[tip: x86/urgent] x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: c49a0a80137c7ca7d6ced4c812c9e07a949f6f24 Gitweb: https://git.kernel.org/tip/c49a0a80137c7ca7d6ced4c812c9e07a949f6f24 Author:Tom Lendacky AuthorDate:Mon, 19 Aug 2019 15:52:35 Committer

Re: [PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data

On 11/3/2017 10:12 AM, Tomeu Vizoso wrote: On 17 July 2017 at 23:10, Tom Lendacky wrote: The SMP MP-table is built by UEFI and placed in memory in a decrypted state. These tables are accessed using a mix of early_memremap(), early_memunmap(), phys_to_virt() and virt_to_phys(). Change all

Re: [PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

On 7/18/2017 7:03 AM, Thomas Gleixner wrote: On Mon, 17 Jul 2017, Tom Lendacky wrote: This patch series provides support for AMD's new Secure Memory Encryption (SME) feature. SME can be used to mark individual pages of memory as encrypted through the page tables. A page of memory th

Re: [PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute

On 7/18/2017 4:36 AM, Ingo Molnar wrote: * Tom Lendacky wrote: Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h | 2 ++ include/linux/compiler.h | 4 2

[PATCH v10 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

scenario, remove the ISA range check and usage of phys_to_virt() and have ISA range mappings continue through the remaining ioremap() path. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 18 -- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/arch/x86/mm

[PATCH v10 05/38] x86/CPU/AMD: Handle SME reduction in physical address size

When System Memory Encryption (SME) is enabled, the physical address space is reduced. Adjust the x86_phys_bits value to reflect this reduction. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c | 24 +--- 1 file changed, 13 insertions

[PATCH v10 01/38] x86: Document AMD Secure Memory Encryption (SME)

Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- Documentation/admin-guide/kernel-parameters.txt | 11 Documentation/x86/amd

[PATCH v10 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support

For processors that support PAT, set the write-protect cache mode (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05). Acked-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/pat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86

[PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

n of physical address size of the processor. It is possible that BIOS could have configured resources resources into a range that will now not be addressable. To prevent this, rely on BIOS to set the SYSCFG[MEME] bit and only then enable memory encryption support in the kernel. To

[PATCH v10 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings

being mapped decrypted vs encrypted. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/dmi.h | 8 arch/x86/kernel/acpi/boot.c | 6 +++--- arch/x86/kernel/kdebugfs.c | 34 +++--- arch/x86/kernel/ksysfs.c | 28

[PATCH v10 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

and not configured as CONFIG_X86_32. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/cpu/amd.c | 19 +++ arch/x86/kernel/cpu/scattered.c| 1 + 4 files changed, 23 insertions(+) diff

[PATCH v10 08/38] x86/mm: Add support to enable SME in early boot processing

routines to set the encryption mask and perform the encryption are stub routines for now with functionality to be added in a later patch. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 8 ++ arch/x86/kernel/head64.c | 53

[PATCH v10 06/38] x86/mm: Add Secure Memory Encryption (SME) support

30 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by th

[PATCH v10 14/38] x86/mm: Insure that boot memory areas are mapped properly

initrd, encrypt this data in place. Since the future mapping of the initrd area will be mapped as encrypted the data will be accessed properly. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 6 arch/x86/include/asm/pgtable.h | 3 ++ arch/x86/kernel/head64.c

[PATCH v10 10/38] x86/mm: Provide general kernel support for memory encryption

encryption mask so that user-space allocations will automatically have the encryption mask applied. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/boot/compressed/pagetable.c | 7 ++ arch/x86/include/asm/fixmap.h| 7 ++ arch/x86/include/asm

[PATCH v10 09/38] x86/mm: Simplify p[g4um]d_page() macros

Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable.h | 16 +--- 1 file changed

[PATCH v10 11/38] x86/mm: Add SME support for read_cr3_pa()

native version of read_cr3_pa(), so create native_read_cr3_pa(). Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/processor-flags.h | 5 +++-- arch/x86/include/asm/processor.h | 5 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/arch

[PATCH v10 13/38] x86/mm: Add support for early encrypt/decrypt of memory

initrd will have been loaded by the boot loader and will not be encrypted, but the memory that it resides in is marked as encrypted). Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 10 + arch/x86/mm/mem_encrypt.c | 76

[PATCH v10 18/38] x86/efi: Update EFI pagetable creation to work with SME

successfully. The pagetable mapping as well as the kernel are also added to the pagetable mapping as encrypted. All other EFI mappings are mapped decrypted (tables, etc.). Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 15

[PATCH v10 17/38] efi: Update efi_mem_type() to return an error rather than 0

on to return a negative error value when no memmap entry is found. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/ia64/kernel/efi.c | 4 ++-- arch/x86/platform/efi/efi.c | 6 +++--- include/linux/efi.h | 2 +- 3 files changed, 6 inser

[PATCH v10 15/38] x86/boot/e820: Add support to determine the E820 type of an address

Add a function that will return the E820 type associated with an address range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/e820/api.h | 2 ++ arch/x86/kernel/e820.c | 26 +++--- 2 files changed, 25 insertions(+), 3 deletions

[PATCH v10 19/38] x86/mm: Add support to access boot related data in the clear

remapping, ioremap_cache() will be used instead, which will provide a decrypted mapping of the boot related data. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 5 ++ arch/x86/mm/ioremap.c | 180

[PATCH v10 16/38] efi: Add an EFI table address match function

Add a function that will determine if a supplied physical address matches the address of an EFI table. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- drivers/firmware/efi/efi.c | 33 + include/linux/efi.h| 7

[PATCH v10 22/38] x86/mm: Add support for changing the memory encryption attribute

mask range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/set_memory.h | 3 ++ arch/x86/mm/pageattr.c| 62 +++ 2 files changed, 65 insertions(+) diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/includ

[PATCH v10 21/38] x86/mm: Add support to access persistent memory in the clear

. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 31 ++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index 8986b28..704fc08 100644 --- a/arch/x86/mm/ioremap.c +++ b

[PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data

encryption mask so that the data can be successfully accessed when SME is active. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/mpparse.c | 98 +-- 1 file changed, 70 insertions(+), 28 deletions(-) diff --git a/arch/x86/kernel

[PATCH v10 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active

When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Reviewed-by: Borislav Petkov Signed-off-by: Tom

[PATCH v10 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot

Move the setting of the cpuinfo_x86.microcode field from amd_init() to early_amd_init() so that it is available earlier in the boot process. This avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel

[PATCH v10 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

: Borislav Petkov Signed-off-by: Tom Lendacky --- drivers/iommu/amd_iommu.c | 30 -- drivers/iommu/amd_iommu_init.c | 34 -- drivers/iommu/amd_iommu_proto.h | 10 ++ drivers/iommu/amd_iommu_types.h | 2 +- 4 files changed, 55

[PATCH v10 25/38] swiotlb: Add warnings for use of bounce buffers with SME

, replacing the device with another device that can support 64-bit DMA, ignoring the message if the device isn't used much, etc. Signed-off-by: Tom Lendacky --- include/linux/dma-mapping.h | 13 + lib/swiotlb.c | 3 +++ 2 files changed, 16 insertions(+) diff --git a/in

[PATCH v10 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings

Since video memory needs to be accessed decrypted, be sure that the memory encryption mask is not set for the video ranges. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/vga.h | 14 +- arch/x86/mm/pageattr.c | 2 ++ drivers/gpu

[PATCH v10 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM

tables. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/mmu.c | 11 +++ arch/x86/kvm/mmu.h | 2 +- arch/x86/kvm/svm.c | 35 ++- arch/x86/kvm/vmx.c

[PATCH v10 35/38] x86/mm: Add support to encrypt the kernel in-place

Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky --- arch/x86/include/asm

[PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME

encryption bit. This can cause random memory corruption when caches are flushed depending on which cacheline is written last. Cc: Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/init.h | 1 + arch/x86/include/asm/kexec.h | 8 arch/x86

[PATCH v10 33/38] x86/mm: Use proper encryption attributes with /dev/mem

mapped encrypted then the VMA protection value is updated to remove the encryption bit. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h | 3 +++ arch/x86/mm/ioremap.c | 18 +- arch/x86/mm/pat.c | 3 +++ 3 files changed, 15

[PATCH v10 36/38] x86/boot: Add early cmdline parsing for options with arguments

Add a cmdline_find_option() function to look for cmdline options that take arguments. The argument is returned in a supplied buffer and the argument length (regardless of whether it fits in the supplied buffer) is returned, with -1 indicating not found. Signed-off-by: Tom Lendacky --- arch/x86

[PATCH v10 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4

Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS is greater than 4. Create a macro that will allow for defining and using native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable_types.h | 5 + 1

[PATCH v10 32/38] xen/x86: Remove SME feature in PV guests

Xen does not currently support SME for PV guests. Clear the SME CPU capability in order to avoid any ambiguity. Cc: Cc: Boris Ostrovsky Cc: Juergen Gross Reviewed-by: Borislav Petkov Reviewed-by: Juergen Gross Signed-off-by: Tom Lendacky --- arch/x86/xen/enlighten_pv.c | 1 + 1 file

[PATCH v10 38/38] x86/mm: Add support to make use of Secure Memory Encryption

Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 6 ++- arch/x86/kernel/head64.c | 5 ++- arch/x86/mm/mem_encrypt.c | 77 +- 3 files changed, 83 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/mem_encrypt

[PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute

Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h | 2 ++ include/linux/compiler.h | 4 2 files changed, 6 insertions(+) diff --git a/include/linux/compiler

[PATCH v10 24/38] x86, swiotlb: Add memory encryption support

-by: Tom Lendacky --- arch/x86/include/asm/dma-mapping.h | 5 ++-- arch/x86/include/asm/mem_encrypt.h | 5 arch/x86/kernel/pci-dma.c | 11 +--- arch/x86/kernel/pci-nommu.c| 2 +- arch/x86/kernel/pci-swiotlb.c | 15 +-- arch/x86/mm/mem_encrypt.c

[PATCH v10 28/38] x86, realmode: Check for memory encryption on the APs

the AP to continue start up. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 arch/x86/realmode/init.c | 4 arch/x86/realmode/rm/trampoline_64.S | 24 3 files changed, 40 insertions

[PATCH v10 12/38] x86/mm: Extend early_memremap() support with additional attrs

s that the hardware will never give the core a dirty line with this memtype. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/Kconfig | 4 arch/x86/include/asm/fixmap.h| 13 +++ arch/x86/include/asm/pgtable_types.h | 8 +++ a

Re: [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

On 7/11/2017 10:38 AM, Brian Gerst wrote: On Tue, Jul 11, 2017 at 11:02 AM, Tom Lendacky wrote: On 7/10/2017 11:58 PM, Brian Gerst wrote: On Mon, Jul 10, 2017 at 3:50 PM, Tom Lendacky wrote: On 7/8/2017 7:57 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky wrote

Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

On 7/11/2017 12:56 AM, Borislav Petkov wrote: On Tue, Jul 11, 2017 at 01:07:46AM -0400, Brian Gerst wrote: If I make the scattered feature support conditional on CONFIG_X86_64 (based on comment below) then cpu_has() will always be false unless CONFIG_X86_64 is enabled. So this won't need to be w

Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

On 7/11/2017 12:07 AM, Brian Gerst wrote: On Mon, Jul 10, 2017 at 3:41 PM, Tom Lendacky wrote: On 7/8/2017 7:50 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky wrote: Update the CPU features to include identifying and reporting on the Secure Memory Encryption (SME

Re: [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

On 7/10/2017 11:58 PM, Brian Gerst wrote: On Mon, Jul 10, 2017 at 3:50 PM, Tom Lendacky wrote: On 7/8/2017 7:57 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky wrote: Currently there is a check if the address being mapped is in the ISA range (is_ISA_range()), and if it

Re: [PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

On 7/8/2017 7:57 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky wrote: Currently there is a check if the address being mapped is in the ISA range (is_ISA_range()), and if it is, then phys_to_virt() is used to perform the mapping. When SME is active, the default is to add

Re: [PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

On 7/8/2017 7:50 AM, Brian Gerst wrote: On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky wrote: Update the CPU features to include identifying and reporting on the Secure Memory Encryption (SME) feature. SME is identified by CPUID 0x801f, but requires BIOS support to enable it (set bit 23 of

Re: [PATCH v9 00/38] x86: Secure Memory Encryption (AMD)

On 7/8/2017 4:24 AM, Ingo Molnar wrote: * Tom Lendacky wrote: This patch series provides support for AMD's new Secure Memory Encryption (SME) feature. I'm wondering, what's the typical performance hit to DRAM access latency when SME is enabled? It's about an ext

[PATCH v9 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h |1 + arch/x86/include/asm/msr-index.h |2 ++ arch/x86/kernel/cpu/amd.c | 13 + arch/x86/kernel/cpu/scattered.c|1 + 4 files changed, 17 insertions(+) diff

[PATCH v9 00/38] x86: Secure Memory Encryption (AMD)

cryption.txt create mode 100644 arch/x86/include/asm/mem_encrypt.h create mode 100644 arch/x86/mm/mem_encrypt.c create mode 100644 arch/x86/mm/mem_encrypt_boot.S create mode 100644 include/linux/mem_encrypt.h -- Tom Lendacky -- To unsubscribe from this list: send the line "unsubscribe linux-doc&q

[PATCH v9 01/38] x86: Document AMD Secure Memory Encryption (SME)

Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- Documentation/admin-guide/kernel-parameters.txt | 11 Documentation/x86/amd

[PATCH v9 05/38] x86/CPU/AMD: Handle SME reduction in physical address size

When System Memory Encryption (SME) is enabled, the physical address space is reduced. Adjust the x86_phys_bits value to reflect this reduction. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c | 10 +++--- 1 file changed, 7 insertions(+), 3

[PATCH v9 03/38] x86, mpparse, x86/acpi, x86/PCI, x86/dmi, SFI: Use memremap for RAM mappings

being mapped decrypted vs encrypted. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/dmi.h |8 arch/x86/kernel/acpi/boot.c |6 +++--- arch/x86/kernel/kdebugfs.c | 34 +++--- arch/x86/kernel/ksysfs.c | 28

[PATCH v9 08/38] x86/mm: Add support to enable SME in early boot processing

routines to set the encryption mask and perform the encryption are stub routines for now with functionality to be added in a later patch. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |8 + arch/x86/kernel/head64.c | 53

[PATCH v9 07/38] x86/mm: Remove phys_to_virt() usage in ioremap()

scenario, remove the ISA range check and usage of phys_to_virt() and have ISA range mappings continue through the remaining ioremap() path. Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c |7 +-- 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/arch/x86/mm/ioremap.c b/arch

[PATCH v9 09/38] x86/mm: Simplify p[g4um]d_page() macros

Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable.h | 16 +--- 1 file changed

[PATCH v9 06/38] x86/mm: Add Secure Memory Encryption (SME) support

-0,0 +1,30 @@ +/* + * AMD Memory Encryption Support + * + * Copyright (C) 2016 Advanced Micro Devices, Inc. + * + * Author: Tom Lendacky + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as +

[PATCH v9 11/38] x86/mm: Add SME support for read_cr3_pa()

native version of read_cr3_pa(), so create native_read_cr3_pa(). Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/processor-flags.h |5 +++-- arch/x86/include/asm/processor.h |5 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a

[PATCH v9 10/38] x86/mm: Provide general kernel support for memory encryption

encryption mask so that user-space allocations will automatically have the encryption mask applied. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/boot/compressed/pagetable.c |7 + arch/x86/include/asm/fixmap.h|7 + arch/x86/include/asm

[PATCH v9 13/38] x86/mm: Add support for early encrypt/decrypt of memory

initrd will have been loaded by the boot loader and will not be encrypted, but the memory that it resides in is marked as encrypted). Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h | 10 + arch/x86/mm/mem_encrypt.c | 76

[PATCH v9 15/38] x86/boot/e820: Add support to determine the E820 type of an address

Add a function that will return the E820 type associated with an address range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/e820/api.h |2 ++ arch/x86/kernel/e820.c | 26 +++--- 2 files changed, 25 insertions(+), 3

[PATCH v9 14/38] x86/mm: Insure that boot memory areas are mapped properly

initrd, encrypt this data in place. Since the future mapping of the initrd area will be mapped as encrypted the data will be accessed properly. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |6 +++ arch/x86/include/asm/pgtable.h |3 ++ arch/x86/kernel/head64.c

[PATCH v9 16/38] efi: Add an EFI table address match function

Add a function that will determine if a supplied physical address matches the address of an EFI table. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- drivers/firmware/efi/efi.c | 33 + include/linux/efi.h|7

[PATCH v9 19/38] x86/mm: Add support to access boot related data in the clear

remapping, ioremap_cache() will be used instead, which will provide a decrypted mapping of the boot related data. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h |5 + arch/x86/mm/ioremap.c | 179

[PATCH v9 20/38] x86, mpparse: Use memremap to map the mpf and mpc data

encryption mask so that the data can be successfully accessed when SME is active. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/mpparse.c | 98 - 1 file changed, 70 insertions(+), 28 deletions(-) diff --git a/arch/x86/kernel

[PATCH v9 22/38] x86/mm: Add support for changing the memory encryption attribute

mask range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/set_memory.h |3 ++ arch/x86/mm/pageattr.c| 62 + 2 files changed, 65 insertions(+) diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/in

[PATCH v9 24/38] x86, swiotlb: Add memory encryption support

-by: Tom Lendacky --- arch/x86/include/asm/dma-mapping.h |5 ++- arch/x86/include/asm/mem_encrypt.h |5 +++ arch/x86/kernel/pci-dma.c | 11 +-- arch/x86/kernel/pci-nommu.c|2 + arch/x86/kernel/pci-swiotlb.c | 15 +- arch/x86/mm/mem_encrypt.c

[PATCH v9 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot

Move the setting of the cpuinfo_x86.microcode field from amd_init() to early_amd_init() so that it is available earlier in the boot process. This avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel

[PATCH v9 25/38] swiotlb: Add warnings for use of bounce buffers with SME

, replacing the device with another device that can support 64-bit DMA, ignoring the message if the device isn't used much, etc. Signed-off-by: Tom Lendacky --- include/linux/dma-mapping.h | 13 + lib/swiotlb.c |3 +++ 2 files changed, 16 insertions(+) diff --git a/in

[PATCH v9 28/38] x86, realmode: Check for memory encryption on the APs

the AP to continue start up. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/realmode.h | 12 arch/x86/realmode/init.c |4 arch/x86/realmode/rm/trampoline_64.S | 24 3 files changed, 40

[PATCH v9 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM

tables. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/kvm_host.h |2 +- arch/x86/kvm/mmu.c | 12 arch/x86/kvm/mmu.h |2 +- arch/x86/kvm/svm.c | 35 ++- arch/x86/kvm

[PATCH v9 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

-by: Tom Lendacky --- drivers/iommu/amd_iommu.c | 30 -- drivers/iommu/amd_iommu_init.c | 34 -- drivers/iommu/amd_iommu_proto.h | 10 ++ drivers/iommu/amd_iommu_types.h |2 +- 4 files changed, 55 insertions(+), 21

[PATCH v9 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings

Since video memory needs to be accessed decrypted, be sure that the memory encryption mask is not set for the video ranges. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/vga.h | 14 +- arch/x86/mm/pageattr.c |2 ++ drivers

[PATCH v9 33/38] x86/mm: Use proper encryption attributes with /dev/mem

mapped encrypted then the VMA protection value is updated to remove the encryption bit. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h |3 +++ arch/x86/mm/ioremap.c | 18 +- arch/x86/mm/pat.c |3 +++ 3 files changed, 15

[PATCH v9 38/38] x86/mm: Add support to make use of Secure Memory Encryption

Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |6 ++- arch/x86/kernel/head64.c |5 +- arch/x86/mm/mem_encrypt.c | 77 3 files changed, 83 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/mem_en

[PATCH v9 35/38] x86/mm: Add support to encrypt the kernel in-place

Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky --- arch/x86/include/asm

[PATCH v9 37/38] compiler-gcc.h: Introduce __nostackp function attribute

Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h |2 ++ include/linux/compiler.h |4 2 files changed, 6 insertions(+) diff --git a/include/linux

[PATCH v9 36/38] x86/boot: Add early cmdline parsing for options with arguments

Add a cmdline_find_option() function to look for cmdline options that take arguments. The argument is returned in a supplied buffer and the argument length (regardless of whether it fits in the supplied buffer) is returned, with -1 indicating not found. Signed-off-by: Tom Lendacky --- arch/x86

[PATCH v9 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4

Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS is greater than 4. Create a macro that will allow for defining and using native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable_types.h |5

[PATCH v9 32/38] xen/x86: Remove SME feature in PV guests

Xen does not currently support SME for PV guests. Clear the SME CPU capability in order to avoid any ambiguity. Reviewed-by: Borislav Petkov Reviewed-by: Juergen Gross Signed-off-by: Tom Lendacky --- arch/x86/xen/enlighten_pv.c |1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86

[PATCH v9 31/38] x86/mm, kexec: Allow kexec to be used with SME

encryption bit. This can cause random memory corruption when caches are flushed depending on which cacheline is written last. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/init.h |1 + arch/x86/include/asm/kexec.h |8 arch/x86

[PATCH v9 21/38] x86/mm: Add support to access persistent memory in the clear

. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/ioremap.c | 31 ++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c index ee33838..effa529 100644 --- a/arch/x86/mm/ioremap.c +++ b

[PATCH v9 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active

When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Reviewed-by: Borislav Petkov Signed-off-by: Tom

[PATCH v9 18/38] x86/efi: Update EFI pagetable creation to work with SME

successfully. The pagetable mapping as well as the kernel are also added to the pagetable mapping as encrypted. All other EFI mappings are mapped decrypted (tables, etc.). Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/platform/efi/efi_64.c | 15

[PATCH v9 17/38] efi: Update efi_mem_type() to return an error rather than 0

on to return a negative error value when no memmap entry is found. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/ia64/kernel/efi.c |4 ++-- arch/x86/platform/efi/efi.c |6 +++--- include/linux/efi.h |2 +- 3 files chang

[PATCH v9 12/38] x86/mm: Extend early_memremap() support with additional attrs

s that the hardware will never give the core a dirty line with this memtype. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/Kconfig |4 +++ arch/x86/include/asm/fixmap.h| 13 ++ arch/x86/include/asm/pgtable_types.h |8 ++ a

[PATCH v9 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support

For processors that support PAT, set the write-protect cache mode (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05). Acked-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/pat.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch

Re: [PATCH v8 RESEND 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

On 6/28/2017 4:36 AM, Joerg Roedel wrote: Hi Tom, Hi Joerg, On Tue, Jun 27, 2017 at 10:12:30AM -0500, Tom Lendacky wrote: --- drivers/iommu/amd_iommu.c | 30 -- drivers/iommu/amd_iommu_init.c | 34 -- drivers/iommu

[PATCH v8 RESEND 32/38] xen/x86: Remove SME feature in PV guests

Xen does not currently support SME for PV guests. Clear the SME CPU capability in order to avoid any ambiguity. Reviewed-by: Borislav Petkov Reviewed-by: Juergen Gross Signed-off-by: Tom Lendacky --- arch/x86/xen/enlighten_pv.c |1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86

[PATCH v8 RESEND 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4

Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS is greater than 4. Create a macro that will allow for defining and using native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable_types.h |5

[PATCH v8 RESEND 35/38] x86/mm: Add support to encrypt the kernel in-place

Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky --- arch/x86/include/asm

[PATCH v8 RESEND 36/38] x86/boot: Add early cmdline parsing for options with arguments

Add a cmdline_find_option() function to look for cmdline options that take arguments. The argument is returned in a supplied buffer and the argument length (regardless of whether it fits in the supplied buffer) is returned, with -1 indicating not found. Signed-off-by: Tom Lendacky --- arch/x86

[PATCH v8 RESEND 37/38] compiler-gcc.h: Introduce __nostackp function attribute

Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h |2 ++ include/linux/compiler.h |4 2 files changed, 6 insertions(+) diff --git a/include/linux

[PATCH v8 RESEND 38/38] x86/mm: Add support to make use of Secure Memory Encryption

Signed-off-by: Tom Lendacky --- arch/x86/include/asm/mem_encrypt.h |6 ++- arch/x86/kernel/head64.c |5 +- arch/x86/mm/mem_encrypt.c | 77 3 files changed, 83 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/mem_en

[PATCH v8 RESEND 31/38] x86/mm, kexec: Allow kexec to be used with SME

encryption bit. This can cause random memory corruption when caches are flushed depending on which cacheline is written last. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/init.h |1 + arch/x86/include/asm/kexec.h |8 arch/x86

[PATCH v8 RESEND 33/38] x86/mm: Use proper encryption attributes with /dev/mem

mapped encrypted then the VMA protection value is updated to remove the encryption bit. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/io.h |3 +++ arch/x86/mm/ioremap.c | 18 +- arch/x86/mm/pat.c |3 +++ 3 files changed, 15

[PATCH v8 RESEND 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

included in these physical addresses during configuration. The PTE entries created by the IOMMU should also include the encryption mask so that when the device behind the IOMMU performs a DMA, the DMA will be performed to encrypted memory. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky

[PATCH v8 RESEND 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings

Since video memory needs to be accessed decrypted, be sure that the memory encryption mask is not set for the video ranges. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/vga.h | 14 +- arch/x86/mm/pageattr.c |2 ++ drivers

  1   2   3   4   5   6   >