Re: [PATCH 1/2] PCI/IOV: Add function to allow Function Dependency Link override.

On 08/22/2016 07:36 AM, Bjorn Helgaas wrote: Hi David & Omer, On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote: From: David Daney Some hardware presents an incorrect SR-IOV Function Dependency Link, add a function to allow this to be overridden in the PF

Re: [PATCH 1/2] PCI/IOV: Add function to allow Function Dependency Link override.

Hi David & Omer, On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote: > From: David Daney > > Some hardware presents an incorrect SR-IOV Function Dependency Link, > add a function to allow this to be overridden in the PF driver for > such devices. > >

[PATCH -next] chcr: Fix non static symbol warning

From: Wei Yongjun Fixes the following sparse warning: drivers/crypto/chelsio/chcr_algo.c:593:5: warning: symbol 'cxgb4_is_crypto_q_full' was not declared. Should it be static? Signed-off-by: Wei Yongjun --- drivers/crypto/chelsio/chcr_algo.c |

Re: [PATCH 1/2] PCI/IOV: Add function to allow Function Dependency Link override.

On Mon, Aug 22, 2016 at 07:49:09AM -0700, David Daney wrote: > On 08/22/2016 07:36 AM, Bjorn Helgaas wrote: > >Hi David & Omer, > > > >On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote: > >>From: David Daney > >> > >>Some hardware presents an incorrect SR-IOV

[RFC PATCH v1 16/28] x86: Add support to determine if running with SEV enabled

From: Tom Lendacky Early in the boot process, add a check to determine if the kernel is running with Secure Encrypted Virtualization (SEV) enabled. If active, the kernel will perform steps necessary to insure the proper kernel initialization process is performed.

[RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active

From: Tom Lendacky When Secure Encrypted Virtualization is active instruction fetches are always interpreted as being from encrypted memory so the trampoline area must remain encrypted when SEV is active. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 10/28] x86: Change early_ioremap to early_memremap for BOOT data

From: Tom Lendacky Signed-off-by: Tom Lendacky --- arch/x86/kernel/acpi/boot.c |4 ++-- arch/x86/kernel/mpparse.c | 10 +- drivers/sfi/sfi_core.c |6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git

[RFC PATCH v1 20/28] KVM: SVM: prepare for SEV guest management API support

The patch adds initial support required for Secure Encrypted Virtualization (SEV) guest management API's. ASID management: - Reserve asid range for SEV guest, SEV asid range is obtained through CPUID Fn8000_001f[ECX]. A non-SEV guest can use any asid outside the SEV asid range. - SEV

[RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver

The driver to communicate with Secure Encrypted Virtualization (SEV) firmware running within the AMD secure processor providing a secure key management interface for SEV guests. Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh ---

[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command

The command initate the process to launch this guest into SEV-enabled mode. For more information on command structure see [1], section 6.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 212

[RFC PATCH v1 06/28] KVM: SVM: Add SEV feature definitions to KVM

From: Tom Lendacky Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV). The kernel will check for the presence of this feature to determine if it is running with SEV active. Define the SEV enable bit for the VMCB control structure. The hypervisor will

[RFC PATCH v1 14/28] x86: Don't set the SME MSR bit when SEV is active

From: Tom Lendacky When SEV is active the virtual machine cannot set the MSR for SME, so don't set the trampoline flag for SME. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

[RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl

The ioctl will be used by qemu to issue the Secure Encrypted Virtualization (SEV) guest commands to transition a guest into into SEV-enabled mode. a typical usage: struct kvm_sev_launch_start start; struct kvm_sev_issue_cmd data; data.cmd = KVM_SEV_LAUNCH_START; data.opaque = ret = ioctl(fd,

[RFC PATCH v1 23/28] KVM: SVM: add SEV launch update command

The command is used for encrypting guest memory region. For more information see [1], section 6.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 126

[RFC PATCH v1 01/28] kvm: svm: Add support for additional SVM NPF error codes

From: Tom Lendacky AMD hardware adds two additional bits to aid in nested page fault handling. Bit 32 - NPF occurred while translating the guest's final physical address Bit 33 - NPF occurred while translating the guest page tables The guest page tables fault indicator

[RFC PATCH v1 03/28] kvm: svm: Use the hardware provided GPA instead of page walk

From: Tom Lendacky When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to a GPA. This is unnecessary most of the time on AMD hardware since the hardware provides the GPA in EXITINFO2. The only exception

[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)

This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. This RFC is build upon Secure Memory Encryption (SME) RFC. SEV is an extension to the AMD-V architecture which supports running multiple VMs under the control of a hypervisor. When enabled, SEV

[RFC PATCH v1 25/28] KVM: SVM: add KVM_SEV_GUEST_STATUS command

The command is used to query the SEV guest status. For more information see [1], section 6.10 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 41 + 1 file

[RFC PATCH v1 27/28] KVM: SVM: add KVM_SEV_DEBUG_ENCRYPT command

The command encrypts a region of guest memory for debugging purposes. For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 100

[RFC PATCH v1 28/28] KVM: SVM: add command to query SEV API version

Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 4af195d..88b8f89 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5779,6 +5779,25 @@

[RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support

From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 12/28] x86: DMA support for SEV memory encryption

From: Tom Lendacky DMA access to memory mapped as encrypted while SEV is active can not be encrypted during device write or decrypted during device read. In order for DMA to properly work when SEV is active, the swiotlb bounce buffers must be used. Signed-off-by: Tom

[RFC PATCH v1 05/28] KVM: SVM: prepare for new bit definition in nested_ctl

From: Tom Lendacky Currently the nested_ctl variable in the vmcb_control_area structure is used to indicate nested paging support. The nested paging support field is actually defined as bit 0 of the this field. In order to support a new feature flag the usage of the

[RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is enabled

From: Tom Lendacky When running under SEV, some memory areas that were originally not encrypted under SME are already encrypted. In these situations do not attempt to encrypt them. Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c |

[RFC PATCH v1 17/28] KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature

From: Tom Lendacky Modify the SVM cpuid update function to indicate if Secure Encrypted Virtualization (SEV) is active by setting the SEV KVM cpu features bit if SEV is active. SEV is active if Secure Memory Encryption is active in the host and the SEV_ENABLE bit of the

[RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 14

[RFC PATCH v1 19/28] KVM: SVM: prepare to reserve asid for SEV guest

In current implementation, asid allocation starts from 1, this patch adds a min_asid variable in svm_vcpu structure to allow starting asid from something other than 1. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c |4 +++- 1 file changed, 3 insertions(+), 1

[RFC PATCH v1 26/28] KVM: SVM: add KVM_SEV_DEBUG_DECRYPT command

The command decrypts a page of guest memory for debugging purposes. For more information see [1], section 7.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 83