| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tip-872cbefd2d9c52bd0b1e2c7942c4369e98a5a5ae@git.kernel.org>
Date: Tue, 18 Jul 2017 03:48:37 -0700
From: tip-bot for Tom Lendacky <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: thomas.lendacky@....com, hpa@...or.com, konrad.wilk@...cle.com,
riel@...hat.com, brijesh.singh@....com, rkrcmar@...hat.com,
dvyukov@...gle.com, peterz@...radead.org, dyoung@...hat.com,
arnd@...db.de, bp@...en8.de, mst@...hat.com,
linux-kernel@...r.kernel.org, matt@...eblueprint.co.uk,
torvalds@...ux-foundation.org, aryabinin@...tuozzo.com,
corbet@....net, toshi.kani@....com, luto@...nel.org,
pbonzini@...hat.com, glider@...gle.com, mingo@...nel.org,
lwoodman@...hat.com, tglx@...utronix.de
Subject: [tip:x86/mm] x86/cpu/AMD: Add the Secure Memory Encryption CPU
feature
Commit-ID: 872cbefd2d9c52bd0b1e2c7942c4369e98a5a5ae
Gitweb: http://git.kernel.org/tip/872cbefd2d9c52bd0b1e2c7942c4369e98a5a5ae
Author: Tom Lendacky <thomas.lendacky@....com>
AuthorDate: Mon, 17 Jul 2017 16:10:01 -0500
Committer: Ingo Molnar <mingo@...nel.org>
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/cpu/AMD: Add the Secure Memory Encryption CPU feature
Update the CPU features to include identifying and reporting on the
Secure Memory Encryption (SME) feature. SME is identified by CPUID
0x8000001f, but requires BIOS support to enable it (set bit 23 of
MSR_K8_SYSCFG). Only show the SME feature as available if reported by
CPUID, enabled by BIOS and not configured as CONFIG_X86_32=y.
Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Reviewed-by: Thomas Gleixner <tglx@...utronix.de>
Cc: Alexander Potapenko <glider@...gle.com>
Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brijesh Singh <brijesh.singh@....com>
Cc: Dave Young <dyoung@...hat.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Jonathan Corbet <corbet@....net>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
Cc: Larry Woodman <lwoodman@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Matt Fleming <matt@...eblueprint.co.uk>
Cc: Michael S. Tsirkin <mst@...hat.com>
Cc: Paolo Bonzini <pbonzini@...hat.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Radim Krčmář <rkrcmar@...hat.com>
Cc: Rik van Riel <riel@...hat.com>
Cc: Toshimitsu Kani <toshi.kani@....com>
Cc: kasan-dev@...glegroups.com
Cc: kvm@...r.kernel.org
Cc: linux-arch@...r.kernel.org
Cc: linux-doc@...r.kernel.org
Cc: linux-efi@...r.kernel.org
Cc: linux-mm@...ck.org
Link: http://lkml.kernel.org/r/85c17ff450721abccddc95e611ae8df3f4d9718b.1500319216.git.thomas.lendacky@amd.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 2 ++
arch/x86/kernel/cpu/amd.c | 19 +++++++++++++++++++
arch/x86/kernel/cpu/scattered.c | 1 +
4 files changed, 23 insertions(+)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index ca3c48c..14f0f29 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -196,6 +196,7 @@
#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
+#define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */
#define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index 5573c75..17f5c12 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -356,6 +356,8 @@
#define MSR_K8_TOP_MEM1 0xc001001a
#define MSR_K8_TOP_MEM2 0xc001001d
#define MSR_K8_SYSCFG 0xc0010010
+#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT 23
+#define MSR_K8_SYSCFG_MEM_ENCRYPT BIT_ULL(MSR_K8_SYSCFG_MEM_ENCRYPT_BIT)
#define MSR_K8_INT_PENDING_MSG 0xc0010055
/* C1E active bits in int pending message */
#define K8_INTP_C1E_ACTIVE_MASK 0x18000000
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index bb5abe8..5ccc7b2 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -611,6 +611,25 @@ static void early_init_amd(struct cpuinfo_x86 *c)
*/
if (cpu_has_amd_erratum(c, amd_erratum_400))
set_cpu_bug(c, X86_BUG_AMD_E400);
+
+ /*
+ * BIOS support is required for SME. If BIOS has not enabled SME
+ * then don't advertise the feature (set in scattered.c). Also,
+ * since the SME support requires long mode, don't advertise the
+ * feature under CONFIG_X86_32.
+ */
+ if (cpu_has(c, X86_FEATURE_SME)) {
+ if (IS_ENABLED(CONFIG_X86_32)) {
+ clear_cpu_cap(c, X86_FEATURE_SME);
+ } else {
+ u64 msr;
+
+ /* Check if SME is enabled */
+ rdmsrl(MSR_K8_SYSCFG, msr);
+ if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+ clear_cpu_cap(c, X86_FEATURE_SME);
+ }
+ }
}
static void init_amd_k8(struct cpuinfo_x86 *c)
diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c
index 23c2350..05459ad 100644
--- a/arch/x86/kernel/cpu/scattered.c
+++ b/arch/x86/kernel/cpu/scattered.c
@@ -31,6 +31,7 @@ static const struct cpuid_bit cpuid_bits[] = {
{ X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 },
{ X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 },
{ X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 },
+ { X86_FEATURE_SME, CPUID_EAX, 0, 0x8000001f, 0 },
{ 0, 0, 0, 0, 0 }
};
Powered by blists - more mailing lists