From patchwork Mon Aug 22 23:26:53 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9294801 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1E59B60B16 for ; Tue, 23 Aug 2016 00:00:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0D7FF28A9C for ; Tue, 23 Aug 2016 00:00:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 00FB528AF6; Tue, 23 Aug 2016 00:00:41 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 453A628AA0 for ; Tue, 23 Aug 2016 00:00:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757232AbcHWAAN (ORCPT ); Mon, 22 Aug 2016 20:00:13 -0400 Received: from mail-co1nam03on0040.outbound.protection.outlook.com ([104.47.40.40]:27568 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1757241AbcHWAAI (ORCPT ); Mon, 22 Aug 2016 20:00:08 -0400 X-Greylist: delayed 2057 seconds by postgrey-1.27 at vger.kernel.org; Mon, 22 Aug 2016 20:00:07 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WOt+DPf6BXYatMzWPyHXrWMWg3vbKgwjxc/L1oZ0w30=; b=PZ7SPIZ2Bk0T9UZ/UTVdy17qBsRT4wyWIpYHosqc2IpuoFxMLPRo7Fp6yPx+LUxKgik8VaFNLJoB6VmnCHU9O4EoBiv1LLTAeok2a/wMPtmVjjQvcxZiqXaaiJEyaXjqV5Jcht3bPFoXf/SLxiD2OgETzJpGEMTJpG/6YILsbqY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from [127.0.1.1] (165.204.77.1) by BLUPR12MB0659.namprd12.prod.outlook.com (10.163.217.29) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.587.9; Mon, 22 Aug 2016 23:26:56 +0000 Subject: [RFC PATCH v1 16/28] x86: Add support to determine if running with SEV enabled From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Mon, 22 Aug 2016 19:26:53 -0400 Message-ID: <147190841304.9523.5026893722385181494.stgit@brijesh-build-machine> In-Reply-To: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> References: <147190820782.9523.4967724730957229273.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BY2PR21CA0041.namprd21.prod.outlook.com (10.162.74.179) To BLUPR12MB0659.namprd12.prod.outlook.com (10.163.217.29) X-MS-Office365-Filtering-Correlation-Id: c44465a1-db04-40ea-a35f-08d3cae3d1c7 X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0659; 2:X2/+maSJ8txkrza2naF9alOFuplM4lG9E43TuIW7QEeV1O5HuBskyEto6b4Aa1Ze5FBIU80xKjNMReWu7Ak0Y4K6ZKOUI/GAdny9OrNkUgv5Gr7i09U4IRH4ykArn6firPqAHmAwcK3EwN9FZFfPGpcL5a0K9xNNStvzfRgDslDj9ZXuisVK5DJpZS3ZD6Zp; 3:/Wj/LSYflIwbm2tN0l0OEaSWXtw9s3IzIkjo9CLJ3+kROFzrJWWUkBaxlRAN6L+amcJv+sVr4slvlLHmgdb2hGEH4uhgQkBM1eLjWfal8Bpk01Fiq0D4T3Sn+/W8CbJm; 25:JxWGrZ4JOAVdLSkvYi5nHfpqVNC8Bh+Zn4rgJm/B7pjtWUCd9vVzZQSRqeofv4b4lToPubMfIM2m5FtoXFtlBVdLF0Cvf3XWH29geEsR8eB7UuZPMhWshKwd3RY9UA8+hee8L+BgWvXrfyJNeFvEu4LJlWzS6Y60soQ3jePBcbuh1zvNv/w4KW6gKOJ9F9YUDpZ3g/Ys3hS4FE4E7MREFwoVFzYd9oPJwg1H+7RnXYncKFtajk41L8DULdo5Iti1wBNTXTO/H1vHOi+bOMLkjUfD+5j1MZsCQblTYhFH+E8nPw7GuoWHLF4NDCVjiA/BHqdd+Z5NrtE1++avvvljavViAhgG3aB6enWIYgvDCmYyU29Rvjs/Plv7Dw1lh/VDTiThEMPPiAs59Ok12D3Z25IAGkS/r9eXK38hbMADC5g= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR12MB0659; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0659; 31:LB77e0W2RDYLyUeirNI/yfBqgNDk7hhyZFEeRAlIvWxoP/9Q1q7uW7oLcEdRTrIjduoRFNfKVXgGZ5S7SY7p1O4r+B/ZufRB9/+KmJd8BmrRcCEoIo/17fqNtQSU8P/rZbPvYDiOz1FeGpZvJP4Ku05x1tn6b2JmhLT4tIZAj0PHWI6j+UdGjZrn388kWNIbpc8ctcHqDwNGDd5hg8kxW8iWOM/7bJpOtUt8/e0OHRw=; 20:CxhWWRkP/w00yBm32cPO/lzrEEQcn8Xh1kvOHY/LX7TymK4u0jz9/P3B6CLeQyr1n5BOICEDbnj7PYcXFgmiJGyCeuHOFYgr8e8H3FQTz5q6S8bG7XqFhbsb3zcMApmJ4x4u/A9p0MLc2R08xP4JQDm1Yset022SBT1uhD5Y7HDGtPiteGk4uu4wTDXWUdxK6el1FGh1SmL+rQ9+T7Y3T0boBBJSM6ilAfIm/irbQ55T+ygRCpFYAWqudInafhuGOEELjiOJWABBT239wN9kIZv3+QBoCnSXb/b8E/kC7XfI4KUecjz977DidzyJVCrhQPvz35knqpEvXKymUCrY6KdyoiiiemHhB+ytqyaXVgMkaFpZBHkuLDftMb+7HxYqWiPudw2cqDR1ir2gBFvaH0l7tR5gBQdwQi3sLftmthlIIhzp6Oe5iFQtc3QkPIr0ZHQzUPSla0UOXi2t6RTc2Qj8ZNCDDW41r7p5aRlhXybhq0/Rmgbe9waL2rT1XT+f X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026); SRVR:BLUPR12MB0659; BCL:0; PCL:0; RULEID:; SRVR:BLUPR12MB0659; X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0659; 4:zcBZfUIb+0x5sZzkGlEDZvcx4HEEEuBSsStGvdrAWQv5eB0fu7e0FwiT7kEfQaRZXHY97hPoeInO71awxvXaICaVLQeD3h1CJBl2F0yq/XMnIKPfFViiWMS1aW1h9tz56ISxN0B0yzLSK30QTeBlaAJ0cKnqZ/m7/kLxL/FaH7JEbT8j0+5qINTFquh1BlMnGJfCQU4RgTy2hdKplbXOWKvVDI2yHt6eRfmaTG40lIgUTwOVCIX1KubJ7itH5urfUuwlYRLAmPbooR/ueYZSpXJjueu4uggdPrmF+rFNlGD4yW3dR0KeiyhP1V9chfHiKp82QzXgvqOkH6qxyw4eJXFGBRYRy5KTpAB+u8gEAWccZLg+tUgiLJ6hXODdKYSoUnx+y/XhH8OaupfwbjOb0BdNrN30orOoawV831rqNQW5ev9SS4ntaZtggf2Ycx0i X-Forefront-PRVS: 00429279BA X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(189002)(199003)(50986999)(54356999)(19580395003)(66066001)(47776003)(86362001)(575784001)(2906002)(19580405001)(76176999)(23676002)(105586002)(5660300001)(103116003)(2201001)(50466002)(7846002)(68736007)(101416001)(77096005)(8676002)(2950100001)(81166006)(81156014)(7736002)(92566002)(107886002)(229853001)(33716001)(33646002)(7416002)(106356001)(305945005)(7406005)(189998001)(9686002)(586003)(5001770100001)(83506001)(3846002)(6116002)(230700001)(4001350100001)(97736004)(42186005)(2004002)(921003)(217873001)(2101003)(1121003)(83996005); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR12MB0659; H:[127.0.1.1]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjEyTUIwNjU5OzIzOms4cm12THFuRWJlclU5YU1VSDRzTEFsTTR4?= =?utf-8?B?ZzlQRU5OMEZKcWhIQ0JhbXJmTjFQekhRN1VVbGVoVHozY1RRWUV6OXJiR3cz?= =?utf-8?B?ZTFzSHdlYk5sTXlIS2ZVRDlndEpvd3FkTkFycFBweVhyWmV2aSswVUEwNnZi?= =?utf-8?B?eHpLT1dYeHB2akxjbFVqNk4wWTRnYVQ1UHBOVWNSenhyd3JnakY4Z1hQblJa?= =?utf-8?B?VmY0ZlE2UlNUWWpGbERQQWFQMVVZa0xCN1BQdU9UUGt4QUhnVDA5RHcybW1u?= =?utf-8?B?YVRBRFBXc2lzNzJsb2ZLTVF3QndvUWJXRVhQOGpNN2lhYlRCV3R0WXpvREN1?= =?utf-8?B?MGNjazJTbmd1ZUtWTExCeDNYSkNWTmozT3BJVkNFNmN0V3dEM01tZVJsQ05i?= =?utf-8?B?UFgzcEEyRFFGcFN3RkFUNHJ5UzZvc09hRnUzNURLTE9IcVBMNlA2NGJreGFv?= =?utf-8?B?WklpRXAwOW1DWUVmTlRSUlR6bW9sZjZmdVhhS1lUR1J5WDJ1c0FCWjB0YTBV?= =?utf-8?B?dysxSk1hdDZOdisxendtN0d1VFBmcGwrbjJOWGVMQUZ4RzBzRGx3cnp3MnY0?= =?utf-8?B?eWUxbXAyRjJWMTdDYlNTb0t1Rm1vdFYzZmdUa1Jqc3dBVzJmdnFtZGNXV3pR?= =?utf-8?B?cElRelRYNC8xVCtWMmsvU0pmOVhFbEVING55QzhJenFuazVKN2thQTFSd05Z?= =?utf-8?B?ZU1YSXhQMmQzNWZWOVZyOW5nTzVVTjViVis1L01JeDBPdEZPU1ZKL2RwODdk?= =?utf-8?B?ekMzUnJabkRRZWNleGMxZUZNVDAvckxGTjFuVzYzV0hla2VJczJuMFp2NTVO?= =?utf-8?B?S1VYUUhNYkFqV0M4elNjbFRxcnltUzFETVRjaHBoem5zZW15cmM0WlJ2cFdX?= =?utf-8?B?ejRRRTJ6aEpkUGlBQk55TStsS1lYY0xmMmE5MkFFRXZEV1pJc3hqbllnSm5t?= =?utf-8?B?MWtVWW9teEJoQVRIcGkxclNFSTZvZGdGRzRNV3hWU3ZGc0x6aFFHanRWZjhF?= =?utf-8?B?b0NJbHoybndkMm56OWhablFnYjlVdGt2aENLUWk0ekhtd3B2YU5lQmIrRGdn?= =?utf-8?B?R3FZLytVTHVVV3ZOa2FhaVowSDJwbmN4NlNIcGY1dnhqZGlKeUc0UEJQRFZw?= =?utf-8?B?TUtMb0pLTkNQWXVQVm5XNU1DVWFSTXl1MXNzMXB1TXVwMGVnNWVmWVBkZlQ4?= =?utf-8?B?Q3JTR2VHV1pWaUp4eVgrWHA4WjM4T2FRQ2RNd0hrRS8vNVVrT21NOUVZcXVn?= =?utf-8?B?S09tVzlIVmM1d3NOTXdEZ0o1dThLRkFaSG5NcWdpckh6TEdEKzZEZWZLZlNP?= =?utf-8?B?cFQ0U1BvM0xKeEpuS1VCbWs0QVNvLzZQdk1GK0NaaWVoRG5LYVgzczgvYVdm?= =?utf-8?B?a3AxTXBwYytaYUI0eERNeGkvenRQdEs2YU1GOFJ4YmhPRnAydzRpTEQ3d0Vm?= =?utf-8?B?Vm1PQ3hYSmJFcHNUK0cwc0tYZ2tUNUU1bEpCWkJNR3ZOQ2w5ZCttalg1dzRj?= =?utf-8?B?TkluZEpYLzE2bkwwNTRrMzUzelRkYzNPbm1sbDl5WDJ1YmZTRnoxSWVQWlpi?= =?utf-8?B?dVhtVHNiMFcrZlhhQU9zbUwxRDcrQk1Xak5tREY3ckFTOGovS0NRMUdWTjFM?= =?utf-8?B?bS9HYW9aSWkvSThuanFlN3JUUzZnbnNWMUhPUWRZSVJqYTZ3aTQzc0FOeisw?= =?utf-8?B?K1JNSlZoRXJyV24wdTJEOXM2a2hhVUEybkdGSmRkclFRZDhJMlNXWWdTT1VM?= =?utf-8?B?dXpvMHZxRkxDSzBTeGc1WlNpdUs5Zzk1ZnFyZDJzN2dDNUNzWEcxWDI5N0J3?= =?utf-8?B?RjZhZ3hsRmRaazZaaDNnUmFsd2xuYXExRENaZHFwbmNaSmFraW9mbUNQa1d6?= =?utf-8?Q?SoyNX/ecTYUPur/DxVwStMmmgrTL+xg/?= X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0659; 6:NY18ejimRBnTtnd8asYtKDfbyNGTD5xfKCHhb9JlKmldr5YVghlDKrma6gcigpK/C1G3kq0enNdSXVcmqLywnTUtkUIdz2Y/gnw7IDaYJQMWUE4BdtU5QfasjcLq2Mbz3XM0y68ugSOJYSj8Pl3bEJgOpkT7vpJWXWobWo8cof/nYieetZq3ciumF9KrMKIuL70i5TRmNQ5SNhGlipx6aw3btckddF9xbJ6er10EW0ftOoU6n3GRVLBOr06DLnow4p1s/MYmcKTRbcMt0OsOtJXpqihs7jih9uJ/Ex83gJcrvRPiR13LuxeXntcnM0HRsU5tDYJUN+Np00gSYzRd6g==; 5:KHrUM9fpK/xBwu2UmvUKKn2vBLBGY01EJQOHoVovtFiqXwan7XNTnDehq/KCkc2ri27nAbSnpceifDuJLIvFQl5SCPmUWJDqDPXS51jmDsl5LP6TiIAadjXwmqJiMusiiDAt8MeyAqmteADUUVKxgA==; 24:ZpCjRc09QIbhHZfLiylM9Wugo+otT2nBXQPp88vNd20059EKcGqK1zEJIjXUC3p0u1wgqWW7745XVKjem9jcfKZcjz2gagNWEtj77hbS6yY=; 7:eAyskL3f7hnzyIK9Qf+KuahwX3Vwto3rvELk3kwUjUmgcTpo+zBPiYdoeGrHahi/7HGJsNGnz19ukmi53zCZDKcoaKp+/BLJAARrw4R9/LTKOrf5NTY88+f+7NzE4g4g5h6Swv9frbqQSTImsXYDv5QQ4SC/ZXiJdBFM6HzE6ViLsz1ZeWlSyONI6MxcP/6ZU4t/Jjdc2s73OhXaUoHSTJdvctBcRvv8D+U3B626gLVe+5IIve8F45xf2DqyegI3 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR12MB0659; 20:+qMSLRCXmB4X4+H36ckOhTaV8XiZ/t6oAIBJ9PeyB/nKBkKX1Nienw83DqMXAis2R6AGrMj//IJgF8zUGQcB+tY3xp1SeQjThBiAvSdczdNiLuvzKI/dAqKoZD7n/a+DKC/l4NEzdciPXPW7JieqT4iVGWY1cCXuC21aB6w41qrCcDCW8fYj5wlq8NcqcObO06i8HuTWdefnWAvALNxIshZwDD9sIanFlBfPHubHpBtpKunaG06D7g4/LpV9RZm9 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Aug 2016 23:26:56.4314 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR12MB0659 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky Early in the boot process, add a check to determine if the kernel is running with Secure Encrypted Virtualization (SEV) enabled. If active, the kernel will perform steps necessary to insure the proper kernel initialization process is performed. Signed-off-by: Tom Lendacky --- arch/x86/boot/compressed/Makefile | 2 + arch/x86/boot/compressed/head_64.S | 19 +++++ arch/x86/boot/compressed/mem_encrypt.S | 123 ++++++++++++++++++++++++++++++++ arch/x86/include/uapi/asm/hyperv.h | 4 + arch/x86/include/uapi/asm/kvm_para.h | 3 + arch/x86/kernel/mem_encrypt.S | 36 +++++++++ 6 files changed, 187 insertions(+) create mode 100644 arch/x86/boot/compressed/mem_encrypt.S -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 536ccfc..4888df9 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -73,6 +73,8 @@ vmlinux-objs-y := $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \ $(obj)/string.o $(obj)/cmdline.o $(obj)/error.o \ $(obj)/piggy.o $(obj)/cpuflags.o +vmlinux-objs-$(CONFIG_X86_64) += $(obj)/mem_encrypt.o + vmlinux-objs-$(CONFIG_EARLY_PRINTK) += $(obj)/early_serial_console.o vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr.o ifdef CONFIG_X86_64 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 0d80a7a..acb907a 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -131,6 +131,19 @@ ENTRY(startup_32) /* * Build early 4G boot pagetable */ + /* + * If SEV is active set the encryption mask in the page tables. This + * will insure that when the kernel is copied and decompressed it + * will be done so encrypted. + */ + call sev_active + xorl %edx, %edx + testl %eax, %eax + jz 1f + subl $32, %eax /* Encryption bit is always above bit 31 */ + bts %eax, %edx /* Set encryption mask for page tables */ +1: + /* Initialize Page tables to 0 */ leal pgtable(%ebx), %edi xorl %eax, %eax @@ -141,12 +154,14 @@ ENTRY(startup_32) leal pgtable + 0(%ebx), %edi leal 0x1007 (%edi), %eax movl %eax, 0(%edi) + addl %edx, 4(%edi) /* Build Level 3 */ leal pgtable + 0x1000(%ebx), %edi leal 0x1007(%edi), %eax movl $4, %ecx 1: movl %eax, 0x00(%edi) + addl %edx, 0x04(%edi) addl $0x00001000, %eax addl $8, %edi decl %ecx @@ -157,6 +172,7 @@ ENTRY(startup_32) movl $0x00000183, %eax movl $2048, %ecx 1: movl %eax, 0(%edi) + addl %edx, 4(%edi) addl $0x00200000, %eax addl $8, %edi decl %ecx @@ -344,6 +360,9 @@ preferred_addr: subl $_end, %ebx addq %rbp, %rbx + /* Check for SEV and adjust page tables as necessary */ + call sev_adjust + /* Set up the stack */ leaq boot_stack_end(%rbx), %rsp diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S new file mode 100644 index 0000000..56e19f6 --- /dev/null +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -0,0 +1,123 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +#include +#include +#include +#include + + .text + .code32 +ENTRY(sev_active) + xor %eax, %eax + +#ifdef CONFIG_AMD_MEM_ENCRYPT + push %ebx + push %ecx + push %edx + + /* Check if running under a hypervisor */ + movl $0x40000000, %eax + cpuid + cmpl $0x40000001, %eax + jb .Lno_sev + + movl $0x40000001, %eax + cpuid + bt $KVM_FEATURE_SEV, %eax + jnc .Lno_sev + + /* + * Check for memory encryption feature: + * CPUID Fn8000_001F[EAX] - Bit 0 + */ + movl $0x8000001f, %eax + cpuid + bt $0, %eax + jnc .Lno_sev + + /* + * Get memory encryption information: + * CPUID Fn8000_001F[EBX] - Bits 5:0 + * Pagetable bit position used to indicate encryption + */ + movl %ebx, %eax + andl $0x3f, %eax + jmp .Lsev_exit + +.Lno_sev: + xor %eax, %eax + +.Lsev_exit: + pop %edx + pop %ecx + pop %ebx + +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + + ret +ENDPROC(sev_active) + + .code64 +ENTRY(sev_adjust) +#ifdef CONFIG_AMD_MEM_ENCRYPT + push %rax + push %rbx + push %rcx + push %rdx + + /* Check if running under a hypervisor */ + movl $0x40000000, %eax + cpuid + cmpl $0x40000001, %eax + jb .Lno_adjust + + movl $0x40000001, %eax + cpuid + bt $KVM_FEATURE_SEV, %eax + jnc .Lno_adjust + + /* + * Check for memory encryption feature: + * CPUID Fn8000_001F[EAX] - Bit 0 + */ + movl $0x8000001f, %eax + cpuid + bt $0, %eax + jnc .Lno_adjust + + /* + * Get memory encryption information: + * CPUID Fn8000_001F[EBX] - Bits 5:0 + * Pagetable bit position used to indicate encryption + */ + movl %ebx, %ecx + andl $0x3f, %ecx + jz .Lno_adjust + + /* + * Adjust/verify the page table entries to include the encryption + * mask for the area where the compressed kernel is copied and + * the area the kernel is decompressed into + */ + +.Lno_adjust: + pop %rdx + pop %rcx + pop %rbx + pop %rax +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + + ret +ENDPROC(sev_adjust) diff --git a/arch/x86/include/uapi/asm/hyperv.h b/arch/x86/include/uapi/asm/hyperv.h index 9b1a918..8278161 100644 --- a/arch/x86/include/uapi/asm/hyperv.h +++ b/arch/x86/include/uapi/asm/hyperv.h @@ -3,6 +3,8 @@ #include +#ifndef __ASSEMBLY__ + /* * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent * is set by CPUID(HvCpuIdFunctionVersionAndFeatures). @@ -363,4 +365,6 @@ struct hv_timer_message_payload { #define HV_STIMER_AUTOENABLE (1ULL << 3) #define HV_STIMER_SINT(config) (__u8)(((config) >> 16) & 0x0F) +#endif /* __ASSEMBLY__ */ + #endif diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index 67dd610f..5788561 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -26,6 +26,8 @@ #define KVM_FEATURE_PV_UNHALT 7 #define KVM_FEATURE_SEV 8 +#ifndef __ASSEMBLY__ + /* The last 8 bits are used to indicate how to interpret the flags field * in pvclock structure. If no bits are set, all flags are ignored. */ @@ -98,5 +100,6 @@ struct kvm_vcpu_pv_apf_data { #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK #define KVM_PV_EOI_DISABLED 0x0 +#endif /* __ASSEMBLY__ */ #endif /* _UAPI_ASM_X86_KVM_PARA_H */ diff --git a/arch/x86/kernel/mem_encrypt.S b/arch/x86/kernel/mem_encrypt.S index 6a8cd18..78fc608 100644 --- a/arch/x86/kernel/mem_encrypt.S +++ b/arch/x86/kernel/mem_encrypt.S @@ -17,11 +17,47 @@ #include #include #include +#include .text .code64 ENTRY(sme_enable) #ifdef CONFIG_AMD_MEM_ENCRYPT + /* Check if running under a hypervisor */ + movl $0x40000000, %eax + cpuid + cmpl $0x40000001, %eax + jb .Lno_hyp + + movl $0x40000001, %eax + cpuid + bt $KVM_FEATURE_SEV, %eax + jnc .Lno_mem_encrypt + + /* + * Check for memory encryption feature: + * CPUID Fn8000_001F[EAX] - Bit 0 + */ + movl $0x8000001f, %eax + cpuid + bt $0, %eax + jnc .Lno_mem_encrypt + + /* + * Get memory encryption information: + * CPUID Fn8000_001F[EBX] - Bits 5:0 + * Pagetable bit position used to indicate encryption + */ + movl %ebx, %ecx + andl $0x3f, %ecx + jz .Lno_mem_encrypt + bts %ecx, sme_me_mask(%rip) + + /* Indicate that SEV is active */ + movl $1, sev_active(%rip) + jmp .Lmem_encrypt_exit + +.Lno_hyp: /* Check for AMD processor */ xorl %eax, %eax cpuid