Re: [PATCH v4 0/9] x86/sev: KEXEC/KDUMP support for SEV-ES guests

On 3/12/24 10:16, Vasant Karasulli wrote: On Di 12-03-24 09:04:13, Tom Lendacky wrote: On 3/11/24 15:32, Vasant k wrote: Hi Tom, Right, it just escaped my mind that the SNP uses the secrets page to hand over APs to the next stage. I will correct that in the next Not quite

Re: [PATCH v4 0/9] x86/sev: KEXEC/KDUMP support for SEV-ES guests

On 3/11/24 15:32, Vasant k wrote: Hi Tom, Right, it just escaped my mind that the SNP uses the secrets page to hand over APs to the next stage. I will correct that in the next Not quite... The MADT table lists the APs and the GHCB AP Create NAE event is used to start the APs.

Re: [PATCH v4 0/9] x86/sev: KEXEC/KDUMP support for SEV-ES guests

On 3/11/24 11:17, Vasant Karasulli wrote: From: Vasant Karasulli Hi, Hi Vasant, The SNP guest support has been incorporated in the kernel since this patchset was originally presented. SNP also is considered a guest with encrypted state (CC_ATTR_GUEST_STATE_ENCRYPT will return true), but

Re: [PATCH 2/2] x86/snp: Convert shared memory back to private on kexec

On 2/22/24 04:50, Kirill A. Shutemov wrote: On Wed, Feb 21, 2024 at 02:35:13PM -0600, Tom Lendacky wrote: @@ -906,6 +917,206 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end) set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); } +static inline bool pte_decrypted(pte_t

Re: [PATCH 2/2] x86/snp: Convert shared memory back to private on kexec

On 2/19/24 19:18, Ashish Kalra wrote: From: Ashish Kalra SNP guests allocate shared buffers to perform I/O. It is done by allocating pages normally from the buddy allocator and converting them to shared with set_memory_decrypted(). The second kernel has no idea what memory is converted this

Re: kexec reboot failed due to commit 75d090fd167ac

On 9/11/23 10:53, Kirill A. Shutemov wrote: On Mon, Sep 11, 2023 at 10:33:01AM -0500, Tom Lendacky wrote: On 9/11/23 09:57, Kirill A. Shutemov wrote: On Mon, Sep 11, 2023 at 10:56:36PM +0800, Dave Young wrote: early console in extract_kernel input_data: 0x00807eb433a8 input_len

Re: kexec reboot failed due to commit 75d090fd167ac

On 9/11/23 09:57, Kirill A. Shutemov wrote: On Mon, Sep 11, 2023 at 10:56:36PM +0800, Dave Young wrote: early console in extract_kernel input_data: 0x00807eb433a8 input_len: 0x00d26271 output: 0x00807b00 output_len: 0x04800c10 kernel_total_size: 0x03e28000

Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel

out how to map page accesses earlier through the boot_page_fault IDT routine, this seems reasonable. Acked-by: Tom Lendacky --- From: "Borislav Petkov (AMD)" Date: Sun, 16 Jul 2023 20:22:20 +0200 Subject: [PATCH] x86/sev: Do not try to parse for the CC blob on non-AMD hardwar

Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for kexec kernel

On 7/7/23 03:22, Joerg Roedel wrote: On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote: I am wondering why we don't detect the cpu type and return early inside sev_enable() if it's Intel cpu. We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be executed or not because

Re: [PATCH v3 5/8] x86/sme: Replace occurrences of sme_active() with cc_platform_has()

On 9/24/21 4:51 AM, Borislav Petkov wrote: On Fri, Sep 24, 2021 at 12:41:32PM +0300, Kirill A. Shutemov wrote: On Thu, Sep 23, 2021 at 08:21:03PM +0200, Borislav Petkov wrote: On Thu, Sep 23, 2021 at 12:05:58AM +0300, Kirill A. Shutemov wrote: Unless we find other way to guarantee

Re: [PATCH v3 5/8] x86/sme: Replace occurrences of sme_active() with cc_platform_has()

On 9/21/21 4:58 PM, Kirill A. Shutemov wrote: On Tue, Sep 21, 2021 at 04:43:59PM -0500, Tom Lendacky wrote: On 9/21/21 4:34 PM, Kirill A. Shutemov wrote: On Tue, Sep 21, 2021 at 11:27:17PM +0200, Borislav Petkov wrote: On Wed, Sep 22, 2021 at 12:20:59AM +0300, Kirill A. Shutemov wrote: I

Re: [PATCH v3 5/8] x86/sme: Replace occurrences of sme_active() with cc_platform_has()

On 9/21/21 4:34 PM, Kirill A. Shutemov wrote: On Tue, Sep 21, 2021 at 11:27:17PM +0200, Borislav Petkov wrote: On Wed, Sep 22, 2021 at 12:20:59AM +0300, Kirill A. Shutemov wrote: I still believe calling cc_platform_has() from __startup_64() is totally broken as it lacks proper wrapping while

Re: [PATCH v3 5/8] x86/sme: Replace occurrences of sme_active() with cc_platform_has()

On 9/20/21 2:23 PM, Kirill A. Shutemov wrote: On Wed, Sep 08, 2021 at 05:58:36PM -0500, Tom Lendacky wrote: diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index 470b20208430..eff4d19f9cb4 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm

Re: [PATCH v3 0/8] Implement generic cc_platform_has() helper function

On 9/9/21 2:32 AM, Christian Borntraeger wrote: On 09.09.21 00:58, Tom Lendacky wrote: This patch series provides a generic helper function, cc_platform_has(), to replace the sme_active(), sev_active(), sev_es_active() and mem_encrypt_active() functions. It is expected that as new

Re: [PATCH v3 8/8] treewide: Replace the use of mem_encrypt_active() with cc_platform_has()

On 9/9/21 2:25 AM, Christophe Leroy wrote: On 9/8/21 10:58 PM, Tom Lendacky wrote: diff --git a/arch/powerpc/include/asm/mem_encrypt.h b/arch/powerpc/include/asm/mem_encrypt.h index ba9dab07c1be..2f26b8fc8d29 100644 --- a/arch/powerpc/include/asm/mem_encrypt.h +++ b/arch/powerpc/include

[PATCH v3 0/8] Implement generic cc_platform_has() helper function

eader file to prevent build errors outside of x86. - Made amd_prot_guest_has() EXPORT_SYMBOL_GPL - Used amd_prot_guest_has() in place of checking sme_me_mask in the arch/x86/mm/mem_encrypt.c file. Tom Lendacky (8): x86/ioremap: Selectively build arch override encryption functions mm:

[PATCH v3 8/8] treewide: Replace the use of mem_encrypt_active() with cc_platform_has()

: Maxime Ripard Cc: Thomas Zimmermann Cc: VMware Graphics Cc: Joerg Roedel Cc: Will Deacon Cc: Dave Young Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Signed-off-by: Tom Lendacky --- arch

[PATCH v3 7/8] x86/sev: Replace occurrences of sev_es_active() with cc_platform_has()

Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel/sev.c | 6 +++--- arch/x86/mm/mem_encrypt.c | 14 -- arch/x86/realmode/init.c | 3 +-- 4 files changed, 8 insertions(+), 17 deletions(-) diff --git

[PATCH v3 6/8] x86/sev: Replace occurrences of sev_active() with cc_platform_has()

Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel/crash_dump_64.c| 4 +++- arch/x86/kernel/kvm.c | 3 ++- arch/x86/kernel/kvmclock.c | 4 ++-- arch/x86

[PATCH v3 5/8] x86/sme: Replace occurrences of sme_active() with cc_platform_has()

geared towards detecting if SME is active. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Joerg Roedel Cc: Will Deacon Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kexec.h | 2 +- arch/x86/include/asm

[PATCH v3 3/8] x86/sev: Add an x86 version of cc_platform_has()

Signed-off-by: Andi Kleen Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 1 + arch/x86/include/asm/mem_encrypt.h | 3 +++ arch/x86/kernel/Makefile | 3 +++ arch/x86/kernel

[PATCH v3 2/8] mm: Introduce a function to check for confidential computing features

to the code (e.g. if (sev_active() || tdx_active())). Co-developed-by: Andi Kleen Signed-off-by: Andi Kleen Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Tom Lendacky --- arch/Kconfig| 3 ++ include/linux/cc_platform.h

[PATCH v3 4/8] powerpc/pseries/svm: Add a powerpc version of cc_platform_has()

Signed-off-by: Tom Lendacky --- arch/powerpc/platforms/pseries/Kconfig | 1 + arch/powerpc/platforms/pseries/Makefile | 2 ++ arch/powerpc/platforms/pseries/cc_platform.c | 26 3 files changed, 29 insertions(+) create mode 100644 arch/powerpc/platforms/pseries

[PATCH v3 1/8] x86/ioremap: Selectively build arch override encryption functions

() is conditionally built as well, but requires a static inline version of it when CONFIG_AMD_MEM_ENCRYPT is not set. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 8

Re: [PATCH v2 04/12] powerpc/pseries/svm: Add a powerpc version of prot_guest_has()

On 8/19/21 4:55 AM, Christoph Hellwig wrote: > On Fri, Aug 13, 2021 at 11:59:23AM -0500, Tom Lendacky wrote: >> +static inline bool prot_guest_has(unsigned int attr) > > No reall need to have this inline. In fact I'd suggest we havea the > prototype in a common header so

Re: [PATCH v2 03/12] x86/sev: Add an x86 version of prot_guest_has()

On 8/19/21 4:52 AM, Christoph Hellwig wrote: > On Fri, Aug 13, 2021 at 11:59:22AM -0500, Tom Lendacky wrote: >> While the name suggests this is intended mainly for guests, it will >> also be used for host memory encryption checks in place of sme_active(). > > Which

Re: [PATCH v2 02/12] mm: Introduce a function to check for virtualization protection features

On 8/19/21 4:46 AM, Christoph Hellwig wrote: > On Fri, Aug 13, 2021 at 11:59:21AM -0500, Tom Lendacky wrote: >> +#define PATTR_MEM_ENCRYPT 0 /* Encrypted memory */ >> +#define PATTR_HOST_MEM_ENCRYPT 1 /* Host encrypted >>

Re: [PATCH v2 09/12] mm: Remove the now unused mem_encrypt_active() function

On 8/17/21 5:24 AM, Borislav Petkov wrote: > On Tue, Aug 17, 2021 at 12:22:33PM +0200, Borislav Petkov wrote: >> This one wants to be part of the previous patch. > > ... and the three following patches too - the treewide patch does a > single atomic :) replacement and that's it. Ok, I'll squash

Re: [PATCH v2 06/12] x86/sev: Replace occurrences of sev_active() with prot_guest_has()

On 8/17/21 5:02 AM, Borislav Petkov wrote: > On Fri, Aug 13, 2021 at 11:59:25AM -0500, Tom Lendacky wrote: >> diff --git a/arch/x86/kernel/machine_kexec_64.c >> b/arch/x86/kernel/machine_kexec_64.c >> index 8e7b517ad738..66ff788b79c9 100644 >> --- a/arch/x86/kernel/

Re: [PATCH v2 03/12] x86/sev: Add an x86 version of prot_guest_has()

On 8/15/21 9:39 AM, Borislav Petkov wrote: > On Sun, Aug 15, 2021 at 08:53:31AM -0500, Tom Lendacky wrote: >> It's not a cross-vendor thing as opposed to a KVM or other hypervisor >> thing where the family doesn't have to be reported as AMD or HYGON. > > What would be the

Re: [PATCH v2 05/12] x86/sme: Replace occurrences of sme_active() with prot_guest_has()

On 8/17/21 4:00 AM, Borislav Petkov wrote: > On Fri, Aug 13, 2021 at 11:59:24AM -0500, Tom Lendacky wrote: >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index edc67ddf065d..5635ca9a1fbe 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++

Re: [PATCH v2 04/12] powerpc/pseries/svm: Add a powerpc version of prot_guest_has()

On 8/17/21 3:35 AM, Borislav Petkov wrote: > On Fri, Aug 13, 2021 at 11:59:23AM -0500, Tom Lendacky wrote: >> Introduce a powerpc version of the prot_guest_has() function. This will >> be used to replace the powerpc mem_encrypt_active() implementation, so >> the implementatio

Re: [PATCH v2 03/12] x86/sev: Add an x86 version of prot_guest_has()

On 8/14/21 2:08 PM, Borislav Petkov wrote: On Fri, Aug 13, 2021 at 11:59:22AM -0500, Tom Lendacky wrote: diff --git a/arch/x86/include/asm/protected_guest.h b/arch/x86/include/asm/protected_guest.h new file mode 100644 index ..51e4eefd9542 --- /dev/null +++ b/arch/x86/include/asm

Re: [PATCH v2 02/12] mm: Introduce a function to check for virtualization protection features

On 8/14/21 1:32 PM, Borislav Petkov wrote: On Fri, Aug 13, 2021 at 11:59:21AM -0500, Tom Lendacky wrote: diff --git a/include/linux/protected_guest.h b/include/linux/protected_guest.h new file mode 100644 index ..43d4dde94793 --- /dev/null +++ b/include/linux/protected_guest.h

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 8/13/21 12:08 PM, Tom Lendacky wrote: On 8/12/21 5:07 AM, Kirill A. Shutemov wrote: On Wed, Aug 11, 2021 at 10:52:55AM -0500, Tom Lendacky wrote: On 8/11/21 7:19 AM, Kirill A. Shutemov wrote: On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: On 8/10/21 1:45 PM, Kuppuswamy

Re: [PATCH v2 00/12] Implement generic prot_guest_has() helper function

On 8/13/21 11:59 AM, Tom Lendacky wrote: This patch series provides a generic helper function, prot_guest_has(), to replace the sme_active(), sev_active(), sev_es_active() and mem_encrypt_active() functions. It is expected that as new protected virtualization technologies are added

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 8/12/21 5:07 AM, Kirill A. Shutemov wrote: On Wed, Aug 11, 2021 at 10:52:55AM -0500, Tom Lendacky wrote: On 8/11/21 7:19 AM, Kirill A. Shutemov wrote: On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: ... Looking at code

[PATCH v2 12/12] s390/mm: Remove the now unused mem_encrypt_active() function

ARCH_HAS_PROTECTED_GUEST is not set). Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Signed-off-by: Tom Lendacky --- arch/s390/include/asm/mem_encrypt.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/s390/include/asm/mem_encrypt.h b/arch/s390/include/asm/mem_encrypt.h

[PATCH v2 11/12] powerpc/pseries/svm: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Signed-off-by: Tom Lendacky --- arch/powerpc/include/asm/mem_encrypt.h | 5 - 1 file changed, 5 deletions(-) diff

[PATCH v2 10/12] x86/sev: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Reviewed-by: Joerg Roedel Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 5 - 1 file changed, 5 deletions

[PATCH v2 08/12] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

: Maxime Ripard Cc: Thomas Zimmermann Cc: VMware Graphics Cc: Joerg Roedel Cc: Will Deacon Cc: Dave Young Cc: Baoquan He Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c| 4 ++-- arch/x86/mm/ioremap.c | 4 ++-- arch/x86/mm/mem_encrypt.c | 5

[PATCH v2 00/12] Implement generic prot_guest_has() helper function

me_me_mask in the arch/x86/mm/mem_encrypt.c file. Tom Lendacky (12): x86/ioremap: Selectively build arch override encryption functions mm: Introduce a function to check for virtualization protection features x86/sev: Add an x86 version of prot_guest_has() powerpc/pseries/svm: Add a power

[PATCH v2 06/12] x86/sev: Replace occurrences of sev_active() with prot_guest_has()

, as required, to use PATTR_SEV. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Ard Biesheuvel Reviewed-by: Joerg Roedel Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel

[PATCH v2 02/12] mm: Introduce a function to check for virtualization protection features

. if (sev_active() || tdx_active())). Reviewed-by: Joerg Roedel Co-developed-by: Andi Kleen Signed-off-by: Andi Kleen Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Tom Lendacky --- arch/Kconfig| 3 +++ include/linux

[PATCH v2 04/12] powerpc/pseries/svm: Add a powerpc version of prot_guest_has()

Signed-off-by: Tom Lendacky --- arch/powerpc/include/asm/protected_guest.h | 30 ++ arch/powerpc/platforms/pseries/Kconfig | 1 + 2 files changed, 31 insertions(+) create mode 100644 arch/powerpc/include/asm/protected_guest.h diff --git a/arch/powerpc/include/asm

[PATCH v2 09/12] mm: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Reviewed-by: Joerg Roedel Signed-off-by: Tom Lendacky --- include/linux/mem_encrypt.h | 4 1 file changed, 4 deletions(-) diff --git a/include/linux/mem_encrypt.h b/include/linux

[PATCH v2 07/12] x86/sev: Replace occurrences of sev_es_active() with prot_guest_has()

of PATTR_GUEST_PROT_STATE can be updated, as required, to specifically use PATTR_SEV_ES. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel/sev.c | 6 +++--- arch/x86/mm/mem_encrypt.c | 7

[PATCH v2 05/12] x86/sme: Replace occurrences of sme_active() with prot_guest_has()

, as required, to use PATTR_SME. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Joerg Roedel Cc: Will Deacon Reviewed-by: Joerg Roedel Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kexec.h | 2 +- arch/x86

[PATCH v2 03/12] x86/sev: Add an x86 version of prot_guest_has()

Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 1 + arch/x86/include/asm/mem_encrypt.h | 2 ++ arch/x86/include/asm/protected_guest.h | 29 ++ arch/x86/mm/mem_encrypt.c | 25 ++ include/linux/protected_guest.h

[PATCH v2 01/12] x86/ioremap: Selectively build arch override encryption functions

() is conditionally built as well, but requires a static inline version of it when CONFIG_AMD_MEM_ENCRYPT is not set. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 8

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 8/11/21 7:19 AM, Kirill A. Shutemov wrote: > On Tue, Aug 10, 2021 at 02:48:54PM -0500, Tom Lendacky wrote: >> On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: >>> >>> >>> On 7/27/21 3:26 PM, Tom Lendacky wrote: >>>> diff --git a/arc

Re: [PATCH 01/11] mm: Introduce a function to check for virtualization protection features

On 8/11/21 9:53 AM, Kuppuswamy, Sathyanarayanan wrote: > On 7/27/21 3:26 PM, Tom Lendacky wrote: >> diff --git a/include/linux/protected_guest.h >> b/include/linux/protected_guest.h >> new file mode 100644 >> index ..f8ed7b72967b >> ---

Re: [PATCH RFC 0/2] dma-pool: allow user to disable atomic pool

On 8/10/21 9:23 PM, Baoquan He wrote: > On 08/10/21 at 03:52pm, Tom Lendacky wrote: >> On 8/5/21 1:54 AM, Baoquan He wrote: >>> On 06/24/21 at 11:47am, Robin Murphy wrote: >>>> On 2021-06-24 10:29, Baoquan He wrote: >>>>> On 06/24/21 at 08:4

Re: [PATCH RFC 0/2] dma-pool: allow user to disable atomic pool

On 8/5/21 1:54 AM, Baoquan He wrote: > On 06/24/21 at 11:47am, Robin Murphy wrote: >> On 2021-06-24 10:29, Baoquan He wrote: >>> On 06/24/21 at 08:40am, Christoph Hellwig wrote: So reduce the amount allocated. But the pool is needed for proper operation on systems with memory

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 8/10/21 1:45 PM, Kuppuswamy, Sathyanarayanan wrote: > > > On 7/27/21 3:26 PM, Tom Lendacky wrote: >> diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c >> index de01903c3735..cafed6456d45 100644 >> --- a/arch/x86/kernel/head64.c >> +++ b/arc

Re: [PATCH 00/11] Implement generic prot_guest_has() helper function

On 8/8/21 8:41 PM, Kuppuswamy, Sathyanarayanan wrote: > Hi Tom, > > On 7/27/21 3:26 PM, Tom Lendacky wrote: >> This patch series provides a generic helper function, prot_guest_has(), >> to replace the sme_active(), sev_active(), sev_es_active() and >> mem

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 8/2/21 7:42 AM, Christophe Leroy wrote: > > > Le 28/07/2021 à 00:26, Tom Lendacky a écrit : >> Replace occurrences of mem_encrypt_active() with calls to prot_guest_has() >> with the PATTR_MEM_ENCRYPT attribute. > > > What about > https://nam11.safelinks.pro

Re: [PATCH 06/11] x86/sev: Replace occurrences of sev_es_active() with prot_guest_has()

On 8/2/21 5:45 AM, Joerg Roedel wrote: > On Tue, Jul 27, 2021 at 05:26:09PM -0500, Tom Lendacky wrote: >> @@ -48,7 +47,7 @@ static void sme_sev_setup_real_mode(struct >> trampoline_header *th) >> if (prot_guest_has(PATTR_HOST_MEM_ENCRYPT)) >> th-&g

Re: [PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

On 7/30/21 5:34 PM, Sean Christopherson wrote: > On Tue, Jul 27, 2021, Tom Lendacky wrote: >> @@ -451,7 +450,7 @@ void __init mem_encrypt_free_decrypted_mem(void) >> * The unused memory range was mapped decrypted, change the encryption >> * attribute from decrypte

Re: [PATCH 02/11] x86/sev: Add an x86 version of prot_guest_has()

On 7/28/21 8:22 AM, Christoph Hellwig wrote: > On Tue, Jul 27, 2021 at 05:26:05PM -0500, Tom Lendacky via iommu wrote: >> Introduce an x86 version of the prot_guest_has() function. This will be >> used in the more generic x86 code to replace vendor specific calls like >&

Re: [PATCH 00/11] Implement generic prot_guest_has() helper function

On 7/27/21 5:26 PM, Tom Lendacky wrote: > This patch series provides a generic helper function, prot_guest_has(), > to replace the sme_active(), sev_active(), sev_es_active() and > mem_encrypt_active() functions. > > It is expected that as new protected virtualization technolog

[PATCH 10/11] powerpc/pseries/svm: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Signed-off-by: Tom Lendacky --- arch/powerpc/include/asm/mem_encrypt.h | 5 - 1 file changed, 5 deletions(-) diff

[PATCH 09/11] x86/sev: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 5 - 1 file changed, 5 deletions(-) diff --git a/arch/x86

[PATCH 08/11] mm: Remove the now unused mem_encrypt_active() function

The mem_encrypt_active() function has been replaced by prot_guest_has(), so remove the implementation. Signed-off-by: Tom Lendacky --- include/linux/mem_encrypt.h | 4 1 file changed, 4 deletions(-) diff --git a/include/linux/mem_encrypt.h b/include/linux/mem_encrypt.h index 5c4a18a91f89

[PATCH 07/11] treewide: Replace the use of mem_encrypt_active() with prot_guest_has()

: Maxime Ripard Cc: Thomas Zimmermann Cc: VMware Graphics Cc: Joerg Roedel Cc: Will Deacon Cc: Dave Young Cc: Baoquan He Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c| 4 ++-- arch/x86/mm/ioremap.c | 4 ++-- arch/x86/mm/mem_encrypt.c | 5

[PATCH 06/11] x86/sev: Replace occurrences of sev_es_active() with prot_guest_has()

of PATTR_GUEST_PROT_STATE can be updated, as required, to specifically use PATTR_SEV_ES. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel/sev.c | 6 +++--- arch/x86/mm/mem_encrypt.c | 7

[PATCH 05/11] x86/sev: Replace occurrences of sev_active() with prot_guest_has()

, as required, to use PATTR_SEV. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Ard Biesheuvel Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 2 -- arch/x86/kernel/crash_dump_64.c| 4 +++- arch/x86

[PATCH 04/11] x86/sme: Replace occurrences of sme_active() with prot_guest_has()

, as required, to use PATTR_SME. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: Andy Lutomirski Cc: Peter Zijlstra Cc: Joerg Roedel Cc: Will Deacon Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kexec.h | 2 +- arch/x86/include/asm/mem_encrypt.h

[PATCH 11/11] s390/mm: Remove the now unused mem_encrypt_active() function

ARCH_HAS_PROTECTED_GUEST is not set). Cc: Heiko Carstens Cc: Vasily Gorbik Cc: Christian Borntraeger Signed-off-by: Tom Lendacky --- arch/s390/include/asm/mem_encrypt.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/s390/include/asm/mem_encrypt.h b/arch/s390/include/asm/mem_encrypt.h

[PATCH 03/11] powerpc/pseries/svm: Add a powerpc version of prot_guest_has()

Signed-off-by: Tom Lendacky --- arch/powerpc/include/asm/protected_guest.h | 30 ++ arch/powerpc/platforms/pseries/Kconfig | 1 + 2 files changed, 31 insertions(+) create mode 100644 arch/powerpc/include/asm/protected_guest.h diff --git a/arch/powerpc/include/asm

[PATCH 02/11] x86/sev: Add an x86 version of prot_guest_has()

d-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 1 + arch/x86/include/asm/mem_encrypt.h | 2 ++ arch/x86/include/asm/protected_guest.h | 27 ++ arch/x86/mm/mem_encrypt.c | 25 +

[PATCH 01/11] mm: Introduce a function to check for virtualization protection features

. if (sev_active() || tdx_active())). Co-developed-by: Andi Kleen Signed-off-by: Andi Kleen Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Tom Lendacky --- arch/Kconfig| 3 +++ include/linux/protected_guest.h | 32

[PATCH 00/11] Implement generic prot_guest_has() helper function

Zijlstra Cc: Thomas Gleixner Cc: Thomas Zimmermann Cc: Vasily Gorbik Cc: VMware Graphics Cc: Will Deacon --- Patches based on: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master commit 79e920060fa7 ("Merge branch 'WIP/fixes'") Tom Lendacky (11): mm:

Re: [PATCH 04/12] x86/sev: Do not hardcode GHCB protocol version

On 7/21/21 9:20 AM, Joerg Roedel wrote: > From: Joerg Roedel > > Introduce the sev_get_ghcb_proto_ver() which will return the negotiated > GHCB protocol version and use it to set the version field in the GHCB. > > Signed-off-by: Joerg Roedel > --- > arch/x86/boot/compressed/sev.c | 5 + >

Re: [PATCH 3/4 V3] Remap the device table of IOMMU in encrypted manner for kdump

On 6/21/2018 3:39 AM, Baoquan He wrote: > On 06/21/18 at 01:42pm, lijiang wrote: >> 在 2018年06月21日 00:42, Tom Lendacky 写道: >>> On 6/16/2018 3:27 AM, Lianbo Jiang wrote: >>>> In kdump mode, it will copy the device table of IOMMU from the old >>>> device tab

Re: [PATCH 3/4 V3] Remap the device table of IOMMU in encrypted manner for kdump

On 6/16/2018 3:27 AM, Lianbo Jiang wrote: > In kdump mode, it will copy the device table of IOMMU from the old > device table, which is encrypted when SME is enabled in the first > kernel. So we must remap it in encrypted manner in order to be > automatically decrypted when we read. > >

Re: [PATCH 1/4 V3] Add a function(ioremap_encrypted) for kdump when AMD sme enabled

On 6/16/2018 3:27 AM, Lianbo Jiang wrote: > It is convenient to remap the old memory encrypted to the second > kernel by calling ioremap_encrypted(). > > Signed-off-by: Lianbo Jiang > --- > Some changes: > 1. remove the sme_active() check in __ioremap_caller(). > 2. put some logic into the

Re: [PATCH 0/2] support kdump for AMD secure memory encryption(sme)

On 5/20/2018 10:45 PM, lijiang wrote: > 在 2018年05月17日 21:45, lijiang 写道: >> 在 2018年05月15日 21:31, Tom Lendacky 写道: >>> On 5/14/2018 8:51 PM, Lianbo Jiang wrote: >>>> It is convenient to remap the old memory encrypted to the second kernel by >>>> calli

Re: [PATCH 2/2] support kdump when AMD secure memory encryption is active

On 5/14/2018 8:51 PM, Lianbo Jiang wrote: > When sme enabled on AMD server, we also need to support kdump. Because > the memory is encrypted in the first kernel, we will remap the old memory > encrypted to the second kernel(crash kernel), and sme is also enabled in > the second kernel, otherwise

Re: [PATCH 1/2] add a function(ioremap_encrypted) for kdump when AMD sme enabled.

On 5/14/2018 8:51 PM, Lianbo Jiang wrote: > It is convenient to remap the old memory encrypted to the second kernel > by calling ioremap_encrypted(). > > Signed-off-by: Lianbo Jiang > --- > arch/x86/include/asm/io.h | 2 ++ > arch/x86/mm/ioremap.c | 25

Re: [PATCH 0/2] support kdump for AMD secure memory encryption(sme)

On 5/14/2018 8:51 PM, Lianbo Jiang wrote: > It is convenient to remap the old memory encrypted to the second kernel by > calling ioremap_encrypted(). > > When sme enabled on AMD server, we also need to support kdump. Because > the memory is encrypted in the first kernel, we will remap the old

Re: kexec reboot fails with extra wbinvd introduced for AME SME

On 1/17/2018 8:29 PM, Dave Young wrote: > On 01/17/18 at 06:14pm, Linus Torvalds wrote: >> On Wed, Jan 17, 2018 at 5:47 PM, Dave Young wrote: >>> >>> It does not work with just once wbinvd(), and it only works with >>> removing the wbinvd() for me. Tom's new post works for me

Re: [PATCH] x86/mm: Rework wbinvd, hlt operation in stop_this_cpu()

On 1/17/2018 5:41 PM, Tom Lendacky wrote: > Some issues have been reported with the for loop in stop_this_cpu() that > issues the 'wbinvd; hlt' sequence. Reverting this sequence to halt() > has been shown to resolve the issue. > > However, the wbinvd is needed when running with S

[PATCH] x86/mm: Rework wbinvd, hlt operation in stop_this_cpu()

back to a halt sequence but use the native_halt() call. Cc: <sta...@vger.kernel.org> # 4.14.x Fixes: bba4ed011a52 ("x86/mm, kexec: Allow kexec to be used with SME") Reported-by: Dave Young <dyo...@redhat.com> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --

Re: kexec reboot fails with extra wbinvd introduced for AME SME

On 1/17/2018 2:01 PM, Tom Lendacky wrote: > On 1/17/2018 1:42 PM, Linus Torvalds wrote: >> On Tue, Jan 16, 2018 at 11:22 PM, Dave Young <dyo...@redhat.com> wrote: >>> >>> For the kexec reboot hang, if I remove the wbinvd in stop_this_cpu() >>> then kexe

Re: kexec reboot fails with extra wbinvd introduced for AME SME

On 1/17/2018 1:42 PM, Linus Torvalds wrote: > On Tue, Jan 16, 2018 at 11:22 PM, Dave Young wrote: >> >> For the kexec reboot hang, if I remove the wbinvd in stop_this_cpu() >> then kexec works fine. like this: > > Honestly, I think we should apply that patch regardless. > >

Re: kexec reboot fails with extra wbinvd introduced for AME SME

On 1/17/2018 1:22 AM, Dave Young wrote: > [Modify the subject since this is a new problem, original io vector > issue has been fixed with one commit from Thomas] > > Add more cc according to below old discussion: > https://lkml.org/lkml/2017/7/27/574 > > Tom, I'm not sure why you finally did not

[tip:x86/mm] x86/mm, kexec: Fix memory corruption with SME on successive kexecs

Commit-ID: 4e237903f95db585b976e7311de2bfdaaf0f6e31 Gitweb: http://git.kernel.org/tip/4e237903f95db585b976e7311de2bfdaaf0f6e31 Author: Tom Lendacky <thomas.lenda...@amd.com> AuthorDate: Fri, 28 Jul 2017 11:01:16 -0500 Committer: Ingo Molnar <mi...@kernel.org> CommitDate: Sun,

[PATCH v2 1/2] x86/mm, kexec: Fix memory corruption with SME on successive kexecs

location to the destination location to clear any possible cache entry conflicts. Cc: <kexec@lists.infradead.org> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/include/asm/kexec.h | 3 ++- arch/x86/kernel/machine_kexec_64.c | 3 ++- arch/x86/kernel/relocate

[PATCH v2 0/2] x86: Secure Memory Encryption (SME) fixes 2017-07-26

infradead.org> Changes since v1: - Patch #1: - Only issue wbinvd if SME is active - Patch #2: - Create a no encryption version of the PAGE_KERNEL protection type and use that in arch_apei_get_mem_attribute() - General comment and patch description clean up Tom Lendacky (2): x86/mm, k

Re: [PATCH v1 1/2] x86/mm, kexec: Fix memory corruption with SME on successive kexecs

On 7/27/2017 12:34 PM, Linus Torvalds wrote: On Thu, Jul 27, 2017 at 7:15 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote: I can #ifdef the wbinvd based on whether AMD_MEM_ENCRYPT is configured or not so that the wbinvd is avoided if not configured. I suspect an ifdef will be useless,

Re: [PATCH v1 1/2] x86/mm, kexec: Fix memory corruption with SME on successive kexecs

On 7/27/2017 2:17 AM, Ingo Molnar wrote: * Tom Lendacky <thomas.lenda...@amd.com> wrote: After issuing successive kexecs it was found that the SHA hash failed verification when booting the kexec'd kernel. When SME is enabled, the change from using pages that were marked encrypted

[PATCH v1 0/2] x86: Secure Memory Encryption (SME) fixes 2017-07-26

properties returned by arch_apei_get_mem_attribute() when SME is active --- This patch series is based off of the master branch of tip: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git master Commit 8333bcad393c ("Merge branch 'x86/asm'") Cc: <kexec@lists.infrad

[PATCH v1 1/2] x86/mm, kexec: Fix memory corruption with SME on successive kexecs

to the destination location to clear any possible cache entry conflicts. Cc: <kexec@lists.infradead.org> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/kernel/relocate_kernel_64.S | 7 +++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/relocate_kernel_64.S

Re: [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

On 7/18/2017 7:03 AM, Thomas Gleixner wrote: On Mon, 17 Jul 2017, Tom Lendacky wrote: This patch series provides support for AMD's new Secure Memory Encryption (SME) feature. SME can be used to mark individual pages of memory as encrypted through the page tables. A page of memory

[PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME

the encryption bit. This can cause random memory corruption when caches are flushed depending on which cacheline is written last. Cc: <kexec@lists.infradead.org> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> --- arch/x86/

[PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

now not be addressable. To prevent this, rely on BIOS to set the SYSCFG[MEME] bit and only then enable memory encryption support in the kernel. Tom Lendacky (38): x86: Document AMD Secure Memory Encryption (SME) x86/mm/pat: Set write-protect cache mode for full PAT support x86, mppars

Re: [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

On 7/11/2017 10:38 AM, Brian Gerst wrote: On Tue, Jul 11, 2017 at 11:02 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote: On 7/10/2017 11:58 PM, Brian Gerst wrote: On Mon, Jul 10, 2017 at 3:50 PM, Tom Lendacky <thomas.lenda...@amd.com> wrote: On 7/8/2017 7:57 AM, Brian

Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

On 7/11/2017 12:56 AM, Borislav Petkov wrote: On Tue, Jul 11, 2017 at 01:07:46AM -0400, Brian Gerst wrote: If I make the scattered feature support conditional on CONFIG_X86_64 (based on comment below) then cpu_has() will always be false unless CONFIG_X86_64 is enabled. So this won't need to be

Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

On 7/11/2017 12:07 AM, Brian Gerst wrote: On Mon, Jul 10, 2017 at 3:41 PM, Tom Lendacky <thomas.lenda...@amd.com> wrote: On 7/8/2017 7:50 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote: Update the CPU features to include

  1   2   3   4   >