Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3038842imm; Fri, 24 Aug 2018 09:27:47 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZkuvoQC+uldGT+mD/DOhsYsAoTfmb7HlNwneUaLZSMMnrzMNB+uLOh6J8vilccdlfvPoXk X-Received: by 2002:a63:1618:: with SMTP id w24-v6mr2436427pgl.43.1535128067792; Fri, 24 Aug 2018 09:27:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535128067; cv=none; d=google.com; s=arc-20160816; b=j+UHJ6GH92uzSp282b76DiKPVn2KkY3Z9po7aALNrNX+IyYIDetARReoA09XhPCvxo L79vIKzwchgGqU6PaPkxlwkl4NK5p58EFIHttEj+znBI60tgwTa9n3eQTiKLZqDGL8dD r8+a1MWZePFvVQFELr+TboKbVxz/BbgOE6TdgmVdMJ1fb+4E4ZvsNgSu2oLqgK7whTxf Jmwx5I03xT0Rj7ru4Fb25XrxxtF0kyb+I5QZ3eB9wik7BcbE0uv7w2odmUwN15337bwb U+dQjbIwJTjJ6O7/+coAgARRTxuxAN4ar2TEl9UnJFHX9vACF8XjBEWuJa16W+LX0d7L aDUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from:arc-authentication-results; bh=Ly/F5WB0nyjdh/h98zxr/qgihavZTOOE5zpq8YvsrdU=; b=GyjS9zANEk6yrwiUEJY/J1BehvcP+rQBN/aI9dlT3lx+L7WdSRw9rIE6DXy837Z0FX 3SSW/f1lL0c0fovZ6OXRSuOx7EI3SkicLGWykB0vVqGsV7mOjc26xTlWg0Vrr5q1HH9k e4dkyeqEgdm90qCnCWMUScAXk5+O7BcBr629Qm/ZPz7wlAS6lRAVjjR7XAH/1Cjw1CtL 6dU1TOg5xT7WnTW8urbIkeckQ2C/vDqeIZnxP2NmKKEY+d5EpYCRSUp452vjH2Zkiaog GnA8huh9AZgott/PbqPusPg7SbZGEJ7ll9ZbifnubjcJkEmJ5wKJxZWGyen7Ezrs6Nu0 R5nw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 43-v6si7106253plc.496.2018.08.24.09.27.32; Fri, 24 Aug 2018 09:27:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728034AbeHXUBX (ORCPT + 99 others); Fri, 24 Aug 2018 16:01:23 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:56324 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726488AbeHXUBW (ORCPT ); Fri, 24 Aug 2018 16:01:22 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7OGNpBn119519 for ; Fri, 24 Aug 2018 12:26:00 -0400 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0a-001b2d01.pphosted.com with ESMTP id 2m2jx06xpj-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 24 Aug 2018 12:26:00 -0400 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 24 Aug 2018 10:25:59 -0600 Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Fri, 24 Aug 2018 10:25:55 -0600 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w7OGPrJL49479842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 24 Aug 2018 09:25:53 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BEE407805F; Fri, 24 Aug 2018 10:25:53 -0600 (MDT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D55277805E; Fri, 24 Aug 2018 10:25:49 -0600 (MDT) Received: from morokweng.localdomain.com (unknown [9.80.232.133]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Fri, 24 Aug 2018 10:25:49 -0600 (MDT) From: Thiago Jung Bauermann To: linuxppc-dev@lists.ozlabs.org Cc: iommu@lists.linux-foundation.org, linux-kernel@vger.kernel.org, Alexey Kardashevskiy , Anshuman Khandual , Benjamin Herrenschmidt , Christoph Hellwig , Michael Ellerman , Mike Anderson , Paul Mackerras , Ram Pai , Anshuman Khandual , Sukadev Bhattiprolu , Thiago Jung Bauermann Subject: [RFC PATCH 01/11] powerpc/svm: Detect Secure Virtual Machine (SVM) platform Date: Fri, 24 Aug 2018 13:25:25 -0300 X-Mailer: git-send-email 2.14.4 In-Reply-To: <20180824162535.22798-1-bauerman@linux.ibm.com> References: <20180824162535.22798-1-bauerman@linux.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18082416-0020-0000-0000-00000E57A3A3 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009603; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000266; SDB=6.01078233; UDB=6.00555984; IPR=6.00858207; MB=3.00022909; MTD=3.00000008; XFM=3.00000015; UTC=2018-08-24 16:25:58 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18082416-0021-0000-0000-000062CAB5A6 Message-Id: <20180824162535.22798-2-bauerman@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-08-24_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808240172 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Anshuman Khandual A guest requests to be moved to secure memory early at the kernel startup (in prom_init). Define a flag that can be easily checked by other parts of the kernel so that they can set things up accordingly. This is done by checking the MSR(S) bit, which is always set for secure VMs. Also add a new config option CONFIG_PPC_SVM to wrap all these code to prevent it from being executed from non subscribing platforms. This SVM platform detection is applicable only to guest kernels that will run under an Ultravisor as a secure guest. Signed-off-by: Anshuman Khandual Signed-off-by: Ram Pai Signed-off-by: Sukadev Bhattiprolu Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/Kconfig | 11 +++++++++++ arch/powerpc/include/asm/reg.h | 3 +++ arch/powerpc/include/asm/svm.h | 22 ++++++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 9f2b75fe2c2d..f786c962edf0 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -440,6 +440,17 @@ config MATH_EMULATION_HW_UNIMPLEMENTED endchoice +config PPC_SVM + bool "Secure virtual machine (SVM) support for POWERPC" + default n + depends on PPC_PSERIES + help + Support secure guests on POWERPC. There are certain POWER platforms + which support secure guests with the help of an Ultravisor executing + below the hypervisor layer. This enables the support for those guests. + + If unsure, say "N". + config PPC_TRANSACTIONAL_MEM bool "Transactional Memory support for POWERPC" depends on PPC_BOOK3S_64 diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h index 562568414cf4..fcf7b79356d0 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -36,6 +36,7 @@ #define MSR_TM_LG 32 /* Trans Mem Available */ #define MSR_VEC_LG 25 /* Enable AltiVec */ #define MSR_VSX_LG 23 /* Enable VSX */ +#define MSR_S_LG 22 /* Secure VM bit */ #define MSR_POW_LG 18 /* Enable Power Management */ #define MSR_WE_LG 18 /* Wait State Enable */ #define MSR_TGPR_LG 17 /* TLB Update registers in use */ @@ -69,11 +70,13 @@ #define MSR_SF __MASK(MSR_SF_LG) /* Enable 64 bit mode */ #define MSR_ISF __MASK(MSR_ISF_LG) /* Interrupt 64b mode valid on 630 */ #define MSR_HV __MASK(MSR_HV_LG) /* Hypervisor state */ +#define MSR_S __MASK(MSR_S_LG) /* Secure state */ #else /* so tests for these bits fail on 32-bit */ #define MSR_SF 0 #define MSR_ISF 0 #define MSR_HV 0 +#define MSR_S 0 #endif /* diff --git a/arch/powerpc/include/asm/svm.h b/arch/powerpc/include/asm/svm.h new file mode 100644 index 000000000000..6f89e5d6d37f --- /dev/null +++ b/arch/powerpc/include/asm/svm.h @@ -0,0 +1,22 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * SVM helper functions + * + * Copyright 2018 Anshuman Khandual, IBM Corporation. + */ + +#ifndef _ASM_POWERPC_SVM_H +#define _ASM_POWERPC_SVM_H + +#ifdef CONFIG_PPC_SVM +static bool is_svm_platform(void) +{ + return mfmsr() & MSR_S; +} +#else +static inline bool is_svm_platform(void) +{ + return false; +} +#endif +#endif /* _ASM_POWERPC_SVM_H */