From patchwork Tue Jul 25 10:26:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 793298 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xGvbj5SNnz9s4q for ; Tue, 25 Jul 2017 20:28:49 +1000 (AEST) Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3xGvbj4d73zDqpY for ; Tue, 25 Jul 2017 20:28:49 +1000 (AEST) X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Received: from mx1.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3xGvZR70PLzDqm4 for ; Tue, 25 Jul 2017 20:27:43 +1000 (AEST) X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 11571AE5F; Tue, 25 Jul 2017 10:27:40 +0000 (UTC) Date: Tue, 25 Jul 2017 12:26:57 +0200 From: Borislav Petkov To: Brijesh Singh , Tom Lendacky Subject: Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature Message-ID: <20170725102657.GD21822@nazgul.tnic> References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-3-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20170724190757.11278-3-brijesh.singh@amd.com> User-Agent: Mutt/1.6.0 (2016-04-01) X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-efi@vger.kernel.org, kvm@vger.kernel.org, Radim =?utf-8?B?S3LEjW3DocWZ?= , Matt Fleming , David Howells , Paul Mackerras , "H . Peter Anvin" , Christoph Lameter , Jonathan Corbet , x86@kernel.org, Piotr Luc , Ingo Molnar , Dave Airlie , Laura Abbott , Fenghua Yu , Kees Cook , Arnd Bergmann , Konrad Rzeszutek Wilk , Reza Arbab , Andy Lutomirski , Thomas Gleixner , Tony Luck , Ard Biesheuvel , linux-kernel@vger.kernel.org, Eric Biederman , Tejun Heo , Paolo Bonzini , Andrew Morton , linuxppc-dev@lists.ozlabs.org, "Kirill A . Shutemov" , Lu Baolu Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote: > From: Tom Lendacky > > Update the CPU features to include identifying and reporting on the > Secure Encrypted Virtualization (SEV) feature. SME is identified by > CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of > MSR_K8_SYSCFG and set bit 0 of MSR_K7_HWCR). Only show the SEV feature > as available if reported by CPUID and enabled by BIOS. > > Signed-off-by: Tom Lendacky > Signed-off-by: Brijesh Singh > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/msr-index.h | 2 ++ > arch/x86/kernel/cpu/amd.c | 30 +++++++++++++++++++++++++----- > arch/x86/kernel/cpu/scattered.c | 1 + > 4 files changed, 29 insertions(+), 5 deletions(-) ... > @@ -637,6 +642,21 @@ static void early_init_amd(struct cpuinfo_x86 *c) > clear_cpu_cap(c, X86_FEATURE_SME); > } > } > + > + if (cpu_has(c, X86_FEATURE_SEV)) { > + if (IS_ENABLED(CONFIG_X86_32)) { > + clear_cpu_cap(c, X86_FEATURE_SEV); > + } else { > + u64 syscfg, hwcr; > + > + /* Check if SEV is enabled */ > + rdmsrl(MSR_K8_SYSCFG, syscfg); > + rdmsrl(MSR_K7_HWCR, hwcr); > + if (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT) || > + !(hwcr & MSR_K7_HWCR_SMMLOCK)) > + clear_cpu_cap(c, X86_FEATURE_SEV); > + } > + } Let's simplify this and read the MSRs only once. Diff ontop. Please check if I'm missing a case: diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index c413f04bdd41..79af07731ab1 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -546,6 +546,48 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) } } +static void early_detect_mem_enc(struct cpuinfo_x86 *c) +{ + u64 syscfg, hwcr; + + /* + * BIOS support is required for SME and SEV. + * For SME: If BIOS has enabled SME then adjust x86_phys_bits by + * the SME physical address space reduction value. + * If BIOS has not enabled SME then don't advertise the + * SME feature (set in scattered.c). + * For SEV: If BIOS has not enabled SEV then don't advertise the + * SEV feature (set in scattered.c). + * + * In all cases, since support for SME and SEV requires long mode, + * don't advertise the feature under CONFIG_X86_32. + */ + if (cpu_has(c, X86_FEATURE_SME) || + cpu_has(c, X86_FEATURE_SEV)) { + + if (IS_ENABLED(CONFIG_X86_32)) + goto clear; + + /* Check if SME is enabled */ + rdmsrl(MSR_K8_SYSCFG, syscfg); + if (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT)) + goto clear; + + c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f; + + /* Check if SEV is enabled */ + rdmsrl(MSR_K7_HWCR, hwcr); + if (!(hwcr & MSR_K7_HWCR_SMMLOCK)) + goto clear_sev; + + return; +clear: + clear_cpu_cap(c, X86_FEATURE_SME); +clear_sev: + clear_cpu_cap(c, X86_FEATURE_SEV); + } +} + static void early_init_amd(struct cpuinfo_x86 *c) { u32 dummy; @@ -617,46 +659,8 @@ static void early_init_amd(struct cpuinfo_x86 *c) if (cpu_has_amd_erratum(c, amd_erratum_400)) set_cpu_bug(c, X86_BUG_AMD_E400); - /* - * BIOS support is required for SME and SEV. - * For SME: If BIOS has enabled SME then adjust x86_phys_bits by - * the SME physical address space reduction value. - * If BIOS has not enabled SME then don't advertise the - * SME feature (set in scattered.c). - * For SEV: If BIOS has not enabled SEV then don't advertise the - * SEV feature (set in scattered.c). - * - * In all cases, since support for SME and SEV requires long mode, - * don't advertise the feature under CONFIG_X86_32. - */ - if (cpu_has(c, X86_FEATURE_SME)) { - u64 msr; - - /* Check if SME is enabled */ - rdmsrl(MSR_K8_SYSCFG, msr); - if (msr & MSR_K8_SYSCFG_MEM_ENCRYPT) { - c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f; - if (IS_ENABLED(CONFIG_X86_32)) - clear_cpu_cap(c, X86_FEATURE_SME); - } else { - clear_cpu_cap(c, X86_FEATURE_SME); - } - } + early_detect_mem_enc(c); - if (cpu_has(c, X86_FEATURE_SEV)) { - if (IS_ENABLED(CONFIG_X86_32)) { - clear_cpu_cap(c, X86_FEATURE_SEV); - } else { - u64 syscfg, hwcr; - - /* Check if SEV is enabled */ - rdmsrl(MSR_K8_SYSCFG, syscfg); - rdmsrl(MSR_K7_HWCR, hwcr); - if (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT) || - !(hwcr & MSR_K7_HWCR_SMMLOCK)) - clear_cpu_cap(c, X86_FEATURE_SEV); - } - } } static void init_amd_k8(struct cpuinfo_x86 *c)