Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1706986ybh; Tue, 14 Jul 2020 05:21:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw+sCSAsFc+uFI8RKSdtN+XydQo6m7w9FbbfSU/QX+ZPOP1gTwe9XOX+2mmfItassVnftVu X-Received: by 2002:a50:c355:: with SMTP id q21mr4191694edb.121.1594729296684; Tue, 14 Jul 2020 05:21:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594729296; cv=none; d=google.com; s=arc-20160816; b=DIPbn36+qc8inewimRm5EvbcwpnFMnMzG4P6o96iiTD2PDXnO/Ww6xDju8Z2KUtu+w hbUT6bF+wwUjNt+rvLhrlFQ25FnUiMXQCe/zMTlkdrldjUjmMPfTKPiW+Knc8xVxC+rk CMzpsiM/1IXugmNicJwXZtAz7/zqc1mZNjbfzxbaTPdvsWnGiDeDPN+GvhnCX0cSaRs9 oj2zgbN/W3chiw1crpIAmBXcOk5belz9300msrPkzwuNeXbUy5Ehj1rOcgN32bnSRPjq nUY6YxkA0oiLWOvZ51nklv8bKH4bKZOK0LqoO1FRd31rLO9qBPFFmWK9hMGFrMwQxjnY 4d1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=llfXruUI2vpuNrcfwMw1SqUHnPHdEhId5xKFbFVWAb0=; b=POwTN7ZMdffwqUDUEdQJuvbpT7AyYeaeUoGRebk58qEHJOpqkdlxBIbzY+e0VE/wXc 1bw1+8+q6TukOZ7xqSPEKYHmk7N18bCRi1iJWfHkl/CMp4yRAkHotUuPSpLoc7Pwwl5O 3j2qDPDdN49feJBZpDNt6sS1+CWyWMX44HvgESbK0HK5bOn7FQ2bkGoKJAZxI/srg0qX FU/XVkUHIHy/YNEIY+f/2jVMI5qh9jCdrFCn7S0KnLH1U+2MKz8f9z6AXhMRRKNfzF6a wcm2+/4fy3jwjQwiXLe8/FPoMEcBlPx8d1xz/NfbyDXqQklHTmX6QBsUV/F7TO0nnPCY kjqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r14si11354413eds.270.2020.07.14.05.21.12; Tue, 14 Jul 2020 05:21:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728537AbgGNMSB (ORCPT + 99 others); Tue, 14 Jul 2020 08:18:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728144AbgGNMKi (ORCPT ); Tue, 14 Jul 2020 08:10:38 -0400 Received: from theia.8bytes.org (8bytes.org [IPv6:2a01:238:4383:600:38bc:a715:4b6d:a889]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6CC2C061755; Tue, 14 Jul 2020 05:10:37 -0700 (PDT) Received: from cap.home.8bytes.org (p5b006776.dip0.t-ipconnect.de [91.0.103.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by theia.8bytes.org (Postfix) with ESMTPSA id 6620B2F9; Tue, 14 Jul 2020 14:10:35 +0200 (CEST) From: Joerg Roedel To: x86@kernel.org Cc: Joerg Roedel , Joerg Roedel , Tom Lendacky , hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: [PATCH v4 04/75] x86/cpufeatures: Add SEV-ES CPU feature Date: Tue, 14 Jul 2020 14:08:06 +0200 Message-Id: <20200714120917.11253-5-joro@8bytes.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714120917.11253-1-joro@8bytes.org> References: <20200714120917.11253-1-joro@8bytes.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky Add CPU feature detection for Secure Encrypted Virtualization with Encrypted State. This feature enhances SEV by also encrypting the guest register state, making it in-accessible to the hypervisor. Signed-off-by: Tom Lendacky Signed-off-by: Joerg Roedel --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kernel/cpu/amd.c | 3 ++- arch/x86/kernel/cpu/scattered.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 02dabc9e77b0..069a774f6d57 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -234,6 +234,7 @@ #define X86_FEATURE_EPT_AD ( 8*32+17) /* Intel Extended Page Table access-dirty bit */ #define X86_FEATURE_VMCALL ( 8*32+18) /* "" Hypervisor supports the VMCALL instruction */ #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ +#define X86_FEATURE_SEV_ES ( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index d4806eac9325..7eaca090e2e8 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -613,7 +613,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) * If BIOS has not enabled SME then don't advertise the * SME feature (set in scattered.c). * For SEV: If BIOS has not enabled SEV then don't advertise the - * SEV feature (set in scattered.c). + * SEV and SEV_ES feature (set in scattered.c). * * In all cases, since support for SME and SEV requires long mode, * don't advertise the feature under CONFIG_X86_32. @@ -644,6 +644,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) setup_clear_cpu_cap(X86_FEATURE_SME); clear_sev: setup_clear_cpu_cap(X86_FEATURE_SEV); + setup_clear_cpu_cap(X86_FEATURE_SEV_ES); } } diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c index 62b137c3c97a..30f354989cf1 100644 --- a/arch/x86/kernel/cpu/scattered.c +++ b/arch/x86/kernel/cpu/scattered.c @@ -41,6 +41,7 @@ static const struct cpuid_bit cpuid_bits[] = { { X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 }, { X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 }, { X86_FEATURE_SEV, CPUID_EAX, 1, 0x8000001f, 0 }, + { X86_FEATURE_SEV_ES, CPUID_EAX, 3, 0x8000001f, 0 }, { 0, 0, 0, 0, 0 } }; -- 2.27.0