Received: by 10.213.65.68 with SMTP id h4csp18893imn; Mon, 12 Mar 2018 05:24:52 -0700 (PDT) X-Google-Smtp-Source: AG47ELsyjMZLK1gd/ALxZIgaixBcP2rkp8OlNaigHw49AHDkSOPGGigoOUcRbpra1HNOkd2oCA6u X-Received: by 2002:a17:902:b109:: with SMTP id q9-v6mr8149898plr.340.1520857492267; Mon, 12 Mar 2018 05:24:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520857492; cv=none; d=google.com; s=arc-20160816; b=lq6mkCNxdBCIKy9AZJjSsDEUcKi/oIOAEsWj+gAXWIrwgquDGNZeI/e5JOW4BOp+i+ FFqRpGdCDEe7KpIlWnWXdoBo7hc1/+rmhnZxEjX+nVqm5+f/4ujg5Yx6XeI9CjOwh0Rz Kubu+18Q/7rBTQZ6B6zns7QCcYUkSrybaR+4szobd66WuR/sBXu+fuvbGDrPe70XHzKF +7kHU3SqxE5M51gZpcd/u+3Xox/l0PVcYhspbS+SO7aCrTrIJhY3BYviXkoLfuu/6DAM P1ZXtgR59xzraZMwYy2YC2ZTDMpldTruaOX9hkYB9NVjyiWEHNirvqIrEVS0Xouq+Aiz bzxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:robot-unsubscribe:robot-id :git-commit-id:subject:to:references:in-reply-to:reply-to:cc :message-id:from:date:arc-authentication-results; bh=DNzbULHwx8zAS26y62k3WfpRMbL6iWmApj1jadRozbY=; b=jYhP5kK77IKb3gOmjH79PGvGtzAIdK1jvMmNNBWzsJRqRXYtTsToee96kFrK6NzFDC zyrRwJ4V0DZ2T0ZMcN539FKWYdbKJhj+of41SfkwfJrhzXCWJKrkOoaNaN0HnauIQXl0 F9kG31nXIh6PByw018BjvJshVAvAkhmaTi01gMMdHFCWeD6hUD2qgTEHDr/uaDcjkiUb YULgpL1G/eMPcKAU1kh0VL1R3KGKnR5oXna7dGg73ywD+UbTs073TuOMnYQOSxGm4Kxg qDtw5K8hFd7hgFJlskz5RUp8qJD6vFmfEePrGzFmnwNr94WeJJJvZb7mvEcqsznl4fcG wynQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h4si5668304pfh.48.2018.03.12.05.24.37; Mon, 12 Mar 2018 05:24:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751754AbeCLMXU (ORCPT + 99 others); Mon, 12 Mar 2018 08:23:20 -0400 Received: from terminus.zytor.com ([198.137.202.136]:35605 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751502AbeCLMXS (ORCPT ); Mon, 12 Mar 2018 08:23:18 -0400 Received: from terminus.zytor.com (localhost [127.0.0.1]) by terminus.zytor.com (8.15.2/8.15.2) with ESMTP id w2CCLvEl017483; Mon, 12 Mar 2018 05:21:57 -0700 Received: (from tipbot@localhost) by terminus.zytor.com (8.15.2/8.15.2/Submit) id w2CCLsDQ017477; Mon, 12 Mar 2018 05:21:54 -0700 Date: Mon, 12 Mar 2018 05:21:54 -0700 X-Authentication-Warning: terminus.zytor.com: tipbot set sender to tipbot@zytor.com using -f From: "tip-bot for Kirill A. Shutemov" Message-ID: Cc: thomas.lendacky@amd.com, kai.huang@linux.intel.com, kirill.shutemov@linux.intel.com, tglx@linutronix.de, torvalds@linux-foundation.org, hpa@zytor.com, peterz@infradead.org, dave.hansen@intel.com, linux-kernel@vger.kernel.org, mingo@kernel.org Reply-To: dave.hansen@intel.com, peterz@infradead.org, hpa@zytor.com, mingo@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, torvalds@linux-foundation.org, kirill.shutemov@linux.intel.com, kai.huang@linux.intel.com, thomas.lendacky@amd.com In-Reply-To: <20180305162610.37510-3-kirill.shutemov@linux.intel.com> References: <20180305162610.37510-3-kirill.shutemov@linux.intel.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/mm] x86/tme: Detect if TME and MKTME is activated by BIOS Git-Commit-ID: cb06d8e3d020c30fe10ae711c925a5319ab82c88 X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on terminus.zytor.com Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: cb06d8e3d020c30fe10ae711c925a5319ab82c88 Gitweb: https://git.kernel.org/tip/cb06d8e3d020c30fe10ae711c925a5319ab82c88 Author: Kirill A. Shutemov AuthorDate: Mon, 5 Mar 2018 19:25:50 +0300 Committer: Ingo Molnar CommitDate: Mon, 12 Mar 2018 12:10:54 +0100 x86/tme: Detect if TME and MKTME is activated by BIOS IA32_TME_ACTIVATE MSR (0x982) can be used to check if BIOS has enabled TME and MKTME. It includes which encryption policy/algorithm is selected for TME or available for MKTME. For MKTME, the MSR also enumerates how many KeyIDs are available. We would need to exclude KeyID bits from physical address bits. detect_tme() would adjust cpuinfo_x86::x86_phys_bits accordingly. We have to do this even if we are not going to use KeyID bits ourself. VM guests still have to know that these bits are not usable for physical address. Signed-off-by: Kirill A. Shutemov Cc: Dave Hansen Cc: Kai Huang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Tom Lendacky Cc: linux-mm@kvack.org Link: http://lkml.kernel.org/r/20180305162610.37510-3-kirill.shutemov@linux.intel.com Signed-off-by: Ingo Molnar --- arch/x86/kernel/cpu/intel.c | 90 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 4aa9fd379390..b862067bb33c 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -510,6 +510,93 @@ static void detect_vmx_virtcap(struct cpuinfo_x86 *c) } } +#define MSR_IA32_TME_ACTIVATE 0x982 + +/* Helpers to access TME_ACTIVATE MSR */ +#define TME_ACTIVATE_LOCKED(x) (x & 0x1) +#define TME_ACTIVATE_ENABLED(x) (x & 0x2) + +#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ +#define TME_ACTIVATE_POLICY_AES_XTS_128 0 + +#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ + +#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ +#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 + +/* Values for mktme_status (SW only construct) */ +#define MKTME_ENABLED 0 +#define MKTME_DISABLED 1 +#define MKTME_UNINITIALIZED 2 +static int mktme_status = MKTME_UNINITIALIZED; + +static void detect_tme(struct cpuinfo_x86 *c) +{ + u64 tme_activate, tme_policy, tme_crypto_algs; + int keyid_bits = 0, nr_keyids = 0; + static u64 tme_activate_cpu0 = 0; + + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); + + if (mktme_status != MKTME_UNINITIALIZED) { + if (tme_activate != tme_activate_cpu0) { + /* Broken BIOS? */ + pr_err_once("x86/tme: configuation is inconsistent between CPUs\n"); + pr_err_once("x86/tme: MKTME is not usable\n"); + mktme_status = MKTME_DISABLED; + + /* Proceed. We may need to exclude bits from x86_phys_bits. */ + } + } else { + tme_activate_cpu0 = tme_activate; + } + + if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { + pr_info_once("x86/tme: not enabled by BIOS\n"); + mktme_status = MKTME_DISABLED; + return; + } + + if (mktme_status != MKTME_UNINITIALIZED) + goto detect_keyid_bits; + + pr_info("x86/tme: enabled by BIOS\n"); + + tme_policy = TME_ACTIVATE_POLICY(tme_activate); + if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) + pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); + + tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { + pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", + tme_crypto_algs); + mktme_status = MKTME_DISABLED; + } +detect_keyid_bits: + keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); + nr_keyids = (1UL << keyid_bits) - 1; + if (nr_keyids) { + pr_info_once("x86/mktme: enabled by BIOS\n"); + pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); + } else { + pr_info_once("x86/mktme: disabled by BIOS\n"); + } + + if (mktme_status == MKTME_UNINITIALIZED) { + /* MKTME is usable */ + mktme_status = MKTME_ENABLED; + } + + /* + * Exclude KeyID bits from physical address bits. + * + * We have to do this even if we are not going to use KeyID bits + * ourself. VM guests still have to know that these bits are not usable + * for physical address. + */ + c->x86_phys_bits -= keyid_bits; +} + static void init_intel_energy_perf(struct cpuinfo_x86 *c) { u64 epb; @@ -680,6 +767,9 @@ static void init_intel(struct cpuinfo_x86 *c) if (cpu_has(c, X86_FEATURE_VMX)) detect_vmx_virtcap(c); + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme(c); + init_intel_energy_perf(c); init_intel_misc_features(c);