{"id":793298,"url":"http://patchwork.ozlabs.org/api/patches/793298/?format=json","web_url":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20170725102657.GD21822@nazgul.tnic/","project":{"id":2,"url":"http://patchwork.ozlabs.org/api/projects/2/?format=json","name":"Linux PPC development","link_name":"linuxppc-dev","list_id":"linuxppc-dev.lists.ozlabs.org","list_email":"linuxppc-dev@lists.ozlabs.org","web_url":"https://github.com/linuxppc/wiki/wiki","scm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git","webscm_url":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/","list_archive_url":"https://lore.kernel.org/linuxppc-dev/","list_archive_url_format":"https://lore.kernel.org/linuxppc-dev/{}/","commit_url_format":"https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}"},"msgid":"<20170725102657.GD21822@nazgul.tnic>","list_archive_url":"https://lore.kernel.org/linuxppc-dev/20170725102657.GD21822@nazgul.tnic/","date":"2017-07-25T10:26:57","name":"[RFC,Part1,v3,02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature","commit_ref":null,"pull_url":null,"state":"not-applicable","archived":false,"hash":"8bbe7a6228383b50c01a2060b5a6e59fb4263eb0","submitter":{"id":47897,"url":"http://patchwork.ozlabs.org/api/people/47897/?format=json","name":"Borislav Petkov","email":"bp@suse.de"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linuxppc-dev/patch/20170725102657.GD21822@nazgul.tnic/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/793298/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/793298/checks/","tags":{},"related":[],"headers":{"Return-Path":"<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>","X-Original-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Received":["from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xGvbj5SNnz9s4q\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 25 Jul 2017 20:28:49 +1000 (AEST)","from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3xGvbj4d73zDqpY\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 25 Jul 2017 20:28:49 +1000 (AEST)","from mx1.suse.de (mx2.suse.de [195.135.220.15])\n\t(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3xGvZR70PLzDqm4\n\tfor <linuxppc-dev@lists.ozlabs.org>;\n\tTue, 25 Jul 2017 20:27:43 +1000 (AEST)","from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254])\n\tby mx1.suse.de (Postfix) with ESMTP id 11571AE5F;\n\tTue, 25 Jul 2017 10:27:40 +0000 (UTC)"],"X-Virus-Scanned":"by amavisd-new at test-mx.suse.de","Date":"Tue, 25 Jul 2017 12:26:57 +0200","From":"Borislav Petkov <bp@suse.de>","To":"Brijesh Singh <brijesh.singh@amd.com>,\n\tTom Lendacky <thomas.lendacky@amd.com>","Subject":"Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted\n\tVirtualization CPU feature","Message-ID":"<20170725102657.GD21822@nazgul.tnic>","References":"<20170724190757.11278-1-brijesh.singh@amd.com>\n\t<20170724190757.11278-3-brijesh.singh@amd.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","Content-Transfer-Encoding":"8bit","In-Reply-To":"<20170724190757.11278-3-brijesh.singh@amd.com>","User-Agent":"Mutt/1.6.0 (2016-04-01)","X-BeenThere":"linuxppc-dev@lists.ozlabs.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"Linux on PowerPC Developers Mail List\n\t<linuxppc-dev.lists.ozlabs.org>","List-Unsubscribe":"<https://lists.ozlabs.org/options/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>","List-Archive":"<http://lists.ozlabs.org/pipermail/linuxppc-dev/>","List-Post":"<mailto:linuxppc-dev@lists.ozlabs.org>","List-Help":"<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>","List-Subscribe":"<https://lists.ozlabs.org/listinfo/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>","Cc":"linux-efi@vger.kernel.org, kvm@vger.kernel.org,\n\tRadim =?utf-8?B?S3LEjW3DocWZ?= <rkrcmar@redhat.com>,\n\tMatt Fleming <matt@codeblueprint.co.uk>,\n\tDavid Howells <dhowells@redhat.com>, \n\tPaul Mackerras <paulus@samba.org>, \"H . Peter Anvin\" <hpa@zytor.com>, \n\tChristoph Lameter <cl@linux.com>, Jonathan Corbet <corbet@lwn.net>,\n\tx86@kernel.org, Piotr Luc <piotr.luc@intel.com>,\n\tIngo Molnar <mingo@redhat.com>, Dave Airlie <airlied@redhat.com>,\n\tLaura Abbott <labbott@redhat.com>, Fenghua Yu <fenghua.yu@intel.com>, \n\tKees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,\n\tKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>,\n\tReza Arbab <arbab@linux.vnet.ibm.com>,\n\tAndy Lutomirski <luto@kernel.org>, \n\tThomas Gleixner <tglx@linutronix.de>, Tony Luck <tony.luck@intel.com>,\n\tArd Biesheuvel <ard.biesheuvel@linaro.org>,\n\tlinux-kernel@vger.kernel.org, \n\tEric Biederman <ebiederm@xmission.com>, Tejun Heo <tj@kernel.org>,\n\tPaolo Bonzini <pbonzini@redhat.com>,\n\tAndrew Morton <akpm@linux-foundation.org>, \n\tlinuxppc-dev@lists.ozlabs.org,\n\t\"Kirill A . Shutemov\" <kirill.shutemov@linux.intel.com>,\n\tLu Baolu <baolu.lu@linux.intel.com>","Errors-To":"linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org","Sender":"\"Linuxppc-dev\"\n\t<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>"},"content":"On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote:\n> From: Tom Lendacky <thomas.lendacky@amd.com>\n> \n> Update the CPU features to include identifying and reporting on the\n> Secure Encrypted Virtualization (SEV) feature.  SME is identified by\n> CPUID 0x8000001f, but requires BIOS support to enable it (set bit 23 of\n> MSR_K8_SYSCFG and set bit 0 of MSR_K7_HWCR).  Only show the SEV feature\n> as available if reported by CPUID and enabled by BIOS.\n> \n> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>\n> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>\n> ---\n>  arch/x86/include/asm/cpufeatures.h |  1 +\n>  arch/x86/include/asm/msr-index.h   |  2 ++\n>  arch/x86/kernel/cpu/amd.c          | 30 +++++++++++++++++++++++++-----\n>  arch/x86/kernel/cpu/scattered.c    |  1 +\n>  4 files changed, 29 insertions(+), 5 deletions(-)\n\n...\n\n> @@ -637,6 +642,21 @@ static void early_init_amd(struct cpuinfo_x86 *c)\n>  \t\t\tclear_cpu_cap(c, X86_FEATURE_SME);\n>  \t\t}\n>  \t}\n> +\n> +\tif (cpu_has(c, X86_FEATURE_SEV)) {\n> +\t\tif (IS_ENABLED(CONFIG_X86_32)) {\n> +\t\t\tclear_cpu_cap(c, X86_FEATURE_SEV);\n> +\t\t} else {\n> +\t\t\tu64 syscfg, hwcr;\n> +\n> +\t\t\t/* Check if SEV is enabled */\n> +\t\t\trdmsrl(MSR_K8_SYSCFG, syscfg);\n> +\t\t\trdmsrl(MSR_K7_HWCR, hwcr);\n> +\t\t\tif (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT) ||\n> +\t\t\t    !(hwcr & MSR_K7_HWCR_SMMLOCK))\n> +\t\t\t\tclear_cpu_cap(c, X86_FEATURE_SEV);\n> +\t\t}\n> +\t}\n\nLet's simplify this and read the MSRs only once. Diff ontop. Please\ncheck if I'm missing a case:\n\n---","diff":"diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c\nindex c413f04bdd41..79af07731ab1 100644\n--- a/arch/x86/kernel/cpu/amd.c\n+++ b/arch/x86/kernel/cpu/amd.c\n@@ -546,6 +546,48 @@ static void bsp_init_amd(struct cpuinfo_x86 *c)\n \t}\n }\n \n+static void early_detect_mem_enc(struct cpuinfo_x86 *c)\n+{\n+\tu64 syscfg, hwcr;\n+\n+\t/*\n+\t * BIOS support is required for SME and SEV.\n+\t *   For SME: If BIOS has enabled SME then adjust x86_phys_bits by\n+\t *\t      the SME physical address space reduction value.\n+\t *\t      If BIOS has not enabled SME then don't advertise the\n+\t *\t      SME feature (set in scattered.c).\n+\t *   For SEV: If BIOS has not enabled SEV then don't advertise the\n+\t *            SEV feature (set in scattered.c).\n+\t *\n+\t *   In all cases, since support for SME and SEV requires long mode,\n+\t *   don't advertise the feature under CONFIG_X86_32.\n+\t */\n+\tif (cpu_has(c, X86_FEATURE_SME) ||\n+\t    cpu_has(c, X86_FEATURE_SEV)) {\n+\n+\t\tif (IS_ENABLED(CONFIG_X86_32))\n+\t\t\tgoto clear;\n+\n+\t\t/* Check if SME is enabled */\n+\t\trdmsrl(MSR_K8_SYSCFG, syscfg);\n+\t\tif (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT))\n+\t\t\tgoto clear;\n+\n+\t\tc->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;\n+\n+\t\t/* Check if SEV is enabled */\n+\t\trdmsrl(MSR_K7_HWCR, hwcr);\n+\t\tif (!(hwcr & MSR_K7_HWCR_SMMLOCK))\n+\t\t\tgoto clear_sev;\n+\n+\t\treturn;\n+clear:\n+\t\tclear_cpu_cap(c, X86_FEATURE_SME);\n+clear_sev:\n+\t\tclear_cpu_cap(c, X86_FEATURE_SEV);\n+\t}\n+}\n+\n static void early_init_amd(struct cpuinfo_x86 *c)\n {\n \tu32 dummy;\n@@ -617,46 +659,8 @@ static void early_init_amd(struct cpuinfo_x86 *c)\n \tif (cpu_has_amd_erratum(c, amd_erratum_400))\n \t\tset_cpu_bug(c, X86_BUG_AMD_E400);\n \n-\t/*\n-\t * BIOS support is required for SME and SEV.\n-\t *   For SME: If BIOS has enabled SME then adjust x86_phys_bits by\n-\t *\t      the SME physical address space reduction value.\n-\t *\t      If BIOS has not enabled SME then don't advertise the\n-\t *\t      SME feature (set in scattered.c).\n-\t *   For SEV: If BIOS has not enabled SEV then don't advertise the\n-\t *            SEV feature (set in scattered.c).\n-\t *\n-\t *   In all cases, since support for SME and SEV requires long mode,\n-\t *   don't advertise the feature under CONFIG_X86_32.\n-\t */\n-\tif (cpu_has(c, X86_FEATURE_SME)) {\n-\t\tu64 msr;\n-\n-\t\t/* Check if SME is enabled */\n-\t\trdmsrl(MSR_K8_SYSCFG, msr);\n-\t\tif (msr & MSR_K8_SYSCFG_MEM_ENCRYPT) {\n-\t\t\tc->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;\n-\t\t\tif (IS_ENABLED(CONFIG_X86_32))\n-\t\t\t\tclear_cpu_cap(c, X86_FEATURE_SME);\n-\t\t} else {\n-\t\t\tclear_cpu_cap(c, X86_FEATURE_SME);\n-\t\t}\n-\t}\n+\tearly_detect_mem_enc(c);\n \n-\tif (cpu_has(c, X86_FEATURE_SEV)) {\n-\t\tif (IS_ENABLED(CONFIG_X86_32)) {\n-\t\t\tclear_cpu_cap(c, X86_FEATURE_SEV);\n-\t\t} else {\n-\t\t\tu64 syscfg, hwcr;\n-\n-\t\t\t/* Check if SEV is enabled */\n-\t\t\trdmsrl(MSR_K8_SYSCFG, syscfg);\n-\t\t\trdmsrl(MSR_K7_HWCR, hwcr);\n-\t\t\tif (!(syscfg & MSR_K8_SYSCFG_MEM_ENCRYPT) ||\n-\t\t\t    !(hwcr & MSR_K7_HWCR_SMMLOCK))\n-\t\t\t\tclear_cpu_cap(c, X86_FEATURE_SEV);\n-\t\t}\n-\t}\n }\n \n static void init_amd_k8(struct cpuinfo_x86 *c)\n","prefixes":["RFC","Part1","v3","02/17"]}