Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932661AbcKJAyi (ORCPT ); Wed, 9 Nov 2016 19:54:38 -0500 Received: from mail-by2nam01on0059.outbound.protection.outlook.com ([104.47.34.59]:15946 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754219AbcKJAxM (ORCPT ); Wed, 9 Nov 2016 19:53:12 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; From: Tom Lendacky Subject: [RFC PATCH v3 15/20] x86: Check for memory encryption on the APs To: , , , , , , , , CC: Rik van Riel , Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , Konrad Rzeszutek Wilk , "Paolo Bonzini" , Larry Woodman , "Ingo Molnar" , Borislav Petkov , Andy Lutomirski , "H. Peter Anvin" , Andrey Ryabinin , Alexander Potapenko , "Thomas Gleixner" , Dmitry Vyukov Date: Wed, 9 Nov 2016 18:37:40 -0600 Message-ID: <20161110003740.3280.57300.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> References: <20161110003426.3280.2999.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR15CA0020.namprd15.prod.outlook.com (10.172.204.158) To BN6PR12MB1137.namprd12.prod.outlook.com (10.168.226.139) X-MS-Office365-Filtering-Correlation-Id: 05b552b4-7ee8-498f-fd82-08d40901c9ad X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;2:GzGRQljAqD9SiY//rW7D/b+EYq6esj9HCYiXuHwTBooybMR7uJi+cYWpoQiDTGXKUT2q7IsR04P5c0C76m1W5S4bTGdP8GR3zFcIGe2wlQCaRlNrEnBUgXoKKT4BCGJ9CA8DsPeWUr+cwLgMV8q3CYxFTVyhme2jU1LTJnI5cZcPm8Bn/a6Ywqka2enhGjJe9l3zFx337Ku0zfDpfcPoig==;3:16xrNZv9x00pU83rjkjteWtzN1LCL5RRgSGvcpqg1IYZ1loSUAIpfROJWDoJJ80gXtqN1dk2ZI05uumri6tft9g/Y2XKhE2byaBZYFq1bl2z8NhFr11JRm7A3hpkBPb+lC87d73NTQ8PavTfjn1reQ== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN6PR12MB1137; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;25:egTZRb+CTIXGsIpvSbe//B9eE6x46oz16SgsV15vNvh44X7q6EEtGqBNoBsOBvif7QlokfhnYAanxe7tQS/sqlFPZcXzVTNfgM4YW+MWZ0IpVFyOyejkidLD4BkGtVpYNFX5IvvGQa3fmejZlu653uAqqAsRGGCCpJG49gN5lS69WZ44k7r0m6/1up/iveOehfxK26rubTiSs9AE+fQ0KIhX0cGzumUKxTcHKtk3OBlPAxQUd/FdKv8KitP+0/GwsCeQ9pg1grAAI12I8rv+/TLSE6blxOYjHmRzKcBzphWfEQrQQz2gDyc1paoyLIoRw6K057chnX620FMu2n+KumyTu5uKw1Nh/HWZEU1tkY+m5ZnVv/UocFBXoYUhpgn1xud8Y/pL/u5ERBOBdnf54oubIAitDneyOi6ueJmE3xMajgP+vPszXq289rW7P62v5CENVnKypNL6ebnCeu1XWqXckzxMYjbycVB70k+NnOniEi6zb7AT7YrTXDZvH4UbKA71xPHkk9RWtjquhENoH42rS9Vk0FFk9PFONDHvhpo0dxfKDKISISPALNE4eR1RyeQ+dwEDQW39o7OP4ikf/ao9hkEVmXBH6MRmcIV/zl12ygN/8oOaXFPRtD/Em86a8Uo4lwoVoHMWxbpJSsB5LU5lRRYsSvTqrlGFd6K1zf32NdhzrHpUocReUznomkMsnXbk6XOTftUR/mAac+f82k3SjTssAa+yRcUAU7XKPr0= X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;31:eCNU5M6CDg+U4CLLM8nd+2BL9Hw+n5NEMI9+6LdNkFTKlf0DgsJ1nR3QSJeEspBZfRVA+vk50tTWWe1x+tgpD2hCUIhSoLPqB0le6FvciaH/8IZPHgCh763L5XKua5LWeslOB5QHadhTMVhsdXxS8esJojf9HNrxSCofl+rwVDmAWCH5WT93TmLL95uXk/x7LwsSsM/3AkptSzj9SkJXjyQQgT/jd9rV2ojrn/W/jP2iqa+UvYQoVPySvG81LI2N1RGifn9RpmzLqYE4ruWP6A==;20:97I1kfQLko5HQhn8Y3H5WshQPCCaoiuXY9W094EMsfag7gAtp/1LZfpHqGyRW9OuCpcUvYxv0J6lCkrJR7/ZFS0tmgZuVXasNp0x/WovVdMGLpizQAiSUGkM16kUZVHZuzush3wmg148kRojKIy1f11fpMYtW7jofLaEkpuRBLnNL/xVmEIp6wRoj5oPCmmLhRv/txwS+AuXnaIdCcC+XaKcwhUsAtGSBKRJoOlzm/Vq3pNNA4i0lPz/awjyzNSoOIgNjLZWiPtITqhg//pfhYmthn8IUwHZmowfpAHvpJI3mbuR+ON7mPHNMxzDlI3Xaeuz6WwcODXUD1cKBDyh2AZuI5zyFShkPrJJ3Pt3+ELLz1oYeGS+eXcrGbOFumuZJ2GGVHpEnAHWtoJCS/LQwKDZh/p7F+TKBCNpYvihZZCDATeEGHuZbjrrdesocf3fbXtxw1d9clpVT3DflWJvx2xgzUTd6Ja1tIord4uzZxOg0bnyjO4sz7mYt65vI6P6 X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026);SRVR:BN6PR12MB1137;BCL:0;PCL:0;RULEID:;SRVR:BN6PR12MB1137; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;4:E1I9srW6ezJCQtevBQRTN8gbPfmKx7iq7GT1qo19Ptkzgx6SA4vSbjIS1WFWyJeHyipqe75WxLMt+xHlozuiWGoYrSUe1FxqUlvIeL9zjaZJAlkMltpvFRqio8SW7kOyJnJu7v1IhCyYd8/uKZuSu3R8uTqpTGLNf4l6ae3GYMBZjEE6zEO7bxV4RYfTrqsQIfbOl2m3InXF9MKSB8KPEhuxSfCf39KEfv/4nuLmPS0U/T009BW/gpiidCkcr3L4JyxJ9J98qr7m4sF6H8Lx8T8YElL72BuXVwWvb29K/tjwltfALvj7CtkXLGb/poVdfxzNDSDBhGIf6cQ0u3f79wC0nahcXFWp8OsUpwpy8qXLFGqXCRxdO4MRiHJyJA6H0gxXJdR0rHmTrSAE7SDrYeQNp+Cz89paH9TdudY1ww00BWWxhPEI0iuoIxviMV6iHSVuPM928yTJDdKTy54J1g== X-Forefront-PRVS: 01221E3973 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6009001)(7916002)(189002)(199003)(42186005)(53416004)(106356001)(586003)(105586002)(3846002)(4001350100001)(6116002)(5001770100001)(2950100002)(97736004)(83506001)(50466002)(1076002)(23676002)(77096005)(68736007)(101416001)(305945005)(69596002)(7736002)(7416002)(66066001)(5660300001)(8676002)(7846002)(189998001)(92566002)(9686002)(33646002)(230700001)(97746001)(4326007)(47776003)(86362001)(103116003)(2906002)(54356999)(2201001)(76176999)(50986999)(81156014)(81166006)(71626007)(217873001);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR12MB1137;H:tlendack-t1.amdoffice.net;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxMTM3OzIzOmgzWjFUMGRZSXZ6TVFjRkcwdG01cUVlbENE?= =?utf-8?B?SmZnbmVmWDZuLzMyUE0zdWd2YW1aYW1RVXV5SktTOHdEV1ZsOWRQU1Nxb0FY?= =?utf-8?B?NjlzRHdBMzV6Z2ZBbCtMYjZEMnhOb2V1TE5wYUU2YlBHSiszRDY1ZmEwNXcz?= =?utf-8?B?YTFQdzRDVGYzQjBpdC9FV0RyWGpOcEpieitBc3BUMjB1TjlrSFA0NUk1RGVv?= =?utf-8?B?UzYyUXNmdUM5M2JSM2I2QkJlRVdGNHl5b0Y4M1B5dTNkcUZicDBjRjdTNktD?= =?utf-8?B?ZktuTDNVVHJJUkhmSDlyTyt2OHNobDI4OXU2dVd3bVU5VHlIdTc4bVhkL3lq?= =?utf-8?B?TmEwN2x2aC8zNVBvdUlkSEFRYmZ1Ry9LbnhpbmxzYXAvbmxSWUVnUWtsTXI0?= =?utf-8?B?MHlTd1p6dDV1RVQxVDhBVlpNN1YzWXpvMUY4ZUtwT2ZJcVVBQnJqaDJtZzQ4?= =?utf-8?B?U3YyaE54aU03bkFjMXFxcmlia0VnbGRteUY4YktqVDUrMHAvcnY5ZWthenRK?= =?utf-8?B?UjdoWDFrK0huZ0FGMWswU0RUWTRXdm1jYkZpY1F5TEFVUHlEUVF3aXkvNkU2?= =?utf-8?B?cys2SFhRRGNIaWxYbXlLVDdWQ0JnOVBaRStmQkRUeCszRDR5ZlVLbjJJVUww?= =?utf-8?B?ZG5aTUxEelluc2liYk1UaG5oUFpzSjl1bTYwcytzVExoVFRTS0FFclpLVkgy?= =?utf-8?B?Z3RETHo1OSs0S2Z4dFY4VmpWUUljZnNCcnJkMEtlQ2dXdSt3YSt0QTNjcXJM?= =?utf-8?B?TzZkRnp6WTFQaTZHNjNKMC9RWm5HTGoyUWY5OU1Kb0c4dXYvR3h6ZWlJbW8z?= =?utf-8?B?bE5aVk1qekh1ZUI3WXVQdVRmU1ltK0JoWUtwL2xxK3E5S2RBdSsrVElJSGNo?= =?utf-8?B?TmNTbWo3NVU4WE91ZjZVWm9MTmE3bVZkTXMrSmtoQTJyM0ltQkdUakk4RDhs?= =?utf-8?B?d293S1dKRTFmMWlQZHFRTERFbjhQdk1BKzkzTTBtZkw5NVdQdngyUk1zd1RU?= =?utf-8?B?RWlZOVhrNTB2Ym1SWEY1Sm1UL3JvQUplSE56TU1ESjk5T3IrN2dDZlBiY3FZ?= =?utf-8?B?QkxwRGdFK1lieGtjbHl4dXVSaFlWZVhQckFLR0NHaXhNY3hObCtyUFIrR0oy?= =?utf-8?B?YVlyU3drbHg1UU5tUHl0T05kR2RWeFBBcmgxcFhJdDVaUlZ3SkxHN3B0ZTdD?= =?utf-8?B?b0RLQ2dYV3lWdzZxSHUzK3NIYTU1RnBoSTRQWmxsaVFCekVxSnRtMG9jTENu?= =?utf-8?B?akxEWTdERmowSUlGZ3RaQThucnduWHJBU2pkVDNFNVpGU0U4S2JHeVVkODVF?= =?utf-8?B?dCs5MVNHcUo1RFRGVU96eXQ5ekF0WW81WHNHQ25nZEc5K3MvSUlnNENFZm93?= =?utf-8?B?WDBldS9zS25vdksvQm9YYkdBckV3M3RDeVRNdHhOWVVNMG1ZV1dtUzVvZ2RR?= =?utf-8?B?cTJVc0h0czY2aXh6Mk04ZlNLbE1YNXJuN0FVbWdtMFFTeTd0aXY3K1YwbVgv?= =?utf-8?B?elhhUmxKR0locDk2VEtEM0FCc0txZG9lVm5KdmVNVGlTMGgyRS83enFTQWtu?= =?utf-8?B?b1pSaCt1aVcreFVxNkpFT0wxbGdrSlRRWDJucW9GOXBqQTNzdUlWT0gyQ3R4?= =?utf-8?B?ZXV3VDlBUnRtQWRPSTRJUC9aTWg1WjY4dStNQUJXNGhiNDc0b3BsVUFBPT0=?= X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;6:4a8QqQEbonFGxqmtzSgGHQ2ZSVYkL2shUVxdCPyaI5SZ4ZXHaiiEDHu2pxvUJyF/y1v7Oz7L7eDgvaiZJfuDEIoC0SgTWue6TjrfoHFk53cVN8sKZflqfv1AQ5SuElBEI1D3ApqJNIwrgGvQiELv2m1B9Vt5qe6oUeLOxG3QsEOFTujEjhf/0dF5EYp1th6MpqvMlH1GA1/qtUDcZxcMEuyVi8LQnXtDPwfwhlYCVw/zbZufynk/2qNm3XbLVMFvBzmTvbIfv6qNuXzg75wWpYgpUHkdn/gzlIjM9As0whf8xxHGJl/i9m3N3c6qNjN1KLFcaIyL8HM2PPyFvs+594iskDD4pcmzS2C25QqCNnQ=;5:6xru7v7NT+NXbmehL++8oXS7McxashE6kxp0+UJ61wDIDTh9JgYbRd0NtJN+IwIv/t6rds7CVk12WhAhNZaB755H42Nc3TN2n0nvIHSdTg3OZOEeyB+2lFndWF3Vp0wVlieYeM550v1if5nHOKFfMQ==;24:ssKG2HHkkD4KO/sQTqtzJYxWQsTbgyoLDgnsZwPNZyXAelxNsHcAgSOyP2OR030Uncg7W3VYfUrVjPt8Gy9kEx/gzZQh+gSKZv6BOzOzXSM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1137;7:RrO0nAOn1lPRC92l13//TfZWl2jFf4GsEdxR6Ub8VFN1y4SYFWAFk9yEXO5sZjDYiKHJdrbnS2zOF45EdF9pLgndP6qFRdfuYonWevbZ04AQgWN9a7f/iO+tNlAfXJKeMImf5va+rCuRpZz6WxBVUhznBdWBKQQvZi3Wl2YCxiPUVxAmpcFCgfFYctfL9aQ3ohH1/kooiZqjGZDkueB8QiZhrY8YwwhtSCe6szMwvD6JIS275UPY333F5XF487d5uP//cWlPWO9NSxsjbs5kVkQwX8/vhk1N80xLsr+/poqhvFo7UX4pE8VJKAg6yZVxEpd6Adym9iaOf3s3Uvh9O/UyJyQyUVKYZenxwN/40+Q=;20:iSj8bOb4iOJ2HadUg30Km7I5YFvNjv1cq5Sr0CPKKxkuJik6/PDb2JZAChdyqBfkLoncRAWkeyYEqNRr0PfspzubwSt08oq4IWmQdLLUVa2Toid51zvyM5Anvnuota0fl9jTiltc2oEir8JyMwnUQZKgQGRWV78LbJWTgCtYaFC/Tuovpha8bAp3sQY8HSpX8Fmjiyhkcr7CCcOl8JlmHnDldXuw7MPdsBuDedb+vq1/U8rB2k5lp0cfzD6IcFnA X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2016 00:37:43.6372 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1137 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3032 Lines: 106 Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP then do not allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 19 +++++++++++++++++++ 3 files changed, 35 insertions(+) diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..850dbe0 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * when configured for X86_64 + */ +#define TH_FLAGS_SME_ENABLE_BIT 0 +#define TH_FLAGS_SME_ENABLE BIT_ULL(TH_FLAGS_SME_ENABLE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 44ed32a..a8e7ebe 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -101,6 +101,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_me_mask) + trampoline_header->flags |= TH_FLAGS_SME_ENABLE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..94e29f4 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,23 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ENABLE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bt $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the MSR has not been set on this + * CPU so we can't continue + */ +.Lno_sme: + hlt + jmp .Lno_sme +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +165,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S"