On 1/9/2018 5:43 PM, Thomas Gleixner wrote:
> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>> On 1/9/2018 5:09 PM, Thomas Gleixner wrote:
>>> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>>>> On 1/9/2018 4:46 PM, Thomas Gleixner wrote:
>>>>> Urgh. That's an awf
On 1/9/2018 5:06 PM, Gabriel C wrote:
> 2018-01-09 23:47 GMT+01:00 Tom Lendacky <thomas.lenda...@amd.com>:
>> On 1/9/2018 4:28 PM, Gabriel C wrote:
>>> Hello ,
>>>
>>> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors.
>
On 1/9/2018 5:06 PM, Gabriel C wrote:
> 2018-01-09 23:47 GMT+01:00 Tom Lendacky :
>> On 1/9/2018 4:28 PM, Gabriel C wrote:
>>> Hello ,
>>>
>>> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors.
>>>
>>> I'm on 4.15.
On 1/9/2018 5:09 PM, Thomas Gleixner wrote:
> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>> On 1/9/2018 4:46 PM, Thomas Gleixner wrote:
>>> Urgh. That's an awful hack. why not do the obvious?
>>
>> My first attempt was very similar to your chang
On 1/9/2018 5:09 PM, Thomas Gleixner wrote:
> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>> On 1/9/2018 4:46 PM, Thomas Gleixner wrote:
>>> Urgh. That's an awful hack. why not do the obvious?
>>
>> My first attempt was very similar to your chang
On 1/9/2018 4:46 PM, Thomas Gleixner wrote:
> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>> For AMD hardware, the RETPOLINE_AMD feature is dependent on LFENCE being
>> a serializing instruction. Create a function to allow RETPOLINE_AMD to
>> be cleared if it cannot be d
On 1/9/2018 4:46 PM, Thomas Gleixner wrote:
> On Tue, 9 Jan 2018, Tom Lendacky wrote:
>> For AMD hardware, the RETPOLINE_AMD feature is dependent on LFENCE being
>> a serializing instruction. Create a function to allow RETPOLINE_AMD to
>> be cleared if it cannot be d
On 1/9/2018 4:28 PM, Gabriel C wrote:
> Hello ,
>
> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors.
>
> I'm on 4.15.0-rc7 and tested an update to microcode_amd_fam17h.bin.
>
> First run was made by using the early microcode option with dracut[1]
> so loading from a
On 1/9/2018 4:28 PM, Gabriel C wrote:
> Hello ,
>
> I'm testing an EPYC system right now with 2 EPYC 7281 16-Core Processors.
>
> I'm on 4.15.0-rc7 and tested an update to microcode_amd_fam17h.bin.
>
> First run was made by using the early microcode option with dracut[1]
> so loading from a
if the MSR write to make LFENCE serializing
is not successful.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/kernel/cpu/amd.c |4
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index ea831c8..8a0076b 100644
--- a/ar
if the MSR write to make LFENCE serializing
is not successful.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c |4
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index ea831c8..8a0076b 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch
.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/nospec-branch.h |1 +
arch/x86/kernel/cpu/bugs.c | 10 ++
2 files changed, 11 insertions(+)
diff --git a/arch/x86/include/asm/nospec-branch.h
b/arch/x86/include/asm/nospec-branch.h
index 8
.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/nospec-branch.h |1 +
arch/x86/kernel/cpu/bugs.c | 10 ++
2 files changed, 11 insertions(+)
diff --git a/arch/x86/include/asm/nospec-branch.h
b/arch/x86/include/asm/nospec-branch.h
index 8ddf851..5785684 100644
can not be determined to be serializing call the new
function to clear the RETPOLINE_AMD feature.
This patch series is based on tip:x86/pti.
---
Tom Lendacky (2):
x86/retpoline: Add a function to clear the RETPOLINE_AMD feature
x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE
can not be determined to be serializing call the new
function to clear the RETPOLINE_AMD feature.
This patch series is based on tip:x86/pti.
---
Tom Lendacky (2):
x86/retpoline: Add a function to clear the RETPOLINE_AMD feature
x86/cpu/AMD: Clear RETPOLINE_AMD if LFENCE
Commit-ID: 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f
Gitweb: https://git.kernel.org/tip/9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Mon, 8 Jan 2018 16:09:32 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
Commit-ID: 9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f
Gitweb: https://git.kernel.org/tip/9c6a73c75864ad9fa49e5fa6513e4c4071c0e29f
Author: Tom Lendacky
AuthorDate: Mon, 8 Jan 2018 16:09:32 -0600
Committer: Thomas Gleixner
CommitDate: Tue, 9 Jan 2018 01:43:11 +0100
x86/cpu/AMD: Use
Commit-ID: e4d0e84e490790798691aaa0f2e598637f1867ec
Gitweb: https://git.kernel.org/tip/e4d0e84e490790798691aaa0f2e598637f1867ec
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Mon, 8 Jan 2018 16:09:21 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
Commit-ID: e4d0e84e490790798691aaa0f2e598637f1867ec
Gitweb: https://git.kernel.org/tip/e4d0e84e490790798691aaa0f2e598637f1867ec
Author: Tom Lendacky
AuthorDate: Mon, 8 Jan 2018 16:09:21 -0600
Committer: Thomas Gleixner
CommitDate: Tue, 9 Jan 2018 01:43:10 +0100
x86/cpu/AMD: Make
On 1/7/2018 12:25 PM, Borislav Petkov wrote:
> On Thu, Dec 21, 2017 at 04:03:21PM -0600, Tom Lendacky wrote:
>> @@ -568,17 +578,57 @@ static void __init sme_populate_pgd_large(struct
>> sme_populate_pgd_data *ppd)
>> native_set_pud(pud_p, pud);
>>
On 1/7/2018 12:25 PM, Borislav Petkov wrote:
> On Thu, Dec 21, 2017 at 04:03:21PM -0600, Tom Lendacky wrote:
>> @@ -568,17 +578,57 @@ static void __init sme_populate_pgd_large(struct
>> sme_populate_pgd_data *ppd)
>> native_set_pud(pud_p, pud);
>>
On 1/7/2018 10:28 AM, Borislav Petkov wrote:
> On Thu, Dec 21, 2017 at 04:03:12PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel during early
>> boot processing, centralize the use of the PMD flag settings based
>> on the type of mappi
On 1/7/2018 10:28 AM, Borislav Petkov wrote:
> On Thu, Dec 21, 2017 at 04:03:12PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel during early
>> boot processing, centralize the use of the PMD flag settings based
>> on the type of mappi
is set, then set the LFENCE_RDTSC feature, otherwise set the
MFENCE_RDTSC feature.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/msr-index.h |1 +
arch/x86/kernel/cpu/amd.c| 17 +++--
2 files changed, 16 insertions(+), 2 del
is set, then set the LFENCE_RDTSC feature, otherwise set the
MFENCE_RDTSC feature.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/msr-index.h |1 +
arch/x86/kernel/cpu/amd.c| 17 +++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/arch/x86
to the cc since this will impact nospec_barrier(),
which will require an alternative_2 to add an MFENCE instruction with
an MFENCE_RDTSC check
Tom Lendacky (2):
x86/cpu/AMD: Make LFENCE a serializing instruction
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
arch/x86
.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/msr-index.h |2 ++
arch/x86/kernel/cpu/amd.c| 10 ++
2 files changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index ab02261..1e7d710
to the cc since this will impact nospec_barrier(),
which will require an alternative_2 to add an MFENCE instruction with
an MFENCE_RDTSC check
Tom Lendacky (2):
x86/cpu/AMD: Make LFENCE a serializing instruction
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
arch/x86
.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/msr-index.h |2 ++
arch/x86/kernel/cpu/amd.c| 10 ++
2 files changed, 12 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index ab02261..1e7d710 100644
--- a/arch/x86/include/asm
On 1/8/2018 11:01 AM, Paolo Bonzini wrote:
> On 08/01/2018 17:48, Dr. David Alan Gilbert wrote:
>>> If your hypervisor is lying to you about the primary family, then all
>>> bets are off. I don't expect there will be any production systems doing
>>> this.
>> It's not that an unusual thing to do
On 1/8/2018 11:01 AM, Paolo Bonzini wrote:
> On 08/01/2018 17:48, Dr. David Alan Gilbert wrote:
>>> If your hypervisor is lying to you about the primary family, then all
>>> bets are off. I don't expect there will be any production systems doing
>>> this.
>> It's not that an unusual thing to do
On 1/8/2018 9:15 AM, Thomas Gleixner wrote:
> On Mon, 8 Jan 2018, Tom Lendacky wrote:
>> On 1/8/2018 5:10 AM, Thomas Gleixner wrote:
>>>>> Second thoughts on that. As pointed out by someone in one of the insane
>>>>> long threads:
>>>>
On 1/8/2018 9:15 AM, Thomas Gleixner wrote:
> On Mon, 8 Jan 2018, Tom Lendacky wrote:
>> On 1/8/2018 5:10 AM, Thomas Gleixner wrote:
>>>>> Second thoughts on that. As pointed out by someone in one of the insane
>>>>> long threads:
>>>>
On 1/8/2018 5:10 AM, Thomas Gleixner wrote:
> On Mon, 8 Jan 2018, Andrew Cooper wrote:
>
>> On 08/01/18 10:08, Thomas Gleixner wrote:
>>> On Sat, 6 Jan 2018, tip-bot for Tom Lendacky wrote:
>>>
>>>> Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079
>
On 1/8/2018 5:10 AM, Thomas Gleixner wrote:
> On Mon, 8 Jan 2018, Andrew Cooper wrote:
>
>> On 08/01/18 10:08, Thomas Gleixner wrote:
>>> On Sat, 6 Jan 2018, tip-bot for Tom Lendacky wrote:
>>>
>>>> Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079
>
On 1/6/2018 3:21 PM, Woodhouse, David wrote:
> On Sat, 2018-01-06 at 21:16 +, Andrew Cooper wrote:
>> On 06/01/18 11:49, David Woodhouse wrote:
>>> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
>>> index 372ba3f..40e6e54 100644
>>> --- a/arch/x86/kernel/cpu/common.c
On 1/6/2018 3:21 PM, Woodhouse, David wrote:
> On Sat, 2018-01-06 at 21:16 +, Andrew Cooper wrote:
>> On 06/01/18 11:49, David Woodhouse wrote:
>>> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
>>> index 372ba3f..40e6e54 100644
>>> --- a/arch/x86/kernel/cpu/common.c
Commit-ID: eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d
Gitweb: https://git.kernel.org/tip/eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Fri, 5 Jan 2018 10:08:05 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
Commit-ID: eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d
Gitweb: https://git.kernel.org/tip/eeab3eee2fa4a8e8eb52e2abf034f14f1d010e0d
Author: Tom Lendacky
AuthorDate: Fri, 5 Jan 2018 10:08:05 -0600
Committer: Thomas Gleixner
CommitDate: Sat, 6 Jan 2018 21:57:41 +0100
x86/msr: Remove now
Commit-ID: 0592b0bce1694957fed178fc52f4b11576714b07
Gitweb: https://git.kernel.org/tip/0592b0bce1694957fed178fc52f4b11576714b07
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Fri, 5 Jan 2018 10:07:46 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
Commit-ID: 0592b0bce1694957fed178fc52f4b11576714b07
Gitweb: https://git.kernel.org/tip/0592b0bce1694957fed178fc52f4b11576714b07
Author: Tom Lendacky
AuthorDate: Fri, 5 Jan 2018 10:07:46 -0600
Committer: Thomas Gleixner
CommitDate: Sat, 6 Jan 2018 21:57:40 +0100
x86/cpu/AMD: Make
Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079
Gitweb: https://git.kernel.org/tip/0bf17c102177d5da9363bf8b1e4704b9996d5079
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Fri, 5 Jan 2018 10:07:56 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitDate
Commit-ID: 0bf17c102177d5da9363bf8b1e4704b9996d5079
Gitweb: https://git.kernel.org/tip/0bf17c102177d5da9363bf8b1e4704b9996d5079
Author: Tom Lendacky
AuthorDate: Fri, 5 Jan 2018 10:07:56 -0600
Committer: Thomas Gleixner
CommitDate: Sat, 6 Jan 2018 21:57:40 +0100
x86/cpu/AMD: Use
On 1/5/2018 10:35 AM, Brian Gerst wrote:
> On Fri, Jan 5, 2018 at 11:07 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote:
>> To aid in speculation control, make LFENCE a serializing instruction.
>> This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families
>
On 1/5/2018 10:35 AM, Brian Gerst wrote:
> On Fri, Jan 5, 2018 at 11:07 AM, Tom Lendacky wrote:
>> To aid in speculation control, make LFENCE a serializing instruction.
>> This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families
>> that support LFENCE
With the switch to using LFENCE_RDTSC on AMD platforms there is no longer
a need for the MFENCE_RDTSC feature. Remove its usage and definition.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/cpufeatures.h |2 +-
arch/x86/include/asm/msr.h
With the switch to using LFENCE_RDTSC on AMD platforms there is no longer
a need for the MFENCE_RDTSC feature. Remove its usage and definition.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cpufeatures.h |2 +-
arch/x86/include/asm/msr.h |3 +--
2 files changed, 2
With LFENCE now a serializing instruction, set the LFENCE_RDTSC
feature since the LFENCE instruction has less overhead than the
MFENCE instruction.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/kernel/cpu/amd.c |4 ++--
1 file changed, 2 insertions(+), 2 del
To aid in speculation control, make LFENCE a serializing instruction.
This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families
that support LFENCE do not have this MSR. For these families, the LFENCE
instruction is already serializing.
Signed-off-by: Tom Lendacky <thomas.le
With LFENCE now a serializing instruction, set the LFENCE_RDTSC
feature since the LFENCE instruction has less overhead than the
MFENCE instruction.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86
To aid in speculation control, make LFENCE a serializing instruction.
This is done by setting bit 1 of MSR 0xc0011029 (DE_CFG). Some families
that support LFENCE do not have this MSR. For these families, the LFENCE
instruction is already serializing.
Signed-off-by: Tom Lendacky
---
arch/x86
on tip:x86/pti.
---
Tom Lendacky (3):
x86/cpu/AMD: Make LFENCE a serializing instruction
x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC
x86/msr: Remove now unused definition of MFENCE_RDTSC feature
arch/x86/include/asm/cpufeatures.h |2 +-
arch/x86/include/asm/msr
on tip:x86/pti.
---
Tom Lendacky (3):
x86/cpu/AMD: Make LFENCE a serializing instruction
x86/cpu/AMD: Use LFENCE_RDTSC instead of MFENCE_RDTSC
x86/msr: Remove now unused definition of MFENCE_RDTSC feature
arch/x86/include/asm/cpufeatures.h |2 +-
arch/x86/include/asm/msr
On 1/5/2018 5:14 AM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote:
>> cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature
>> IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49)
>> IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS)
>>
On 1/5/2018 5:14 AM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 09:56 -0800, Tim Chen wrote:
>> cpuid ax=0x7, return rdx bit 26 to indicate presence of this feature
>> IA32_SPEC_CTRL (0x48) and IA32_PRED_CMD (0x49)
>> IA32_SPEC_CTRL, bit0 – Indirect Branch Restricted Speculation (IBRS)
>>
On 1/5/2018 8:10 AM, Thomas Gleixner wrote:
> Use the name associated with the attack which needs page table isolation
> for mitigation.
>
> Signed-off-by: Thomas Gleixner
> ---
> arch/x86/include/asm/cpufeatures.h |2 +-
> arch/x86/mm/pti.c |6
On 1/5/2018 8:10 AM, Thomas Gleixner wrote:
> Use the name associated with the attack which needs page table isolation
> for mitigation.
>
> Signed-off-by: Thomas Gleixner
> ---
> arch/x86/include/asm/cpufeatures.h |2 +-
> arch/x86/mm/pti.c |6 +++---
> 2 files
On 1/4/2018 5:47 PM, Tom Lendacky wrote:
> On 1/4/2018 2:05 PM, David Woodhouse wrote:
>> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote:
>>> Yes, lfence is sufficient. As long as the target is in the register
>>> before the lfence and we jump through th
On 1/4/2018 5:47 PM, Tom Lendacky wrote:
> On 1/4/2018 2:05 PM, David Woodhouse wrote:
>> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote:
>>> Yes, lfence is sufficient. As long as the target is in the register
>>> before the lfence and we jump through th
On 1/4/2018 2:05 PM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote:
>> Yes, lfence is sufficient. As long as the target is in the register
>> before the lfence and we jump through the register all is good, i.e.:
>
> Thanks.
On 1/4/2018 2:05 PM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 14:00 -0600, Tom Lendacky wrote:
>> Yes, lfence is sufficient. As long as the target is in the register
>> before the lfence and we jump through the register all is good, i.e.:
>
> Thanks.
On 1/4/2018 10:15 AM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 15:29 +, Woodhouse, David wrote:
>>
>>> With the GCC -mindirect-branch=thunk-external support, and microcode,
>>> Xen will make a boot-time choice between using Retpoline, Lfence (which
>>> is the better AMD option, and
On 1/4/2018 10:15 AM, David Woodhouse wrote:
> On Thu, 2018-01-04 at 15:29 +, Woodhouse, David wrote:
>>
>>> With the GCC -mindirect-branch=thunk-external support, and microcode,
>>> Xen will make a boot-time choice between using Retpoline, Lfence (which
>>> is the better AMD option, and
Commit-ID: 694d99d40972f12e59a3696effee8a376b79d7c8
Gitweb: https://git.kernel.org/tip/694d99d40972f12e59a3696effee8a376b79d7c8
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Tue, 26 Dec 2017 23:43:54 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
Commit
Commit-ID: 694d99d40972f12e59a3696effee8a376b79d7c8
Gitweb: https://git.kernel.org/tip/694d99d40972f12e59a3696effee8a376b79d7c8
Author: Tom Lendacky
AuthorDate: Tue, 26 Dec 2017 23:43:54 -0600
Committer: Thomas Gleixner
CommitDate: Wed, 3 Jan 2018 15:57:59 +0100
x86/cpu, x86/pti: Do
On 12/27/2017 2:48 AM, Dave Hansen wrote:
> On 12/26/2017 09:43 PM, Tom Lendacky wrote:
>> --- a/arch/x86/kernel/cpu/common.c
>> +++ b/arch/x86/kernel/cpu/common.c
>> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86
>> *c)
>&
On 12/27/2017 2:48 AM, Dave Hansen wrote:
> On 12/26/2017 09:43 PM, Tom Lendacky wrote:
>> --- a/arch/x86/kernel/cpu/common.c
>> +++ b/arch/x86/kernel/cpu/common.c
>> @@ -923,8 +923,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86
>> *c)
>&
that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/kernel/cpu/common.c |4 +
that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/common.c |4 ++--
1 file changed, 2 insertions
by creating PTE page tables for the start
and end portion of the address range that fall outside of the 2MB
alignment. This results in, at most, two extra pages to hold the
PTE entries for each mapping of a range.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_enc
by creating PTE page tables for the start
and end portion of the address range that fall outside of the 2MB
alignment. This results in, at most, two extra pages to hold the
PTE entries for each mapping of a range.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c | 124
microcode updates work.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/mem_encrypt.h |4 +-
arch/x86/kernel/head64.c |4 +-
arch/x86/kernel/setup.c| 10 -
arch/x86/mm/mem_encrypt.c
microcode updates work.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |4 +-
arch/x86/kernel/head64.c |4 +-
arch/x86/kernel/setup.c| 10 -
arch/x86/mm/mem_encrypt.c | 66
arch/x86/mm
pops at the end.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_encrypt_boot.S | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S
index 730e6d5..de36884
mapped and the pagetable flags to be used.
- Consolidate PMD/PTE mapping code to reduce duplication.
Tom Lendacky (5):
x86/mm: Cleanup register saving in mem_encrypt_boot.S
x86/mm: Use a struct to reduce parameters for SME PGD mapping
x86/mm: Centralize PMD flags
pops at the end.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt_boot.S | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S
index 730e6d5..de36884 100644
--- a/arch/x86/mm
mapped and the pagetable flags to be used.
- Consolidate PMD/PTE mapping code to reduce duplication.
Tom Lendacky (5):
x86/mm: Cleanup register saving in mem_encrypt_boot.S
x86/mm: Use a struct to reduce parameters for SME PGD mapping
x86/mm: Centralize PMD flags
the caller to adjust.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_encrypt.c | 131 ++---
1 file changed, 77 insertions(+), 54 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 5a20696..9
the caller to adjust.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c | 131 ++---
1 file changed, 77 insertions(+), 54 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 5a20696..9b180f8 100644
--- a/arch/x86/mm
In preparation for follow-on patches, combine the PGD mapping parameters
into a struct to reduce the number of function arguments and allow for
direct updating of the next pagetable mapping area pointer.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_encrypt.c
In preparation for follow-on patches, combine the PGD mapping parameters
into a struct to reduce the number of function arguments and allow for
direct updating of the next pagetable mapping area pointer.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c | 90
On 12/21/2017 8:49 AM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:34:10PM -0600, Tom Lendacky wrote:
>> Currently the BSP microcode update code examines the initrd very early
>> in the boot process. If SME is active, the initrd is treated as being
>> encrypte
On 12/21/2017 8:49 AM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:34:10PM -0600, Tom Lendacky wrote:
>> Currently the BSP microcode update code examines the initrd very early
>> in the boot process. If SME is active, the initrd is treated as being
>> encrypte
On 12/21/2017 6:58 AM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:34:02PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel, the encryption
>> support in sme_encrypt_kernel() needs to support 4KB page aligned
>> encryption instead o
On 12/21/2017 6:58 AM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:34:02PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel, the encryption
>> support in sme_encrypt_kernel() needs to support 4KB page aligned
>> encryption instead o
On 12/20/2017 1:13 PM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:33:52PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel during early
>> boot processing, centralize the use of the PMD flag settings based
>> on the type of mappi
On 12/20/2017 1:13 PM, Borislav Petkov wrote:
> On Thu, Dec 07, 2017 at 05:33:52PM -0600, Tom Lendacky wrote:
>> In preparation for encrypting more than just the kernel during early
>> boot processing, centralize the use of the PMD flag settings based
>> on the type of mappi
Commit-ID: 9d5f38ba6c82359b7cec31fb27fb78ecc02f3946
Gitweb: https://git.kernel.org/tip/9d5f38ba6c82359b7cec31fb27fb78ecc02f3946
Author: Tom Lendacky <thomas.lenda...@amd.com>
AuthorDate: Fri, 15 Dec 2017 10:20:12 -0600
Committer: Thomas Gleixner <t...@linutronix.de>
CommitD
Commit-ID: 9d5f38ba6c82359b7cec31fb27fb78ecc02f3946
Gitweb: https://git.kernel.org/tip/9d5f38ba6c82359b7cec31fb27fb78ecc02f3946
Author: Tom Lendacky
AuthorDate: Fri, 15 Dec 2017 10:20:12 -0600
Committer: Thomas Gleixner
CommitDate: Mon, 18 Dec 2017 13:06:13 +0100
x86/mm: Unbreak
hange the sme_active() and sev_active() functions from EXPORT_SYMBOL_GPL
to EXPORT_SYMBOL.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_encrypt.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encryp
hange the sme_active() and sev_active() functions from EXPORT_SYMBOL_GPL
to EXPORT_SYMBOL.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d9a9e9f..391b134 1006
On 12/4/2017 12:50 PM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 12:33:01PM -0600, Tom Lendacky wrote:
On 12/4/2017 10:34 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote:
On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017
On 12/4/2017 12:50 PM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 12:33:01PM -0600, Tom Lendacky wrote:
On 12/4/2017 10:34 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote:
On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017
On 12/4/2017 11:39 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:34:45PM +, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote:
On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 08:19:11AM -0600, Tom Lendacky wrote
On 12/4/2017 11:39 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:34:45PM +, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 04:00:26PM +, Tom Lendacky wrote:
On 12/4/2017 8:57 AM, Kirill A. Shutemov wrote:
On Mon, Dec 04, 2017 at 08:19:11AM -0600, Tom Lendacky wrote
microcode updates work.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/include/asm/mem_encrypt.h |4 +-
arch/x86/kernel/head64.c |4 +-
arch/x86/kernel/setup.c| 10 --
arch/x86/mm/mem_encrypt.c
microcode updates work.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |4 +-
arch/x86/kernel/head64.c |4 +-
arch/x86/kernel/setup.c| 10 --
arch/x86/mm/mem_encrypt.c | 62 +++-
arch/x86/mm
encrypted.
This patch series is based on tip/master.
---
Tom Lendacky (3):
x86/mm: Centralize PMD flags in sme_encrypt_kernel()
x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption
x86/mm: Encrypt the initrd earlier for BSP microcode update
arch/x86/include/asm
by creating PTE page tables for the start
and end portion of the address range that fall outside of the 2MB
alignment. This results in, at most, two extra pages to hold the
PTE entries for each mapping of a range.
Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com>
---
arch/x86/mm/mem_enc
encrypted.
This patch series is based on tip/master.
---
Tom Lendacky (3):
x86/mm: Centralize PMD flags in sme_encrypt_kernel()
x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption
x86/mm: Encrypt the initrd earlier for BSP microcode update
arch/x86/include/asm
701 - 800 of 2307 matches
Mail list logo