lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 24 Jun 2024 09:37:04 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: <linux-kernel@...r.kernel.org>, <x86@...nel.org>
CC: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
	Michael Roth <michael.roth@....com>, Ashish Kalra <ashish.kalra@....com>
Subject: [PATCH 0/7] Provide support for RMPREAD and a segmented RMP

This series adds SEV-SNP support for a new instruction to read an RMP
entry and for a segmented RMP table.

The RMPREAD instruction is used to return information related to an RMP
entry in an architecturally defined format.

RMPREAD support is detected via CPUID 0x8000001f_EAX[21].

Initial RMP table support required the RMP to be contiguous in memory.
RMP accesses from a NUMA node on which the RMP doesn't reside can take
longer than accesses from a NUMA node on which the RMP resides. Segmented
RMP support allows the RMP entries to be located on the node with the
memory the RMP is covering, resulting in quicker RMP accesses. Each RMP
segment covers a specific range of system memory.
This series adds SEV-SNP support for a segmented RMP table. The current
RMP table is required to be contiguous in memory. RMP accesses from a
NUMA node on which the RMP doesn't reside can take longer than accesses
from a NUMA node on which the RMP resides.

Segmented RMP support allows the RMP entries to be located on the node
with the memory the RMP is covering, resulting in quicker RMP accesses.
Each RMP segment covers a specific range of system memory.

Segmented RMP support is detected and established via CPUID and MSRs.

CPUID:
  - 0x8000001f_EAX[23]
    - Indicates support for segmented RMP

  - 0x80000025_EAX
    - [5:0]   : Minimum supported RMP segment size
    - [11:6]  : Maximum supported RMP segment size

  - 0x80000025_EBX
    - [9:0]   : Number of cacheable RMP segment definitions
    - [10]    : Indicates if the number of cacheable RMP segments is
                a hard limit

MSR:
  - 0xc0010132 (RMP_BASE)
    - Is identical to current RMP support

  - 0xc0010133 (RMP_END)
    - Should be in reset state if segment RMP support is active

      For kernels that do not support segmented RMP, being in reset
      state allows the kernel to disable SNP support if the non-segmented
      RMP has not been allocated.

  - 0xc0010136 (RMP_CFG)
    - [0]    : Indicates if segmented RMP is enabled
    - [13:8] : Contains the programmed RMP segment size (expressed
               as a power of 2)

The RMP segment size in the RMP_CFG applies to all segments of the RMP.

When a segmented RMP is enabled, RMP_BASE points to the RMP bookkeeping
area as it does today (16K in size). However, instead of RMP entries
beginning immediately after the bookkeeping area, there is a 4K RMP
segment table. Each entry in the table is 8-bytes in size:

  - [19:0]  : Mapped size (in GB)
              The mapped size can be less than the segment size
    [51:20] : Segment physical address
              This address is left shift 20-bits (or just masked when
              read) to form the full physical address of the segment
              (1MB alignment)

The series is based off of and tested against the tip tree:
  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master

  aedd5b6d65f7 ("Merge branch into tip/master: 'x86/percpu'")

---

Tom Lendacky (7):
  x86/sev: Prepare for using the RMPREAD instruction to access the RMP
  x86/sev: Add support for the RMPREAD instruction
  x86/sev: Require the RMPREAD instruction after Fam19h
  x86/sev: Move the SNP probe routine out of the way
  x86/sev: Map only the RMP table entries instead of the full RMP range
  x86/sev: Treat the contiguous RMP table as a single RMP segment
  x86/sev: Add full support for a segmented RMP table

 arch/x86/include/asm/cpufeatures.h |   2 +
 arch/x86/include/asm/msr-index.h   |   9 +-
 arch/x86/kernel/cpu/amd.c          |   3 +-
 arch/x86/virt/svm/sev.c            | 633 ++++++++++++++++++++++++-----
 4 files changed, 549 insertions(+), 98 deletions(-)

-- 
2.43.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ