| Message ID | 20240429151625.977884-6-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86: AMD CPUID handling improvements | expand |
On 4/29/24 5:16 PM, Andrew Cooper wrote: > For display purposes only right now. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Vaishali Thakkar <vaishali.thakkar@vates.tech> > --- > CC: Jan Beulich <JBeulich@suse.com> > CC: Roger Pau Monné <roger.pau@citrix.com> > CC: Stefano Stabellini <sstabellini@kernel.org> > CC: Xenia Ragiadakou <xenia.ragiadakou@amd.com> > CC: Sergiy Kibrik <Sergiy_Kibrik@epam.com> > CC: George Dunlap <george.dunlap@citrix.com> > CC: Andrei Semenov <andrei.semenov@vates.fr> > CC: Vaishali Thakkar <vaishali.thakkar@vates.tech> > > This is only half the work to get SEV working nicely. The other > half (rearranging __start_xen() so we can move the host policy collection > earlier) is still a work-in-progress. > --- > tools/misc/xen-cpuid.c | 3 +++ > xen/arch/x86/include/asm/cpufeature.h | 3 +++ > xen/include/public/arch-x86/cpufeatureset.h | 4 ++++ > xen/tools/gen-cpuid.py | 6 +++++- > 4 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c > index 0d01b0e797f1..1463e0429ba1 100644 > --- a/tools/misc/xen-cpuid.c > +++ b/tools/misc/xen-cpuid.c > @@ -281,6 +281,9 @@ static const char *const str_eAd[32] = > > static const char *const str_e1Fa[32] = > { > + [ 0] = "sme", [ 1] = "sev", > + /* 2 */ [ 3] = "sev-es", > + [ 4] = "sev-snp", > }; > > static const struct { > diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h > index b6fb8c24423c..732f0d2bf758 100644 > --- a/xen/arch/x86/include/asm/cpufeature.h > +++ b/xen/arch/x86/include/asm/cpufeature.h > @@ -230,6 +230,9 @@ static inline bool boot_cpu_has(unsigned int feat) > #define cpu_has_v_gif boot_cpu_has(X86_FEATURE_V_GIF) > #define cpu_has_v_spec_ctrl boot_cpu_has(X86_FEATURE_V_SPEC_CTRL) > > +/* CPUID level 0x8000001f.eax */ > +#define cpu_has_sev boot_cpu_has(X86_FEATURE_SEV) > + > /* Synthesized. */ > #define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON) > #define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING) > diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h > index 80d252a38c2d..7ee0f2329151 100644 > --- a/xen/include/public/arch-x86/cpufeatureset.h > +++ b/xen/include/public/arch-x86/cpufeatureset.h > @@ -374,6 +374,10 @@ XEN_CPUFEATURE(NPT_SSS, 18*32+19) /* NPT Supervisor Shadow Stacks * > XEN_CPUFEATURE(V_SPEC_CTRL, 18*32+20) /* Virtualised MSR_SPEC_CTRL */ > > /* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 19 */ > +XEN_CPUFEATURE(SME, 19*32+ 0) /* Secure Memory Encryption */ > +XEN_CPUFEATURE(SEV, 19*32+ 1) /* Secure Encryped VM */ > +XEN_CPUFEATURE(SEV_ES, 19*32+ 3) /* SEV Encrypted State */ > +XEN_CPUFEATURE(SEV_SNP, 19*32+ 4) /* SEV Secure Nested Paging */ > > #endif /* XEN_CPUFEATURE */ > > diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py > index f07b1f4cf905..bff4d9389ff6 100755 > --- a/xen/tools/gen-cpuid.py > +++ b/xen/tools/gen-cpuid.py > @@ -281,7 +281,7 @@ def crunch_numbers(state): > _3DNOW: [_3DNOWEXT], > > # The SVM bit enumerates the whole SVM leave. > - SVM: list(range(NPT, NPT + 32)), > + SVM: list(range(NPT, NPT + 32)) + [SEV], > > # This is just the dependency between AVX512 and AVX2 of XSTATE > # feature flags. If want to use AVX512, AVX2 must be supported and > @@ -341,6 +341,10 @@ def crunch_numbers(state): > > # The behaviour described by RRSBA depend on eIBRS being active. > EIBRS: [RRSBA], > + > + SEV: [SEV_ES], > + > + SEV_ES: [SEV_SNP], > } > > deep_features = tuple(sorted(deps.keys()))
On 29.04.2024 17:16, Andrew Cooper wrote: > For display purposes only right now. And limited to a narrow subset, presumably intentionally. > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Jan
diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c index 0d01b0e797f1..1463e0429ba1 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c @@ -281,6 +281,9 @@ static const char *const str_eAd[32] = static const char *const str_e1Fa[32] = { + [ 0] = "sme", [ 1] = "sev", + /* 2 */ [ 3] = "sev-es", + [ 4] = "sev-snp", }; static const struct { diff --git a/xen/arch/x86/include/asm/cpufeature.h b/xen/arch/x86/include/asm/cpufeature.h index b6fb8c24423c..732f0d2bf758 100644 --- a/xen/arch/x86/include/asm/cpufeature.h +++ b/xen/arch/x86/include/asm/cpufeature.h @@ -230,6 +230,9 @@ static inline bool boot_cpu_has(unsigned int feat) #define cpu_has_v_gif boot_cpu_has(X86_FEATURE_V_GIF) #define cpu_has_v_spec_ctrl boot_cpu_has(X86_FEATURE_V_SPEC_CTRL) +/* CPUID level 0x8000001f.eax */ +#define cpu_has_sev boot_cpu_has(X86_FEATURE_SEV) + /* Synthesized. */ #define cpu_has_arch_perfmon boot_cpu_has(X86_FEATURE_ARCH_PERFMON) #define cpu_has_cpuid_faulting boot_cpu_has(X86_FEATURE_CPUID_FAULTING) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h index 80d252a38c2d..7ee0f2329151 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h @@ -374,6 +374,10 @@ XEN_CPUFEATURE(NPT_SSS, 18*32+19) /* NPT Supervisor Shadow Stacks * XEN_CPUFEATURE(V_SPEC_CTRL, 18*32+20) /* Virtualised MSR_SPEC_CTRL */ /* AMD-defined CPU features, CPUID level 0x8000001f.eax, word 19 */ +XEN_CPUFEATURE(SME, 19*32+ 0) /* Secure Memory Encryption */ +XEN_CPUFEATURE(SEV, 19*32+ 1) /* Secure Encryped VM */ +XEN_CPUFEATURE(SEV_ES, 19*32+ 3) /* SEV Encrypted State */ +XEN_CPUFEATURE(SEV_SNP, 19*32+ 4) /* SEV Secure Nested Paging */ #endif /* XEN_CPUFEATURE */ diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py index f07b1f4cf905..bff4d9389ff6 100755 --- a/xen/tools/gen-cpuid.py +++ b/xen/tools/gen-cpuid.py @@ -281,7 +281,7 @@ def crunch_numbers(state): _3DNOW: [_3DNOWEXT], # The SVM bit enumerates the whole SVM leave. - SVM: list(range(NPT, NPT + 32)), + SVM: list(range(NPT, NPT + 32)) + [SEV], # This is just the dependency between AVX512 and AVX2 of XSTATE # feature flags. If want to use AVX512, AVX2 must be supported and @@ -341,6 +341,10 @@ def crunch_numbers(state): # The behaviour described by RRSBA depend on eIBRS being active. EIBRS: [RRSBA], + + SEV: [SEV_ES], + + SEV_ES: [SEV_SNP], } deep_features = tuple(sorted(deps.keys()))
For display purposes only right now. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Xenia Ragiadakou <xenia.ragiadakou@amd.com> CC: Sergiy Kibrik <Sergiy_Kibrik@epam.com> CC: George Dunlap <george.dunlap@citrix.com> CC: Andrei Semenov <andrei.semenov@vates.fr> CC: Vaishali Thakkar <vaishali.thakkar@vates.tech> This is only half the work to get SEV working nicely. The other half (rearranging __start_xen() so we can move the host policy collection earlier) is still a work-in-progress. --- tools/misc/xen-cpuid.c | 3 +++ xen/arch/x86/include/asm/cpufeature.h | 3 +++ xen/include/public/arch-x86/cpufeatureset.h | 4 ++++ xen/tools/gen-cpuid.py | 6 +++++- 4 files changed, 15 insertions(+), 1 deletion(-)