| Message ID | cover.1627424773.git.thomas.lendacky@amd.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Implement generic prot_guest_has() helper function | expand |
On 7/27/21 5:26 PM, Tom Lendacky wrote: > This patch series provides a generic helper function, prot_guest_has(), > to replace the sme_active(), sev_active(), sev_es_active() and > mem_encrypt_active() functions. > > It is expected that as new protected virtualization technologies are > added to the kernel, they can all be covered by a single function call > instead of a collection of specific function calls all called from the > same locations. > > The powerpc and s390 patches have been compile tested only. Can the > folks copied on this series verify that nothing breaks for them. I wanted to get this out before I head out on vacation at the end of the week. I'll only be out for a week, but I won't be able to respond to any feedback until I get back. I'm still not a fan of the name prot_guest_has() because it is used for some baremetal checks, but really haven't been able to come up with anything better. So take it with a grain of salt where the sme_active() calls are replaced by prot_guest_has(). Also, let me know if the treewide changes in patch #7 need to be further split out by tree. Thanks, Tom > > Cc: Andi Kleen <ak@linux.intel.com> > Cc: Andy Lutomirski <luto@kernel.org> > Cc: Ard Biesheuvel <ardb@kernel.org> > Cc: Baoquan He <bhe@redhat.com> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Borislav Petkov <bp@alien8.de> > Cc: Christian Borntraeger <borntraeger@de.ibm.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Dave Young <dyoung@redhat.com> > Cc: David Airlie <airlied@linux.ie> > Cc: Heiko Carstens <hca@linux.ibm.com> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: Joerg Roedel <joro@8bytes.org> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Paul Mackerras <paulus@samba.org> > Cc: Peter Zijlstra <peterz@infradead.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: Vasily Gorbik <gor@linux.ibm.com> > Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> > Cc: Will Deacon <will@kernel.org> > > --- > > Patches based on: > https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master > commit 79e920060fa7 ("Merge branch 'WIP/fixes'") > > Tom Lendacky (11): > mm: Introduce a function to check for virtualization protection > features > x86/sev: Add an x86 version of prot_guest_has() > powerpc/pseries/svm: Add a powerpc version of prot_guest_has() > x86/sme: Replace occurrences of sme_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_es_active() with prot_guest_has() > treewide: Replace the use of mem_encrypt_active() with > prot_guest_has() > mm: Remove the now unused mem_encrypt_active() function > x86/sev: Remove the now unused mem_encrypt_active() function > powerpc/pseries/svm: Remove the now unused mem_encrypt_active() > function > s390/mm: Remove the now unused mem_encrypt_active() function > > arch/Kconfig | 3 ++ > arch/powerpc/include/asm/mem_encrypt.h | 5 -- > arch/powerpc/include/asm/protected_guest.h | 30 +++++++++++ > arch/powerpc/platforms/pseries/Kconfig | 1 + > arch/s390/include/asm/mem_encrypt.h | 2 - > arch/x86/Kconfig | 1 + > arch/x86/include/asm/kexec.h | 2 +- > arch/x86/include/asm/mem_encrypt.h | 13 +---- > arch/x86/include/asm/protected_guest.h | 27 ++++++++++ > arch/x86/kernel/crash_dump_64.c | 4 +- > arch/x86/kernel/head64.c | 4 +- > arch/x86/kernel/kvm.c | 3 +- > arch/x86/kernel/kvmclock.c | 4 +- > arch/x86/kernel/machine_kexec_64.c | 19 +++---- > arch/x86/kernel/pci-swiotlb.c | 9 ++-- > arch/x86/kernel/relocate_kernel_64.S | 2 +- > arch/x86/kernel/sev.c | 6 +-- > arch/x86/kvm/svm/svm.c | 3 +- > arch/x86/mm/ioremap.c | 16 +++--- > arch/x86/mm/mem_encrypt.c | 60 +++++++++++++++------- > arch/x86/mm/mem_encrypt_identity.c | 3 +- > arch/x86/mm/pat/set_memory.c | 3 +- > arch/x86/platform/efi/efi_64.c | 9 ++-- > arch/x86/realmode/init.c | 8 +-- > drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- > drivers/gpu/drm/drm_cache.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-- > drivers/iommu/amd/init.c | 7 +-- > drivers/iommu/amd/iommu.c | 3 +- > drivers/iommu/amd/iommu_v2.c | 3 +- > drivers/iommu/iommu.c | 3 +- > fs/proc/vmcore.c | 6 +-- > include/linux/mem_encrypt.h | 4 -- > include/linux/protected_guest.h | 37 +++++++++++++ > kernel/dma/swiotlb.c | 4 +- > 36 files changed, 218 insertions(+), 104 deletions(-) > create mode 100644 arch/powerpc/include/asm/protected_guest.h > create mode 100644 arch/x86/include/asm/protected_guest.h > create mode 100644 include/linux/protected_guest.h >
Am 28.07.21 um 00:26 schrieb Tom Lendacky: > This patch series provides a generic helper function, prot_guest_has(), > to replace the sme_active(), sev_active(), sev_es_active() and > mem_encrypt_active() functions. > > It is expected that as new protected virtualization technologies are > added to the kernel, they can all be covered by a single function call > instead of a collection of specific function calls all called from the > same locations. > > The powerpc and s390 patches have been compile tested only. Can the > folks copied on this series verify that nothing breaks for them. As GPU driver dev I'm only one end user of this, but at least from the high level point of view that makes totally sense to me. Feel free to add an Acked-by: Christian König <christian.koenig@amd.com>. We could run that through the AMD GPU unit tests, but I fear we actually don't test on a system with SEV/SME active. Going to raise that on our team call today. Regards, Christian. > > Cc: Andi Kleen <ak@linux.intel.com> > Cc: Andy Lutomirski <luto@kernel.org> > Cc: Ard Biesheuvel <ardb@kernel.org> > Cc: Baoquan He <bhe@redhat.com> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Borislav Petkov <bp@alien8.de> > Cc: Christian Borntraeger <borntraeger@de.ibm.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Dave Young <dyoung@redhat.com> > Cc: David Airlie <airlied@linux.ie> > Cc: Heiko Carstens <hca@linux.ibm.com> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: Joerg Roedel <joro@8bytes.org> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Paul Mackerras <paulus@samba.org> > Cc: Peter Zijlstra <peterz@infradead.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: Vasily Gorbik <gor@linux.ibm.com> > Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> > Cc: Will Deacon <will@kernel.org> > > --- > > Patches based on: > https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master > commit 79e920060fa7 ("Merge branch 'WIP/fixes'") > > Tom Lendacky (11): > mm: Introduce a function to check for virtualization protection > features > x86/sev: Add an x86 version of prot_guest_has() > powerpc/pseries/svm: Add a powerpc version of prot_guest_has() > x86/sme: Replace occurrences of sme_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_es_active() with prot_guest_has() > treewide: Replace the use of mem_encrypt_active() with > prot_guest_has() > mm: Remove the now unused mem_encrypt_active() function > x86/sev: Remove the now unused mem_encrypt_active() function > powerpc/pseries/svm: Remove the now unused mem_encrypt_active() > function > s390/mm: Remove the now unused mem_encrypt_active() function > > arch/Kconfig | 3 ++ > arch/powerpc/include/asm/mem_encrypt.h | 5 -- > arch/powerpc/include/asm/protected_guest.h | 30 +++++++++++ > arch/powerpc/platforms/pseries/Kconfig | 1 + > arch/s390/include/asm/mem_encrypt.h | 2 - > arch/x86/Kconfig | 1 + > arch/x86/include/asm/kexec.h | 2 +- > arch/x86/include/asm/mem_encrypt.h | 13 +---- > arch/x86/include/asm/protected_guest.h | 27 ++++++++++ > arch/x86/kernel/crash_dump_64.c | 4 +- > arch/x86/kernel/head64.c | 4 +- > arch/x86/kernel/kvm.c | 3 +- > arch/x86/kernel/kvmclock.c | 4 +- > arch/x86/kernel/machine_kexec_64.c | 19 +++---- > arch/x86/kernel/pci-swiotlb.c | 9 ++-- > arch/x86/kernel/relocate_kernel_64.S | 2 +- > arch/x86/kernel/sev.c | 6 +-- > arch/x86/kvm/svm/svm.c | 3 +- > arch/x86/mm/ioremap.c | 16 +++--- > arch/x86/mm/mem_encrypt.c | 60 +++++++++++++++------- > arch/x86/mm/mem_encrypt_identity.c | 3 +- > arch/x86/mm/pat/set_memory.c | 3 +- > arch/x86/platform/efi/efi_64.c | 9 ++-- > arch/x86/realmode/init.c | 8 +-- > drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- > drivers/gpu/drm/drm_cache.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-- > drivers/iommu/amd/init.c | 7 +-- > drivers/iommu/amd/iommu.c | 3 +- > drivers/iommu/amd/iommu_v2.c | 3 +- > drivers/iommu/iommu.c | 3 +- > fs/proc/vmcore.c | 6 +-- > include/linux/mem_encrypt.h | 4 -- > include/linux/protected_guest.h | 37 +++++++++++++ > kernel/dma/swiotlb.c | 4 +- > 36 files changed, 218 insertions(+), 104 deletions(-) > create mode 100644 arch/powerpc/include/asm/protected_guest.h > create mode 100644 arch/x86/include/asm/protected_guest.h > create mode 100644 include/linux/protected_guest.h >
Hi Tom, On 7/27/21 3:26 PM, Tom Lendacky wrote: > This patch series provides a generic helper function, prot_guest_has(), > to replace the sme_active(), sev_active(), sev_es_active() and > mem_encrypt_active() functions. > > It is expected that as new protected virtualization technologies are > added to the kernel, they can all be covered by a single function call > instead of a collection of specific function calls all called from the > same locations. > > The powerpc and s390 patches have been compile tested only. Can the > folks copied on this series verify that nothing breaks for them. With this patch set, select ARCH_HAS_PROTECTED_GUEST and set CONFIG_AMD_MEM_ENCRYPT=n, creates following error. ld: arch/x86/mm/ioremap.o: in function `early_memremap_is_setup_data': arch/x86/mm/ioremap.c:672: undefined reference to `early_memremap_decrypted' It looks like early_memremap_is_setup_data() is not protected with appropriate config. > > Cc: Andi Kleen <ak@linux.intel.com> > Cc: Andy Lutomirski <luto@kernel.org> > Cc: Ard Biesheuvel <ardb@kernel.org> > Cc: Baoquan He <bhe@redhat.com> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Borislav Petkov <bp@alien8.de> > Cc: Christian Borntraeger <borntraeger@de.ibm.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: Dave Hansen <dave.hansen@linux.intel.com> > Cc: Dave Young <dyoung@redhat.com> > Cc: David Airlie <airlied@linux.ie> > Cc: Heiko Carstens <hca@linux.ibm.com> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: Joerg Roedel <joro@8bytes.org> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Michael Ellerman <mpe@ellerman.id.au> > Cc: Paul Mackerras <paulus@samba.org> > Cc: Peter Zijlstra <peterz@infradead.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: Vasily Gorbik <gor@linux.ibm.com> > Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> > Cc: Will Deacon <will@kernel.org> > > --- > > Patches based on: > https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master > commit 79e920060fa7 ("Merge branch 'WIP/fixes'") > > Tom Lendacky (11): > mm: Introduce a function to check for virtualization protection > features > x86/sev: Add an x86 version of prot_guest_has() > powerpc/pseries/svm: Add a powerpc version of prot_guest_has() > x86/sme: Replace occurrences of sme_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_active() with prot_guest_has() > x86/sev: Replace occurrences of sev_es_active() with prot_guest_has() > treewide: Replace the use of mem_encrypt_active() with > prot_guest_has() > mm: Remove the now unused mem_encrypt_active() function > x86/sev: Remove the now unused mem_encrypt_active() function > powerpc/pseries/svm: Remove the now unused mem_encrypt_active() > function > s390/mm: Remove the now unused mem_encrypt_active() function > > arch/Kconfig | 3 ++ > arch/powerpc/include/asm/mem_encrypt.h | 5 -- > arch/powerpc/include/asm/protected_guest.h | 30 +++++++++++ > arch/powerpc/platforms/pseries/Kconfig | 1 + > arch/s390/include/asm/mem_encrypt.h | 2 - > arch/x86/Kconfig | 1 + > arch/x86/include/asm/kexec.h | 2 +- > arch/x86/include/asm/mem_encrypt.h | 13 +---- > arch/x86/include/asm/protected_guest.h | 27 ++++++++++ > arch/x86/kernel/crash_dump_64.c | 4 +- > arch/x86/kernel/head64.c | 4 +- > arch/x86/kernel/kvm.c | 3 +- > arch/x86/kernel/kvmclock.c | 4 +- > arch/x86/kernel/machine_kexec_64.c | 19 +++---- > arch/x86/kernel/pci-swiotlb.c | 9 ++-- > arch/x86/kernel/relocate_kernel_64.S | 2 +- > arch/x86/kernel/sev.c | 6 +-- > arch/x86/kvm/svm/svm.c | 3 +- > arch/x86/mm/ioremap.c | 16 +++--- > arch/x86/mm/mem_encrypt.c | 60 +++++++++++++++------- > arch/x86/mm/mem_encrypt_identity.c | 3 +- > arch/x86/mm/pat/set_memory.c | 3 +- > arch/x86/platform/efi/efi_64.c | 9 ++-- > arch/x86/realmode/init.c | 8 +-- > drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- > drivers/gpu/drm/drm_cache.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-- > drivers/iommu/amd/init.c | 7 +-- > drivers/iommu/amd/iommu.c | 3 +- > drivers/iommu/amd/iommu_v2.c | 3 +- > drivers/iommu/iommu.c | 3 +- > fs/proc/vmcore.c | 6 +-- > include/linux/mem_encrypt.h | 4 -- > include/linux/protected_guest.h | 37 +++++++++++++ > kernel/dma/swiotlb.c | 4 +- > 36 files changed, 218 insertions(+), 104 deletions(-) > create mode 100644 arch/powerpc/include/asm/protected_guest.h > create mode 100644 arch/x86/include/asm/protected_guest.h > create mode 100644 include/linux/protected_guest.h >
On 8/8/21 8:41 PM, Kuppuswamy, Sathyanarayanan wrote: > Hi Tom, > > On 7/27/21 3:26 PM, Tom Lendacky wrote: >> This patch series provides a generic helper function, prot_guest_has(), >> to replace the sme_active(), sev_active(), sev_es_active() and >> mem_encrypt_active() functions. >> >> It is expected that as new protected virtualization technologies are >> added to the kernel, they can all be covered by a single function call >> instead of a collection of specific function calls all called from the >> same locations. >> >> The powerpc and s390 patches have been compile tested only. Can the >> folks copied on this series verify that nothing breaks for them. > > With this patch set, select ARCH_HAS_PROTECTED_GUEST and set > CONFIG_AMD_MEM_ENCRYPT=n, creates following error. > > ld: arch/x86/mm/ioremap.o: in function `early_memremap_is_setup_data': > arch/x86/mm/ioremap.c:672: undefined reference to `early_memremap_decrypted' > > It looks like early_memremap_is_setup_data() is not protected with > appropriate config. Ok, thanks for finding that. I'll fix that. Thanks, Tom > > >> >> Cc: Andi Kleen <ak@linux.intel.com> >> Cc: Andy Lutomirski <luto@kernel.org> >> Cc: Ard Biesheuvel <ardb@kernel.org> >> Cc: Baoquan He <bhe@redhat.com> >> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> >> Cc: Borislav Petkov <bp@alien8.de> >> Cc: Christian Borntraeger <borntraeger@de.ibm.com> >> Cc: Daniel Vetter <daniel@ffwll.ch> >> Cc: Dave Hansen <dave.hansen@linux.intel.com> >> Cc: Dave Young <dyoung@redhat.com> >> Cc: David Airlie <airlied@linux.ie> >> Cc: Heiko Carstens <hca@linux.ibm.com> >> Cc: Ingo Molnar <mingo@redhat.com> >> Cc: Joerg Roedel <joro@8bytes.org> >> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> >> Cc: Maxime Ripard <mripard@kernel.org> >> Cc: Michael Ellerman <mpe@ellerman.id.au> >> Cc: Paul Mackerras <paulus@samba.org> >> Cc: Peter Zijlstra <peterz@infradead.org> >> Cc: Thomas Gleixner <tglx@linutronix.de> >> Cc: Thomas Zimmermann <tzimmermann@suse.de> >> Cc: Vasily Gorbik <gor@linux.ibm.com> >> Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> >> Cc: Will Deacon <will@kernel.org> >> >> --- >> >> Patches based on: >> >> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.kernel.org%2Fpub%2Fscm%2Flinux%2Fkernel%2Fgit%2Ftip%2Ftip.git&data=04%7C01%7Cthomas.lendacky%40amd.com%7C563b5e30a3254f6739aa08d95ad6e242%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637640701228434514%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vx9v4EmYqVTsJ7KSr97gQaBWJ%2Fq%2BE9NOzXMhe3Fp7T8%3D&reserved=0 >> master >> commit 79e920060fa7 ("Merge branch 'WIP/fixes'") >> >> Tom Lendacky (11): >> mm: Introduce a function to check for virtualization protection >> features >> x86/sev: Add an x86 version of prot_guest_has() >> powerpc/pseries/svm: Add a powerpc version of prot_guest_has() >> x86/sme: Replace occurrences of sme_active() with prot_guest_has() >> x86/sev: Replace occurrences of sev_active() with prot_guest_has() >> x86/sev: Replace occurrences of sev_es_active() with prot_guest_has() >> treewide: Replace the use of mem_encrypt_active() with >> prot_guest_has() >> mm: Remove the now unused mem_encrypt_active() function >> x86/sev: Remove the now unused mem_encrypt_active() function >> powerpc/pseries/svm: Remove the now unused mem_encrypt_active() >> function >> s390/mm: Remove the now unused mem_encrypt_active() function >> >> arch/Kconfig | 3 ++ >> arch/powerpc/include/asm/mem_encrypt.h | 5 -- >> arch/powerpc/include/asm/protected_guest.h | 30 +++++++++++ >> arch/powerpc/platforms/pseries/Kconfig | 1 + >> arch/s390/include/asm/mem_encrypt.h | 2 - >> arch/x86/Kconfig | 1 + >> arch/x86/include/asm/kexec.h | 2 +- >> arch/x86/include/asm/mem_encrypt.h | 13 +---- >> arch/x86/include/asm/protected_guest.h | 27 ++++++++++ >> arch/x86/kernel/crash_dump_64.c | 4 +- >> arch/x86/kernel/head64.c | 4 +- >> arch/x86/kernel/kvm.c | 3 +- >> arch/x86/kernel/kvmclock.c | 4 +- >> arch/x86/kernel/machine_kexec_64.c | 19 +++---- >> arch/x86/kernel/pci-swiotlb.c | 9 ++-- >> arch/x86/kernel/relocate_kernel_64.S | 2 +- >> arch/x86/kernel/sev.c | 6 +-- >> arch/x86/kvm/svm/svm.c | 3 +- >> arch/x86/mm/ioremap.c | 16 +++--- >> arch/x86/mm/mem_encrypt.c | 60 +++++++++++++++------- >> arch/x86/mm/mem_encrypt_identity.c | 3 +- >> arch/x86/mm/pat/set_memory.c | 3 +- >> arch/x86/platform/efi/efi_64.c | 9 ++-- >> arch/x86/realmode/init.c | 8 +-- >> drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- >> drivers/gpu/drm/drm_cache.c | 4 +- >> drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- >> drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-- >> drivers/iommu/amd/init.c | 7 +-- >> drivers/iommu/amd/iommu.c | 3 +- >> drivers/iommu/amd/iommu_v2.c | 3 +- >> drivers/iommu/iommu.c | 3 +- >> fs/proc/vmcore.c | 6 +-- >> include/linux/mem_encrypt.h | 4 -- >> include/linux/protected_guest.h | 37 +++++++++++++ >> kernel/dma/swiotlb.c | 4 +- >> 36 files changed, 218 insertions(+), 104 deletions(-) >> create mode 100644 arch/powerpc/include/asm/protected_guest.h >> create mode 100644 arch/x86/include/asm/protected_guest.h >> create mode 100644 include/linux/protected_guest.h >> >
This patch series provides a generic helper function, prot_guest_has(), to replace the sme_active(), sev_active(), sev_es_active() and mem_encrypt_active() functions. It is expected that as new protected virtualization technologies are added to the kernel, they can all be covered by a single function call instead of a collection of specific function calls all called from the same locations. The powerpc and s390 patches have been compile tested only. Can the folks copied on this series verify that nothing breaks for them. Cc: Andi Kleen <ak@linux.intel.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Ard Biesheuvel <ardb@kernel.org> Cc: Baoquan He <bhe@redhat.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: Dave Young <dyoung@redhat.com> Cc: David Airlie <airlied@linux.ie> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Joerg Roedel <joro@8bytes.org> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Paul Mackerras <paulus@samba.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: VMware Graphics <linux-graphics-maintainer@vmware.com> Cc: Will Deacon <will@kernel.org> --- Patches based on: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master commit 79e920060fa7 ("Merge branch 'WIP/fixes'") Tom Lendacky (11): mm: Introduce a function to check for virtualization protection features x86/sev: Add an x86 version of prot_guest_has() powerpc/pseries/svm: Add a powerpc version of prot_guest_has() x86/sme: Replace occurrences of sme_active() with prot_guest_has() x86/sev: Replace occurrences of sev_active() with prot_guest_has() x86/sev: Replace occurrences of sev_es_active() with prot_guest_has() treewide: Replace the use of mem_encrypt_active() with prot_guest_has() mm: Remove the now unused mem_encrypt_active() function x86/sev: Remove the now unused mem_encrypt_active() function powerpc/pseries/svm: Remove the now unused mem_encrypt_active() function s390/mm: Remove the now unused mem_encrypt_active() function arch/Kconfig | 3 ++ arch/powerpc/include/asm/mem_encrypt.h | 5 -- arch/powerpc/include/asm/protected_guest.h | 30 +++++++++++ arch/powerpc/platforms/pseries/Kconfig | 1 + arch/s390/include/asm/mem_encrypt.h | 2 - arch/x86/Kconfig | 1 + arch/x86/include/asm/kexec.h | 2 +- arch/x86/include/asm/mem_encrypt.h | 13 +---- arch/x86/include/asm/protected_guest.h | 27 ++++++++++ arch/x86/kernel/crash_dump_64.c | 4 +- arch/x86/kernel/head64.c | 4 +- arch/x86/kernel/kvm.c | 3 +- arch/x86/kernel/kvmclock.c | 4 +- arch/x86/kernel/machine_kexec_64.c | 19 +++---- arch/x86/kernel/pci-swiotlb.c | 9 ++-- arch/x86/kernel/relocate_kernel_64.S | 2 +- arch/x86/kernel/sev.c | 6 +-- arch/x86/kvm/svm/svm.c | 3 +- arch/x86/mm/ioremap.c | 16 +++--- arch/x86/mm/mem_encrypt.c | 60 +++++++++++++++------- arch/x86/mm/mem_encrypt_identity.c | 3 +- arch/x86/mm/pat/set_memory.c | 3 +- arch/x86/platform/efi/efi_64.c | 9 ++-- arch/x86/realmode/init.c | 8 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- drivers/gpu/drm/drm_cache.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +-- drivers/iommu/amd/init.c | 7 +-- drivers/iommu/amd/iommu.c | 3 +- drivers/iommu/amd/iommu_v2.c | 3 +- drivers/iommu/iommu.c | 3 +- fs/proc/vmcore.c | 6 +-- include/linux/mem_encrypt.h | 4 -- include/linux/protected_guest.h | 37 +++++++++++++ kernel/dma/swiotlb.c | 4 +- 36 files changed, 218 insertions(+), 104 deletions(-) create mode 100644 arch/powerpc/include/asm/protected_guest.h create mode 100644 arch/x86/include/asm/protected_guest.h create mode 100644 include/linux/protected_guest.h