| Message ID | 1611565580-47718-3-git-send-email-robert.hu@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: Support Intel KeyLocker | expand |
On Mon, Jan 25, 2021, Robert Hoo wrote: > Though KeyLocker is generally enumerated by > CPUID.(07H,0):ECX.KL[bit23], CPUID.19H:{EBX,ECX} enumerate > more details of KeyLocker supporting status. > > CPUID.19H:EBX > bit0 enumerates if OS (CR4.KeyLocker) and BIOS have enabled KeyLocker. > bit2 enumerates if wide Key Locker instructions are supported. > bit4 enumerates if IWKey backup is supported. > CPUID.19H:ECX > bit0 enumerates if the NoBackup parameter to LOADIWKEY is supported. > bit1 enumerates if IWKey randomization is supported. > > Define these 2 cpuid_leafs so that get_cpu_cap() will have these > capabilities included, which will be the knowledge source of KVM on > host KeyLocker capabilities. > > Most of above features don't have the necessity to appear in /proc/cpuinfo, > except "iwkey_rand", which we think might be interesting for user to easily > know if his system is using randomized IWKey. > > Signed-off-by: Robert Hoo <robert.hu@linux.intel.com> > --- > arch/x86/include/asm/cpufeature.h | 6 ++++-- > arch/x86/include/asm/cpufeatures.h | 11 ++++++++++- > arch/x86/include/asm/disabled-features.h | 2 +- > arch/x86/include/asm/required-features.h | 2 +- > arch/x86/kernel/cpu/common.c | 7 +++++++ > 5 files changed, 23 insertions(+), 5 deletions(-) > > diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h > index 59bf91c..f9fea5f 100644 > --- a/arch/x86/include/asm/cpufeature.h > +++ b/arch/x86/include/asm/cpufeature.h > @@ -30,6 +30,8 @@ enum cpuid_leafs > CPUID_7_ECX, > CPUID_8000_0007_EBX, > CPUID_7_EDX, > + CPUID_19_EBX, > + CPUID_19_ECX, > }; > > #ifdef CONFIG_X86_FEATURE_NAMES > @@ -89,7 +91,7 @@ enum cpuid_leafs > CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) || \ > CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) || \ > REQUIRED_MASK_CHECK || \ > - BUILD_BUG_ON_ZERO(NCAPINTS != 19)) > + BUILD_BUG_ON_ZERO(NCAPINTS != 21)) > > #define DISABLED_MASK_BIT_SET(feature_bit) \ > ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) || \ > @@ -112,7 +114,7 @@ enum cpuid_leafs > CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) || \ > CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) || \ > DISABLED_MASK_CHECK || \ > - BUILD_BUG_ON_ZERO(NCAPINTS != 19)) > + BUILD_BUG_ON_ZERO(NCAPINTS != 21)) > > #define cpu_has(c, bit) \ > (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \ > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 8f2f050..d4a883a 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -13,7 +13,7 @@ > /* > * Defines x86 CPU feature bits > */ > -#define NCAPINTS 19 /* N 32-bit words worth of info */ > +#define NCAPINTS 21 /* N 32-bit words worth of info */ > #define NBUGINTS 1 /* N 32-bit bug flags */ > > /* > @@ -382,6 +382,15 @@ > #define X86_FEATURE_CORE_CAPABILITIES (18*32+30) /* "" IA32_CORE_CAPABILITIES MSR */ > #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */ > > +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (EBX), word 20*/ > +#define X86_FEATURE_KL_INS_ENABLED (19*32 + 0) /* "" Key Locker instructions */ > +#define X86_FEATURE_KL_WIDE (19*32 + 2) /* "" Wide Key Locker instructions */ > +#define X86_FEATURE_IWKEY_BACKUP (19*32 + 4) /* "" IWKey backup */ > + > +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (ECX), word 21*/ > +#define X86_FEATURE_IWKEY_NOBACKUP (20*32 + 0) /* "" NoBackup parameter to LOADIWKEY */ > +#define X86_FEATURE_IWKEY_RAND (20*32 + 1) /* IWKey Randomization */ These should probably go into a Linux-defined leaf, I'm guessing neither leaf will be anywhere near full, at least in Linux. KVM's reverse-CPUID code will likely/hopefully be gaining support for scattered leafs in the near future[*], that side of things should be a non-issue if/when this lands. https://lkml.kernel.org/r/02455fc7521e9f1dc621b57c02c52cd04ce07797.1616136308.git.kai.huang@intel.com
On Mon, 2021-04-05 at 15:32 +0000, Sean Christopherson wrote: > > diff --git a/arch/x86/include/asm/cpufeatures.h > > b/arch/x86/include/asm/cpufeatures.h > > index 8f2f050..d4a883a 100644 > > --- a/arch/x86/include/asm/cpufeatures.h > > +++ b/arch/x86/include/asm/cpufeatures.h > > @@ -13,7 +13,7 @@ > > /* > > * Defines x86 CPU feature bits > > */ > > -#define NCAPINTS 19 /* N 32-bit words worth > > of info */ > > +#define NCAPINTS 21 /* N 32-bit words worth > > of info */ > > #define NBUGINTS 1 /* N 32-bit bug flags */ > > > > /* > > @@ -382,6 +382,15 @@ > > #define X86_FEATURE_CORE_CAPABILITIES (18*32+30) /* "" > > IA32_CORE_CAPABILITIES MSR */ > > #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative > > Store Bypass Disable */ > > > > +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (EBX), > > word 20*/ > > +#define X86_FEATURE_KL_INS_ENABLED (19*32 + 0) /* "" Key Locker > > instructions */ > > +#define X86_FEATURE_KL_WIDE (19*32 + 2) /* "" Wide Key Locker > > instructions */ > > +#define X86_FEATURE_IWKEY_BACKUP (19*32 + 4) /* "" IWKey backup > > */ > > + > > +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (ECX), > > word 21*/ > > +#define X86_FEATURE_IWKEY_NOBACKUP (20*32 + 0) /* "" NoBackup > > parameter to LOADIWKEY */ > > +#define X86_FEATURE_IWKEY_RAND (20*32 + 1) /* IWKey Randomization > > */ > > These should probably go into a Linux-defined leaf, I'm guessing > neither leaf > will be anywhere near full, at least in Linux. KVM's reverse-CPUID > code will > likely/hopefully be gaining support for scattered leafs in the near > future[*], > that side of things should be a non-issue if/when this lands. > > https://lkml.kernel.org/r/02455fc7521e9f1dc621b57c02c52cd04ce07797.1616136308.git.kai.huang@intel.com Yes, in my internal private tree, I have refactored code based on your patch. BTW, I'm thinking, what if when those new HW-defined leaves got more occupied? will then they be moved from the Linux-defined leaves to new truely-map-to-HW-definition leaves?
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h index 59bf91c..f9fea5f 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -30,6 +30,8 @@ enum cpuid_leafs CPUID_7_ECX, CPUID_8000_0007_EBX, CPUID_7_EDX, + CPUID_19_EBX, + CPUID_19_ECX, }; #ifdef CONFIG_X86_FEATURE_NAMES @@ -89,7 +91,7 @@ enum cpuid_leafs CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) || \ REQUIRED_MASK_CHECK || \ - BUILD_BUG_ON_ZERO(NCAPINTS != 19)) + BUILD_BUG_ON_ZERO(NCAPINTS != 21)) #define DISABLED_MASK_BIT_SET(feature_bit) \ ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 0, feature_bit) || \ @@ -112,7 +114,7 @@ enum cpuid_leafs CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) || \ CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) || \ DISABLED_MASK_CHECK || \ - BUILD_BUG_ON_ZERO(NCAPINTS != 19)) + BUILD_BUG_ON_ZERO(NCAPINTS != 21)) #define cpu_has(c, bit) \ (__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 : \ diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 8f2f050..d4a883a 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -13,7 +13,7 @@ /* * Defines x86 CPU feature bits */ -#define NCAPINTS 19 /* N 32-bit words worth of info */ +#define NCAPINTS 21 /* N 32-bit words worth of info */ #define NBUGINTS 1 /* N 32-bit bug flags */ /* @@ -382,6 +382,15 @@ #define X86_FEATURE_CORE_CAPABILITIES (18*32+30) /* "" IA32_CORE_CAPABILITIES MSR */ #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */ +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (EBX), word 20*/ +#define X86_FEATURE_KL_INS_ENABLED (19*32 + 0) /* "" Key Locker instructions */ +#define X86_FEATURE_KL_WIDE (19*32 + 2) /* "" Wide Key Locker instructions */ +#define X86_FEATURE_IWKEY_BACKUP (19*32 + 4) /* "" IWKey backup */ + +/* Intel-defined KeyLocker feature CPUID level 0x00000019 (ECX), word 21*/ +#define X86_FEATURE_IWKEY_NOBACKUP (20*32 + 0) /* "" NoBackup parameter to LOADIWKEY */ +#define X86_FEATURE_IWKEY_RAND (20*32 + 1) /* IWKey Randomization */ + /* * BUG word(s) */ diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h index 0ac9414..904baf8 100644 --- a/arch/x86/include/asm/disabled-features.h +++ b/arch/x86/include/asm/disabled-features.h @@ -91,6 +91,6 @@ DISABLE_ENQCMD|DISABLE_KEYLOCKER) #define DISABLED_MASK17 0 #define DISABLED_MASK18 0 -#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19) +#define DISABLED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 21) #endif /* _ASM_X86_DISABLED_FEATURES_H */ diff --git a/arch/x86/include/asm/required-features.h b/arch/x86/include/asm/required-features.h index 3ff0d48..a165a16 100644 --- a/arch/x86/include/asm/required-features.h +++ b/arch/x86/include/asm/required-features.h @@ -101,6 +101,6 @@ #define REQUIRED_MASK16 0 #define REQUIRED_MASK17 0 #define REQUIRED_MASK18 0 -#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 19) +#define REQUIRED_MASK_CHECK BUILD_BUG_ON_ZERO(NCAPINTS != 21) #endif /* _ASM_X86_REQUIRED_FEATURES_H */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 48881d8..ea46956 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -995,6 +995,13 @@ void get_cpu_cap(struct cpuinfo_x86 *c) c->x86_capability[CPUID_D_1_EAX] = eax; } + /* Additional Intel-defined KeyLocker flags: level 0x00000019 */ + if (c->cpuid_level >= 0x00000019) { + cpuid(0x00000019, &eax, &ebx, &ecx, &edx); + c->x86_capability[CPUID_19_EBX] = ebx; + c->x86_capability[CPUID_19_ECX] = ecx; + } + /* AMD-defined flags: level 0x80000001 */ eax = cpuid_eax(0x80000000); c->extended_cpuid_level = eax;
Though KeyLocker is generally enumerated by CPUID.(07H,0):ECX.KL[bit23], CPUID.19H:{EBX,ECX} enumerate more details of KeyLocker supporting status. CPUID.19H:EBX bit0 enumerates if OS (CR4.KeyLocker) and BIOS have enabled KeyLocker. bit2 enumerates if wide Key Locker instructions are supported. bit4 enumerates if IWKey backup is supported. CPUID.19H:ECX bit0 enumerates if the NoBackup parameter to LOADIWKEY is supported. bit1 enumerates if IWKey randomization is supported. Define these 2 cpuid_leafs so that get_cpu_cap() will have these capabilities included, which will be the knowledge source of KVM on host KeyLocker capabilities. Most of above features don't have the necessity to appear in /proc/cpuinfo, except "iwkey_rand", which we think might be interesting for user to easily know if his system is using randomized IWKey. Signed-off-by: Robert Hoo <robert.hu@linux.intel.com> --- arch/x86/include/asm/cpufeature.h | 6 ++++-- arch/x86/include/asm/cpufeatures.h | 11 ++++++++++- arch/x86/include/asm/disabled-features.h | 2 +- arch/x86/include/asm/required-features.h | 2 +- arch/x86/kernel/cpu/common.c | 7 +++++++ 5 files changed, 23 insertions(+), 5 deletions(-)