From patchwork Mon Aug 22 22:38:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Lendacky X-Patchwork-Id: 9294491 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 270C1608A7 for ; Mon, 22 Aug 2016 22:40:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1570C28AA7 for ; Mon, 22 Aug 2016 22:40:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0509328AAA; Mon, 22 Aug 2016 22:40:06 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E78328AAA for ; Mon, 22 Aug 2016 22:40:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756922AbcHVWjf (ORCPT ); Mon, 22 Aug 2016 18:39:35 -0400 Received: from mail-sn1nam02on0088.outbound.protection.outlook.com ([104.47.36.88]:35648 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754797AbcHVWja (ORCPT ); Mon, 22 Aug 2016 18:39:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KFICo1RBN5aLQFZaOyM22Jixsv6wmXEDA3Bbhfy7j8M=; b=rw0CiNnmC2/GJra/VP3YGWPZvtXAWs5szrhR1MT3n7iTN/VNmD5a2FUmSCIvAq9og5E7TrDgv6bUvv6rTRK4O/YiY4LviMEdONSkiejH7ZbIhPf+72y5TlSYl+RPx9Rz9J6Kp4x7fP50gP5E66lwRSiLGH+7YSEc+l/SRNdGJnE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Thomas.Lendacky@amd.com; Received: from tlendack-t1.amdoffice.net (165.204.77.1) by DM5PR12MB1148.namprd12.prod.outlook.com (10.168.236.143) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.557.21; Mon, 22 Aug 2016 22:38:33 +0000 From: Tom Lendacky Subject: [RFC PATCH v2 16/20] x86: Check for memory encryption on the APs To: , , , , , , , , CC: Radim =?utf-8?b?S3LEjW3DocWZ?= , Arnd Bergmann , Jonathan Corbet , Matt Fleming , Joerg Roedel , "Konrad Rzeszutek Wilk" , Andrey Ryabinin , Ingo Molnar , Borislav Petkov , "Andy Lutomirski" , "H. Peter Anvin" , "Paolo Bonzini" , Alexander Potapenko , Thomas Gleixner , Dmitry Vyukov Date: Mon, 22 Aug 2016 17:38:29 -0500 Message-ID: <20160822223829.29880.10341.stgit@tlendack-t1.amdoffice.net> In-Reply-To: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> References: <20160822223529.29880.50884.stgit@tlendack-t1.amdoffice.net> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: SN1PR01CA0012.prod.exchangelabs.com (10.165.224.22) To DM5PR12MB1148.namprd12.prod.outlook.com (10.168.236.143) X-MS-Office365-Filtering-Correlation-Id: e976ad85-5ec0-4d11-0f63-08d3cadd0d05 X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 2:d1pkU2k+dD0lvlov3yTRiF/3tIl/oMUY2TEjyfYTeZD7R0pxj7y+gL5df09/G0vRoY1y2XIQZoSzol0zGZFP71BDChCJ6LINmHwkaIWdCNNVdVFm/gHC0fu6pXccSAhLOKcURiJzqqczn079jrnpEeLbyZW0+j6OQXo+Ixx++RmyFG/i5E8iu5le4rdGJHb0; 3:Crv/VNBw6p/VoOpzUMtx1HIe+RHeWK0k723ZOG4qLiJY6mR2FdjPIZzPcF5c+tP3MzFmPYwOkelYRSqtv9ZwTEXwYV/EWXHIxy9DdDjy7D9iybg7g8Eq4WA64ft/jDZr; 25:l7McB1Go4O0cAzKy4ozFq1ho7ffcJfBmivUCRZTCEnBNbEfH0fahOtBKYI/kaA/Ti/r1Kd4cuKYnVAJBfGsjLD5dFIMGd0s3wmSW1IiZHpWE1da9bbc7WREvLJPxZYcTVQ/+QmYFRLJaj6MfX+FL2O80Wtm9q4GNDFRU2FEbVt+QwGWKzaTLg8lfI9WjD2XdhE5Xq7AWsB2Ogzii830LWnfxOUQUnctjvpLoNvyOfWsuaZrvyegQUIa8DrjsSl8LGVieEBYFATO4ltZCvO20ODloQzQJawC4NfQu0IrsZ9atR9AgwdyydDJfejw9rK7P8tifzN5U+nzQBAjQaJFTxri6ilLSFfSTNZZkFdRigsR08ijBBrDS39VdXqA4Og/7T/JTHGtW9TaUZDwhj7TYOiFI5mvKkahV1x5FTA+H3xQ= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 31:Iv5HdPwCDs5roLKtA2J+Ql9TxCwYPIriQCZY7sYThYSbiTEycmHOKJANbsa6X7zkdtS5DSx0eefsp0M5LiiEYSia7QNCrG33mLQYMb5/xI0eBlNVL7/CY7+4iy2nvx6qLFbN/BpDj9qnejw6ilThYZmX1/tNB24tvAEDOHeivK4HqDnaLBHbKlf2wRFFJYi792lmvOEaHtD1VbaHGiVDYlH+LD13DgUJlj/WRVIPG3g=; 20:/wzxqEnZiaMB+891IZRfgl7rkmLER2NcJ9rzmbog5I9tOQ9BPpqaJNRw28W7ilyQMD7TFjTV1XUxMBsiRhjAsDeioKQNkfz9/iOXzEyWMADZ9KR6kKJwtSKkfTFTs1TwJQfp7CkGLop2mUJqKDjg+XjRZNTiurL4Sioa6n/4nItmWuUxwwAmQS33aM9ylTRC27TTYILI2PLkeESHwoYnmrnOlVGoReZT6vFmqJpG9Iaqi0b9txvd+c7o5JhdN7G5SDLFj1vlrQs/KZ2r548U1aISjN4vNJQjz7uRrJCX9UZSHdGbKUdvnpylgCCIgiUQ6y+RnTvc0BinuG6OW/+Q0k5MEiudwKz3xSjCfPcv05v1CwVlhhIMY5O57xrvudRQTissYKn3w4S1YKKK+k4dnCRvnHMClCjurtTenbezDspfiC8qd8TrGj7bplmUvHmdQg8OCQzQkNT+YafDM7gZMEom89r+PjweJuV4ZToaUrxJzFW1hFXksTVCQUah/uED X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026); SRVR:DM5PR12MB1148; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1148; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 4:h95hhtHL0lPsGfA8tFj+Y5x08rjVwCqk8GmVZCcaqxrbN0jc4qgy1Q/xDTR52jaK54UUG1ulCAi2F+MRXsWykO09+MzgUZzUIFhu21aVUJSUaQH79ejvqvbc2rw8FZ2zyMm+eqjZU93DrlYgvXw3G9qdA43hF5eXnHc8gymf+Bmu4KhK0MnKEp09XY8LGCQ0GDxBc08OeoolwjLeBpbObfbqVrX2euVMjvER3O/rcjCuB1uk/rBV6X+OvU3VT/CweYCXiaX5ysainZAib7uPsCU3Da7Ah17e1dpoukCSrOF1FoZoUmTikc5bXMUuEMgnnJ+XbzVh4h0pAmnHheHtH0Rcm1lREafzkHQBAPStr5wDCLUpkiIM3DgImm8zf5G8cbLQBbsbNxQUh5jltGeLjMXQLnIEzeZ9ehrpx9c+Ff1sT78+YcXQRXYnFORUKDyl X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(7916002)(189002)(199003)(81156014)(81166006)(2950100001)(77096005)(8676002)(86362001)(586003)(3846002)(106356001)(101416001)(4001350100001)(6116002)(42186005)(97736004)(5001770100001)(230700001)(229853001)(23676002)(92566002)(1076002)(19580405001)(19580395003)(305945005)(7736002)(7846002)(53416004)(33646002)(4326007)(50466002)(2201001)(7416002)(2906002)(105586002)(68736007)(50986999)(69596002)(47776003)(54356999)(76176999)(83506001)(9686002)(189998001)(5660300001)(97746001)(103116003)(66066001)(71626007)(217873001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1148; H:tlendack-t1.amdoffice.net; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxMTQ4OzIzOkJ5UjJDUys4ckI0L0RVcmsrdzlYbTBoVWdN?= =?utf-8?B?S29Bd0V1YzlHS1dmUityODRHb1QvU1RFYjI1WUpuQjAxWGE0QVRBUnBsMlFu?= =?utf-8?B?ZmNrbGpPRFc0ckVReUJXVGpETGRmN2RjMUExeG9PWnJPbnVkUnpwcVJnZmtR?= =?utf-8?B?T1hId0labWhXdWNIc2Z0SUpLVHpHaGpiNG1rcCtqczlXMmxPNGZkT2pLd2lr?= =?utf-8?B?TDRiQkZSOW1wTW5UTmd4OVpGeFViN3dOM00wVjZvNzBQMHNIcGdMVDNOSmdN?= =?utf-8?B?QUlFUkZ6MDZnMkVGc1FyRG1XaHkwcHBQZERpZ3NRRXBDeXdVK2R4RnV4ejVz?= =?utf-8?B?cytxYWxZNGppenNyblJJOUVybS9JSzJWbGthWVN6b09HVFlVTWRRTTJEM2VS?= =?utf-8?B?VWlqR2NwZlRMUHhUcC8zRUtsOXhpcjkwVHRZdXBxdXFCbVNRcW5TVG1pY0tF?= =?utf-8?B?NXEyam1rWUJnUUpoV2ZHbGxlc3JFSHVrSEFBYms4czlPUVM3b1RYY0JFN2pZ?= =?utf-8?B?RGtxWlBuQXh5THRUL2Z5SmRGL0dXVXBDRWx3d2JIZTlnbFptdDVxMFYvdjVF?= =?utf-8?B?bkVBWjdPZk9FaXBoQnVzU2xmMUQ0Mm9rS1plck1MQXlKSXZSWDBsajBGdU9T?= =?utf-8?B?ZkVNM2M5ZVhZNW5MeHFpS0lKVDFVeDJLcnVqNmU4Vkt0bDhybkhKRHJJQ1BR?= =?utf-8?B?RkVCUW8rem1LNTgxYTlQeHJYM1R5ZXhOZmVLTXEyVGVoNURkd29rQzM2VjFK?= =?utf-8?B?SVVXdEtDcmF2NzV4d1dlaTNrem1FUUY4ekNYd0hWcEZQM2hpZXJMcUxHRVY5?= =?utf-8?B?cDBtZ3hvY3pHYUlQRkhpWktmLzRvZEROTmY3eEdZd3laNzVRbTV1MUFDaEdF?= =?utf-8?B?enp0SFVyaE8wL21ZV3VoVFpLK0NGZWpJY1Zjd3JOMDhTbVk3L0tLeUxHQkE2?= =?utf-8?B?QmYrQ09LcmcvMVBmTVdGZk82S2MwNnRCY1UvRnYvL3czaDFZMzY2UmZpelRr?= =?utf-8?B?RjZnemxjZnpCTUpWcjlicVU0VlZHL2JHMUw0dXFUNFBQanZyaWxYOSsyZktT?= =?utf-8?B?a3c1dnlQZ1BYMGNQd0duQUVmNThjK0lpdGFYR1A4Uk5GbU11RHVscEVlOG1l?= =?utf-8?B?aW1QNnBQdGsrQmI4VElRcCtDU2V2UWhZSDFRcTdqNm9NUlNLa2loZ2xPend0?= =?utf-8?B?cnJlWnJVeHpsOEpndWdUVVgyRmdITmRSTG04QUJYMS9tdW5uTHgrRXRhTGtW?= =?utf-8?B?MkJRMXJYNC8zUUpLUTQ3M1FBOTVIVUpTMDdiOXdxNllmeDg5YU1EUjFUTEpw?= =?utf-8?B?cnVLeUpxM2llZTltMjBleFpOZ21xZFJiVDNyTkRhaU1zMzljeDBaaHltUEEx?= =?utf-8?B?UGVxUGlvdUJyVWpTb1BxVUxTM2x1dUVJYzE0dlhabTY3RGN4YTRxNlF3eGln?= =?utf-8?B?ZEl3VG5QTlFOWmo3ZzZSaXcwY01CUHB5YXh0dGdLa3FEZGphTmttcTNvR1B6?= =?utf-8?B?ZURZck94R0xaaXhmY3F3Z1FMT2lXbGlQS1ZDZVo3b0NtcWhsdURmKy9xOUZv?= =?utf-8?B?RGlxMWtrZzJDR1Nhemw5dVdoeVN3RWVoNTRYWHNLUkUwaHY0V0laU25mVllP?= =?utf-8?B?cjYwcDNjS0xEN1Y1R2hhNUNGRnFqSXF2cXV0VVRIMWM4RVJ3SUcvRHlEUE5t?= =?utf-8?B?Q0lIS3FvcjZ1dFdUaTZLSlRJTzlXcThsRUdPeDBCZkFpZlNSbnhlY29id09r?= =?utf-8?Q?UShcXR+Ivsudlu+hQKsJUEcQpjU4zfQBh6lFU=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 6:RatQ0LL+WhkLu5eFwmoIb9wHJ9l2qF4l0LcKfVLT/zpF9qpjk8pnOKJ4HiesOEXFjOLllgSOolyAyGGx7OdgFViKErnP6eMnd1qV/tyyq0nQ1F9Y2L0a1qXUB/G0dbQFIpqCrX58ra9itIErAJVX0AZWF2A68O2w1fmPvAkiBSzSeL45lqDrichizReDKEpsJ1mwhsQKzm/Q5iiQ4nzmbbmT6Heo3bhxOKQX60zL7Uf5xS1TBG70rx+7IszlV5WUqkoiC2mIijkB4W2sN3SqqDvq88lhf2NJCOHnSi60BsxIqz+GBHgrDxgXSiFgcOKDHPbVB+rAQQwhTEEYhYO7yg==; 5:2Wd78hPO3kIGxKOZ7tOB0yK7zT+CoBIvPVz23lXmz6aEjisqUZpXPkbh1Lp7CNhrpPAwIB8fdEarEqNsHUQbQqos72VefdAKneYh9XQ7UmxxykmBhAhrkCr1OzchXELdSUYlDvzBZifLNIppDxN9FA==; 24:uqTSKuFGODp7mejrRT0kwiZLN6KCq8lH+/XSDQqckv3yEVf573odAd709aydYTLpvNMceXVZoCCggngtTBrDGi0r6ARbxk1oO60MY2Ng0bw=; 7:OwnSKZbKdOHBHVNKaonurVi7RCKB0LLuTWjZ5PJfEWkGbS8bhGD/keF2IlP8982JtnF/FExT+cG5cXpzxJSuGCMzV8L6zipCrV5U+gwa/0NdsVbCUVi/KwSpuyG1D9LTb3DbjOc0oljdCip0YAwNCsI65dT/5oMEhoLWg5KP4yF7zin31UMn79dc6hfEMJdYh+PQoPjtui7Q6/J5nNqELeJrz3s2d+q573JwuP8A4GFsUpt5Z4DBxZudtfkjm/95 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1148; 20:/yCU2YOfUHE0SMrl8QzR0rfxJ7slx7rshMk6Wb3z/Bl/LryxQUujNV3hfGJpCkXANCX7ep0XwaZ5SwJLb2NirYEmm/RgEmIJ8RwngqQ0Eyo+5zQAuGjss/eAEPKCxOHEM1+Oo9zamNJ5hpfDKjNjJzfIObZtiC4aZqkRBrH5MoXN4RW3c8Ag0sH85qpuNuWfwP9eciOhq/2mWdlvkwS1aCZH7vs9FeoTeqmAAIMS3XlHvigE9HsnMF1wWTeiIp+C X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 22:38:33.3631 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1148 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP then do not allow the AP to continue start up. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/include/asm/realmode.h | 12 ++++++++++++ arch/x86/realmode/init.c | 4 ++++ arch/x86/realmode/rm/trampoline_64.S | 19 +++++++++++++++++++ 4 files changed, 37 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 56f4c66..797d228 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -336,6 +336,8 @@ #define MSR_K8_TOP_MEM1 0xc001001a #define MSR_K8_TOP_MEM2 0xc001001d #define MSR_K8_SYSCFG 0xc0010010 +#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23 +#define MSR_K8_SYSCFG_MEM_ENCRYPT (1ULL << MSR_K8_SYSCFG_MEM_ENCRYPT_BIT) #define MSR_K8_INT_PENDING_MSG 0xc0010055 /* C1E active bits in int pending message */ #define K8_INTP_C1E_ACTIVE_MASK 0x18000000 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index 230e190..c89e326 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -1,6 +1,15 @@ #ifndef _ARCH_X86_REALMODE_H #define _ARCH_X86_REALMODE_H +/* + * Flag bit definitions for use with the flags field of the trampoline header + * when configured for X86_64 + */ +#define TH_FLAGS_SME_ENABLE_BIT 0 +#define TH_FLAGS_SME_ENABLE (1ULL << TH_FLAGS_SME_ENABLE_BIT) + +#ifndef __ASSEMBLY__ + #include #include @@ -38,6 +47,7 @@ struct trampoline_header { u64 start; u64 efer; u32 cr4; + u32 flags; #endif }; @@ -69,4 +79,6 @@ static inline size_t real_mode_size_needed(void) void set_real_mode_mem(phys_addr_t mem, size_t size); void reserve_real_mode(void); +#endif /* __ASSEMBLY__ */ + #endif /* _ARCH_X86_REALMODE_H */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index f74925f..c3edb49 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c @@ -101,6 +101,10 @@ static void __init setup_real_mode(void) trampoline_cr4_features = &trampoline_header->cr4; *trampoline_cr4_features = mmu_cr4_features; + trampoline_header->flags = 0; + if (sme_me_mask) + trampoline_header->flags |= TH_FLAGS_SME_ENABLE; + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); trampoline_pgd[0] = trampoline_pgd_entry.pgd; trampoline_pgd[511] = init_level4_pgt[511].pgd; diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S index dac7b20..94e29f4 100644 --- a/arch/x86/realmode/rm/trampoline_64.S +++ b/arch/x86/realmode/rm/trampoline_64.S @@ -30,6 +30,7 @@ #include #include #include +#include #include "realmode.h" .text @@ -92,6 +93,23 @@ ENTRY(startup_32) movl %edx, %fs movl %edx, %gs + /* Check for memory encryption support */ + bt $TH_FLAGS_SME_ENABLE_BIT, pa_tr_flags + jnc .Ldone + movl $MSR_K8_SYSCFG, %ecx + rdmsr + bt $MSR_K8_SYSCFG_MEM_ENCRYPT_BIT, %eax + jc .Ldone + + /* + * Memory encryption is enabled but the MSR has not been set on this + * CPU so we can't continue + */ +.Lno_sme: + hlt + jmp .Lno_sme +.Ldone: + movl pa_tr_cr4, %eax movl %eax, %cr4 # Enable PAE mode @@ -147,6 +165,7 @@ GLOBAL(trampoline_header) tr_start: .space 8 GLOBAL(tr_efer) .space 8 GLOBAL(tr_cr4) .space 4 + GLOBAL(tr_flags) .space 4 END(trampoline_header) #include "trampoline_common.S"