Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp273868pxf; Thu, 25 Mar 2021 03:56:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkS6QoIRAZB7LvelSQWq3w99NXiB6VBmixHe0ilfWKBacMESFz+q+b9jEh4MuVGqEpibkh X-Received: by 2002:aa7:d5c9:: with SMTP id d9mr8769996eds.102.1616669806099; Thu, 25 Mar 2021 03:56:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616669806; cv=none; d=google.com; s=arc-20160816; b=EdANEX+C4yZbgQe5bJ/6YBdQDw8wB0sTUU9u/npLM78jSJEmJrZURugrX57Ui4/Ekh Qx3NZW0sjWPq1jz1aHHnej6oTRuo9iitOPOjFu5RXrdf6gJDKVIWQ43o6yruMBk6v799 kIP0t9LL4R4X0oeDKYP06qx0E6U9aUP5w7DtSBcmypu4Nf2rh3b1s2l3Bb8q9Z8bFGUY sRpXVNkiLyiiJhoZ3oBEFA1ZOd4W69wnGeiik6zmABNSwnv5KhcbyGZzsWOEjYm1KRvj Ul0/cO0J2W05kGCFLGFheMc/r3VU4wjcJ8IoUoafb82ts3a5WFvwSTsmduAb/LR6Kn9c 2G9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7hQS1Zk4qijEwSa8ikJ/1MafWKIbpZjK368ZCUsmpSc=; b=L74N8ZeufPPKknIujr1ldZi8uH+RVA1R5a4ExdcFFsZO0Bs8JtRKgkZieIhlPa5kBW WOONdYXLAUfGGT8uWueyUXIEfxR/NiqlDvg+KP3mTl0d95AcgcwqA9wA3U8Si5T6JZaC ZDIbJpaa7MTvtVrHCMbkseAqNA4q+VqE+FYv+aeoDjbauCgTJm363EHipykGoQHOsfl3 pxmQsLXrQfbHGki177aa41cPXxK/S/VV+dxTL3rYQwXPHKOqJ0JQysRoR7LG1dajIjWg /wj35L3NzgYnudzgJO/czx0apOJuOea2UwTbV2LPKROrJ4/gh8g+PpHl3RMHTKHs6EN2 SMBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=TQ4JVvY3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h15si4510040ejq.438.2021.03.25.03.56.22; Thu, 25 Mar 2021 03:56:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=TQ4JVvY3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230156AbhCYKye (ORCPT + 99 others); Thu, 25 Mar 2021 06:54:34 -0400 Received: from mail.skyhub.de ([5.9.137.197]:48318 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229989AbhCYKyZ (ORCPT ); Thu, 25 Mar 2021 06:54:25 -0400 Received: from zn.tnic (p200300ec2f0d5d00d5a461c7dd3b44f2.dip0.t-ipconnect.de [IPv6:2003:ec:2f0d:5d00:d5a4:61c7:dd3b:44f2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 227771EC0324; Thu, 25 Mar 2021 11:54:18 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1616669658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=7hQS1Zk4qijEwSa8ikJ/1MafWKIbpZjK368ZCUsmpSc=; b=TQ4JVvY3LA9P2yMKv3TIftb763w1/WQ8HbiESPBe828tIOtw8TQtCNb4GrpnyH/vbyBqu+ x1XAxcWxMALsGGhNDAvjsVLO8QtmxRsKRhYA3LR90lKLexAgVbgfKsyK5RTMK5hLIPsqRr qbim9y+qmIpmiujOlhDXd03p/hos4Gs= Date: Thu, 25 Mar 2021 11:54:17 +0100 From: Borislav Petkov To: Brijesh Singh Cc: linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org, ak@linux.intel.com, Thomas Gleixner , Ingo Molnar , Joerg Roedel , "H. Peter Anvin" , Tony Luck , Dave Hansen , "Peter Zijlstra (Intel)" , Paolo Bonzini , Tom Lendacky , David Rientjes , Sean Christopherson Subject: Re: [RFC Part1 PATCH 01/13] x86/cpufeatures: Add SEV-SNP CPU feature Message-ID: <20210325105417.GE31322@zn.tnic> References: <20210324164424.28124-1-brijesh.singh@amd.com> <20210324164424.28124-2-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20210324164424.28124-2-brijesh.singh@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 24, 2021 at 11:44:12AM -0500, Brijesh Singh wrote: > Add CPU feature detection for Secure Encrypted Virtualization with > Secure Nested Paging. This feature adds a strong memory integrity > protection to help prevent malicious hypervisor-based attacks like > data replay, memory re-mapping, and more. > > Cc: Thomas Gleixner > Cc: Ingo Molnar > Cc: Borislav Petkov > Cc: Joerg Roedel > Cc: "H. Peter Anvin" > Cc: Tony Luck > Cc: Dave Hansen > Cc: "Peter Zijlstra (Intel)" > Cc: Paolo Bonzini > Cc: Tom Lendacky > Cc: David Rientjes > Cc: Sean Christopherson > Cc: x86@kernel.org > Cc: kvm@vger.kernel.org > Signed-off-by: Brijesh Singh > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/kernel/cpu/amd.c | 3 ++- > arch/x86/kernel/cpu/scattered.c | 1 + > 3 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 84b887825f12..a5b369f10bcd 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -238,6 +238,7 @@ > #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ > #define X86_FEATURE_SEV_ES ( 8*32+20) /* AMD Secure Encrypted Virtualization - Encrypted State */ > #define X86_FEATURE_VM_PAGE_FLUSH ( 8*32+21) /* "" VM Page Flush MSR is supported */ > +#define X86_FEATURE_SEV_SNP ( 8*32+22) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ That leaf got a separate word now: word 19. For the future: pls redo your patches against tip/master because it has the latest state of affairs in tip-land. > /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ > #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index f8ca66f3d861..39f7a4b5b04c 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -586,7 +586,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > * If BIOS has not enabled SME then don't advertise the > * SME feature (set in scattered.c). > * For SEV: If BIOS has not enabled SEV then don't advertise the > - * SEV and SEV_ES feature (set in scattered.c). > + * SEV, SEV_ES and SEV_SNP feature (set in scattered.c). So you can remove the "scattered.c" references in the comments here. > * > * In all cases, since support for SME and SEV requires long mode, > * don't advertise the feature under CONFIG_X86_32. > @@ -618,6 +618,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) > clear_sev: > setup_clear_cpu_cap(X86_FEATURE_SEV); > setup_clear_cpu_cap(X86_FEATURE_SEV_ES); > + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); > } > } > > diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c > index 236924930bf0..eaec1278dc2e 100644 > --- a/arch/x86/kernel/cpu/scattered.c > +++ b/arch/x86/kernel/cpu/scattered.c > @@ -45,6 +45,7 @@ static const struct cpuid_bit cpuid_bits[] = { > { X86_FEATURE_SEV_ES, CPUID_EAX, 3, 0x8000001f, 0 }, > { X86_FEATURE_SME_COHERENT, CPUID_EAX, 10, 0x8000001f, 0 }, > { X86_FEATURE_VM_PAGE_FLUSH, CPUID_EAX, 2, 0x8000001f, 0 }, > + { X86_FEATURE_SEV_SNP, CPUID_EAX, 4, 0x8000001f, 0 }, > { 0, 0, 0, 0, 0 } > }; And this too. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette