From patchwork Sun Oct 1 19:45:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9979869 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9BFB6602A0 for ; Sun, 1 Oct 2017 19:45:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9381528705 for ; Sun, 1 Oct 2017 19:45:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 880D42893C; Sun, 1 Oct 2017 19:45:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 26F9428705 for ; Sun, 1 Oct 2017 19:45:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751717AbdJATpp (ORCPT ); Sun, 1 Oct 2017 15:45:45 -0400 Received: from mail-co1nam03on0088.outbound.protection.outlook.com ([104.47.40.88]:63960 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751587AbdJATpn (ORCPT ); Sun, 1 Oct 2017 15:45:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4U60MKBqQyntTub2+kmNmYrg+tezBXad3gCjPORBnSU=; b=KJYtKsa5sEU8ua19Vf4YHS+3ZVXihC+fpjRDCwQkhjVOdGYtZjsAdkX9SKhWcXJYiwAKoLqf4CeHHtxxHXs4EDqbc6DkVXCJe/jp/g5JWZ/piZ/yLSZw18uqvr+2zInsuIiVHfnoitZCypykihpJDZlzcrpi49YduGwXyr8rVDQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by DM2PR12MB0153.namprd12.prod.outlook.com (2a01:111:e400:50ce::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sun, 1 Oct 2017 19:45:39 +0000 From: Brijesh Singh To: Borislav Petkov Cc: Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Brijesh Singh Subject: Re: [PATCH] x86/CPU/AMD, mm: Extend with mem_encrypt=sme option Date: Sun, 1 Oct 2017 14:45:09 -0500 Message-Id: <20171001194509.4187-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171001171617.uzwfzps7sxowfram@pd.tnic> References: <20171001171617.uzwfzps7sxowfram@pd.tnic> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR04CA0032.namprd04.prod.outlook.com (2603:10b6:903:c6::18) To DM2PR12MB0153.namprd12.prod.outlook.com (2a01:111:e400:50ce::16) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: be8f80a7-3444-4d1a-7c9d-08d50904fed0 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:DM2PR12MB0153; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 3:rCGlMPdQuNiwbD5p8jg59jgvHtHi/trZyCQmhnxO4mfrQkkOp7XcHGhASLCnX0c4d5J2TFwNqpA4xOMXoAZjVzgY6iZ0F9Pof8ow7OmKa+7Xoyd67Gb/ARSOQIHdnwQtZ8n3DAOGlK9aEc7CYvvmIDZnACc3a/8h86RpaszzI1TAGMPrt4Zz0uXa3cufIIcXgBvY2R6vLRBcHnyLI/QO7OM6WX7mMnWTTQ3kSnjs/1h5kDvh4DSvkV5U3vXbMCMc; 25:A+Ks6Rq002j7LZ3TG7cjm7LURuvxK+jOxqkSBVlum/iEn5r4HhXirY8v49k+AM/uRKI3/6NmgiDTb3Ablk6h4BfZuzUc7hpsPRGWrSSqbLYw+o6nbQJ2ipJXc5DUTDJdTe9wLLaL9HYo+6vhBUG50n+FIW5SqSWxSh8jFBwf+0eCI5BRdd+s1tuLHixr8nbPv6cu0DaNFag8Ju5WbbkAb4FL7jlcoSUtNCXPFL4DAeD/XMbE7p0Y0YCKTbVjI+BmOLaTkG84ZRxBisAnxlVuBhXKoX6NPU+nEfDdVoT3NHuHTwVCKIHv5806Q/yQnbqH5QqSbvt+0ATdQtA/AQev7A==; 31:j/S9YTtni01369Her+ITGX272nT67ljrYrMOqK17XfCFVfKc9NqF/Skd3yhKqevgT2gADYQqpzH5AYa6wNGZDHrkLBOAvNgZxwB24y6KyXtyzMMV0KsNNSv+9MrkZK1CI7jW1GtyAsUUe9NXX+Nr9TgFDczAEg1yOTh16wSz8mPTerzE0z3Iz41SgIPQRjLsQ3RiL8fLQemTweRYPeVakBqN5hFmH7vAaS0ewGGVsLw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0153: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 20:Q6u8UORKPaR/F2xIUPxcza7f50qrf+Al6ob27nHo1u+xtcBnEB95WKvPBGtkVubUEW/JNRj8CthrBD33J0T4dKLkQsme1R/KonXBbobNR7inY4iMHewJ0FLPnMm8KBy3HvAukrzkoalnmclQ4KcyqqtWKM/laRUZZ4z0v3XXg+9esgcv3XfzMutsfjblyQuwL4TxugussBScDsSyDeDcabgWmUTRNvtz2mtwj+MGOyCsbWdghxUYnkvDJxEJ1zjaJd9bwROweKshmtZ4QfzgQPTV3z6GvhDIqGBgibqOgao1DRz6Ozuv9eUKBsLXdVJJw5uY+jlBatEmRau9rxXn0BnckSYrsbDMiAimfPQkQb41CK71ay8ESMJcrigVPpj5lZAA6E1k5oQSO4V++AFSEtyrlh6iAEvX7fH12aHIe7Vr8G3ZP45VTW2kYCZhXsHi2gmp8PePYOpge9rkMkf9a35Fc8KRaeR44ujowo2XdEZDtyNhzWaeJMEXV0UnUtbX; 4:anJWotn71KbkS3YDQt5c15n9BY4Bipg5R+2mj+I/33aO2aZOBffbvYt5oFPGgiUsHhQxXm4vf6rxbpX6wq5u5Mtw/cJD5PgIX4PYwnIA1h8S6niez3uvVg25y6bYhdlDwFhw45o3kjKaz/E9qVWKPcIJhkervCMMRdfhbwkh8atN0xxCGAdxcY7LSuNaB3NDFoTAl5c+pwMbyjP7lFkJWEvmEdef7VfAiuJMM9s9dVKWqHjavrVbUW5pxeAsENJA X-Exchange-Antispam-Report-Test: UriScan:; X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6055026)(6041248)(20161123558100)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR12MB0153; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR12MB0153; X-Forefront-PRVS: 0447DB1C71 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(101416001)(7736002)(305945005)(86362001)(68736007)(50986999)(50466002)(33646002)(50226002)(25786009)(97736004)(47776003)(76176999)(4326008)(6246003)(66066001)(54906003)(189998001)(478600001)(6486002)(23676002)(53936002)(16526017)(229853002)(36756003)(6916009)(106356001)(6666003)(2950100002)(81166006)(5660300001)(81156014)(2906002)(316002)(1076002)(3846002)(8676002)(105586002)(6116002)(8936002)(53416004)(2870700001); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0153; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTUzOzIzOkltaEt4WE95TlZ6V1dmanBaT0VFVUVWbFpO?= =?utf-8?B?TVo0NUhaaWtLeDVOSFE4K1NrSWswR29DYUJXQUpKOHErajF1NVJ1RDROcG9U?= =?utf-8?B?TGo1WkpFNGpvRzBsd2o3Y01RTk0xYTRTQXJFc3NqUWNPUC9HenRSeC91UTBL?= =?utf-8?B?YmRmNTk3dlZVM1A4S1BDY09nVnRBdS9QUEtGaXl4QjZ1SytMRWsxT0k3QWpP?= =?utf-8?B?RWZWbVExaFJ1OEZrZ1RVdXQxbXFtYnFrZjkxWW1ZZUlod28rb290bjZNVDZw?= =?utf-8?B?K2g1dzRzNkdwNVo4d1BtMncyN0lha0ZIcU12ZGJ4eTRuSm1iYXBNNVZBTHU4?= =?utf-8?B?Nk1jeFpZOEJYUDArTUtobEQrWEk4Y21GMzh4SEFudE5UWlF0N0ltREpmOC82?= =?utf-8?B?TndSRk94OHE0VlBsdkNiZVNwMTBVTm1MVlo0OTEvWUlZcUVBSWVRUGFTL2F1?= =?utf-8?B?aGJZRWZiVFBGcE4wV2pkYlNiWkd5cG5LT1pIaXVNTVd4Qi9yd1diUElyTkZn?= =?utf-8?B?ODl1Y3hMT0NXeEU5cG05aHRydW5HTnRwWWlDaWsrWG01Q1FwRUxCRUg3L0VF?= =?utf-8?B?cGVDNmdnUjhyMG1yNzJ6azNhc0xuSlF1QWQ5TlJEU3p1Z2ZNMWlTTkpOZFVz?= =?utf-8?B?WldmY25jV0tJM0plZlFicmxIN2RvZ0FVYnJadWxkTzJVRmxBVFRwMFRLVEpK?= =?utf-8?B?azVodHYwellLTXhqZlFtaDRmdFhiOENEWFo5Y2hKQlQzWW8xM212VitLeitu?= =?utf-8?B?STVhZXJyYkpkM1dRVklJSFNVM3VQU3hRM3E5RmwxV3NRNlE5bTdZUkJKZTMr?= =?utf-8?B?L0phNmtleU4reDNqWHkvSVJ5aGlJdzNvTytuc201eDhHMm5uOW1RY1M2Vml4?= =?utf-8?B?ZkV5ME1rVkRRc0JEUWpWdEtGdlRJQjFwTmN1QjFUcjNnandYbWx6Szl1RzUx?= =?utf-8?B?SnQvZ3JZMkJ3aFRnTDBSNmw4WThSWk9jdHRYZUt3cFByN2I1eERvWGU5MWE0?= =?utf-8?B?QlBmZHlLRURYTndhSlJCTFNpSGJoNVpTaTdDNFIza3RzL2lQYWcwK0lEOTVT?= =?utf-8?B?UjJVSkVFK0FEa3d2ckwzRjJnZE9wT294dEsycEdId1VoNEhkYmdDeXJ5TUpP?= =?utf-8?B?eVNUSjJYc3FGa0puUnNqUlVhTkFFUTY2ZTBjUi9aejNMcEJmQlNETmwvUi9V?= =?utf-8?B?M1YweFBEWVk0UldlM3Q0Q2UzbE1wWnJXRVd4VHBiUU1CS0EvZlVwdFFpZ3Jx?= =?utf-8?B?RUs3T2Jva0FJcGtqQUM1Z3RxZ2I3c3dDZjB3a2Y0ZlFITDF4YkFnbC95ZEVY?= =?utf-8?B?Qk5jbU9uS1Zqb1FuM1dIZDc4NGttMDBzVzNaNXZNNDgwcUlMajk2bXljWWdC?= =?utf-8?B?Uk1YQTdJYVQyUHM5aEFXL0dYSVI4OGN3emMrSU9NY2wvOVMrZW5KNlFXRG04?= =?utf-8?B?Y0E0dE54MzJGTHY1OWRTcEpxS3l3bEdFWFluSEJWL0N1ZVNhUVR3b0VOQzl3?= =?utf-8?Q?SPDZxOPXXF2S8rYLqZ6MRYdgw=3D?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 6:NZbmX1QIV+rGWVPLB/ossDac9Kt7ckFy/b2eGCl3MF+9bBsNGGFk4Z2/Ne8a+MIMrS/yw6dJF+t3HyDZNkaczNePQ7+Tdg/Hece9s90yAs9uTapvP/pUY63neVwEU6vXEg90Wzq/vxfTkt+/YnzCtZoTqleBq2JpWATk2AeR1F/K0JUbsc/uUXWf4CEszB/Wp/+h8r7hucgpFpkiM98DarDLXxgWHeLeEO3R5YurG2Taac7eIf/a6lcC3UuvYtyiLV5qqd9zusOz/oRCwtA+WJu0wpW/tKqTBernerKl0s2IKklJfaMG3ULextNT8S+MfVCw+4O31ZWk9LL+lSDswQ==; 5:Jm7WrKXUehvUySsJQHcdkcAASV+OTW+elrATb5LW+qJEoNlJXhVUxUdorroL3HaSfZdGI6YRmRfBToBD1oZCgxdf49r+zO6BvW7IWuV+Fjs6S4kPEzkc3fBiU4OKJ240N0DoRrgYXqpWHtfe1T0s6m0+o6jZD3dTMHt0D4t0mME=; 24:1MYIOvtZICMYIDRSJxMSKtKqS1wO9QxhHwh3fOtQZaXjKR2s3d3qEg7Fl1YWg6VzTbx0F5tAQ+Pr6fdNVc384emvrTSqut+feeyr+d+SJ5I=; 7:+MTylV3PxDBP88NLuqCV4lxfBYT+drc4HTFqVgqXwd245zqY/9KDwV43KLYgf5d1SwgLVgz6xq61NgAytvyy1UFDSNwoVN3WYSEFS/Y1YPvpnars5DsWURd6lJOuDzIT1QaYGFJ++J/5aoSXBruOjkDd0CAHyOgvATrIBIQnt1lQOfiWmlc6NKNJl3nKub5amTScySAoVMXL+MDWladwZeee4ZnoUQ04iU8hY8xH/l4= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0153; 20:6QA5K5SS5oR5JECJIFT3p9mFGJeSDhTB137M6VCgbHGpnkhjPbHNDR1/DyxZKR5EjUqAER/uKS9C7AtL/RiCEOiAAZ0k1nGxQEFscN1VpiQunnOFJM61FdeZvB0zXQRkao2lJN//OdJSJF3C5DjjOHlRuXiHRMeqdrdUVVsu2E3At+HmdWx+XXsfNQLkwl+Ne+BXGzFvbMdqsRYI0jZyLRRavYioCNdAr6BLrDS2hcf2In1C0edek7JwAA8FBzal X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Oct 2017 19:45:39.5982 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0153 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP > > So I want to be able to disable SEV and the whole code that comes with > it in the *host*. We can add a new variable 'sme_only'. By default this variable should be set to false. When mem_encrypt=sme is passed then set it to true and based on sme_only state early_detect_mem_encrypt() can clear X86_FEATURE_SEV flag. Here are the changes on top of your patch. I did a quick test in both host and guest OS and it seems to be working okay. In host OS mem_encrypt=sme disabled the SEV but in guest its still don't care. I will do more test later... diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 175310f00202..73a6fb3b14a1 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -19,7 +19,7 @@ #include -extern bool sev_enabled; +extern bool sme_only; #ifdef CONFIG_AMD_MEM_ENCRYPT diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index d0669f3966a6..a09b02959874 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -33,7 +33,7 @@ static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum); */ static u32 nodes_per_socket = 1; -bool sev_enabled __section(.data) = false; +bool sme_only __section(.data) = false; static inline int rdmsrl_amd_safe(unsigned msr, unsigned long long *p) { @@ -591,7 +591,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) if (IS_ENABLED(CONFIG_X86_32)) goto clear_all; - if (!sev_enabled) + if (sme_only) goto clear_sev; rdmsrl(MSR_K7_HWCR, msr); diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 9b83bc1be7c0..a135e4497021 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -45,6 +45,7 @@ u64 sme_me_mask __section(.data) = 0; EXPORT_SYMBOL_GPL(sme_me_mask); DEFINE_STATIC_KEY_FALSE(__sev); EXPORT_SYMBOL_GPL(__sev); +static bool sev_enabled __section(.data) = false; /* Buffer used for early in-place encryption by BSP, no locking needed */ static char sme_early_buffer[PAGE_SIZE] __aligned(PAGE_SIZE); @@ -773,7 +774,6 @@ void __init __nostackprotector sme_enable(struct boot_params *bp) unsigned long feature_mask; u64 me_mask, msr; char buffer[16]; - bool sme_only; int ret; /* Check for the SME/SEV support leaf */ @@ -808,6 +808,8 @@ void __init __nostackprotector sme_enable(struct boot_params *bp) if (!(eax & feature_mask)) return; + me_mask = BIT_ULL(ebx & 0x3f); + /* For SME, check the SYSCFG MSR */ if (feature_mask == AMD_SME_BIT) { msr = __rdmsr(MSR_K8_SYSCFG); @@ -820,9 +822,13 @@ void __init __nostackprotector sme_enable(struct boot_params *bp) msr = __rdmsr(MSR_AMD64_SEV); if (!(msr & MSR_AMD64_SEV_ENABLED)) return; - } - me_mask = BIT_ULL(ebx & 0x3f); + if (feature_mask == AMD_SEV_BIT) { + sme_me_mask = me_mask; + sev_enabled = true; + return; + } + } /* * Fixups have not been applied to phys_base yet and we're running @@ -847,16 +853,11 @@ void __init __nostackprotector sme_enable(struct boot_params *bp) } else if (!strncmp(buffer, cmd_on, sizeof(buffer))) { sme_me_mask = me_mask; } else if (!strncmp(buffer, cmd_sme, sizeof(buffer))) { + sme_me_mask = me_mask; sme_only = true; + return; } if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT)) sme_me_mask = me_mask; - - if (sme_only) - return; - - /* For SEV, check the SEV MSR */ - if (feature_mask == AMD_SEV_BIT) - sev_enabled = true; }