[PATCH] ipmi: add of_device_id in MODULE_DEVICE_TABLE

Fix autoloading ipmi modules when using device tree. Signed-off-by: Brijesh Singh brijeshkumar.si...@amd.com --- drivers/char/ipmi/ipmi_si_intf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c index 8a45e92..cddc7b0 100644

[Internal PATCH] ipmi: add of_device_id in MODULE_DEVICE_TABLE

Fix autoloading ipmi modules when using device tree. Signed-off-by: Brijesh Singh brijeshkumar.si...@amd.com --- drivers/char/ipmi/ipmi_si_intf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c index 8a45e92..cddc7b0 100644

Re: [PATCH v2] EDAC: Add ARM64 EDAC

> So I checked the x86 code: the driver is always loaded as soon as the > hardware is there (looking at PCI device IDs from the on-chip > northbridge, for instance). The trick here is to have the Kconfig option > defaulting to "=n", so a kernel builder would have to explicitly enable > this.

Re: [PATCH v2] EDAC: Add ARM64 EDAC

Hi Mauro, On 10/21/2015 04:25 PM, Mauro Carvalho Chehab wrote: > Em Wed, 21 Oct 2015 15:41:37 -0500 > Brijesh Singh <brijeshkumar.si...@amd.com> escreveu: > >> Add support for Cortex A57 and A53 EDAC driver. >> >> Signed-off-by: Brijesh Singh <bri

Re: [PATCH] EDAC: Add AMD Seattle SoC EDAC

On 10/21/2015 05:01 AM, Andre Przywara wrote: > Hi, > > On 21/10/15 10:35, Borislav Petkov wrote: >> On Wed, Oct 21, 2015 at 09:55:43AM +0800, Hanjun Guo wrote: >>> So I think the meaning of those error register is the same, but the way >>> of handle it may different from SoCs, for single bit

Re: [PATCH v2] EDAC: Add ARM64 EDAC

Hi Andre, On 10/21/2015 06:52 PM, Andre Przywara wrote: > On 21/10/15 21:41, Brijesh Singh wrote: >> Add support for Cortex A57 and A53 EDAC driver. > > Hi Brijesh, > > thanks for the quick update! Some comments below. > >> >> Signed-off-by: Brijesh Sing

[PATCH v3] EDAC: Add ARM64 EDAC

Add support for Cortex A57 and A53 EDAC driver. Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> CC: robh...@kernel.org CC: pawel.m...@arm.com CC: mark.rutl...@arm.com CC: ijc+devicet...@hellion.org.uk CC: ga...@codeaurora.org CC: dougthomp...@xmission.com CC: b...@alien8.de CC

Re: [PATCH v3] EDAC: Add ARM64 EDAC

Thanks for review Steve. On 10/27/2015 02:08 PM, Stephen Boyd wrote: >> +config EDAC_CORTEX_ARM64 >> +tristate "ARM Cortex A57/A53" >> +depends on EDAC_MM_EDAC && ARM64 >> +default n > > n is the default so this can be removed. > noted >> +.driver = { >> +.name =

[PATCH v4] EDAC: Add ARM64 EDAC

Add support for Cortex A57 and A53 EDAC driver. Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> CC: robh...@kernel.org CC: pawel.m...@arm.com CC: mark.rutl...@arm.com CC: ijc+devicet...@hellion.org.uk CC: ga...@codeaurora.org CC: dougthomp...@xmission.com CC: b...@alien8.de CC

[PATCH v2] EDAC: Add ARM64 EDAC

Add support for Cortex A57 and A53 EDAC driver. Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> CC: robh...@kernel.org CC: pawel.m...@arm.com CC: mark.rutl...@arm.com CC: ijc+devicet...@hellion.org.uk CC: ga...@codeaurora.org CC: dougthomp...@xmission.com CC: b...@alien8.de CC

Re: [PATCH v4] EDAC: Add ARM64 EDAC

Hi Mark, >> + >> +Required properties: >> +- compatible: Should be "arm,cortex-a57-edac" or "arm,cortex-a53-edac" >> + >> +Example: >> +edac { >> +compatible = "arm,cortex-a57-edac"; >> +}; >> + > > This is insufficient for big.LITTLE, no interrupt is possible, and we >

Re: [PATCH v4] EDAC: Add ARM64 EDAC

Hi, >> I have looked at possibility of pushing correctable error logging in the >> firmware; but given current hardware limitation it seems like OS is the best >> place to implement it. Let me summaries the issues we are running into: >> >> * Correctable errors does not generate any interrupt: >>

[PATCH] EDAC: Add AMD Seattle SoC EDAC

Add support for the AMD Seattle SoC EDAC driver. Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> --- .../devicetree/bindings/edac/amd-seattle-edac.txt | 15 + drivers/edac/Kconfig | 6 + drivers/edac/Makefile

Re: [PATCH] EDAC: Add AMD Seattle SoC EDAC

On 10/20/2015 12:41 PM, Mark Rutland wrote: > On Tue, Oct 20, 2015 at 07:36:39PM +0200, Borislav Petkov wrote: >> On Tue, Oct 20, 2015 at 06:26:55PM +0100, Mark Rutland wrote: Btw, how much of this is implementing generic A57 functionality? >>> >>> The driver is entirely A57 generic. >>>

Re: [PATCH] EDAC: Add AMD Seattle SoC EDAC

; Noted. > On Mon, Oct 19, 2015 at 02:23:17PM -0500, Brijesh Singh wrote: >> Add support for the AMD Seattle SoC EDAC driver. >> >> Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> >> --- >> .../devicetree/bindings/edac/amd-seattle-edac.txt | 15 + >

Re: [PATCH] EDAC: Add AMD Seattle SoC EDAC

Hi Hanjun, Thanks for review. -Brijesh On 10/19/2015 09:21 PM, Hanjun Guo wrote: > Hi Brijesh, > > On 2015/10/20 3:23, Brijesh Singh wrote: >> Add support for the AMD Seattle SoC EDAC driver. >> >> Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com> &

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Arnd, On 02/05/2016 11:23 AM, Brijesh Singh wrote: > Hi, > >>> } >>> >>> Windows driver folks were okay to look at second resource field to map the >>> SGPIO register and program the >>> registers to blink the LEDs. I think as per AC

Re: [PATCH V2 09/12] dtb: amd: Add KCS device tree node

Hi, On 02/09/2016 10:00 AM, Arnd Bergmann wrote: > > The important part for interrupt/reg/... names is that you must use exactly > the > names that are listed in the binding. If there is no name in there, it's > better > not to add the name property. > > The other point is that "ipmi_kcs" is

Re: [PATCH V2 09/12] dtb: amd: Add KCS device tree node

Hi, On 02/09/2016 08:59 AM, Arnd Bergmann wrote: > On Monday 08 February 2016 11:59:14 Suravee Suthikulpanit wrote: >> + >> + ipmi_kcs: kcs@e001 { >> + status = "disabled"; >> + compatible = "ipmi-kcs"; >> +

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi, >> } >> >> Windows driver folks were okay to look at second resource field to map the >> SGPIO register and program the >> registers to blink the LEDs. I think as per ACPI spec, its legal to pass >> more than one block in resource >> template and since AML method is not mandatory for non

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Arnd, On 01/29/2016 03:22 PM, Arnd Bergmann wrote: > > For the ACPI case, I still think that an AML call from the AHCI driver > is the most logical solution. You mentioned that you believe that calling > into the AML interpreter up to 100 times per second is a noticeable > overhead, but I

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi, > > This is where we really need the ACPI maintainers to explain the > general policy for dealing with firmware updates. > > I would assume that adding the feature in a later firmware version > is a compatible change, and the feature is non-essential (the > device will work fine with the

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi, On 02/02/2016 08:08 AM, Arnd Bergmann wrote: > On Monday 01 February 2016 16:15:59 Brijesh Singh wrote: >>> >>> This is where we really need the ACPI maintainers to explain the >>> general policy for dealing with firmware updates. >>> >>> I

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Tejun, Ping ? -Brijesh On 01/14/2016 10:31 AM, Brijesh Singh wrote: > AMD Seattle SATA controller mostly conforms to AHCI interface with some > special register to control SGPIO interface. In the case of an AHCI > controller, the SGPIO feature is ideally implemented using the >

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Arnd, On 01/26/2016 06:17 AM, Arnd Bergmann wrote: > > I think it needs more work: The changelog describes it as a normal > driver, but based on the previous discussion, this is just a hack > to work around broken BIOS versions that can no longer be fixed in > the field, and there has not

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Tejun, On 03/17/2016 12:36 PM, Arnd Bergmann wrote: > On Wednesday 16 March 2016 14:07:13 Tejun Heo wrote: >> Hello, Arnd. >> >> On Mon, Feb 01, 2016 at 09:14:17PM +0100, Arnd Bergmann wrote: I am not debating on your AML call recommendation, it sounds like a good idea however BIOS

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Tejun, On 01/26/2016 03:36 AM, Hans de Goede wrote: > Hi, > > On 25-01-16 21:43, Tejun Heo wrote: >> On Thu, Jan 14, 2016 at 10:31:11AM -0600, Brijesh Singh wrote: >>> AMD Seattle SATA controller mostly conforms to AHCI interface with some >>> special re

Re: [PATCH v2] ata: add AMD Seattle platform driver

Hi Matthias, > > Did you made any progress on the DT part? > I have not made much progress on DT part yet. > Regards, > Matthias

Re: [PATCH 1/2] crypto: move CCP device driver to misc

Hi Greg, On 01/19/2017 12:18 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:08:01PM -0500, Brijesh Singh wrote: The CCP device is part of the AMD Secure Processor, which is not dedicated solely to crypto. Move the CCP device driver to the misc directory in prepration for expanding the usage

Re: [PATCH 0/2] Introduce AMD Secure Processor device

Hi Greg, On 01/19/2017 12:21 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote: The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor, which is not dedicated solely to crypto. The AMD Secure Processor includes CCP and PSP (Platform Secure

[PATCH 0/2] Introduce AMD Secure Processor device

and Trusted Execution Environment (TEE) services provided by PSP device. http://marc.info/?l=linux-mm=147190938124206=2 Brijesh Singh (2): crypto: move CCP device driver to misc misc: amd-sp: introduce the AMD Secure Processor device drivers/crypto/Kconfig | 11

[PATCH 2/2] misc: amd-sp: introduce the AMD Secure Processor device

The CCP device is part of the AMD Secure Processor. In order to expand the usage of the AMD Secure Processor, create a framework that allows functional components of the AMD Secure Processor to be initialized and handled appropriately. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

Re: [PATCH 0/2] Introduce AMD Secure Processor device

On 01/20/2017 02:45 AM, Greg KH wrote: On Thu, Jan 19, 2017 at 02:03:12PM -0600, Brijesh Singh wrote: Hi Greg, On 01/19/2017 12:21 PM, Greg KH wrote: On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote: The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor

[RFC PATCH v1 20/28] KVM: SVM: prepare for SEV guest management API support

then initialize PSP firmware during hardware probe Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |9 ++ arch/x86/kvm/svm.c | 213 +++ 2 files changed, 221 insertions(+), 1 deletion(-) diff --git a/ar

[RFC PATCH v1 15/28] x86: Unroll string I/O when SEV is active

From: Tom Lendacky Secure Encrypted Virtualization (SEV) does not support string I/O, so unroll the string I/O operation into a loop operating on one element at a time. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 26

[RFC PATCH v1 10/28] x86: Change early_ioremap to early_memremap for BOOT data

From: Tom Lendacky Signed-off-by: Tom Lendacky --- arch/x86/kernel/acpi/boot.c |4 ++-- arch/x86/kernel/mpparse.c | 10 +- drivers/sfi/sfi_core.c |6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git

[RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver

The driver to communicate with Secure Encrypted Virtualization (SEV) firmware running within the AMD secure processor providing a secure key management interface for SEV guests. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>

[RFC PATCH v1 11/28] x86: Don't decrypt trampoline area if SEV is active

From: Tom Lendacky When Secure Encrypted Virtualization is active instruction fetches are always interpreted as being from encrypted memory so the trampoline area must remain encrypted when SEV is active. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 16/28] x86: Add support to determine if running with SEV enabled

From: Tom Lendacky Early in the boot process, add a check to determine if the kernel is running with Secure Encrypted Virtualization (SEV) enabled. If active, the kernel will perform steps necessary to insure the proper kernel initialization process is performed.

[RFC PATCH v1 06/28] KVM: SVM: Add SEV feature definitions to KVM

From: Tom Lendacky Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV). The kernel will check for the presence of this feature to determine if it is running with SEV active. Define the SEV enable bit for the VMCB control structure. The hypervisor will

[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)

memory with hypervisor for to support pvclock driver Brijesh Singh (11): crypto: add AMD Platform Security Processor driver KVM: SVM: prepare to reserve asid for SEV guest KVM: SVM: prepare for SEV guest management API support KVM: introduce KVM_SEV_ISSUE_CMD ioctl KVM

[RFC PATCH v1 26/28] KVM: SVM: add KVM_SEV_DEBUG_DECRYPT command

The command decrypts a page of guest memory for debugging purposes. For more information see [1], section 7.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 21/28] KVM: introduce KVM_SEV_ISSUE_CMD ioctl

, KVM_SEV_ISSUE_CMD, ); On SEV command failure, data.ret_code will contain the firmware error code. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |3 + arch/x86/kvm/x86.c | 13 include/uapi/linux/kvm.h

[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command

The command initate the process to launch this guest into SEV-enabled mode. For more information on command structure see [1], section 6.1 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)

memory with hypervisor for to support pvclock driver Brijesh Singh (11): crypto: add AMD Platform Security Processor driver KVM: SVM: prepare to reserve asid for SEV guest KVM: SVM: prepare for SEV guest management API support KVM: introduce KVM_SEV_ISSUE_CMD ioctl KVM

[RFC PATCH v1 03/28] kvm: svm: Use the hardware provided GPA instead of page walk

From: Tom Lendacky When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to a GPA. This is unnecessary most of the time on AMD hardware since the hardware provides the GPA in EXITINFO2. The only exception

[RFC PATCH v1 01/28] kvm: svm: Add support for additional SVM NPF error codes

From: Tom Lendacky AMD hardware adds two additional bits to aid in nested page fault handling. Bit 32 - NPF occurred while translating the guest's final physical address Bit 33 - NPF occurred while translating the guest page tables The guest page tables fault indicator

[RFC PATCH v1 13/28] iommu/amd: AMD IOMMU support for SEV

From: Tom Lendacky DMA must be performed to memory that is not mapped encrypted when running with SEV active. So if SEV is active, do not return the encryption mask to the IOMMU. Signed-off-by: Tom Lendacky --- arch/x86/mm/mem_encrypt.c |2

[RFC PATCH v1 08/28] Access BOOT related data encrypted with SEV active

From: Tom Lendacky When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as EFI related data) is encrypted and needs to be access as such. Update the architecture override in early_memremap to keep the encryption attribute when mapping this data.

[RFC PATCH v1 02/28] kvm: svm: Add kvm_fast_pio_in support

From: Tom Lendacky Update the I/O interception support to add the kvm_fast_pio_in function to speed up the in instruction similar to the out instruction. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h |1 +

[RFC PATCH v1 27/28] KVM: SVM: add KVM_SEV_DEBUG_ENCRYPT command

The command encrypts a region of guest memory for debugging purposes. For more information see [1], section 7.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 28/28] KVM: SVM: add command to query SEV API version

Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 4af195d..88b8f89 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5779,6 +5

[RFC PATCH v1 23/28] KVM: SVM: add SEV launch update command

The command is used for encrypting guest memory region. For more information see [1], section 6.2 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 25/28] KVM: SVM: add KVM_SEV_GUEST_STATUS command

The command is used to query the SEV guest status. For more information see [1], section 6.10 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 41 +

[RFC PATCH v1 24/28] KVM: SVM: add SEV_LAUNCH_FINISH command

The command is used for finializing the guest launch into SEV mode. For more information see [1], section 6.3 [1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c

[RFC PATCH v1 12/28] x86: DMA support for SEV memory encryption

From: Tom Lendacky DMA access to memory mapped as encrypted while SEV is active can not be encrypted during device write or decrypted during device read. In order for DMA to properly work when SEV is active, the swiotlb bounce buffers must be used. Signed-off-by: Tom

[RFC PATCH v1 04/28] x86: Secure Encrypted Virtualization (SEV) support

From: Tom Lendacky Provide support for Secure Encyrpted Virtualization (SEV). This initial support defines the SEV active flag in order for the kernel to determine if it is running with SEV active or not. Signed-off-by: Tom Lendacky ---

[RFC PATCH v1 14/28] x86: Don't set the SME MSR bit when SEV is active

From: Tom Lendacky When SEV is active the virtual machine cannot set the MSR for SME, so don't set the trampoline flag for SME. Signed-off-by: Tom Lendacky --- arch/x86/realmode/init.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

[RFC PATCH v1 05/28] KVM: SVM: prepare for new bit definition in nested_ctl

From: Tom Lendacky Currently the nested_ctl variable in the vmcb_control_area structure is used to indicate nested paging support. The nested paging support field is actually defined as bit 0 of the this field. In order to support a new feature flag the usage of the

Re: [RFC PATCH v1 00/28] x86: Secure Encrypted Virtualization (AMD)

Is there any production hardware supporting SEV? Which one? We are interested to do some test. SEV support is not available in production hardware's. SEV support will be available in future AMD hardware's. And, generally, I have a question about container protection. In white paper

[RFC PATCH v1 17/28] KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature

From: Tom Lendacky Modify the SVM cpuid update function to indicate if Secure Encrypted Virtualization (SEV) is active by setting the SEV KVM cpu features bit if SEV is active. SEV is active if Secure Memory Encryption is active in the host and the SEV_ENABLE bit of the

[RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active

From: Tom Lendacky EFI data is encrypted when the kernel is run under SEV. Update the page table references to be sure the EFI memory areas are accessed encrypted. Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 14

[RFC PATCH v1 07/28] x86: Do not encrypt memory areas if SEV is enabled

From: Tom Lendacky When running under SEV, some memory areas that were originally not encrypted under SME are already encrypted. In these situations do not attempt to encrypt them. Signed-off-by: Tom Lendacky --- arch/x86/kernel/head64.c |

[RFC PATCH v1 19/28] KVM: SVM: prepare to reserve asid for SEV guest

In current implementation, asid allocation starts from 1, this patch adds a min_asid variable in svm_vcpu structure to allow starting asid from something other than 1. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c |4 +++- 1 file changed, 3 insertions

[PATCH v2 1/3] kvm: svm: Add support for additional SVM NPF error codes

ked RO. It immediately unprotects the page and resumes the guest, leading to far fewer instruction emulations when nested virtualization is used. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si.

[PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |3 +++ arch/x86/include/asm/kvm_host.h|3 +++ arch/x86/kvm/svm.c |2 ++ arch/x86/kvm/x86.

[PATCH v2 0/3] x86: SVM: add additional SVM NPF error and use HW GPA

insertions(+), 7 deletions(-) -- Brijesh Singh

[PATCH v2 2/3] kvm: svm: Add kvm_fast_pio_in support

.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |1 + arch/x86/kvm/svm.c |5 +++-- arch/x86/kvm/x86.c | 43 +++ 3 files changed, 47 insertions(+), 2 deletions(-) diff --gi

[PATCH v1 0/3] x86: SVM: add additional SVM NPF error and use HW GPA

/kvm_host.h| 15 - arch/x86/kvm/mmu.c | 20 +++- arch/x86/kvm/svm.c | 16 +++--- arch/x86/kvm/x86.c | 60 +++- 5 files changed, 106 insertions(+), 8 deletions(-) -- Brijesh Singh

[PATCH v1 2/3] kvm: svm: Add kvm_fast_pio_in support

.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |1 + arch/x86/kvm/svm.c |5 +++-- arch/x86/kvm/x86.c | 43 +++ 3 files changed, 47 insertions(+), 2 deletions(-) diff --gi

[PATCH v1 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |3 +++ arch/x86/include/asm/kvm_host.h|3 +++ arch/x86/kvm/svm.c |9 - arch/x86/kvm/x86.

[PATCH v1 1/3] kvm: svm: Add support for additional SVM NPF error codes

ked RO. It immediately unprotects the page and resumes the guest, leading to far fewer instruction emulations when nested virtualization is used. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si.

[PATCH v1 1/3] kvm: svm: Add support for additional SVM NPF error codes

ked RO. It immediately unprotects the page and resumes the guest, leading to far fewer instruction emulations when nested virtualization is used. Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si.

[PATCH v1 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |3 +++ arch/x86/include/asm/kvm_host.h|3 +++ arch/x86/kvm/svm.c |9 - arch/x86/kvm/x86.

[PATCH v1 0/3] x86: SVM: add additional SVM NPF error and use HW GPA

changed, 106 insertions(+), 8 deletions(-) -- Brijesh Singh

[PATCH v1 2/3] kvm: svm: Add kvm_fast_pio_in support

.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h |1 + arch/x86/kvm/svm.c |5 +++-- arch/x86/kvm/x86.c | 43 +++ 3 files changed, 47 insertions(+), 2 deletions(-) diff --gi

Re: [PATCH v3] kvm: svm: Use the hardware provided GPA instead of page walk

On 11/29/2016 12:20 PM, Thomas Gleixner wrote: On Tue, 29 Nov 2016, Brijesh Singh wrote: --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -5483,3 +5483,11 @@ void emulator_writeback_register_cache(struct x86_emulate_ctxt *ctxt) { writeback_registers(ctxt); } + +bool

Re: [PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Paolo, On 12/08/2016 08:52 AM, Paolo Bonzini wrote: On 23/11/2016 18:02, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to a GPA. This is unnecessar

Re: [PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Paolo, On 12/08/2016 09:39 AM, Brijesh Singh wrote: Hi Paolo, On 12/08/2016 08:52 AM, Paolo Bonzini wrote: On 23/11/2016 18:02, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> When a guest causes a NPF which requires emulation, KVM sometimes walks the gues

Re: [PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Paolo, On 12/13/2016 11:09 AM, Paolo Bonzini wrote: On 12/12/2016 18:51, Brijesh Singh wrote: As per the AMD BKDG [1] Section 2.7.1, we should not be using any of these instruction for MMIO access, the behavior is undefined. The question is, do we really need to add logic to detect

[PATCH v3] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |1 + arch/x86/include/asm/kvm_host.h|3 ++ arch/x86/kvm/emulate.c | 20 +--- arch/x86/kvm/svm.

[PATCH v3] x86: SVM: Use the hardware provided GPA instead of page walk

changed, 57 insertions(+), 14 deletions(-) -- Brijesh Singh

Re: [PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

On 12/14/2016 11:23 AM, Paolo Bonzini wrote: On 14/12/2016 18:07, Brijesh Singh wrote: Since now we are going to perform multiple conditional checks before concluding that its safe to use HW provided GPA. How about if we add two functions "emulator_is_rep_stri

Re: [PATCH v2 3/3] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Paolo, On 12/09/2016 09:41 AM, Paolo Bonzini wrote: I am able to reproduce it on AMD HW using kvm-unit-tests. Looking at test, the initial thought is "push mem" has two operands (the memory being pushed and the stack pointer). The provided GPA could be either one of those. Aha, this

[PATCH v3] x86: SVM: Use the hardware provided GPA instead of page walk

/x86/kvm/x86.c | 44 5 files changed, 48 insertions(+), 10 deletions(-) -- Brijesh Singh

[PATCH v3] kvm: svm: Use the hardware provided GPA instead of page walk

.@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_emulate.h |1 + arch/x86/include/asm/kvm_host.h|3 ++ arch/x86/kvm/emulate.c |8 +++ arch/x86/kvm/svm.c

Re: [RFC PATCH v2 15/32] x86: Add support for changing memory encryption attribute in early boot

Hi Boris, On 03/24/2017 12:12 PM, Borislav Petkov wrote: } +static inline int __init early_set_memory_decrypted(void *addr, + unsigned long size) +{ + return 1; return 1 when !CONFIG_AMD_MEM_ENCRYPT ? The non-early

Re: [RFC PATCH v2 18/32] kvm: svm: Use the hardware provided GPA instead of page walk

Hi Boris, On 03/29/2017 10:14 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:16:05AM -0500, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> When a guest causes a NPF which requires emulation, KVM sometimes walks the guest page tables to translate the GVA to

Re: [RFC PATCH v2 32/32] x86: kvm: Pin the guest memory when SEV is active

On 03/16/2017 05:38 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: The SEV memory encryption engine uses a tweak such that two identical plaintexts at different location will have a different ciphertexts. So swapping or moving ciphertexts of two pages will not result

Re: [RFC PATCH v2 30/32] kvm: svm: Add support for SEV DEBUG_ENCRYPT command

On 03/16/2017 06:03 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: + data = (void *) get_zeroed_page(GFP_KERNEL); The page does not need to be zeroed, does it? No, we don't have to zero it. I will fix it. + + if ((len & 15) || (dst_addr

Re: [RFC PATCH v2 26/32] kvm: svm: Add support for SEV LAUNCH_UPDATE_DATA command

On 03/16/2017 05:48 AM, Paolo Bonzini wrote: On 02/03/2017 16:17, Brijesh Singh wrote: +static struct page **sev_pin_memory(unsigned long uaddr, unsigned long ulen, + unsigned long *n) +{ + struct page **pages; + int first, last; + unsigned

Re: [RFC PATCH v2 29/32] kvm: svm: Add support for SEV DEBUG_DECRYPT command

On 03/16/2017 05:54 AM, Paolo Bonzini wrote: On 02/03/2017 16:18, Brijesh Singh wrote: +static int __sev_dbg_decrypt_page(struct kvm *kvm, unsigned long src, + void *dst, int *error) +{ + inpages = sev_pin_memory(src, PAGE_SIZE, ); + if (!inpages

[RFC PATCH v2 11/32] x86: Unroll string I/O when SEV is active

From: Tom Lendacky Secure Encrypted Virtualization (SEV) does not support string I/O, so unroll the string I/O operation into a loop operating on one element at a time. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 26

[RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

From: Tom Lendacky Early in the boot process, add checks to determine if the kernel is running with Secure Encrypted Virtualization (SEV) active by issuing a CPUID instruction. During early compressed kernel booting, if SEV is active the pagetables are updated so that

[RFC PATCH v2 13/32] KVM: SVM: Enable SEV by setting the SEV_ENABLE CPU feature

From: Tom Lendacky Modify the SVM cpuid update function to indicate if Secure Encrypted Virtualization (SEV) is active in the guest by setting the SEV KVM CPU features bit. SEV is active if Secure Memory Encryption is enabled in the host and the SEV_ENABLE bit of the

[RFC PATCH v2 14/32] x86: mm: Provide support to use memblock when spliting large pages

in Secure Encrypted Virtualization (SEV) mode, where we may need to change the memory region attributes in early boot process. Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/mm/pageattr.c | 51 1 file changed, 42 insertions

Re: [RFC PATCH v2 01/32] x86: Add the Secure Encrypted Virtualization CPU feature

Hi Boris, On 03/03/2017 10:59 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:12:09AM -0500, Brijesh Singh wrote: From: Tom Lendacky <thomas.lenda...@amd.com> Update the CPU features to include identifying and reporting on the Secure Encrypted Virtualization (SEV) feature

Re: [RFC PATCH v2 00/32] x86: Secure Encrypted Virtualization (AMD)

Hi Bjorn, On 03/03/2017 02:33 PM, Bjorn Helgaas wrote: On Thu, Mar 02, 2017 at 10:12:01AM -0500, Brijesh Singh wrote: This RFC series provides support for AMD's new Secure Encrypted Virtualization (SEV) feature. This RFC is build upon Secure Memory Encryption (SME) RFCv4 [1]. What kernel

Re: [RFC PATCH v2 12/32] x86: Add early boot support when running with SEV active

Hi Boris and Paolo, On 03/09/2017 10:29 AM, Borislav Petkov wrote: On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote: This is not how you check if running under a hypervisor; you should check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn tells you if leaf

Re: [RFC PATCH v2 14/32] x86: mm: Provide support to use memblock when spliting large pages

Hi Boris, On 03/10/2017 05:06 AM, Borislav Petkov wrote: On Thu, Mar 02, 2017 at 10:15:15AM -0500, Brijesh Singh wrote: If kernel_maps_pages_in_pgd is called early in boot process to change the kernel_map_pages_in_pgd() memory attributes then it fails to allocate memory when spliting large

  1   2   3   4   5   6   7   8   9   10   >