From patchwork Thu Mar 2 15:14:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9600959 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4A65260429 for ; Thu, 2 Mar 2017 16:51:17 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3BF2426E97 for ; Thu, 2 Mar 2017 16:51:17 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 301B128112; Thu, 2 Mar 2017 16:51:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 860A026E97 for ; Thu, 2 Mar 2017 16:51:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751768AbdCBQuy (ORCPT ); Thu, 2 Mar 2017 11:50:54 -0500 Received: from mail-bl2nam02on0059.outbound.protection.outlook.com ([104.47.38.59]:40692 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751628AbdCBQuo (ORCPT ); Thu, 2 Mar 2017 11:50:44 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=CqoNCFdPxT0Oi6XZBGOx/bD4lBVwsS9HvmZFuYr86pA=; b=4vCMTpv9VfS7Z6gmo7CT1ECCisOZHPaRUDac5iavS4CVr8k/kUfoFHGPm12+s+lCX4fI8LrqeOFM2NjoCe3z6XMiHBPYgqPXipoqolQA704nUnDmePaycJi5Ll6YeRAEuF3bHVCMFPWv512jt56DOIxV5YazOQBsp5/7JHmt+ZE= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none; vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from [127.0.1.1] (165.204.77.1) by DM5PR12MB1611.namprd12.prod.outlook.com (10.172.40.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.12; Thu, 2 Mar 2017 15:14:51 +0000 Subject: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:14:48 -0500 Message-ID: <148846768878.2349.15757532025749214650.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR17CA0020.namprd17.prod.outlook.com (10.173.147.30) To DM5PR12MB1611.namprd12.prod.outlook.com (10.172.40.17) X-MS-Office365-Filtering-Correlation-Id: c469f946-c806-42da-3fe1-08d4617ee2aa X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM5PR12MB1611; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1611; 3:4h7WCNSPx67Mfoowx4OhOxuvMHbW21r3aUIJJlDLukVAKyn6fR84sAKqGkj2WivZu8qVkgECm9z+3ysF/69l/yC3tUPoV+36YAfVS5y2PLZyj0HNerSja9ity7xKR5OQeMvoWhwhdCI4VaFTzL3SmK0/3DexqAEQrYt/lmlou/TMuSflcwPUbKflb1BdENCDTIUERw7c1wE8Xja+9LNZlXhOU6EYZQKF/qIgk0fdesJeBqrknd888WqqNgM5mLWLXp6aX4VG3oVOhoRhk3T7x5tGiS6yQD6KA0A4LH9LuyM=; 25:4wjM4hsI1ZV3mvCVIRaOWhD7cCycs68/aQO67g5m53+jrZeG2hmGeKcfTeVrE4XhPwQOhxx+BiRVKUcF83SxtzCj8+VM5Np817AdijAMrOEyjcRnzgf3YIq8F1LSEI5ETB6DFu0z56WPqWnTyCCbVv0U7yADH8SpV2USo+yYE/4oypMBQjb/VGK5gXwlR5zdJz/OGFM4Dr8Iv3AlqKWrvfcMyRQlCgTUk0B5tR0Ks+ajRNsoQf98MRNUCj1jyeXblZ2etHEe/NrwZVqtM7AKde4HGOWzE3QDg6Pn+FK4jRu9xt+4TtbI3FQyxObN52xAR3jxVg+TaWNdTzP31NN9V+yXF0ZSVJc4jxY8xwMIonAFbcj5HXQnJlwTJZoVHzcm64IZac8W3E2HoNiLG0I7iparMlD7LZFuDO5NwnOgwiLlm/ojj/cSMjbHBmebYCkrMwfM5XM0SNo2AQgP5Uu1mA== X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1611; 31:RjoGn/RlstjUhUGzhMhOBX0x9UAqDNu98OAWTjVSD7Uci9CEWHV1AOsiXwWyi/9V839amE0KWbTu5DBuHJwiefwfFxOroY8/LrMjv503HDDdeycC2Djw1B6GlYikBxS/FKjb5fJmPIQS9cMO/VkHLHyDES8hwvZFFSXF4BcfejUw2dN6msfs93NguJ0LEE2NRSikFveoDPXYtBAo9Ss1INE3aht5GRQPZzDj+GJeg88=; 20:mtcWNRt2KTIfruyenGkymNw6ph2g63U9s6DTCEg6ahFsAnw0IPkDsNmDzeXDPicM8n1d6XcQVJ5Yew0XTrcJ8zjCbWGOA3GXkmBL0hNbwrwxoupwGZVWOdTVyU99Sf+NlVm2yntNo1OtHCULVe2V3WwcKFhdTmt7oXpjmPBOBSm1TtFDhkWGgbhrDuDv+cTAoNlDv2AnhGo0RVBAE4LfphBWK5swcJU18V9qq4FzFUBFcKeN8DbreCDiyq44d9kLmjnzYGmLVRJYZXq65LfXIvnaLxY4Dpg4Qap/IWv42epquivMDI+un3OxenYU50d4B/+Zr3RWdYK+IYNh9C+Cl87mmmIiBRJS7GjbxHw7uq+i/sfzAfhOL5rDt/qkDdg4gaOM4xZG8Oy2c5ub4Ski20VJS5pH258xVl3oGVCcS4DI7S02vwDsZVoT2SimjZlpAlt4NDkq3URpAjw6IWLjNuWiQxrIE6HiNkzbXk+N629sgexF1G6ILLiPhRoD9n8l X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123560025)(20161123558025)(20161123564025)(20161123562025)(6072148); SRVR:DM5PR12MB1611; BCL:0; PCL:0; RULEID:; SRVR:DM5PR12MB1611; X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1611; 4:lrysbal2Ro6/ShswQEu2BJCCXXvP96t4F0+X1rT/Ilh+FL1hc/Q6A/ivokMDu4f2c6RydaTN4uBb3hMUF71KAnDrSvYjiTwmekVFX4Efuw/sPjMAQr2gMUHym2ebiLblzmk8Qd8M5FsKFmLgEMVF/3tS2PiJ9DsByReB/AeiUtyvlhbpDC+ojehHlpB159Q1VR1phEgh7Ry951dnEwreTzP2N+fMxg3IHcuLgAnIb4Sfk55Asad8cccbKJpsPjRYKVMa3XeXiyRd4Qj46CmNnaioM9vFjt7cVZ9Go3AOrRRkPDKihws8scI2Y3E/KC74ZgyzMA+aputg/Kb+aCADMmTNkh7+oPtE1B7WkWHzeU/Zk4lbO0ncS4qGAGqvMWGNOz+FdDniNQFSd0HkYgrIcIakQ08QqU8g7jQoINDlmcqnTbXyAcSNbbcSIVfw0UyF1vBcj+jtbYrYL3ghZM5WO23ptEZd8y1IAhSUkTE8Wli/TEJUAzzaxWln8GgMpxOxERfCIH+do+0xtQI694pINqhJCHwgQC2SC3/MqaLRUf1bsdLjCRB4I3TpH8wy353clM0s/YD7eUuKlvRDugGFJug69ypv5KONyhbL+68JLxW/KYG7PdXWwoE8fim48klrduIi6Q9EpvXWWtqaQh166SnKdle7yWGHsUgjumKx2L4= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39850400002)(39840400002)(39450400003)(39410400002)(23676002)(50986999)(86362001)(42186005)(83506001)(54356999)(7736002)(7406005)(76176999)(2201001)(1191002)(33716001)(7366002)(7416002)(92566002)(305945005)(575784001)(66066001)(189998001)(47776003)(53936002)(33646002)(2950100002)(6666003)(50466002)(103116003)(25786008)(9686003)(3846002)(6116002)(90366009)(5660300001)(77096006)(230700001)(2906002)(6486002)(38730400002)(81166006)(8676002)(921003)(2101003)(217873001)(84006005)(83996005)(1121003); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR12MB1611; H:[127.0.1.1]; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTVQUjEyTUIxNjExOzIzOk9DTmsyQXlwS3dGQko2eDNnR3NzZTlmaHkw?= =?utf-8?B?QW1seTN3Uk1pZmlIOTVkR3dlaDNXeXErN001eWF5Q3ptUHRMZmhwa1huUndO?= =?utf-8?B?Z2JOcENjWmZEb3hqd3VTNHVRZlVUU0M0dDRZUTZWaFFvVjNkaVo5UVFLSTl5?= =?utf-8?B?aUJ5cUt2blBOc0htYzdBclNuVC9PcmgxbUxMS0hjVGluZ0hyWkxuWGVSNGxB?= =?utf-8?B?MEt2MEJiTklOZkNkd2hPVkowaTBUVkZPSkhHdWMwcEhTNHAva1VrVnVmV3dF?= =?utf-8?B?M2dVMW9vZElLT283RXdlc0xzSnF3VzRZMExGd2Y4akxsZm5HdVJ4anlpVUt6?= =?utf-8?B?VVhOdnVRTFFhY1F1bVhZcFpVYlFPNkFxN2Y2OWxUajZHaWo0cHVsUWJKQU55?= =?utf-8?B?QmtvTFRNelo3bGJzQ0VjM2NWK2o3Q1F2R0R1ME5PRFIvaDBNL3U2ZWc4TkdM?= =?utf-8?B?VGlBRVBBZWpnczZDMDc4Zm1BZ1lxVjVQUWpTdXptN0dvMmxjMFZEd2pUcC9D?= =?utf-8?B?OXAwYjNJVzF3bFBrS3ByV0h1KzFIN3B2citvbU81RGJ0ak1QL01wekY4b1RP?= =?utf-8?B?RWN1SlB0TWNhaFVnU1ovT1ZjZE05cHF0RTR5bmI0R3lnK1VwZGZCYWZZaHY3?= =?utf-8?B?SXcweEpBK3RBbDJZZE5xTTZTMGIzUHpSTTFYQWRLSHlnTG45QWxsdzVEdElL?= =?utf-8?B?dFk5Mk5PV093blZGcUVPQW5mdkVZOEQ2NWZyZ08vSDVzZytTeGZSQ3ZiWE9P?= =?utf-8?B?d0RBUHFwc3ZqVWpHVFAxOW1NZ2Vhc3BDbVBvWGN1TldFa2EvNHhnckx4dWpp?= =?utf-8?B?aXhUc0hSZlhUdEw0cmEyeDVKYnNhOUhQSUZYMGRya0s1VzVYUFhvNWNKNUlP?= =?utf-8?B?bTQxMmUveGpyVm5uYXJ4ZUNZWFhERU1VL3ppMWgwbERwUmZDUVFxZkNtYWpJ?= =?utf-8?B?YTQ5RG44MmFLSy9qTng0VSt4bzZvRno3WkpqYUxQSVRDd2hxQ3MzZzhpUWkz?= =?utf-8?B?QWx2TVFweW9nMHpJR1hqTytrZE5OeDllc2FENzdycWp3VWdKNGlUM1dLS3cv?= =?utf-8?B?UDJuQlJGbGRMZTJFWFJRZ0cxK1lnb1lKT081Nm9qNnN4MHhuRFhHejZKZ2g2?= =?utf-8?B?TFRxVlgwdDVGTjBCaTNsd1VjQTZ5VFVJelpEK2swMk9CaHR3L044RzUxTUFm?= =?utf-8?B?eFdIaUFja2ZnTjRQTEUwWDBjcWo0VEFvd2ZEWHhNNTJnWmdVVG5VZXozZURG?= =?utf-8?B?SXdOTFRxQjJqWFRFalBLZGlOd0xjbHFBWENwZzZ6bmxWM0dlYmxGSFQwZFVs?= =?utf-8?B?R2NGdDQyQTVoakdPZkRxZWVxRGpOR0R5eVBONmZ3amtMVGtYRmZjMGFZWDZZ?= =?utf-8?B?bmhBTk53N3ZiSDdhc0hoL0hEL0drYkpJbTVneHJ6MWs2dlMrRWpaZU5jNUNL?= =?utf-8?B?ek9iY3ROVDlRVGh6OGFWM2Q0emZOQjlwbXc1Y2RlQ2hzWDhxc1NLYXhvQ0Ju?= =?utf-8?B?dzVkRUFQTXRYcWJDRXU0a1NBd2UwZzg4a1lVTy9RVW84VkQxSDNoVElRTDl4?= =?utf-8?B?bEFrSmJNNlNEZTYyOHpETU9NOCtkUDZHSzR5QWYva2FhaUtFSjZaQlpZbmJi?= =?utf-8?B?MFFCbjRxbW94MEYyTXRNdndpUVE2UFBwN2hveXR0SFJWWmUrNk81c2tmMXFK?= =?utf-8?Q?zt1yae3bXRVtnfKf2j5zfrO4NPhedH4rj+l5tR3?= X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1611; 6:O/WlC0+KR3W3gTBY8yLj0qRVIT7seoVz2DMbZXufasFA/cAtmMS0w9O+DPjMcty9teg5f5LQuKoWRb1gI0DsoiVc9l0pyK9OQPcwTBom8K1HBRk5YMQGxCm3Hah+bB85vkcvjDY5FkUGx2SbNcxsaCbiP7pg3kczv3ffGTT1xOYqbWc6Kw1R0AQ5BF2IfXLPwOQK5M3edp+yk42DgMUkAaFkMoGm2fr6a4Gol3oLIqsyCOPrqQmWY/XE8A5zO5UMXFO7yxniXpm+0ef7m3NcrlsPHIJjwwQ8SGY4VV0Cb6Id3qmXHGM+4qP+tw1JBvqprDvV+nCR9Or6lkkhiLJSPhYD3AL/vua/34jl1Tvrl8Z2oTn2JGfOlhdx33xsMUHgaksXkgLt976GIWwOhUIRQtotbxrujX2RFc8ondzgLsA=; 5:wISBklLqn+SI5H5AV9F0ZvBj+xq/sLbK5faTbqH/IzU7CKZfVWGgB/49ytqGUlEhb3rGf0Spvizr0fd686h/ASLz4CLNWugR+WeQTZ6tvP9Mw6XWW1Hp00z+HCKz0mgByleE+Zv7Q9b3VhJLgmCqvA==; 24:nC59MtEV0sgqwP1cw+9FMxE5sndCRUXBvMmnw4BOVE/Yobgecvfnqu3tI9mJ9C6HJqzcdbXmSoojbKUyA0cuxRPaWA+NbZPgtIUFLhvHHcs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR12MB1611; 7:SDJk3PR8QKrIXajV+oI2Zx1PbzDV0o9C64XDsHD1rORifVcKL31Hy7muDzuMXd03abjs41MfZsH0IKYiUi0tsx/VLFZZj0WTp+foW4q2f4qJlV2mD2ybk9nzGj4NbJUiApqH3h8JYDgJCUljQQs7Fw1JGpGCFzQoAafv6Q9v3GabFqz2ZrnmtVpgQDTSMMpjigNbqoddQPwm1Rt8HzGhPLHbs+xKAveFV3aVh4vjq4owkUJ9TRD8JT2xdghQjetqlmCsH2Cd8y0+MWR16lMapC4XlySIDV3eooOFykCujJwvYbjxVydYU5p8jFIHrp7Xu/2xSsRdoQelEzw/aC88xA==; 20:VeKrbO4bAfgTIdIGd3JbnXNyrE+q21T9kX3b8nxYNtMSZkajjkc1l1Vm9PDAx6pzXa+wOxZmcMiWl4yTBoCEwzVOLinMLrCMSgZmwOmT9lcPNq1Owx7UHDKuW+qXxKjOpnnNv846bbp9i7H6TQe1pRQ4IspnmAcuVCpoSL5GnKpHqCXpl9uuZAygTFh/FCN8M0RQZ0VA+yd94CK2BmQZnkblzF11U3pu53VzxdV6jVCSavzma8/7pO/JdW7IuERr X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:14:51.8443 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR12MB1611 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tom Lendacky Early in the boot process, add checks to determine if the kernel is running with Secure Encrypted Virtualization (SEV) active by issuing a CPUID instruction. During early compressed kernel booting, if SEV is active the pagetables are updated so that data is accessed and decompressed with encryption. During uncompressed kernel booting, if SEV is the memory encryption mask is set and a flag is set to indicate that SEV is enabled. Signed-off-by: Tom Lendacky --- arch/x86/boot/compressed/Makefile | 2 + arch/x86/boot/compressed/head_64.S | 16 +++++++ arch/x86/boot/compressed/mem_encrypt.S | 75 ++++++++++++++++++++++++++++++++ arch/x86/include/uapi/asm/hyperv.h | 4 ++ arch/x86/include/uapi/asm/kvm_para.h | 3 + arch/x86/kernel/mem_encrypt_init.c | 24 ++++++++++ 6 files changed, 124 insertions(+) create mode 100644 arch/x86/boot/compressed/mem_encrypt.S diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 44163e8..51f9cd0 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -72,6 +72,8 @@ vmlinux-objs-y := $(obj)/vmlinux.lds $(obj)/head_$(BITS).o $(obj)/misc.o \ $(obj)/string.o $(obj)/cmdline.o $(obj)/error.o \ $(obj)/piggy.o $(obj)/cpuflags.o +vmlinux-objs-$(CONFIG_X86_64) += $(obj)/mem_encrypt.o + vmlinux-objs-$(CONFIG_EARLY_PRINTK) += $(obj)/early_serial_console.o vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/kaslr.o ifdef CONFIG_X86_64 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index d2ae1f8..625b5380 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -130,6 +130,19 @@ ENTRY(startup_32) /* * Build early 4G boot pagetable */ + /* + * If SEV is active set the encryption mask in the page tables. This + * will insure that when the kernel is copied and decompressed it + * will be done so encrypted. + */ + call sev_enabled + xorl %edx, %edx + testl %eax, %eax + jz 1f + subl $32, %eax /* Encryption bit is always above bit 31 */ + bts %eax, %edx /* Set encryption mask for page tables */ +1: + /* Initialize Page tables to 0 */ leal pgtable(%ebx), %edi xorl %eax, %eax @@ -140,12 +153,14 @@ ENTRY(startup_32) leal pgtable + 0(%ebx), %edi leal 0x1007 (%edi), %eax movl %eax, 0(%edi) + addl %edx, 4(%edi) /* Build Level 3 */ leal pgtable + 0x1000(%ebx), %edi leal 0x1007(%edi), %eax movl $4, %ecx 1: movl %eax, 0x00(%edi) + addl %edx, 0x04(%edi) addl $0x00001000, %eax addl $8, %edi decl %ecx @@ -156,6 +171,7 @@ ENTRY(startup_32) movl $0x00000183, %eax movl $2048, %ecx 1: movl %eax, 0(%edi) + addl %edx, 4(%edi) addl $0x00200000, %eax addl $8, %edi decl %ecx diff --git a/arch/x86/boot/compressed/mem_encrypt.S b/arch/x86/boot/compressed/mem_encrypt.S new file mode 100644 index 0000000..8313c31 --- /dev/null +++ b/arch/x86/boot/compressed/mem_encrypt.S @@ -0,0 +1,75 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +#include +#include +#include +#include + + .text + .code32 +ENTRY(sev_enabled) + xor %eax, %eax + +#ifdef CONFIG_AMD_MEM_ENCRYPT + push %ebx + push %ecx + push %edx + + /* Check if running under a hypervisor */ + movl $0x40000000, %eax + cpuid + cmpl $0x40000001, %eax + jb .Lno_sev + + movl $0x40000001, %eax + cpuid + bt $KVM_FEATURE_SEV, %eax + jnc .Lno_sev + + /* + * Check for memory encryption feature: + * CPUID Fn8000_001F[EAX] - Bit 0 + */ + movl $0x8000001f, %eax + cpuid + bt $0, %eax + jnc .Lno_sev + + /* + * Get memory encryption information: + * CPUID Fn8000_001F[EBX] - Bits 5:0 + * Pagetable bit position used to indicate encryption + */ + movl %ebx, %eax + andl $0x3f, %eax + movl %eax, sev_enc_bit(%ebp) + jmp .Lsev_exit + +.Lno_sev: + xor %eax, %eax + +.Lsev_exit: + pop %edx + pop %ecx + pop %ebx + +#endif /* CONFIG_AMD_MEM_ENCRYPT */ + + ret +ENDPROC(sev_enabled) + + .bss +sev_enc_bit: + .word 0 diff --git a/arch/x86/include/uapi/asm/hyperv.h b/arch/x86/include/uapi/asm/hyperv.h index 9b1a918..8278161 100644 --- a/arch/x86/include/uapi/asm/hyperv.h +++ b/arch/x86/include/uapi/asm/hyperv.h @@ -3,6 +3,8 @@ #include +#ifndef __ASSEMBLY__ + /* * The below CPUID leaves are present if VersionAndFeatures.HypervisorPresent * is set by CPUID(HvCpuIdFunctionVersionAndFeatures). @@ -363,4 +365,6 @@ struct hv_timer_message_payload { #define HV_STIMER_AUTOENABLE (1ULL << 3) #define HV_STIMER_SINT(config) (__u8)(((config) >> 16) & 0x0F) +#endif /* __ASSEMBLY__ */ + #endif diff --git a/arch/x86/include/uapi/asm/kvm_para.h b/arch/x86/include/uapi/asm/kvm_para.h index bc2802f..e81b74a 100644 --- a/arch/x86/include/uapi/asm/kvm_para.h +++ b/arch/x86/include/uapi/asm/kvm_para.h @@ -26,6 +26,8 @@ #define KVM_FEATURE_PV_UNHALT 7 #define KVM_FEATURE_SEV 8 +#ifndef __ASSEMBLY__ + /* The last 8 bits are used to indicate how to interpret the flags field * in pvclock structure. If no bits are set, all flags are ignored. */ @@ -100,5 +102,6 @@ struct kvm_vcpu_pv_apf_data { #define KVM_PV_EOI_ENABLED KVM_PV_EOI_MASK #define KVM_PV_EOI_DISABLED 0x0 +#endif /* __ASSEMBLY__ */ #endif /* _UAPI_ASM_X86_KVM_PARA_H */ diff --git a/arch/x86/kernel/mem_encrypt_init.c b/arch/x86/kernel/mem_encrypt_init.c index 35c5e3d..5d514e6 100644 --- a/arch/x86/kernel/mem_encrypt_init.c +++ b/arch/x86/kernel/mem_encrypt_init.c @@ -22,6 +22,7 @@ #include #include #include +#include static char sme_cmdline_arg_on[] __initdata = "mem_encrypt=on"; static char sme_cmdline_arg_off[] __initdata = "mem_encrypt=off"; @@ -232,6 +233,29 @@ unsigned long __init sme_enable(void *boot_data) void *cmdline_arg; u64 msr; + /* Check if running under a hypervisor */ + eax = 0x40000000; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (eax > 0x40000000) { + eax = 0x40000001; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (!(eax & BIT(KVM_FEATURE_SEV))) + goto out; + + eax = 0x8000001f; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (!(eax & 1)) + goto out; + + sme_me_mask = 1UL << (ebx & 0x3f); + sev_enabled = 1; + + goto out; + } + /* Check for an AMD processor */ eax = 0; ecx = 0;