Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-08-17 Thread Borislav Petkov
On Wed, Aug 09, 2017 at 01:17:54PM -0500, Tom Lendacky wrote: > Ok, finally got around to running a 32-bit kernel and it reports > x86_phys_bits as 48. So it doesn't really matter on 32-bit. I guess you could add a comment saying why we don't care. Thanks. -- Regards/Gruss, Boris. SUSE

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-08-17 Thread Borislav Petkov
On Wed, Aug 09, 2017 at 01:17:54PM -0500, Tom Lendacky wrote: > Ok, finally got around to running a 32-bit kernel and it reports > x86_phys_bits as 48. So it doesn't really matter on 32-bit. I guess you could add a comment saying why we don't care. Thanks. -- Regards/Gruss, Boris. SUSE

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-08-09 Thread Tom Lendacky
On 7/25/2017 10:33 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 10:29:40AM -0500, Tom Lendacky wrote: But early_identify_cpu() calls get_cpu_cap() which will check for cpuid leaf 0x8008 support and set x86_phys_bits. Right, but it can't be less than 32, can it? And if it is more

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-08-09 Thread Tom Lendacky
On 7/25/2017 10:33 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 10:29:40AM -0500, Tom Lendacky wrote: But early_identify_cpu() calls get_cpu_cap() which will check for cpuid leaf 0x8008 support and set x86_phys_bits. Right, but it can't be less than 32, can it? And if it is more

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 10:29:40AM -0500, Tom Lendacky wrote: > But early_identify_cpu() calls get_cpu_cap() which will check for cpuid > leaf 0x8008 support and set x86_phys_bits. Right, but it can't be less than 32, can it? And if it is more than 32 bits, then it probably doesn't really

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 10:29:40AM -0500, Tom Lendacky wrote: > But early_identify_cpu() calls get_cpu_cap() which will check for cpuid > leaf 0x8008 support and set x86_phys_bits. Right, but it can't be less than 32, can it? And if it is more than 32 bits, then it probably doesn't really

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 10:13 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 09:58:54AM -0500, Tom Lendacky wrote: True, but it is more about being accurate and making sure the value is correct where ever it may be used. So early_identify_cpu() initializes phys_bits to 32 on 32-bit. Subtracting it

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 10:13 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 09:58:54AM -0500, Tom Lendacky wrote: True, but it is more about being accurate and making sure the value is correct where ever it may be used. So early_identify_cpu() initializes phys_bits to 32 on 32-bit. Subtracting it

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 09:58:54AM -0500, Tom Lendacky wrote: > True, but it is more about being accurate and making sure the value is > correct where ever it may be used. So early_identify_cpu() initializes phys_bits to 32 on 32-bit. Subtracting it there would actually make actively it wrong,

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 09:58:54AM -0500, Tom Lendacky wrote: > True, but it is more about being accurate and making sure the value is > correct where ever it may be used. So early_identify_cpu() initializes phys_bits to 32 on 32-bit. Subtracting it there would actually make actively it wrong,

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 9:36 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 09:29:40AM -0500, Tom Lendacky wrote: Yup, we can do something like that. I believe the only change that would be needed to your patch would be to move the IS_ENABLED() check to after the physical address space reduction

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 9:36 AM, Borislav Petkov wrote: On Tue, Jul 25, 2017 at 09:29:40AM -0500, Tom Lendacky wrote: Yup, we can do something like that. I believe the only change that would be needed to your patch would be to move the IS_ENABLED() check to after the physical address space reduction

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 09:29:40AM -0500, Tom Lendacky wrote: > Yup, we can do something like that. I believe the only change that > would be needed to your patch would be to move the IS_ENABLED() check > to after the physical address space reduction check. Yeah, I wasn't sure about that. The

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Tue, Jul 25, 2017 at 09:29:40AM -0500, Tom Lendacky wrote: > Yup, we can do something like that. I believe the only change that > would be needed to your patch would be to move the IS_ENABLED() check > to after the physical address space reduction check. Yeah, I wasn't sure about that. The

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 5:26 AM, Borislav Petkov wrote: On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote: From: Tom Lendacky Update the CPU features to include identifying and reporting on the Secure Encrypted Virtualization (SEV) feature. SME is identified by

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Tom Lendacky
On 7/25/2017 5:26 AM, Borislav Petkov wrote: On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote: From: Tom Lendacky Update the CPU features to include identifying and reporting on the Secure Encrypted Virtualization (SEV) feature. SME is identified by CPUID 0x801f, but

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote: > From: Tom Lendacky > > Update the CPU features to include identifying and reporting on the > Secure Encrypted Virtualization (SEV) feature. SME is identified by > CPUID 0x801f, but requires BIOS

Re: [RFC Part1 PATCH v3 02/17] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

2017-07-25 Thread Borislav Petkov
On Mon, Jul 24, 2017 at 02:07:42PM -0500, Brijesh Singh wrote: > From: Tom Lendacky > > Update the CPU features to include identifying and reporting on the > Secure Encrypted Virtualization (SEV) feature. SME is identified by > CPUID 0x801f, but requires BIOS support to enable it (set bit