x86/cpu/AMD: Add the Secure Memory Encryption CPU feature
authorTom Lendacky <thomas.lendacky@amd.com>
Mon, 17 Jul 2017 21:10:01 +0000 (16:10 -0500)
committerIngo Molnar <mingo@kernel.org>
Tue, 18 Jul 2017 09:37:59 +0000 (11:37 +0200)
Update the CPU features to include identifying and reporting on the
Secure Memory Encryption (SME) feature.  SME is identified by CPUID
0x8000001f, but requires BIOS support to enable it (set bit 23 of
MSR_K8_SYSCFG).  Only show the SME feature as available if reported by
CPUID, enabled by BIOS and not configured as CONFIG_X86_32=y.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Toshimitsu Kani <toshi.kani@hpe.com>
Cc: kasan-dev@googlegroups.com
Cc: kvm@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-efi@vger.kernel.org
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/85c17ff450721abccddc95e611ae8df3f4d9718b.1500319216.git.thomas.lendacky@amd.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
arch/x86/include/asm/cpufeatures.h
arch/x86/include/asm/msr-index.h
arch/x86/kernel/cpu/amd.c
arch/x86/kernel/cpu/scattered.c

index ca3c48c0872f4beba6b03ac92c50eb6a352b3006..14f0f29133640a89b9b344f805861fb1b0397ed1 100644 (file)
 
 #define X86_FEATURE_HW_PSTATE  ( 7*32+ 8) /* AMD HW-PState */
 #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
+#define X86_FEATURE_SME                ( 7*32+10) /* AMD Secure Memory Encryption */
 
 #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
 #define X86_FEATURE_INTEL_PT   ( 7*32+15) /* Intel Processor Trace */
index 5573c75f8e4ced276c8585b71f0df9b786ea9e90..17f5c12e1afd0c6ddb3fa2e6fc94b1fec52f7d5c 100644 (file)
 #define MSR_K8_TOP_MEM1                        0xc001001a
 #define MSR_K8_TOP_MEM2                        0xc001001d
 #define MSR_K8_SYSCFG                  0xc0010010
+#define MSR_K8_SYSCFG_MEM_ENCRYPT_BIT  23
+#define MSR_K8_SYSCFG_MEM_ENCRYPT      BIT_ULL(MSR_K8_SYSCFG_MEM_ENCRYPT_BIT)
 #define MSR_K8_INT_PENDING_MSG         0xc0010055
 /* C1E active bits in int pending message */
 #define K8_INTP_C1E_ACTIVE_MASK                0x18000000
index bb5abe8f5fd46c17ca7c27361cbdb99e00db645f..5ccc7b2e63bb831c425c7e26cb1a87ff9b406e96 100644 (file)
@@ -611,6 +611,25 @@ static void early_init_amd(struct cpuinfo_x86 *c)
         */
        if (cpu_has_amd_erratum(c, amd_erratum_400))
                set_cpu_bug(c, X86_BUG_AMD_E400);
+
+       /*
+        * BIOS support is required for SME. If BIOS has not enabled SME
+        * then don't advertise the feature (set in scattered.c). Also,
+        * since the SME support requires long mode, don't advertise the
+        * feature under CONFIG_X86_32.
+        */
+       if (cpu_has(c, X86_FEATURE_SME)) {
+               if (IS_ENABLED(CONFIG_X86_32)) {
+                       clear_cpu_cap(c, X86_FEATURE_SME);
+               } else {
+                       u64 msr;
+
+                       /* Check if SME is enabled */
+                       rdmsrl(MSR_K8_SYSCFG, msr);
+                       if (!(msr & MSR_K8_SYSCFG_MEM_ENCRYPT))
+                               clear_cpu_cap(c, X86_FEATURE_SME);
+               }
+       }
 }
 
 static void init_amd_k8(struct cpuinfo_x86 *c)
index 23c23508c0125e50caf69a6959aaf000151cf572..05459ad3db46e2139b7d97514899d398c321c541 100644 (file)
@@ -31,6 +31,7 @@ static const struct cpuid_bit cpuid_bits[] = {
        { X86_FEATURE_HW_PSTATE,        CPUID_EDX,  7, 0x80000007, 0 },
        { X86_FEATURE_CPB,              CPUID_EDX,  9, 0x80000007, 0 },
        { X86_FEATURE_PROC_FEEDBACK,    CPUID_EDX, 11, 0x80000007, 0 },
+       { X86_FEATURE_SME,              CPUID_EAX,  0, 0x8000001f, 0 },
        { 0, 0, 0, 0, 0 }
 };