Fix autoloading ipmi modules when using device tree.
Signed-off-by: Brijesh Singh brijeshkumar.si...@amd.com
---
drivers/char/ipmi/ipmi_si_intf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index 8a45e92..cddc7b0 100644
Fix autoloading ipmi modules when using device tree.
Signed-off-by: Brijesh Singh brijeshkumar.si...@amd.com
---
drivers/char/ipmi/ipmi_si_intf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index 8a45e92..cddc7b0 100644
> So I checked the x86 code: the driver is always loaded as soon as the
> hardware is there (looking at PCI device IDs from the on-chip
> northbridge, for instance). The trick here is to have the Kconfig option
> defaulting to "=n", so a kernel builder would have to explicitly enable
> this.
Hi Mauro,
On 10/21/2015 04:25 PM, Mauro Carvalho Chehab wrote:
> Em Wed, 21 Oct 2015 15:41:37 -0500
> Brijesh Singh <brijeshkumar.si...@amd.com> escreveu:
>
>> Add support for Cortex A57 and A53 EDAC driver.
>>
>> Signed-off-by: Brijesh Singh <bri
On 10/21/2015 05:01 AM, Andre Przywara wrote:
> Hi,
>
> On 21/10/15 10:35, Borislav Petkov wrote:
>> On Wed, Oct 21, 2015 at 09:55:43AM +0800, Hanjun Guo wrote:
>>> So I think the meaning of those error register is the same, but the way
>>> of handle it may different from SoCs, for single bit
Hi Andre,
On 10/21/2015 06:52 PM, Andre Przywara wrote:
> On 21/10/15 21:41, Brijesh Singh wrote:
>> Add support for Cortex A57 and A53 EDAC driver.
>
> Hi Brijesh,
>
> thanks for the quick update! Some comments below.
>
>>
>> Signed-off-by: Brijesh Sing
Add support for Cortex A57 and A53 EDAC driver.
Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
CC: robh...@kernel.org
CC: pawel.m...@arm.com
CC: mark.rutl...@arm.com
CC: ijc+devicet...@hellion.org.uk
CC: ga...@codeaurora.org
CC: dougthomp...@xmission.com
CC: b...@alien8.de
CC
Thanks for review Steve.
On 10/27/2015 02:08 PM, Stephen Boyd wrote:
>> +config EDAC_CORTEX_ARM64
>> +tristate "ARM Cortex A57/A53"
>> +depends on EDAC_MM_EDAC && ARM64
>> +default n
>
> n is the default so this can be removed.
>
noted
>> +.driver = {
>> +.name =
Add support for Cortex A57 and A53 EDAC driver.
Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
CC: robh...@kernel.org
CC: pawel.m...@arm.com
CC: mark.rutl...@arm.com
CC: ijc+devicet...@hellion.org.uk
CC: ga...@codeaurora.org
CC: dougthomp...@xmission.com
CC: b...@alien8.de
CC
Add support for Cortex A57 and A53 EDAC driver.
Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
CC: robh...@kernel.org
CC: pawel.m...@arm.com
CC: mark.rutl...@arm.com
CC: ijc+devicet...@hellion.org.uk
CC: ga...@codeaurora.org
CC: dougthomp...@xmission.com
CC: b...@alien8.de
CC
Hi Mark,
>> +
>> +Required properties:
>> +- compatible: Should be "arm,cortex-a57-edac" or "arm,cortex-a53-edac"
>> +
>> +Example:
>> +edac {
>> +compatible = "arm,cortex-a57-edac";
>> +};
>> +
>
> This is insufficient for big.LITTLE, no interrupt is possible, and we
>
Hi,
>> I have looked at possibility of pushing correctable error logging in the
>> firmware; but given current hardware limitation it seems like OS is the best
>> place to implement it. Let me summaries the issues we are running into:
>>
>> * Correctable errors does not generate any interrupt:
>>
Add support for the AMD Seattle SoC EDAC driver.
Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
---
.../devicetree/bindings/edac/amd-seattle-edac.txt | 15 +
drivers/edac/Kconfig | 6 +
drivers/edac/Makefile
On 10/20/2015 12:41 PM, Mark Rutland wrote:
> On Tue, Oct 20, 2015 at 07:36:39PM +0200, Borislav Petkov wrote:
>> On Tue, Oct 20, 2015 at 06:26:55PM +0100, Mark Rutland wrote:
Btw, how much of this is implementing generic A57 functionality?
>>>
>>> The driver is entirely A57 generic.
>>>
;
Noted.
> On Mon, Oct 19, 2015 at 02:23:17PM -0500, Brijesh Singh wrote:
>> Add support for the AMD Seattle SoC EDAC driver.
>>
>> Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
>> ---
>> .../devicetree/bindings/edac/amd-seattle-edac.txt | 15 +
>
Hi Hanjun,
Thanks for review.
-Brijesh
On 10/19/2015 09:21 PM, Hanjun Guo wrote:
> Hi Brijesh,
>
> On 2015/10/20 3:23, Brijesh Singh wrote:
>> Add support for the AMD Seattle SoC EDAC driver.
>>
>> Signed-off-by: Brijesh Singh <brijeshkumar.si...@amd.com>
&
Hi Arnd,
On 02/05/2016 11:23 AM, Brijesh Singh wrote:
> Hi,
>
>>> }
>>>
>>> Windows driver folks were okay to look at second resource field to map the
>>> SGPIO register and program the
>>> registers to blink the LEDs. I think as per AC
Hi,
On 02/09/2016 10:00 AM, Arnd Bergmann wrote:
>
> The important part for interrupt/reg/... names is that you must use exactly
> the
> names that are listed in the binding. If there is no name in there, it's
> better
> not to add the name property.
>
> The other point is that "ipmi_kcs" is
Hi,
On 02/09/2016 08:59 AM, Arnd Bergmann wrote:
> On Monday 08 February 2016 11:59:14 Suravee Suthikulpanit wrote:
>> +
>> + ipmi_kcs: kcs@e001 {
>> + status = "disabled";
>> + compatible = "ipmi-kcs";
>> +
Hi,
>> }
>>
>> Windows driver folks were okay to look at second resource field to map the
>> SGPIO register and program the
>> registers to blink the LEDs. I think as per ACPI spec, its legal to pass
>> more than one block in resource
>> template and since AML method is not mandatory for non
Hi Arnd,
On 01/29/2016 03:22 PM, Arnd Bergmann wrote:
>
> For the ACPI case, I still think that an AML call from the AHCI driver
> is the most logical solution. You mentioned that you believe that calling
> into the AML interpreter up to 100 times per second is a noticeable
> overhead, but I
Hi,
>
> This is where we really need the ACPI maintainers to explain the
> general policy for dealing with firmware updates.
>
> I would assume that adding the feature in a later firmware version
> is a compatible change, and the feature is non-essential (the
> device will work fine with the
Hi,
On 02/02/2016 08:08 AM, Arnd Bergmann wrote:
> On Monday 01 February 2016 16:15:59 Brijesh Singh wrote:
>>>
>>> This is where we really need the ACPI maintainers to explain the
>>> general policy for dealing with firmware updates.
>>>
>>> I
Hi Tejun,
Ping ?
-Brijesh
On 01/14/2016 10:31 AM, Brijesh Singh wrote:
> AMD Seattle SATA controller mostly conforms to AHCI interface with some
> special register to control SGPIO interface. In the case of an AHCI
> controller, the SGPIO feature is ideally implemented using the
>
Hi Arnd,
On 01/26/2016 06:17 AM, Arnd Bergmann wrote:
>
> I think it needs more work: The changelog describes it as a normal
> driver, but based on the previous discussion, this is just a hack
> to work around broken BIOS versions that can no longer be fixed in
> the field, and there has not
Hi Tejun,
On 03/17/2016 12:36 PM, Arnd Bergmann wrote:
> On Wednesday 16 March 2016 14:07:13 Tejun Heo wrote:
>> Hello, Arnd.
>>
>> On Mon, Feb 01, 2016 at 09:14:17PM +0100, Arnd Bergmann wrote:
I am not debating on your AML call recommendation, it sounds like
a good idea however BIOS
Hi Tejun,
On 01/26/2016 03:36 AM, Hans de Goede wrote:
> Hi,
>
> On 25-01-16 21:43, Tejun Heo wrote:
>> On Thu, Jan 14, 2016 at 10:31:11AM -0600, Brijesh Singh wrote:
>>> AMD Seattle SATA controller mostly conforms to AHCI interface with some
>>> special re
Hi Matthias,
>
> Did you made any progress on the DT part?
>
I have not made much progress on DT part yet.
> Regards,
> Matthias
Hi Greg,
On 01/19/2017 12:18 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:08:01PM -0500, Brijesh Singh wrote:
The CCP device is part of the AMD Secure Processor, which is not dedicated
solely to crypto. Move the CCP device driver to the misc directory in
prepration for expanding the usage
Hi Greg,
On 01/19/2017 12:21 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote:
The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor,
which is not dedicated solely to crypto. The AMD Secure Processor includes
CCP and PSP (Platform Secure
and Trusted Execution Environment (TEE) services provided
by PSP device.
http://marc.info/?l=linux-mm=147190938124206=2
Brijesh Singh (2):
crypto: move CCP device driver to misc
misc: amd-sp: introduce the AMD Secure Processor device
drivers/crypto/Kconfig | 11
The CCP device is part of the AMD Secure Processor. In order to expand the
usage of the AMD Secure Processor, create a framework that allows functional
components of the AMD Secure Processor to be initialized and handled
appropriately.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
On 01/20/2017 02:45 AM, Greg KH wrote:
On Thu, Jan 19, 2017 at 02:03:12PM -0600, Brijesh Singh wrote:
Hi Greg,
On 01/19/2017 12:21 PM, Greg KH wrote:
On Thu, Jan 19, 2017 at 01:07:50PM -0500, Brijesh Singh wrote:
The CCP device (drivers/crypto/ccp/ccp.ko) is part of AMD Secure Processor
then initialize PSP firmware during hardware probe
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_host.h |9 ++
arch/x86/kvm/svm.c | 213 +++
2 files changed, 221 insertions(+), 1 deletion(-)
diff --git a/ar
From: Tom Lendacky
Secure Encrypted Virtualization (SEV) does not support string I/O, so
unroll the string I/O operation into a loop operating on one element at
a time.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 26
From: Tom Lendacky
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/acpi/boot.c |4 ++--
arch/x86/kernel/mpparse.c | 10 +-
drivers/sfi/sfi_core.c |6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git
The driver to communicate with Secure Encrypted Virtualization (SEV)
firmware running within the AMD secure processor providing a secure key
management interface for SEV guests.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
From: Tom Lendacky
When Secure Encrypted Virtualization is active instruction fetches are
always interpreted as being from encrypted memory so the trampoline area
must remain encrypted when SEV is active.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
Early in the boot process, add a check to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) enabled. If active,
the kernel will perform steps necessary to insure the proper kernel
initialization process is performed.
From: Tom Lendacky
Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV).
The kernel will check for the presence of this feature to determine if
it is running with SEV active.
Define the SEV enable bit for the VMCB control structure. The hypervisor
will
memory with hypervisor for to support
pvclock driver
Brijesh Singh (11):
crypto: add AMD Platform Security Processor driver
KVM: SVM: prepare to reserve asid for SEV guest
KVM: SVM: prepare for SEV guest management API support
KVM: introduce KVM_SEV_ISSUE_CMD ioctl
KVM
The command decrypts a page of guest memory for debugging purposes.
For more information see [1], section 7.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c
, KVM_SEV_ISSUE_CMD, );
On SEV command failure, data.ret_code will contain the firmware error code.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_host.h |3 +
arch/x86/kvm/x86.c | 13
include/uapi/linux/kvm.h
The command initate the process to launch this guest into
SEV-enabled mode.
For more information on command structure see [1], section 6.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c
memory with hypervisor for to support
pvclock driver
Brijesh Singh (11):
crypto: add AMD Platform Security Processor driver
KVM: SVM: prepare to reserve asid for SEV guest
KVM: SVM: prepare for SEV guest management API support
KVM: introduce KVM_SEV_ISSUE_CMD ioctl
KVM
From: Tom Lendacky
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to a GPA. This is unnecessary
most of the time on AMD hardware since the hardware provides the GPA in
EXITINFO2.
The only exception
From: Tom Lendacky
AMD hardware adds two additional bits to aid in nested page fault handling.
Bit 32 - NPF occurred while translating the guest's final physical address
Bit 33 - NPF occurred while translating the guest page tables
The guest page tables fault indicator
From: Tom Lendacky
DMA must be performed to memory that is not mapped encrypted when running
with SEV active. So if SEV is active, do not return the encryption mask
to the IOMMU.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c |2
From: Tom Lendacky
When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as
EFI related data) is encrypted and needs to be access as such. Update the
architecture override in early_memremap to keep the encryption attribute
when mapping this data.
From: Tom Lendacky
Update the I/O interception support to add the kvm_fast_pio_in function
to speed up the in instruction similar to the out instruction.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h |1 +
The command encrypts a region of guest memory for debugging purposes.
For more information see [1], section 7.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4af195d..88b8f89 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5779,6 +5
The command is used for encrypting guest memory region.
For more information see [1], section 6.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c
The command is used to query the SEV guest status.
For more information see [1], section 6.10
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c | 41 +
The command is used for finializing the guest launch into SEV mode.
For more information see [1], section 6.3
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c
From: Tom Lendacky
DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read. In order
for DMA to properly work when SEV is active, the swiotlb bounce buffers
must be used.
Signed-off-by: Tom
From: Tom Lendacky
Provide support for Secure Encyrpted Virtualization (SEV). This initial
support defines the SEV active flag in order for the kernel to determine
if it is running with SEV active or not.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
When SEV is active the virtual machine cannot set the MSR for SME, so
don't set the trampoline flag for SME.
Signed-off-by: Tom Lendacky
---
arch/x86/realmode/init.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
From: Tom Lendacky
Currently the nested_ctl variable in the vmcb_control_area structure is
used to indicate nested paging support. The nested paging support field
is actually defined as bit 0 of the this field. In order to support a new
feature flag the usage of the
Is there any production hardware supporting SEV? Which one? We
are interested to do some test.
SEV support is not available in production hardware's. SEV support will
be available in future AMD hardware's.
And, generally, I have a question about container protection. In
white paper
From: Tom Lendacky
Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active by setting the SEV KVM cpu features bit
if SEV is active. SEV is active if Secure Memory Encryption is active
in the host and the SEV_ENABLE bit of the
From: Tom Lendacky
EFI data is encrypted when the kernel is run under SEV. Update the
page table references to be sure the EFI memory areas are accessed
encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 14
From: Tom Lendacky
When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head64.c |
In current implementation, asid allocation starts from 1, this patch
adds a min_asid variable in svm_vcpu structure to allow starting asid
from something other than 1.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/kvm/svm.c |4 +++-
1 file changed, 3 insertions
ked RO. It immediately
unprotects the page and resumes the guest, leading to far fewer instruction
emulations when nested virtualization is used.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si.
.@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_emulate.h |3 +++
arch/x86/include/asm/kvm_host.h|3 +++
arch/x86/kvm/svm.c |2 ++
arch/x86/kvm/x86.
insertions(+), 7 deletions(-)
--
Brijesh Singh
.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_host.h |1 +
arch/x86/kvm/svm.c |5 +++--
arch/x86/kvm/x86.c | 43 +++
3 files changed, 47 insertions(+), 2 deletions(-)
diff --gi
/kvm_host.h| 15 -
arch/x86/kvm/mmu.c | 20 +++-
arch/x86/kvm/svm.c | 16 +++---
arch/x86/kvm/x86.c | 60 +++-
5 files changed, 106 insertions(+), 8 deletions(-)
--
Brijesh Singh
.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_host.h |1 +
arch/x86/kvm/svm.c |5 +++--
arch/x86/kvm/x86.c | 43 +++
3 files changed, 47 insertions(+), 2 deletions(-)
diff --gi
.@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_emulate.h |3 +++
arch/x86/include/asm/kvm_host.h|3 +++
arch/x86/kvm/svm.c |9 -
arch/x86/kvm/x86.
ked RO. It immediately
unprotects the page and resumes the guest, leading to far fewer instruction
emulations when nested virtualization is used.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si.
ked RO. It immediately
unprotects the page and resumes the guest, leading to far fewer instruction
emulations when nested virtualization is used.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si.
.@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_emulate.h |3 +++
arch/x86/include/asm/kvm_host.h|3 +++
arch/x86/kvm/svm.c |9 -
arch/x86/kvm/x86.
changed, 106 insertions(+), 8 deletions(-)
--
Brijesh Singh
.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_host.h |1 +
arch/x86/kvm/svm.c |5 +++--
arch/x86/kvm/x86.c | 43 +++
3 files changed, 47 insertions(+), 2 deletions(-)
diff --gi
On 11/29/2016 12:20 PM, Thomas Gleixner wrote:
On Tue, 29 Nov 2016, Brijesh Singh wrote:
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5483,3 +5483,11 @@ void emulator_writeback_register_cache(struct
x86_emulate_ctxt *ctxt)
{
writeback_registers(ctxt);
}
+
+bool
Hi Paolo,
On 12/08/2016 08:52 AM, Paolo Bonzini wrote:
On 23/11/2016 18:02, Brijesh Singh wrote:
From: Tom Lendacky <thomas.lenda...@amd.com>
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to a GPA. This is unnecessar
Hi Paolo,
On 12/08/2016 09:39 AM, Brijesh Singh wrote:
Hi Paolo,
On 12/08/2016 08:52 AM, Paolo Bonzini wrote:
On 23/11/2016 18:02, Brijesh Singh wrote:
From: Tom Lendacky <thomas.lenda...@amd.com>
When a guest causes a NPF which requires emulation, KVM sometimes walks
the gues
Hi Paolo,
On 12/13/2016 11:09 AM, Paolo Bonzini wrote:
On 12/12/2016 18:51, Brijesh Singh wrote:
As per the AMD BKDG [1] Section 2.7.1, we should not be using any of
these instruction for MMIO access, the behavior is undefined.
The question is, do we really need to add logic to detect
.@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_emulate.h |1 +
arch/x86/include/asm/kvm_host.h|3 ++
arch/x86/kvm/emulate.c | 20 +---
arch/x86/kvm/svm.
changed, 57 insertions(+), 14 deletions(-)
--
Brijesh Singh
On 12/14/2016 11:23 AM, Paolo Bonzini wrote:
On 14/12/2016 18:07, Brijesh Singh wrote:
Since now we are going to perform multiple conditional checks before
concluding that its safe to use HW provided GPA. How about if we add two
functions "emulator_is_rep_stri
Hi Paolo,
On 12/09/2016 09:41 AM, Paolo Bonzini wrote:
I am able to reproduce it on AMD HW using kvm-unit-tests. Looking at
test, the initial thought is "push mem" has two operands (the memory
being pushed and the stack pointer). The provided GPA could be either
one of those.
Aha, this
/x86/kvm/x86.c | 44
5 files changed, 48 insertions(+), 10 deletions(-)
--
Brijesh Singh
.@amd.com>
Reviewed-by: Borislav Petkov <b...@suse.de>
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/include/asm/kvm_emulate.h |1 +
arch/x86/include/asm/kvm_host.h|3 ++
arch/x86/kvm/emulate.c |8 +++
arch/x86/kvm/svm.c
Hi Boris,
On 03/24/2017 12:12 PM, Borislav Petkov wrote:
}
+static inline int __init early_set_memory_decrypted(void *addr,
+ unsigned long size)
+{
+ return 1;
return 1 when !CONFIG_AMD_MEM_ENCRYPT ?
The non-early
Hi Boris,
On 03/29/2017 10:14 AM, Borislav Petkov wrote:
On Thu, Mar 02, 2017 at 10:16:05AM -0500, Brijesh Singh wrote:
From: Tom Lendacky <thomas.lenda...@amd.com>
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to
On 03/16/2017 05:38 AM, Paolo Bonzini wrote:
On 02/03/2017 16:18, Brijesh Singh wrote:
The SEV memory encryption engine uses a tweak such that two identical
plaintexts at different location will have a different ciphertexts.
So swapping or moving ciphertexts of two pages will not result
On 03/16/2017 06:03 AM, Paolo Bonzini wrote:
On 02/03/2017 16:18, Brijesh Singh wrote:
+ data = (void *) get_zeroed_page(GFP_KERNEL);
The page does not need to be zeroed, does it?
No, we don't have to zero it. I will fix it.
+
+ if ((len & 15) || (dst_addr
On 03/16/2017 05:48 AM, Paolo Bonzini wrote:
On 02/03/2017 16:17, Brijesh Singh wrote:
+static struct page **sev_pin_memory(unsigned long uaddr, unsigned long ulen,
+ unsigned long *n)
+{
+ struct page **pages;
+ int first, last;
+ unsigned
On 03/16/2017 05:54 AM, Paolo Bonzini wrote:
On 02/03/2017 16:18, Brijesh Singh wrote:
+static int __sev_dbg_decrypt_page(struct kvm *kvm, unsigned long src,
+ void *dst, int *error)
+{
+ inpages = sev_pin_memory(src, PAGE_SIZE, );
+ if (!inpages
From: Tom Lendacky
Secure Encrypted Virtualization (SEV) does not support string I/O, so
unroll the string I/O operation into a loop operating on one element at
a time.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 26
From: Tom Lendacky
Early in the boot process, add checks to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) active by issuing
a CPUID instruction.
During early compressed kernel booting, if SEV is active the pagetables are
updated so that
From: Tom Lendacky
Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active in the guest by setting the SEV KVM CPU
features bit. SEV is active if Secure Memory Encryption is enabled in
the host and the SEV_ENABLE bit of the
in Secure Encrypted Virtualization (SEV) mode,
where we may need to change the memory region attributes in early boot
process.
Signed-off-by: Brijesh Singh <brijesh.si...@amd.com>
---
arch/x86/mm/pageattr.c | 51
1 file changed, 42 insertions
Hi Boris,
On 03/03/2017 10:59 AM, Borislav Petkov wrote:
On Thu, Mar 02, 2017 at 10:12:09AM -0500, Brijesh Singh wrote:
From: Tom Lendacky <thomas.lenda...@amd.com>
Update the CPU features to include identifying and reporting on the
Secure Encrypted Virtualization (SEV) feature
Hi Bjorn,
On 03/03/2017 02:33 PM, Bjorn Helgaas wrote:
On Thu, Mar 02, 2017 at 10:12:01AM -0500, Brijesh Singh wrote:
This RFC series provides support for AMD's new Secure Encrypted Virtualization
(SEV) feature. This RFC is build upon Secure Memory Encryption (SME) RFCv4 [1].
What kernel
Hi Boris and Paolo,
On 03/09/2017 10:29 AM, Borislav Petkov wrote:
On Thu, Mar 09, 2017 at 05:13:33PM +0100, Paolo Bonzini wrote:
This is not how you check if running under a hypervisor; you should
check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn
tells you if leaf
Hi Boris,
On 03/10/2017 05:06 AM, Borislav Petkov wrote:
On Thu, Mar 02, 2017 at 10:15:15AM -0500, Brijesh Singh wrote:
If kernel_maps_pages_in_pgd is called early in boot process to change the
kernel_map_pages_in_pgd()
memory attributes then it fails to allocate memory when spliting large
1 - 100 of 1608 matches
Mail list logo