Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp181455pxw; Fri, 8 Apr 2022 04:56:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz+gWwFaGyIG0tqx/AsP9bpHUsAVJrfmvIw3a9yAeEtu1ORYoR+uhhjy/83/nsmiW+oAcJE X-Received: by 2002:a05:6402:26c7:b0:41b:7aef:bdf6 with SMTP id x7-20020a05640226c700b0041b7aefbdf6mr19274301edd.210.1649419017553; Fri, 08 Apr 2022 04:56:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649419017; cv=none; d=google.com; s=arc-20160816; b=0WtplzmCx6WMZqVjtEOwtfwEK60gxDmAAcw+7iKLQvzuOF2g1j1PuvsG5hXJJTQgrJ x+WCk4Zxx8/SZim92kYx3DeEKv4SQoqKY7+1xV0ALaG9UwNVaVqVCKS+aLTfmjEC/U3Y zHjCnF7BWbSGgUSY0V0pmqtbo0gXB5LKLH1mmXYpOZDy9OQU7SJhrAj+VQXP2oBWzb0g n6NLV1/13Gs8oBShOb+ZW2JJw0AfSthfs7yr8THp9MqtOrjvJykFWejAhYZZ3b5uJkHu zCYaQXCVHdfSf7ZKwhVMyXVi48/+avMst7G6E7QVXL4/qwbtv6wfma1bXOKBYdIML5nL 5WwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=OCo7CpYdO08GaahQt+H4dK5eLkrrUSaNyjBnuvdVLI8=; b=qO+MMf3KDMn8moyg3bPhxJlt4y2iEqTy3UL/UJ8U5vS513s3VPRPZwGKLFWa/pu2Eh 6ZTKlPYdLFUx2nowgxUvm9Oyn68yPm0AN7XwpkF+L9nP97badVaYfsYx8qh7B56wypBk 2vyX2BqkzjN5saYEouhy9jP8VvDkCsk3klLqy9uTkAshHZKJsyAh61XiyZ8URspW4tri EX+xCS/CDYRvZT74lw+kUC2p531A76yZuT+bvoEIIXJ9mF4c2Esbt2QEsEo7edB6iitN dvB8ya/res7JAVtieO6YSC2SrAGVU0QbC0M9tJA6SnfjZrXaEme5CzFqOdcF1dhqAarE pDuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=ugfoz7M3; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j12-20020a170906474c00b006e82ed5debfsi856746ejs.203.2022.04.08.04.56.32; Fri, 08 Apr 2022 04:56:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=ugfoz7M3; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232733AbiDHJLf (ORCPT + 99 others); Fri, 8 Apr 2022 05:11:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232697AbiDHJKs (ORCPT ); Fri, 8 Apr 2022 05:10:48 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1C587100764; Fri, 8 Apr 2022 02:08:45 -0700 (PDT) Date: Fri, 08 Apr 2022 09:08:42 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1649408923; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCo7CpYdO08GaahQt+H4dK5eLkrrUSaNyjBnuvdVLI8=; b=ugfoz7M3p4i+IBuQCrhqlG9UWFU5GWxkxGsZ8lpl9emULRKqeu0IVS6+WtFtTcN3nQe8ze pD7A6YqeJmC4TxXH0+UzX6rwynzt57tsf0tRbRG8y/eLR1Jj7mcK/MAqn8JNc9I8s9zW1M e5QIOylZsE+XAo/v8+z3m61IV5VcXeYr5pVaurtXSvNtcTsCI3rsCYxZRuAMshpOeYFN9W mKAUCuqsZD/o8hBB8YezqFt3IeD1rugxJ0oUj5JnTchNxvvdM0jk6Qrx/jOO9uO+iUXr0W wCTroqVe3dAjKd44Uk7BbEFoIQ/LrFL6Gd1mCdoPcWQKHsfv3rC72rg7s1pxZQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1649408923; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OCo7CpYdO08GaahQt+H4dK5eLkrrUSaNyjBnuvdVLI8=; b=55x8jqQDOD69YycxMW+UFpRWej8elnrtv+UJ6GiYRc6/fmLcRxaaSUPwCW7L4jidF2P4nq eYUHar+70JDG7pCg== From: "tip-bot2 for Michael Roth" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/sev] x86/sev: Add a sev= cmdline option Cc: Borislav Petkov , Michael Roth , Borislav Petkov , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20220307213356.2797205-41-brijesh.singh@amd.com> References: <20220307213356.2797205-41-brijesh.singh@amd.com> MIME-Version: 1.0 Message-ID: <164940892265.389.9709721824909968252.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/sev branch of tip: Commit-ID: ba37a1438aeb540cc48722d629f4b2e7e4398466 Gitweb: https://git.kernel.org/tip/ba37a1438aeb540cc48722d629f4b2e7e4398466 Author: Michael Roth AuthorDate: Mon, 07 Mar 2022 15:33:50 -06:00 Committer: Borislav Petkov CommitterDate: Thu, 07 Apr 2022 16:47:12 +02:00 x86/sev: Add a sev= cmdline option For debugging purposes it is very useful to have a way to see the full contents of the SNP CPUID table provided to a guest. Add an sev=debug kernel command-line option to do so. Also introduce some infrastructure so that additional options can be specified via sev=option1[,option2] over time in a consistent manner. [ bp: Massage, simplify string parsing. ] Suggested-by: Borislav Petkov Signed-off-by: Michael Roth Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220307213356.2797205-41-brijesh.singh@amd.com --- Documentation/admin-guide/kernel-parameters.txt | 2 +- Documentation/x86/x86_64/boot-options.rst | 14 +++++- arch/x86/kernel/sev.c | 44 ++++++++++++++++- 3 files changed, 60 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 3f1cc5e..48ad2ec 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -5308,6 +5308,8 @@ serialnumber [BUGS=X86-32] + sev=option[,option...] [X86-64] See Documentation/x86/x86_64/boot-options.rst + shapers= [NET] Maximal number of shapers. diff --git a/Documentation/x86/x86_64/boot-options.rst b/Documentation/x86/x86_64/boot-options.rst index 07aa000..4efb1fa 100644 --- a/Documentation/x86/x86_64/boot-options.rst +++ b/Documentation/x86/x86_64/boot-options.rst @@ -310,3 +310,17 @@ Miscellaneous Do not use GB pages for kernel direct mappings. gbpages Use GB pages for kernel direct mappings. + + +AMD SEV (Secure Encrypted Virtualization) +========================================= +Options relating to AMD SEV, specified via the following format: + +:: + + sev=option1[,option2] + +The available options are: + + debug + Enable debug messages. diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c873372..70ecc6e 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -112,6 +112,13 @@ DEFINE_STATIC_KEY_FALSE(sev_es_enable_key); static DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); +struct sev_config { + __u64 debug : 1, + __reserved : 63; +}; + +static struct sev_config sev_cfg __read_mostly; + static __always_inline bool on_vc_stack(struct pt_regs *regs) { unsigned long sp = regs->sp; @@ -2042,6 +2049,23 @@ void __init snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +static void dump_cpuid_table(void) +{ + const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); + int i = 0; + + pr_info("count=%d reserved=0x%x reserved2=0x%llx\n", + cpuid_table->count, cpuid_table->__reserved1, cpuid_table->__reserved2); + + for (i = 0; i < SNP_CPUID_COUNT_MAX; i++) { + const struct snp_cpuid_fn *fn = &cpuid_table->fn[i]; + + pr_info("index=%3d fn=0x%08x subfn=0x%08x: eax=0x%08x ebx=0x%08x ecx=0x%08x edx=0x%08x xcr0_in=0x%016llx xss_in=0x%016llx reserved=0x%016llx\n", + i, fn->eax_in, fn->ecx_in, fn->eax, fn->ebx, fn->ecx, + fn->edx, fn->xcr0_in, fn->xss_in, fn->__reserved); + } +} + /* * It is useful from an auditing/testing perspective to provide an easy way * for the guest owner to know that the CPUID table has been initialized as @@ -2059,6 +2083,26 @@ static int __init report_cpuid_table(void) pr_info("Using SNP CPUID table, %d entries present.\n", cpuid_table->count); + if (sev_cfg.debug) + dump_cpuid_table(); + return 0; } arch_initcall(report_cpuid_table); + +static int __init init_sev_config(char *str) +{ + char *s; + + while ((s = strsep(&str, ","))) { + if (!strcmp(s, "debug")) { + sev_cfg.debug = true; + continue; + } + + pr_info("SEV command-line option '%s' was not recognized\n", s); + } + + return 1; +} +__setup("sev=", init_sev_config);