1117; X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;20:pfUaPcxFx45LDPh++dcDKBsynWpqQPK95rm69SFfMFMWA2kdeCN+CZiOZf314kb3ot9pUL02s0D4vR34v7nHr69e/V/Krx/oNCn1Uf8WKDPdbkLO6AxbHSF2Xl5BPhmJlP/E/JWEDidCnJU/7std8jOwWk2urGr7xwuh7BOiUOxgThOq07CBjoWGwv/42DFMCVpqZyiPNeSP9GSjCKO/c8nw9kyb403qX/06R9Z8yY1YHErPf7xHRJ/OC4hrxbZMsXPcPCuTB+PfsNF5XTxgFWhF93AyeHYXJgoAhhshxt6M/9EmNBSRpUrsEgZ2sVbLub6u3AwOPPIKwpoI/KMaEytvHkqWcbvK97uYF/5j211Dbw7ER0rpAeys9jRvro/BV4O4C5oRpGrwpbNI8qdrM5QX73Et7mkETt8iGb4iVwt44D5atE7pI/l7YwxRafM4MwXq0sZ3JceDPVndPc7aMBen8Ysu1lvATJVQaJyz3Kqng/Or2O3PCH2i7BhGnPcc;4:9avI0/ohwELuSOYLQKIBfgS76gDxv9UIFM4D3Jhk6al4Bqf+PzLNl2clOEUuIeS+PZp5Z4G9oC6fd4xkGUO/mxqaXl8p6I/UmBr2O9TIp38kd4zlw6GP252AbhoMmmTYRm7ihB0OjHnCFRLkNsfWuBo1GTeiJITgJsEUIvGRLPVpbLTzrS7R2M35mqh48uuk/ncbdFEYcRPp1JacC6vsQGVCpSbQo4JRPMyJE6W0SyPyIU03H4f7ZJt7f1qVt1zdPuMQUFfcqVlFQjwJKVUNHoROKldae4CuyraJcV3ylal5HiBVFsLDCBY+QABw7zqEvx9bYRvLN3OReJtmx1QrO1550dapULabOSksq3VqwIfApXu+pl6jHtOHjpKsFFNvcKz7rL6cK76s9tdGhFMTRW5gFxv5di3EkltYgnm0Cy8= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(9101521072)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026);SRVR:DM3PR1201MB1117;BCL:0;PCL:0;RULEID:;SRVR:DM3PR1201MB1117; X-Forefront-PRVS: 0924C6A0D5 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(5008740100001)(50986999)(54356999)(42186005)(76176999)(5004730100002)(53416004)(103116003)(97746001)(230700001)(81166005)(9686002)(2950100001)(77096005)(2201001)(92566002)(66066001)(19580405001)(19580395003)(33646002)(229853001)(4001350100001)(86362001)(47776003)(1076002)(50466002)(5001770100001)(4326007)(6116002)(189998001)(2906002)(23676002)(1096002)(586003)(71626007)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:DM3PR1201MB1117;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTNQUjEyMDFNQjExMTc7MjM6Tk5YeGllSU1taUtEM3plcDBHc2xSeFVw?= =?utf-8?B?Rk5LWHd4MUtDL1JHWGN6bEhMUXlFbmNVTTB6d21la0hTN2hidFdRK3MxcUtr?= =?utf-8?B?ejAvSllSQjZ0eWtPTjB5WVpzRnE4azlFOFIrWXcxMjRTMThuUTZkbDVzZ0lL?= =?utf-8?B?T00zaFpPbFMvQ1RZZTRFK0U0Vkx2MjFibFZaVjNWc0pVTm1WVnNBdUJDYXZm?= =?utf-8?B?UExtZ240QU0rNCtJRUVZMlVhQVFmU1NOMGxGV3NmN2ltTXFKUExaVXA4b00x?= =?utf-8?B?cTZsUlhEVUd5TkoxdG5UZzNUOVpBVDl4S1lERnRiUjVoMTlKSDRrbTc0dDlK?= =?utf-8?B?WEVZTHZCa0hPcFlOM0t1RHhRdkt6aGdJRThvdGVWSnJqZEhaMVMrT2xMUGJF?= =?utf-8?B?aXVpY3VES1lMSVFLZjFlTnBHNlhxa3B3cFRoNVc1VDJsbEQwQ3l6TjNYWmZi?= =?utf-8?B?MjVScEQwZkE4YTRQNXFaS2VmSFJSWVBGbjV4a284YXJ6eWlENEFWMVFudy9U?= =?utf-8?B?SGlTdmVkb3F2UVpmUUwvWlFlYitNaGd6ZXZLSWJwRks2SHNDRjRHL2N3Nkww?= =?utf-8?B?dWF1blJJRy9NVGNxWDArbkFZTFQ5MUhaTmdqWDZWQUEyS0Vjb1Y3K2liK2dD?= =?utf-8?B?OStpRW8raURNeG1qc29aR0kyVVdzVXV3QzdrM1FLWDcwWktGTjZsQ3ppa2R2?= =?utf-8?B?dy9WcytYZElhSENOYzZEb1Fma2ZReWN6OW9oNmxCNG9ZY3dpcit2SXMvWVhi?= =?utf-8?B?QVM3TytZTUdhMUkzR1llLzdZYXRlMTVKcTNBcUVCWE5rY2E4ZEpoT0hPS09I?= =?utf-8?B?VjZUWDMwbGpYYnRZYmVub3NNakQxR2hsajYzSFZSZTY4VmJpQ0g2QWw4NThi?= =?utf-8?B?NHByaUhBZnFVRTk1aTQzZzNDU1RDeTRVTE9sNEd1SWdabWVEM0Y0S1NjdEV1?= =?utf-8?B?SG5paFVUTUNmbWlqa0hZcWo5cFhuemxKV2lvTktJUlg4aGx2UEtCV0xDcUVk?= =?utf-8?B?aTFxY0xCNXEyVGF2ellDQXZqc3ZMbGJhSmFVUDI3bnZ6MzYwSCtyZEFSRG9p?= =?utf-8?B?RXFsdTdVc0JnL0ZYcXErWVBFSThyS3YwRmVsdGtSWDJjL0pjSUszRDQyVURv?= =?utf-8?B?M0VBMmxFZ20rU3ZoY0tZOHBFYjNtbWE4Ny82TlhkSlJiUG9HZ2NjNDN1dURS?= =?utf-8?B?STJXV3NFR0NGcGE0MGg4dTdCc1ZKb0dZYzFyb25oYUNWT0NZOFNSWjZ4VVl4?= =?utf-8?B?MUtDQ3Q4bVlXZzdoeVgzNit3TzZYZzB3dUJiTnNKQ1BDbU5WVG5NRHg5aVhK?= =?utf-8?B?Y09KUW1GaE91S3dLazUxamd5QXhqQlJlT3Z4RGMzS0dKUkRFNDcrdFUvWkp4?= =?utf-8?B?OHlEQzQvU0RWdW9Cd2lIL20ydlJpUy9DTmhYamdDZkE9PQ==?= X-Microsoft-Exchange-Diagnostics: 1;DM3PR1201MB1117;5:WdTX5g7niI91u4/Lh7tCyzGky5D7bEqeVKj9KQpekhgKKwBCxwYRm6j/v0FYpH9Rq4M7BB2OTYBlLfWxLeML37MYkc8tgRdyHq0NRC24KLO8cfNhiBY9XE0dli3cTJGPXalwezUL9wPb52b5UrzP4A==;24:yQVtCUQH8Sp4EvQpuTA0b8bHnHevg6V3HnMq1HF/diyI8nT0oEvSXJRXxPzqqBejOWFqduA2O1xA62J35laWdsMAZ/J6TkxvRSOrkCRghio=;7:Xv/o9LmX939KQXFCyWHD+zzgYB/oHmSPJHjKdZd0fz5Xz4fwjLasEbUuIHGoqwjyN7C4Ex91STjOYCswaMXJ1/X+Pcv4GafmxgzMpXTo5aW5yln/5As2HQzxpL63K3Jo48/qCitxPdbItt93W6EntfxkLlRLHZC00EHZ1HWsk/A=;20:ILxT8+9lVoxxbNud3PrcfTUnlISJr3C93beRKmPtn6jIf6VVwew+EiowMWevSnau0p2VEW0Q64UeAqlh8lPkD+kVbY9p3IWHtmuzlWOdvbiQFir08Tyxl+O6JKDDTs848eXAjY8cIgcOQiaBqpyNwG9Trm1oSb6sesG/mwzuXEW/HHSCSWgKzQ/JMS/5fmeoz5XovVA6gMiREwezsQ1SNKIFQ6SOli4taXmq29MAW37COH/CR22+UqX7bS1rdGuM X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Apr 2016 22:58:38.0938 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR1201MB1117 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3633 Lines: 114 Add support to set the memory encryption enable flag on the APs during realmode initialization. When an AP is started it checks this flag, and if set, enables memory encryption on its core. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 14 ++++++++++++++ 4 files changed, 32 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 94555b4..b73182b 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -349,6 +349,8 @@ #define MSR_K8_TOP_MEM1 0xc001001a #define MSR_K8_TOP_MEM2 0xc001001d #define MSR_K8_SYSCFG 0xc0010010 +#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23 +#define MSR_K8_SYSCFG_MEM_ENCRYPT (1ULL << MSR_K8_SYSCFG_MEM_ENCRYPT_BIT) #define MSR_K8_INT_PENDING_MSG 0xc0010055 /* C1E active bits in int pending message */ #define K8_INTP_C1E_ACTIVE_MASK 0x18000000 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 9c6b890..e24d2ec 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * when configured for X86_64 + */ +#define TH_FLAGS_MEM_ENCRYPT_BIT 0 +#define TH_FLAGS_MEM_ENCRYPT (1ULL << TH_FLAGS_MEM_ENCRYPT_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -61,4 +71,6 @@ extern unsigned char secondary_startup_64[]; void reserve_real_mode(void); void setup_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 85b145c..657532b 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -84,6 +84,10 @@ void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = __read_cr4(); + trampoline_header->flags = 0; + if (sme_me_mask) + trampoline_header->flags |= TH_FLAGS_MEM_ENCRYPT; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..8d84167 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -109,6 +110,18 @@ ENTRY(startup_32) movl $(X86_CR0_PG | X86_CR0_WP | X86_CR0_PE), %eax movl %eax, %cr0 + # Check for and enable memory encryption support + movl pa_tr_flags, %eax + bt $TH_FLAGS_MEM_ENCRYPT_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bt $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + bts $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + wrmsr +.Ldone: + /* * At this point we're in long mode but in 32bit compatibility mode * with EFER.LME = 1, CS.L = 0, CS.D = 1 (and in turn @@ -147,6 +160,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S"