On 08/22/2016 07:36 AM, Bjorn Helgaas wrote:
Hi David & Omer,
On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
From: David Daney
Some hardware presents an incorrect SR-IOV Function Dependency Link,
add a function to allow this to be overridden in the PF
Hi David & Omer,
On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
> From: David Daney
>
> Some hardware presents an incorrect SR-IOV Function Dependency Link,
> add a function to allow this to be overridden in the PF driver for
> such devices.
>
>
From: Wei Yongjun
Fixes the following sparse warning:
drivers/crypto/chelsio/chcr_algo.c:593:5: warning:
symbol 'cxgb4_is_crypto_q_full' was not declared. Should it be static?
Signed-off-by: Wei Yongjun
---
drivers/crypto/chelsio/chcr_algo.c |
On Mon, Aug 22, 2016 at 07:49:09AM -0700, David Daney wrote:
> On 08/22/2016 07:36 AM, Bjorn Helgaas wrote:
> >Hi David & Omer,
> >
> >On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
> >>From: David Daney
> >>
> >>Some hardware presents an incorrect SR-IOV
From: Tom Lendacky
Early in the boot process, add a check to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) enabled. If active,
the kernel will perform steps necessary to insure the proper kernel
initialization process is performed.
From: Tom Lendacky
When Secure Encrypted Virtualization is active instruction fetches are
always interpreted as being from encrypted memory so the trampoline area
must remain encrypted when SEV is active.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/acpi/boot.c |4 ++--
arch/x86/kernel/mpparse.c | 10 +-
drivers/sfi/sfi_core.c |6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git
The patch adds initial support required for Secure Encrypted
Virtualization (SEV) guest management API's.
ASID management:
- Reserve asid range for SEV guest, SEV asid range is obtained
through CPUID Fn8000_001f[ECX]. A non-SEV guest can use any
asid outside the SEV asid range.
- SEV
The driver to communicate with Secure Encrypted Virtualization (SEV)
firmware running within the AMD secure processor providing a secure key
management interface for SEV guests.
Signed-off-by: Tom Lendacky
Signed-off-by: Brijesh Singh
---
The command initate the process to launch this guest into
SEV-enabled mode.
For more information on command structure see [1], section 6.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 212
From: Tom Lendacky
Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV).
The kernel will check for the presence of this feature to determine if
it is running with SEV active.
Define the SEV enable bit for the VMCB control structure. The hypervisor
will
From: Tom Lendacky
When SEV is active the virtual machine cannot set the MSR for SME, so
don't set the trampoline flag for SME.
Signed-off-by: Tom Lendacky
---
arch/x86/realmode/init.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
The ioctl will be used by qemu to issue the Secure Encrypted
Virtualization (SEV) guest commands to transition a guest into
into SEV-enabled mode.
a typical usage:
struct kvm_sev_launch_start start;
struct kvm_sev_issue_cmd data;
data.cmd = KVM_SEV_LAUNCH_START;
data.opaque =
ret = ioctl(fd,
The command is used for encrypting guest memory region.
For more information see [1], section 6.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 126
From: Tom Lendacky
AMD hardware adds two additional bits to aid in nested page fault handling.
Bit 32 - NPF occurred while translating the guest's final physical address
Bit 33 - NPF occurred while translating the guest page tables
The guest page tables fault indicator
From: Tom Lendacky
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to a GPA. This is unnecessary
most of the time on AMD hardware since the hardware provides the GPA in
EXITINFO2.
The only exception
This RFC series provides support for AMD's new Secure Encrypted
Virtualization (SEV) feature. This RFC is build upon Secure Memory
Encryption (SME) RFC.
SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. When enabled, SEV
The command is used to query the SEV guest status.
For more information see [1], section 6.10
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 41 +
1 file
The command encrypts a region of guest memory for debugging purposes.
For more information see [1], section 7.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 100
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4af195d..88b8f89 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5779,6 +5779,25 @@
From: Tom Lendacky
Provide support for Secure Encyrpted Virtualization (SEV). This initial
support defines the SEV active flag in order for the kernel to determine
if it is running with SEV active or not.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read. In order
for DMA to properly work when SEV is active, the swiotlb bounce buffers
must be used.
Signed-off-by: Tom
From: Tom Lendacky
Currently the nested_ctl variable in the vmcb_control_area structure is
used to indicate nested paging support. The nested paging support field
is actually defined as bit 0 of the this field. In order to support a new
feature flag the usage of the
From: Tom Lendacky
When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head64.c |
From: Tom Lendacky
Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active by setting the SEV KVM cpu features bit
if SEV is active. SEV is active if Secure Memory Encryption is active
in the host and the SEV_ENABLE bit of the
From: Tom Lendacky
EFI data is encrypted when the kernel is run under SEV. Update the
page table references to be sure the EFI memory areas are accessed
encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 14
In current implementation, asid allocation starts from 1, this patch
adds a min_asid variable in svm_vcpu structure to allow starting asid
from something other than 1.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c |4 +++-
1 file changed, 3 insertions(+), 1
The command decrypts a page of guest memory for debugging purposes.
For more information see [1], section 7.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 83
28 matches
Mail list logo