Re: [PATCH v2 0/6] Better document Sphinx install instructions

On Mon, 17 Jul 2017 18:23:05 -0300 Mauro Carvalho Chehab wrote: > Btw, I'm submitting in a few a second version of the patches with > add a script to check Sphinx dependencies. I figured I wasn't going to look at that until you get up to v42 or so - maybe another day

Re: [PATCH v2 0/6] Better document Sphinx install instructions

On Mon, 17 Jul 2017 18:23:05 -0300 Mauro Carvalho Chehab wrote: > Btw, I'm submitting in a few a second version of the patches with > add a script to check Sphinx dependencies. I figured I wasn't going to look at that until you get up to v42 or so - maybe another day or two...? :) jon

[PATCH v2] pty: show associative slave of ptmx in fdinfo

This patch adds "tty-index" field to /proc/PID/fdinfo/N if N specifies /dev/ptmx. The field shows the index of associative slave pts. Though a minor number is given for each pts instance, ptmx is not. It means there is no way in user-space to know the association between file descriptors for

[PATCH v2] pty: show associative slave of ptmx in fdinfo

This patch adds "tty-index" field to /proc/PID/fdinfo/N if N specifies /dev/ptmx. The field shows the index of associative slave pts. Though a minor number is given for each pts instance, ptmx is not. It means there is no way in user-space to know the association between file descriptors for

[PATCH v10 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support

For processors that support PAT, set the write-protect cache mode (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05). Acked-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/pat.c | 6 +++--- 1 file changed, 3 insertions(+),

[PATCH v10 02/38] x86/mm/pat: Set write-protect cache mode for full PAT support

For processors that support PAT, set the write-protect cache mode (_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05). Acked-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/mm/pat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git

[PATCH v10 01/38] x86: Document AMD Secure Memory Encryption (SME)

Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky ---

[PATCH v10 01/38] x86: Document AMD Secure Memory Encryption (SME)

Create a Documentation entry to describe the AMD Secure Memory Encryption (SME) feature and add documentation for the mem_encrypt= kernel parameter. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- Documentation/admin-guide/kernel-parameters.txt | 11

Re: [PATCH] Documentation: dt: chosen property for kaslr-seed

On 17 July 2017 at 22:05, Rob Herring wrote: > On Mon, Jul 17, 2017 at 3:22 PM, Ard Biesheuvel > wrote: >> On 17 July 2017 at 20:54, Kees Cook wrote: >>> On Mon, Jul 17, 2017 at 12:32 PM, Rob Herring wrote:

Re: [PATCH] Documentation: dt: chosen property for kaslr-seed

On 17 July 2017 at 22:05, Rob Herring wrote: > On Mon, Jul 17, 2017 at 3:22 PM, Ard Biesheuvel > wrote: >> On 17 July 2017 at 20:54, Kees Cook wrote: >>> On Mon, Jul 17, 2017 at 12:32 PM, Rob Herring wrote: On Fri, Jul 14, 2017 at 05:38:36PM -0700, Kees Cook wrote: > Document then

[PATCH v10 05/38] x86/CPU/AMD: Handle SME reduction in physical address size

When System Memory Encryption (SME) is enabled, the physical address space is reduced. Adjust the x86_phys_bits value to reflect this reduction. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c | 24

[PATCH v10 05/38] x86/CPU/AMD: Handle SME reduction in physical address size

When System Memory Encryption (SME) is enabled, the physical address space is reduced. Adjust the x86_phys_bits value to reflect this reduction. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/kernel/cpu/amd.c | 24 +--- 1 file changed, 13

[PATCH v10 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

Update the CPU features to include identifying and reporting on the Secure Memory Encryption (SME) feature. SME is identified by CPUID 0x801f, but requires BIOS support to enable it (set bit 23 of MSR_K8_SYSCFG). Only show the SME feature as available if reported by CPUID, enabled by BIOS

[PATCH v10 04/38] x86/CPU/AMD: Add the Secure Memory Encryption CPU feature

Update the CPU features to include identifying and reporting on the Secure Memory Encryption (SME) feature. SME is identified by CPUID 0x801f, but requires BIOS support to enable it (set bit 23 of MSR_K8_SYSCFG). Only show the SME feature as available if reported by CPUID, enabled by BIOS

[PATCH v10 08/38] x86/mm: Add support to enable SME in early boot processing

Add support to the early boot code to use Secure Memory Encryption (SME). Since the kernel has been loaded into memory in a decrypted state, encrypt the kernel in place and update the early pagetables with the memory encryption mask so that new pagetable entries will use memory encryption. The

[PATCH v10 08/38] x86/mm: Add support to enable SME in early boot processing

Add support to the early boot code to use Secure Memory Encryption (SME). Since the kernel has been loaded into memory in a decrypted state, encrypt the kernel in place and update the early pagetables with the memory encryption mask so that new pagetable entries will use memory encryption. The

[PATCH v10 10/38] x86/mm: Provide general kernel support for memory encryption

Changes to the existing page table macros will allow the SME support to be enabled in a simple fashion with minimal changes to files that use these macros. Since the memory encryption mask will now be part of the regular pagetable macros, we introduce two new macros (_PAGE_TABLE_NOENC and

[PATCH v10 10/38] x86/mm: Provide general kernel support for memory encryption

Changes to the existing page table macros will allow the SME support to be enabled in a simple fashion with minimal changes to files that use these macros. Since the memory encryption mask will now be part of the regular pagetable macros, we introduce two new macros (_PAGE_TABLE_NOENC and

[PATCH v10 14/38] x86/mm: Insure that boot memory areas are mapped properly

The boot data and command line data are present in memory in a decrypted state and are copied early in the boot process. The early page fault support will map these areas as encrypted, so before attempting to copy them, add decrypted mappings so the data is accessed properly when copied. For the

[PATCH v10 14/38] x86/mm: Insure that boot memory areas are mapped properly

The boot data and command line data are present in memory in a decrypted state and are copied early in the boot process. The early page fault support will map these areas as encrypted, so before attempting to copy them, add decrypted mappings so the data is accessed properly when copied. For the

Re: [PATCH v2 0/6] Better document Sphinx install instructions

Em Mon, 17 Jul 2017 13:40:51 -0600 Jonathan Corbet escreveu: > On Fri, 14 Jul 2017 13:41:15 -0300 > Mauro Carvalho Chehab wrote: > > > The Sphinx build chain is fragile: any upgrades can cause it to break. > > > > That's what happened this week, when

Re: [PATCH v2 0/6] Better document Sphinx install instructions

Em Mon, 17 Jul 2017 13:40:51 -0600 Jonathan Corbet escreveu: > On Fri, 14 Jul 2017 13:41:15 -0300 > Mauro Carvalho Chehab wrote: > > > The Sphinx build chain is fragile: any upgrades can cause it to break. > > > > That's what happened this week, when I upgraded my machines to > > Fedora 26. >

Re: [PATCH 14/14] [media] fix warning on v4l2_subdev_call() result interpreted as bool

On Mon, Jul 17, 2017 at 4:35 PM, Hans Verkuil wrote: > On 17/07/17 16:26, Arnd Bergmann wrote: >> Let me try again without ccache for now and see what warnings remain. >> We can find a solution for those first, and then decide how to deal with >> ccache. > > Sounds good. > >

Re: [PATCH 14/14] [media] fix warning on v4l2_subdev_call() result interpreted as bool

On Mon, Jul 17, 2017 at 4:35 PM, Hans Verkuil wrote: > On 17/07/17 16:26, Arnd Bergmann wrote: >> Let me try again without ccache for now and see what warnings remain. >> We can find a solution for those first, and then decide how to deal with >> ccache. > > Sounds good. > > I'm OK with applying

Re: [RFC PATCH v3] irqchip: Add support for tango interrupt router

On 17/07/2017 17:36, Mason wrote: > This controller maps 128 input lines to 24 output lines. > The output lines are routed to GIC SPI 0 to 23. > This driver muxes LEVEL_HIGH IRQs onto output line 0, > and gives every EDGE_RISING IRQ a dedicated output line. > --- > I think the driver is mostly

Re: [RFC PATCH v3] irqchip: Add support for tango interrupt router

On 17/07/2017 17:36, Mason wrote: > This controller maps 128 input lines to 24 output lines. > The output lines are routed to GIC SPI 0 to 23. > This driver muxes LEVEL_HIGH IRQs onto output line 0, > and gives every EDGE_RISING IRQ a dedicated output line. > --- > I think the driver is mostly

[PATCH v10 13/38] x86/mm: Add support for early encrypt/decrypt of memory

Add support to be able to either encrypt or decrypt data in place during the early stages of booting the kernel. This does not change the memory encryption attribute - it is used for ensuring that data present in either an encrypted or decrypted memory area is in the proper state (for example the

[PATCH v10 13/38] x86/mm: Add support for early encrypt/decrypt of memory

Add support to be able to either encrypt or decrypt data in place during the early stages of booting the kernel. This does not change the memory encryption attribute - it is used for ensuring that data present in either an encrypted or decrypted memory area is in the proper state (for example the

[PATCH v10 11/38] x86/mm: Add SME support for read_cr3_pa()

The cr3 register entry can contain the SME encryption mask that indicates the PGD is encrypted. The encryption mask should not be used when creating a virtual address from the cr3 register, so remove the SME encryption mask in the read_cr3_pa() function. During early boot SME will need to use a

[PATCH v10 11/38] x86/mm: Add SME support for read_cr3_pa()

The cr3 register entry can contain the SME encryption mask that indicates the PGD is encrypted. The encryption mask should not be used when creating a virtual address from the cr3 register, so remove the SME encryption mask in the read_cr3_pa() function. During early boot SME will need to use a

[PATCH v10 17/38] efi: Update efi_mem_type() to return an error rather than 0

The efi_mem_type() function currently returns a 0, which maps to EFI_RESERVED_TYPE, if the function is unable to find a memmap entry for the supplied physical address. Returning EFI_RESERVED_TYPE implies that a memmap entry exists, when it doesn't. Instead of returning 0, change the function to

[PATCH v10 17/38] efi: Update efi_mem_type() to return an error rather than 0

The efi_mem_type() function currently returns a 0, which maps to EFI_RESERVED_TYPE, if the function is unable to find a memmap entry for the supplied physical address. Returning EFI_RESERVED_TYPE implies that a memmap entry exists, when it doesn't. Instead of returning 0, change the function to

[PATCH v10 12/38] x86/mm: Extend early_memremap() support with additional attrs

Add early_memremap() support to be able to specify encrypted and decrypted mappings with and without write-protection. The use of write-protection is necessary when encrypting data "in place". The write-protect attribute is considered cacheable for loads, but not stores. This implies that the

[PATCH v10 18/38] x86/efi: Update EFI pagetable creation to work with SME

When SME is active, pagetable entries created for EFI need to have the encryption mask set as necessary. When the new pagetable pages are allocated they are mapped encrypted. So, update the efi_pgt value that will be used in cr3 to include the encryption mask so that the PGD table can be read

[PATCH v10 12/38] x86/mm: Extend early_memremap() support with additional attrs

Add early_memremap() support to be able to specify encrypted and decrypted mappings with and without write-protection. The use of write-protection is necessary when encrypting data "in place". The write-protect attribute is considered cacheable for loads, but not stores. This implies that the

[PATCH v10 18/38] x86/efi: Update EFI pagetable creation to work with SME

When SME is active, pagetable entries created for EFI need to have the encryption mask set as necessary. When the new pagetable pages are allocated they are mapped encrypted. So, update the efi_pgt value that will be used in cr3 to include the encryption mask so that the PGD table can be read

Re: [PATCH v2] PM / suspend: Add suspend_target_state()

On 07/17/2017 02:03 PM, Rafael J. Wysocki wrote: > On Mon, Jul 17, 2017 at 10:16 PM, Pavel Machek wrote: >> Hi! >> >>> Have the core suspend/resume framework store the system-wide suspend >>> state (suspend_state_t) we are about to enter, and expose it to drivers >>> via

Re: [PATCH v2] PM / suspend: Add suspend_target_state()

On 07/17/2017 02:03 PM, Rafael J. Wysocki wrote: > On Mon, Jul 17, 2017 at 10:16 PM, Pavel Machek wrote: >> Hi! >> >>> Have the core suspend/resume framework store the system-wide suspend >>> state (suspend_state_t) we are about to enter, and expose it to drivers >>> via suspend_target_state() in

Re: [PATCH resend] Documentation: arm: Replace use of virt_to_phys with __pa_symbol

On Mon, Jul 17, 2017 at 01:44:45PM -0600, Jonathan Corbet wrote: > On Mon, 17 Jul 2017 15:39:28 +0200 > Geert Uytterhoeven wrote: > > > All low-level PM/SMP code using virt_to_phys() should actually use > > __pa_symbol() against kernel symbols. Update the documentation

Re: [PATCH resend] Documentation: arm: Replace use of virt_to_phys with __pa_symbol

On Mon, Jul 17, 2017 at 01:44:45PM -0600, Jonathan Corbet wrote: > On Mon, 17 Jul 2017 15:39:28 +0200 > Geert Uytterhoeven wrote: > > > All low-level PM/SMP code using virt_to_phys() should actually use > > __pa_symbol() against kernel symbols. Update the documentation to move > > away from

[PATCH v10 15/38] x86/boot/e820: Add support to determine the E820 type of an address

Add a function that will return the E820 type associated with an address range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/e820/api.h | 2 ++ arch/x86/kernel/e820.c | 26 +++--- 2 files

[PATCH v10 15/38] x86/boot/e820: Add support to determine the E820 type of an address

Add a function that will return the E820 type associated with an address range. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/e820/api.h | 2 ++ arch/x86/kernel/e820.c | 26 +++--- 2 files changed, 25 insertions(+), 3

[PATCH v10 19/38] x86/mm: Add support to access boot related data in the clear

Boot data (such as EFI related data) is not encrypted when the system is booted because UEFI/BIOS does not run with SME active. In order to access this data properly it needs to be mapped decrypted. Update early_memremap() to provide an arch specific routine to modify the pagetable protection

[PATCH v10 19/38] x86/mm: Add support to access boot related data in the clear

Boot data (such as EFI related data) is not encrypted when the system is booted because UEFI/BIOS does not run with SME active. In order to access this data properly it needs to be mapped decrypted. Update early_memremap() to provide an arch specific routine to modify the pagetable protection

[PATCH v10 22/38] x86/mm: Add support for changing the memory encryption attribute

Add support for changing the memory encryption attribute for one or more memory pages. This will be useful when we have to change the AP trampoline area to not be encrypted. Or when we need to change the SWIOTLB area to not be encrypted in support of devices that can't support the encryption mask

[PATCH v10 22/38] x86/mm: Add support for changing the memory encryption attribute

Add support for changing the memory encryption attribute for one or more memory pages. This will be useful when we have to change the AP trampoline area to not be encrypted. Or when we need to change the SWIOTLB area to not be encrypted in support of devices that can't support the encryption mask

Re: [PATCH 6/6] cgroup: update debug controller to print out thread mode information

On 07/16/2017 10:07 PM, Tejun Heo wrote: > From: Waiman Long > > Update debug controller so that it prints out debug info about thread > mode. > > 1) The relationship between proc_cset and threaded_csets are displayed. > 2) The status of being a thread root or threaded

Re: [PATCH 6/6] cgroup: update debug controller to print out thread mode information

On 07/16/2017 10:07 PM, Tejun Heo wrote: > From: Waiman Long > > Update debug controller so that it prints out debug info about thread > mode. > > 1) The relationship between proc_cset and threaded_csets are displayed. > 2) The status of being a thread root or threaded cgroup is displayed. > >

[PATCH v10 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active

When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Reviewed-by: Borislav Petkov

[PATCH v10 23/38] x86/realmode: Decrypt trampoline area if memory encryption is active

When Secure Memory Encryption is enabled, the trampoline area must not be encrypted. A CPU running in real mode will not be able to decrypt memory that has been encrypted because it will not be able to use addresses with the memory encryption mask. Reviewed-by: Borislav Petkov Signed-off-by: Tom

[PATCH v10 21/38] x86/mm: Add support to access persistent memory in the clear

Persistent memory is expected to persist across reboots. The encryption key used by SME will change across reboots which will result in corrupted persistent memory. Persistent memory is handed out by block devices through memory remapping functions, so be sure not to map this memory as encrypted.

[PATCH v10 21/38] x86/mm: Add support to access persistent memory in the clear

Persistent memory is expected to persist across reboots. The encryption key used by SME will change across reboots which will result in corrupted persistent memory. Persistent memory is handed out by block devices through memory remapping functions, so be sure not to map this memory as encrypted.

Re: [PATCH 5/6] cgroup: implement cgroup v2 thread support

On 07/16/2017 10:07 PM, Tejun Heo wrote: > > +Threads > +~~~ > + > +cgroup v2 supports thread granularity for a subset of controllers to > +support use cases requiring hierarchical resource distribution across > +the threads of a group of processes. By default, all threads of a > +process

Re: [PATCH 5/6] cgroup: implement cgroup v2 thread support

On 07/16/2017 10:07 PM, Tejun Heo wrote: > > +Threads > +~~~ > + > +cgroup v2 supports thread granularity for a subset of controllers to > +support use cases requiring hierarchical resource distribution across > +the threads of a group of processes. By default, all threads of a > +process

[PATCH v10 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot

Move the setting of the cpuinfo_x86.microcode field from amd_init() to early_amd_init() so that it is available earlier in the boot process. This avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky

[PATCH v10 26/38] x86/CPU/AMD: Make the microcode level available earlier in the boot

Move the setting of the cpuinfo_x86.microcode field from amd_init() to early_amd_init() so that it is available earlier in the boot process. This avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky ---

[PATCH v10 24/38] x86, swiotlb: Add memory encryption support

Since DMA addresses will effectively look like 48-bit addresses when the memory encryption mask is set, SWIOTLB is needed if the DMA mask of the device performing the DMA does not support 48-bits. SWIOTLB will be initialized to create decrypted bounce buffers for use by these devices.

[PATCH v10 24/38] x86, swiotlb: Add memory encryption support

Since DMA addresses will effectively look like 48-bit addresses when the memory encryption mask is set, SWIOTLB is needed if the DMA mask of the device performing the DMA does not support 48-bits. SWIOTLB will be initialized to create decrypted bounce buffers for use by these devices.

[PATCH v10 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

The IOMMU is programmed with physical addresses for the various tables and buffers that are used to communicate between the device and the driver. When the driver allocates this memory it is encrypted. In order for the IOMMU to access the memory as encrypted the encryption mask needs to be

[PATCH v10 27/38] iommu/amd: Allow the AMD IOMMU to work with memory encryption

The IOMMU is programmed with physical addresses for the various tables and buffers that are used to communicate between the device and the driver. When the driver allocates this memory it is encrypted. In order for the IOMMU to access the memory as encrypted the encryption mask needs to be

[PATCH v10 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings

Since video memory needs to be accessed decrypted, be sure that the memory encryption mask is not set for the video ranges. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/vga.h | 14 +-

[PATCH v10 29/38] x86, drm, fbdev: Do not specify encrypted memory for video mappings

Since video memory needs to be accessed decrypted, be sure that the memory encryption mask is not set for the video ranges. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/vga.h | 14 +- arch/x86/mm/pageattr.c | 2 ++

[PATCH v10 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM

Update the KVM support to work with SME. The VMCB has a number of fields where physical addresses are used and these addresses must contain the memory encryption mask in order to properly access the encrypted memory. Also, use the memory encryption mask when creating and using the nested page

[PATCH v10 30/38] kvm: x86: svm: Support Secure Memory Encryption within KVM

Update the KVM support to work with SME. The VMCB has a number of fields where physical addresses are used and these addresses must contain the memory encryption mask in order to properly access the encrypted memory. Also, use the memory encryption mask when creating and using the nested page

[PATCH v10 33/38] x86/mm: Use proper encryption attributes with /dev/mem

When accessing memory using /dev/mem (or /dev/kmem) use the proper encryption attributes when mapping the memory. To insure the proper attributes are applied when reading or writing /dev/mem, update the xlate_dev_mem_ptr() function to use memremap() which will essentially perform the same steps

[PATCH v10 33/38] x86/mm: Use proper encryption attributes with /dev/mem

When accessing memory using /dev/mem (or /dev/kmem) use the proper encryption attributes when mapping the memory. To insure the proper attributes are applied when reading or writing /dev/mem, update the xlate_dev_mem_ptr() function to use memremap() which will essentially perform the same steps

[PATCH v10 35/38] x86/mm: Add support to encrypt the kernel in-place

Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky ---

[PATCH v10 35/38] x86/mm: Add support to encrypt the kernel in-place

Add the support to encrypt the kernel in-place. This is done by creating new page mappings for the kernel - a decrypted write-protected mapping and an encrypted mapping. The kernel is encrypted by copying it through a temporary buffer. Signed-off-by: Tom Lendacky ---

[PATCH v10 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4

Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS is greater than 4. Create a macro that will allow for defining and using native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4. Signed-off-by: Tom Lendacky ---

[PATCH v10 34/38] x86/mm: Create native_make_p4d() for PGTABLE_LEVELS <= 4

Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS is greater than 4. Create a macro that will allow for defining and using native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4. Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable_types.h | 5 + 1

[PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME

Provide support so that kexec can be used to boot a kernel when SME is enabled. Support is needed to allocate pages for kexec without encryption. This is needed in order to be able to reboot in the kernel in the same manner as originally booted. Additionally, when shutting down all of the CPUs

[PATCH v10 31/38] x86/mm, kexec: Allow kexec to be used with SME

Provide support so that kexec can be used to boot a kernel when SME is enabled. Support is needed to allocate pages for kexec without encryption. This is needed in order to be able to reboot in the kernel in the same manner as originally booted. Additionally, when shutting down all of the CPUs

[PATCH v10 38/38] x86/mm: Add support to make use of Secure Memory Encryption

Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encryption is to be activated, then the encryption mask is set and the kernel is encrypted "in place."

[PATCH v10 38/38] x86/mm: Add support to make use of Secure Memory Encryption

Add support to check if SME has been enabled and if memory encryption should be activated (checking of command line option based on the configuration of the default state). If memory encryption is to be activated, then the encryption mask is set and the kernel is encrypted "in place."

[PATCH v10 28/38] x86, realmode: Check for memory encryption on the APs

Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the memory encryption bit (bit 23) of MSR_K8_SYSCFG to enable memory encryption on that AP and allow

[PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute

Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h | 2 ++ include/linux/compiler.h | 4 2 files changed, 6 insertions(+) diff --git

[PATCH v10 36/38] x86/boot: Add early cmdline parsing for options with arguments

Add a cmdline_find_option() function to look for cmdline options that take arguments. The argument is returned in a supplied buffer and the argument length (regardless of whether it fits in the supplied buffer) is returned, with -1 indicating not found. Signed-off-by: Tom Lendacky

[PATCH v10 28/38] x86, realmode: Check for memory encryption on the APs

Add support to check if memory encryption is active in the kernel and that it has been enabled on the AP. If memory encryption is active in the kernel but has not been enabled on the AP, then set the memory encryption bit (bit 23) of MSR_K8_SYSCFG to enable memory encryption on that AP and allow

[PATCH v10 37/38] compiler-gcc.h: Introduce __nostackp function attribute

Create a new function attribute, __nostackp, that can used to turn off stack protection on a per function basis. Signed-off-by: Tom Lendacky --- include/linux/compiler-gcc.h | 2 ++ include/linux/compiler.h | 4 2 files changed, 6 insertions(+) diff --git

[PATCH v10 36/38] x86/boot: Add early cmdline parsing for options with arguments

Add a cmdline_find_option() function to look for cmdline options that take arguments. The argument is returned in a supplied buffer and the argument length (regardless of whether it fits in the supplied buffer) is returned, with -1 indicating not found. Signed-off-by: Tom Lendacky ---

[PATCH v10 32/38] xen/x86: Remove SME feature in PV guests

Xen does not currently support SME for PV guests. Clear the SME CPU capability in order to avoid any ambiguity. Cc: Cc: Boris Ostrovsky Cc: Juergen Gross Reviewed-by: Borislav Petkov Reviewed-by: Juergen Gross

[PATCH v10 32/38] xen/x86: Remove SME feature in PV guests

Xen does not currently support SME for PV guests. Clear the SME CPU capability in order to avoid any ambiguity. Cc: Cc: Boris Ostrovsky Cc: Juergen Gross Reviewed-by: Borislav Petkov Reviewed-by: Juergen Gross Signed-off-by: Tom Lendacky --- arch/x86/xen/enlighten_pv.c | 1 + 1 file

[PATCH v10 16/38] efi: Add an EFI table address match function

Add a function that will determine if a supplied physical address matches the address of an EFI table. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- drivers/firmware/efi/efi.c | 33

[PATCH v10 16/38] efi: Add an EFI table address match function

Add a function that will determine if a supplied physical address matches the address of an EFI table. Reviewed-by: Matt Fleming Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- drivers/firmware/efi/efi.c | 33 + include/linux/efi.h| 7

[PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data

The SMP MP-table is built by UEFI and placed in memory in a decrypted state. These tables are accessed using a mix of early_memremap(), early_memunmap(), phys_to_virt() and virt_to_phys(). Change all accesses to use early_memremap()/early_memunmap(). This allows for proper setting of the

[PATCH v10 25/38] swiotlb: Add warnings for use of bounce buffers with SME

Add warnings to let the user know when bounce buffers are being used for DMA when SME is active. Since the bounce buffers are not in encrypted memory, these notifications are to allow the user to determine some appropriate action - if necessary. Actions can range from utilizing an IOMMU,

[PATCH v10 20/38] x86, mpparse: Use memremap to map the mpf and mpc data

The SMP MP-table is built by UEFI and placed in memory in a decrypted state. These tables are accessed using a mix of early_memremap(), early_memunmap(), phys_to_virt() and virt_to_phys(). Change all accesses to use early_memremap()/early_memunmap(). This allows for proper setting of the

[PATCH v10 25/38] swiotlb: Add warnings for use of bounce buffers with SME

Add warnings to let the user know when bounce buffers are being used for DMA when SME is active. Since the bounce buffers are not in encrypted memory, these notifications are to allow the user to determine some appropriate action - if necessary. Actions can range from utilizing an IOMMU,

[PATCH v10 06/38] x86/mm: Add Secure Memory Encryption (SME) support

Add support for Secure Memory Encryption (SME). This initial support provides a Kconfig entry to build the SME support into the kernel and defines the memory encryption mask that will be used in subsequent patches to mark pages as encrypted. Reviewed-by: Borislav Petkov

[PATCH v10 06/38] x86/mm: Add Secure Memory Encryption (SME) support

Add support for Secure Memory Encryption (SME). This initial support provides a Kconfig entry to build the SME support into the kernel and defines the memory encryption mask that will be used in subsequent patches to mark pages as encrypted. Reviewed-by: Borislav Petkov Signed-off-by: Tom

[PATCH v10 09/38] x86/mm: Simplify p[g4um]d_page() macros

Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable.h

[PATCH v10 09/38] x86/mm: Simplify p[g4um]d_page() macros

Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of duplicating the code. Reviewed-by: Borislav Petkov Signed-off-by: Tom Lendacky --- arch/x86/include/asm/pgtable.h | 16 +--- 1 file changed,

[PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

This patch series provides support for AMD's new Secure Memory Encryption (SME) feature. SME can be used to mark individual pages of memory as encrypted through the page tables. A page of memory that is marked encrypted will be automatically decrypted when read from DRAM and will be automatically

[PATCH v10 00/38] x86: Secure Memory Encryption (AMD)

This patch series provides support for AMD's new Secure Memory Encryption (SME) feature. SME can be used to mark individual pages of memory as encrypted through the page tables. A page of memory that is marked encrypted will be automatically decrypted when read from DRAM and will be automatically

Re: [PATCH net-next 11/12] net: dsa: mv88e6xxx: add Energy Detect ops

From: Andrew Lunn Date: Mon, 17 Jul 2017 23:04:05 +0200 > On Mon, Jul 17, 2017 at 01:45:49PM -0700, David Miller wrote: >> From: Vivien Didelot >> Date: Mon, 17 Jul 2017 15:32:52 -0400 >> >> > Hi Andrew, >> > >> > Andrew Lunn

Re: [PATCH net-next 11/12] net: dsa: mv88e6xxx: add Energy Detect ops

From: Andrew Lunn Date: Mon, 17 Jul 2017 23:04:05 +0200 > On Mon, Jul 17, 2017 at 01:45:49PM -0700, David Miller wrote: >> From: Vivien Didelot >> Date: Mon, 17 Jul 2017 15:32:52 -0400 >> >> > Hi Andrew, >> > >> > Andrew Lunn writes: >> > >> >> I never liked this. I think it is

Re: [Intel-gfx] [PATCH] drm/i915: Return correct EDP voltage swing table for 0.85V

On Mon, Jul 17, 2017 at 08:59:18PM +, Pandiyan, Dhinakaran wrote: > > > > On Mon, 2017-07-17 at 18:55 +, Pandiyan, Dhinakaran wrote: > > Looks like a typo in > > > > cf54ca8 ("drm/i915/cnl: Implement voltage swing sequence.") > > > > but Cc'ing Rodrigo, Clint to make sure this wasn't

Re: [Intel-gfx] [PATCH] drm/i915: Return correct EDP voltage swing table for 0.85V

On Mon, Jul 17, 2017 at 08:59:18PM +, Pandiyan, Dhinakaran wrote: > > > > On Mon, 2017-07-17 at 18:55 +, Pandiyan, Dhinakaran wrote: > > Looks like a typo in > > > > cf54ca8 ("drm/i915/cnl: Implement voltage swing sequence.") > > > > but Cc'ing Rodrigo, Clint to make sure this wasn't

Re: [PATCH v2 1/3] leds: core: Introduce generic pattern interface

On 07/16/2017 11:14 PM, Bjorn Andersson wrote: > On Sun 16 Jul 11:49 PDT 2017, Jacek Anaszewski wrote: > >> Hi, >> >> On 07/06/2017 05:18 AM, Pavel Machek wrote: >>> Hi! >>> Some LED controllers have support for autonomously controlling brightness over time, according to some

Re: [PATCH v2 1/3] leds: core: Introduce generic pattern interface

On 07/16/2017 11:14 PM, Bjorn Andersson wrote: > On Sun 16 Jul 11:49 PDT 2017, Jacek Anaszewski wrote: > >> Hi, >> >> On 07/06/2017 05:18 AM, Pavel Machek wrote: >>> Hi! >>> Some LED controllers have support for autonomously controlling brightness over time, according to some

<    1   2   3   4   5   6   7   8   9   10   >