Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932214AbcKJAvR (ORCPT ); Wed, 9 Nov 2016 19:51:17 -0500 Received: from mail-by2nam01on0073.outbound.protection.outlook.com ([104.47.34.73]:5120 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754509AbcKJAvK (ORCPT ); Wed, 9 Nov 2016 19:51:10 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; From: Tom Lendacky Subject: [RFC PATCH v3 05/20] x86: Add Secure Memory Encryption (SME) support To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , "Paolo Bonzini" , Larry Woodman , "Ingo Molnar" , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , "Thomas Gleixner" , Dmitry Vyukov Date: Wed, 9 Nov 2016 18:35:25 -0600 Message-ID: <20161110003524.3280.94337.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR17CA0038.namprd17.prod.outlook.com (10.175.189.24) To CY4PR12MB1144.namprd12.prod.outlook.com (10.168.164.136) X-MS-Office365-Filtering-Correlation-Id: 40031057-324b-4bd6-702c-08d409017e48 X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;2:KGWfYr8HT3uJsD5OfqGPNPPEs6SBZwIP3XMlW1CybLSATeBRbR+aLTWYt0W1wjoFwUYXzNmfg2uF44nxQ5xMfrIuP+nQVtaj3/QAe/AWMoZuPWjWUP5F420I+tvbHrBKkr71mxioEMEb9D4nMh4iaCcVtVXHHQa1gtyZKW+tRMF9OTEn7XyywFcktqjODaUrA7aT/VYyywSBKXJQiCkO+g==;3:hk9OVNUeBSPcWvXaqLPFcfqljkjTvtmYD4qhfeXdG530aOPj5qu4z39/YWSCEOJUJBDPD2sgqXLB4MKPP97hsHBsJ8hn25ONfgduPFQyieHFmyv8kufbJhnq2ZGyxDknKTVFsHB0Z2v7xNWNSmCHzQ==;25:eRMcB3Lps9EzuUf+6kc/TCU09K3du8U/RDoMhfH62BVQ3EnKMqFeOVDYoRziaHxArQ9HRD4Qh9gM1skh7YVYRHOLvUGXGslGxA8uQ9fgNrM0s1may8ijtj0h7XIAVeXfRtjHzkm4suJbAKPX1RqzQdijsollcW+nR1jbagNhClqT/ioZKDqM+6qI67rf8G58M2novYynCl685PZNfHPOk1cLq0pfV434WnX02o5jptu12UDHM23RvOn6pmbaHRWxZkaQJk9yQx4TjQfjkURcDnYuSWYNsubNZtZdcpDfudVh1HP3P8EfWMurhDHWi4iKl2iZTZ/3LO2dn27ghz6RorF7kL6hnwNl03mrQzmYDnbdXfHW7RFqf9CMmUe2Pvs874iYQq9zAevjg/dRxLdbUpTOTY1SHLPIMBFmw2iMfAfdm18g23bRiLenRO77Mb9P X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1144; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;31:lZn9jiuOf+Dqocg4vnSRUkksZe14j/VopIr9tBm68yCdltLbMfQSbeRCS86PLlMJvQXO+slcbWJ9omLTTe8H4ZEz7M3uWFEcKd6CVE8thMs/9vsN7XMhjOSF0h++2jyimfLaUfRtyNo0NqpYRLqb5jMTGRcmZ+dusRhttNV0UDO6ksr9mc0RlSQxdG2EzzsjIo8onpm2cOmXPTy5TXKIIPm91G7gxDO1OWEhpCPiDCTHhV8bgfMRpLv7+Ck/epa3;20:ts1tR8fa8bJxpJwaXAzJS62xtNf3Vx3eAESs8TRXuLMAV/7k12r6dKN1GFKS57wOBqPB491D0jSEBuNcd2v51PhgOk/wDyaJHBWxMso+txyzoAUR0mnQ66AvIReERYQp/yeF1c7j9z47D3X82kIFSvPlTRU1s07KCfprLQJwEdZFADC4epYn6UYj5y/V2SG1UTOj6q6qvDhEGO8CAKnMq2inYVf3igGPFaKc1Ynk5W18poSCdcxIlXMAPwUIYyB/dxeWmMbYmZFmqiPZe/T3jOpZKd/7qbYqYppMFCsPE9W2EKSwu4D1swFwqIymGRJ3CKtCyyDQ80WyL6YSSZj95tbsN+pSLd2xvhz/G//Ig4OZXcxW2PhwbUsDtRS1ervM8VaUTnDCX55PO76DZamq4xb8BLCfMcCv+LbFlb3mjWOfBhXRCKU7BVe0gkbXE5jgnNXSGMzBqr/JtDC24yVmM2RNL0IQAc4rcrqcsPSHUyF2XsOXcdaTzBWypI+sOpRV X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026);SRVR:CY4PR12MB1144;BCL:0;PCL:0;RULEID:;SRVR:CY4PR12MB1144; X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;4:5zy8VoTEdW9vcM0b/3cy4uJdXP0xgZJYXeRid10rgcOJR5HJoTTW2G0fWnIRCZCkLLxdmjJfxRd39fQmJzQWIr/3v5YiJ9QiQt/8+L2gkK3dapgWhpkXYP9vHT19jR+B8FfCZqx5keH3qKbukKhWvjiFJPHfIP71bCXJJXDxl3YhfsY+FgM+pGW2/CsxsPBUteLe2BmtfX/7tlAbHUQxAQ3sXZZhOrJixW0gSIA/6WSCl4Nd4c4xTZY/nYUQEU0+b3o+wE9tz00dfmuQizXRP4gf725An3u1r/h3nGh2STzYUH/LZHmtuKHK5Irm4Qe+yAUCc/9egGjxE1az6OREBwdnsZLwGIUxV6xMK0HZqJW7HOijsqHj+mE39RGDZ9pochooViR+txVRzl69TXFQpManufK+L9eG9I4t/quWGPX0omNsKQbOUQCDLgMOLq4V69673N971U5LVhE5CeWxjQ== X-Forefront-PRVS: 01221E3973 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(7916002)(189002)(199003)(4001350100001)(189998001)(97736004)(5001770100001)(47776003)(9686002)(106356001)(33646002)(66066001)(86362001)(2906002)(8676002)(2201001)(4326007)(68736007)(81156014)(105586002)(5660300001)(81166006)(6666003)(92566002)(83506001)(42186005)(2950100002)(50466002)(7416002)(103116003)(230700001)(53416004)(97746001)(1076002)(69596002)(23676002)(50986999)(77096005)(101416001)(76176999)(54356999)(3846002)(305945005)(586003)(7736002)(6116002)(7846002)(71626007)(2004002)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:CY4PR12MB1144;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjEyTUIxMTQ0OzIzOkNScEdkTGhjNkt5dkZlbVUrSFNNS3FFRk40?= =?utf-8?B?aEU5c0xaTS9NOUNzUlZYaGxKLytGZXRab2dTSFQyYlpoZGtFM3IyRDRsNm5k?= =?utf-8?B?M09YcTN1WEF1Y3o5UEJYcCt4U0wxVzdKMUdKSG14aHVPZ0tTUUdYWE9wWEtq?= =?utf-8?B?VTZ6RHZGb2l0c1BjaU1WVEF5MGhPSHVPdm9naE9WTEE5UkRVNlBFRnFNaWJn?= =?utf-8?B?SG9vT3JySlM5cDY3M1prbGthOFREemF4YTkvWWZNRTVOeS9tOVZwQUlJY3NH?= =?utf-8?B?SlRPSno4Mkx4ZnVIQU80L2hTb0dSVW9PcVZxMjF3Z21qMGVuTjBvMGMwSFoy?= =?utf-8?B?cjlJakZJNWVjTVZyN0pkS2luYS9zbjNNOGNXZ3BNNEVGcDVKUWpGa3BxUGs1?= =?utf-8?B?V1I5b0dLeUE5VkcrSG8zT0dRSFZLTlN3Z2V3QlZXUDMrOFhpaUhtMDN5Vjlh?= =?utf-8?B?TDBtWlRRWVI5UlZnWlJ0Z1BVazhVMkM3Y2tvSnlCMWRJYTJ6WHRHckdrWkVh?= =?utf-8?B?SjBIeEh4bGhKdTljQWFNc2JzK1JSWSs3OHIveWc1SzNCWXhUUzNRcmkrTUU4?= =?utf-8?B?bHhhQlpiZW16NEtxMmtWYmVFSlJDalhYa25yNGkrZ3BVMFpYa0tSaG9FSGlz?= =?utf-8?B?V3lNUUV3cXZ2QkVTWUNiMXB0VnlvRTZFc1Zua2UvOERaVzZDZnVEQWpmc0dh?= =?utf-8?B?blJNbWFIZUhoSWVTWVJPN0NPL2FGblBnV25HSWlRNnFoUXJGOWhHcitVQzM0?= =?utf-8?B?WkdTTEJNSERhVHQvYjNtR1hQc3gzLzlVakFzSlJZOTNMb0JIRlJnYTFHaXE5?= =?utf-8?B?MENXakRRT1VFSVp1TWVHY05FWDVlRDJndzV2S2N4SGhqMEVvYTFyaS9ESlJm?= =?utf-8?B?U1crNnJ4OEZTT3A3OXFRZWtYbWtCdVVTSFk4K3A5Z01hbWNSa0owdVNncWxB?= =?utf-8?B?SklJWFB6VTVHZ3puNXFKZ0E0VkI5NzBDaWF3REdibnVqTVJyM3RKdmpydWg4?= =?utf-8?B?QWlvNGMxZ1NhczI3OWZLcXpIRkxpWWxYNzdMU2tuTkJ0YmpmL1pCVGphTWJF?= =?utf-8?B?YlRpRmxrYTNyMWV4SHJ1MnV1eGJWcjF5S1hnOENWM1d6VlpydVZFWG5lT0Vt?= =?utf-8?B?ejNXU0tGcXJvZkF0ZWZQMFpuMjREbmtGb0YzVjdmR2JEV3hGcEZJSTVjbjB0?= =?utf-8?B?bTJKQWFadXBKaEZnTGFHbkk1OFJBRjBKYjdIQUpxeVBoOW43MlZMOHNiY3NS?= =?utf-8?B?dXNNaVErK1Rla2xOVWk3ckErZFNkNkl2YUtsQ1VVc2NPeXh2V1FFNzlIRWp0?= =?utf-8?B?QkpjOG9jWmptZjVnMkFQa3hwR2loRTROelNBQ0szS2w0czI4QSs1cGd2c1Jv?= =?utf-8?B?NU0ybkVJem5GNWtTcXN3NUZUWUtFWkoxTkFtaWZTMmdQaDh5UUVJOWRvYW9j?= =?utf-8?B?bzRxQm1UR0RiV3N4VXRRRVMyQ3RTaFAwREpFYnMyZVRxaThZVjZNNnpnUkZK?= =?utf-8?B?R0lTbCtIV0NhamdiRWVEbTBIQitHcUk4bHMvN1VXQU95bWIyd1RNNkxUQU9J?= =?utf-8?B?Y3V5TldjbGhLQlBONmZlbDRieTgvSHpOY1R1Wjh2VW9sV0Z5dGdma1JQNGZh?= =?utf-8?B?TDdnMVZyQzZjb25jUXZtbVh3U2NEcmZ6RDFnYThHK2dQR3QwOVJNZStaRFdR?= =?utf-8?Q?BEVd8skbwyLxBh7dqr5TLDrSsfIPbhSOQJDGCg4?= X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;6:tv/gMSESL9TTYq/TD6l8RIqt6F9hLdIN9Mzc3id1Uju5ASwCxkCVg84BXYOI1/GPrlFRosMj0I7kkaI9MiFLoPjB2E/4ZQHXk8+xuyU+f3lUI1MVcQG4Z0kZWfRACaroikBOaAIUj7CYEFuSm3rK6HFgT9c3nDwbuQLh4ayCQVjcukgoCNXkLf9mnsW8wd2n0jaF8tyxlAsQnE5n1/SaRk/qkft+EYGx0Vgd/eyNuN73fC/lN4g17sroT/x6bm5GZijaKMg4j/2CL8PsHk1DrkXbVole7rhxjfNEwZZqqRabGV9LuS5xWLTS0+fIC8J0hAmVz3POSf1wX3vvNpVdb7zqM/ivBhJH3AojLG7jkME=;5:JhVL537kfeYot+zdlh0LnMVO5TiPjU7jG8ioFxkwjN0sLiWzU0xRFNRVj4yEvRNWOax1gcymGsfybmlgHYXuhBGoo6+H7u5Ki8k9+0MH68ztGlJxvXq7BC+oYLBTLM/wBrAYAo9uEKb/lfeJsSEOgg==;24:7TgHFGJJqIMUp45Of8vxT1P2QOdk0DhwszM6fxX71lbiyOyafNDFeSef01ZRRpTm2q3HpHGvspwY44bDEirs8pC14QsR8nEL2r8wrwC3WMM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY4PR12MB1144;7:bpP/MX2a04nKtUzHdXK9IYHl7bpduK240Kl7NMbbmkWzr4zB94x5Su10a4kDeJ7ppg3zaUmdw5nZNih4K6CNopx9xeI42zy9zkp62odLtaq37YQvi7zg51PN1FduJyjI/ITy5GDoOWkCjTZKhStTc8zqqlYooGlQM3p9WQ5s0xFAunzXmUX59Khp1BIx/gluf9tDwmmjW77lgNvKnSuKNvhVIlsJ1IkjyW1ytdCuXIZk/i7F/8CEQIW1/SF1RRcKE18QhOIdq/kcIlf3qeHwPpRaDh6iLUB5922kwNM8zdCDLo2WNuQMB8jgd7bzrypaPqFqrdPXXavm7BRU76EPoUXvEr+kuxr7OV1v/HL9XRM=;20:BDgTCOfLAe4r7barCfwauS4vLUw21UX0B1luOO4nYqbbjF2oK2pa+6ob534d/zNYnENHL8GsUppxOtKY+3XdwJp9Y7pdqo1b9LifbcRd56T9kumr44a2KbdQLlWUV9+q3TTUvbbyH+6traniN32OPaMKNmB3cGrUa9K4kRehIvSdFy/UvSi2SZ0vN60tWPC57ybraJZcW/MgizwBj3mQiCW9+x4DttKGpOStHoZW9lmrADq/AVduM/vx4ZIOLOZT X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2016 00:35:35.7033 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1144 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4415 Lines: 145 Add support for Secure Memory Encryption (SME). This initial support provides a Kconfig entry to build the SME support into the kernel and defines the memory encryption mask that will be used in subsequent patches to mark pages as encrypted. Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 9 +++++++++ arch/x86/include/asm/mem_encrypt.h | 30 ++++++++++++++++++++++++++++++ arch/x86/mm/Makefile | 1 + arch/x86/mm/mem_encrypt.c | 21 +++++++++++++++++++++ include/linux/mem_encrypt.h | 30 ++++++++++++++++++++++++++++++ 5 files changed, 91 insertions(+) create mode 100644 arch/x86/include/asm/mem_encrypt.h create mode 100644 arch/x86/mm/mem_encrypt.c create mode 100644 include/linux/mem_encrypt.h diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 9b2d50a..cc57bc0 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1368,6 +1368,15 @@ config X86_DIRECT_GBPAGES supports them), so don't confuse the user by printing that we have them enabled. +config AMD_MEM_ENCRYPT + bool "AMD Secure Memory Encryption support" + depends on X86_64 && CPU_SUP_AMD + ---help--- + Say yes to enable the encryption of system memory. This requires + an AMD processor that supports Secure Memory Encryption (SME). + The encryption of system memory is disabled by default but can be + enabled with the mem_encrypt=on command line option. + # Common NUMA Features config NUMA bool "Numa Memory Allocation and Scheduler Support" diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h new file mode 100644 index 0000000..a105796 --- /dev/null +++ b/arch/x86/include/asm/mem_encrypt.h @@ -0,0 +1,30 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef __X86_MEM_ENCRYPT_H__ +#define __X86_MEM_ENCRYPT_H__ + +#ifndef __ASSEMBLY__ + +#ifdef CONFIG_AMD_MEM_ENCRYPT + +extern unsigned long sme_me_mask; + +#else /* !CONFIG_AMD_MEM_ENCRYPT */ + +#define sme_me_mask 0UL + +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + +#endif /* __ASSEMBLY__ */ + +#endif /* __X86_MEM_ENCRYPT_H__ */ diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile index 96d2b84..44d4d21 100644 --- a/arch/x86/mm/Makefile +++ b/arch/x86/mm/Makefile @@ -39,3 +39,4 @@ obj-$(CONFIG_X86_INTEL_MPX) += mpx.o obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o +obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c new file mode 100644 index 0000000..1ed75a4 --- /dev/null +++ b/arch/x86/mm/mem_encrypt.c @@ -0,0 +1,21 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +/* + * Since sme_me_mask is set early in the boot process it must reside in + * the .data section so as not to be zeroed out when the .bss section is + * later cleared. + */ +unsigned long sme_me_mask __section(.data) = 0; +EXPORT_SYMBOL_GPL(sme_me_mask); diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h new file mode 100644 index 0000000..9fed068 --- /dev/null +++ b/include/linux/mem_encrypt.h @@ -0,0 +1,30 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#ifndef __MEM_ENCRYPT_H__ +#define __MEM_ENCRYPT_H__ + +#ifndef __ASSEMBLY__ + +#ifdef CONFIG_AMD_MEM_ENCRYPT + +#include + +#else /* !CONFIG_AMD_MEM_ENCRYPT */ + +#define sme_me_mask 0UL + +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + +#endif /* __ASSEMBLY__ */ + +#endif /* __MEM_ENCRYPT_H__ */