[Part1 PATCH v5 11/17] x86/mm: Add DMA support for SEV memory encryption

hat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com> Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh

[Part1 PATCH v5 11/17] x86/mm: Add DMA support for SEV memory encryption

k Wilk Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/mm/mem_encrypt.c | 86 +++ lib/swiotlb.c | 5 +-- 2 files changed, 89 insert

[Part1 PATCH v5 16/17] X86/KVM: Decrypt shared per-cpu variables when SEV is active

t; <h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: k...@vger.kernel.org Signed-off-

[Part1 PATCH v5 16/17] X86/KVM: Decrypt shared per-cpu variables when SEV is active

dim Krčmář" Cc: Tom Lendacky Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kernel/kvm.c | 41 ++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/kvm

[Part1 PATCH v5 14/17] x86: Add support for changing memory encryption attribute in early boot

attribute in early boot code. Cc: Thomas Gleixner <t...@linutronix.de> Cc: Ingo Molnar <mi...@redhat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Tom Lendacky <thomas.len

[Part1 PATCH v5 14/17] x86: Add support for changing memory encryption attribute in early boot

attribute in early boot code. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/include/asm/mem_encrypt.h | 8

[Part1 PATCH v5 17/17] X86/KVM: Clear encryption attribute when SEV is active

lt;rkrc...@redhat.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: k...@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de>

[Part1 PATCH v5 17/17] X86/KVM: Clear encryption attribute when SEV is active

hypervisor and guest can access the data. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Tom Lendacky Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Cc: k...@vger.kernel.org Signed-off-by: Bri

[Part1 PATCH v5 08/17] resource: Consolidate resource walking code

d code. Cc: Borislav Petkov <b...@suse.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de&g

[Part1 PATCH v5 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description

slav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- Documentation/x86/amd-memory-encryption.txt | 30 + 1 file changed, 26 ins

[Part1 PATCH v5 12/17] x86/boot: Add early boot support when running with SEV active

aolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/boot/compressed

[Part1 PATCH v5 08/17] resource: Consolidate resource walking code

: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- kernel/resource.c | 52 +--- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/kernel/resource.c b/kernel

[Part1 PATCH v5 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description

Update the AMD memory encryption document describing the Secure Encrypted Virtualization (SEV) feature. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Jonathan Corbet Cc: Borislav Petkov Cc: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Boris

[Part1 PATCH v5 12/17] x86/boot: Add early boot support when running with SEV active

Lutomirski Cc: Kees Cook Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/head_64.S | 16 + arch/x86

[Part1 PATCH v5 06/17] x86/mm: Include SEV for encryption memory attribute changes

gt; Cc: Laura Abbott <labb...@redhat.com> Cc: Dan Williams <dan.j.willi...@intel.com> Cc: "Kirill A. Shutemov" <kirill.shute...@linux.intel.com> Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: B

[Part1 PATCH v5 06/17] x86/mm: Include SEV for encryption memory attribute changes

" Cc: Borislav Petkov Cc: Andy Lutomirski Cc: John Ogness Cc: Matt Fleming Cc: Laura Abbott Cc: Dan Williams Cc: "Kirill A. Shutemov" Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/mm/pageattr.c | 4

[Part1 PATCH v5 03/17] x86/mm: Don't attempt to encrypt initrd under SEV

in" <h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: Andy Lutomirski <l...@kernel.org> Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Boris

[Part1 PATCH v5 03/17] x86/mm: Don't attempt to encrypt initrd under SEV

.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kernel/setup.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 82559867e0a9..967155e63afe 100644

Re: [Part1 PATCH v4 10/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages

On 09/17/2017 09:07 AM, Borislav Petkov wrote: ... -static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, - void *arg) +static int __ioremap_check_ram(struct resource *res) { + unsigned long start_pfn, stop_pfn; unsigned

Re: [Part1 PATCH v4 10/17] x86/mm, resource: Use PAGE_KERNEL protection for ioremap of memory pages

On 09/17/2017 09:07 AM, Borislav Petkov wrote: ... -static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, - void *arg) +static int __ioremap_check_ram(struct resource *res) { + unsigned long start_pfn, stop_pfn; unsigned

Re: [Part1 PATCH v4 12/17] x86/boot: Add early boot support when running with SEV active

On 09/17/2017 09:41 AM, Borislav Petkov wrote: ... +#ifdef CONFIG_AMD_MEM_ENCRYPT + push%ebx + push%ecx + push%edx + push%edi + + call1f +1: popl%edi + subl$1b, %edi 32-bit RIP-relative addressing huh? :) It definitely

Re: [Part1 PATCH v4 12/17] x86/boot: Add early boot support when running with SEV active

On 09/17/2017 09:41 AM, Borislav Petkov wrote: ... +#ifdef CONFIG_AMD_MEM_ENCRYPT + push%ebx + push%ecx + push%edx + push%edi + + call1f +1: popl%edi + subl$1b, %edi 32-bit RIP-relative addressing huh? :) It definitely

Re: [Part1 PATCH v4 13/17] x86/io: Unroll string I/O when SEV is active

On 09/17/2017 10:08 AM, Borislav Petkov wrote: ... + +extern struct static_key_false __sev; +static inline bool __sev_active(void) +{ + return static_branch_unlikely(&__sev); +} I'm still not happy about the two's sev_active() and __sev_active() naming. Perhaps the __ variant should

Re: [Part1 PATCH v4 13/17] x86/io: Unroll string I/O when SEV is active

On 09/17/2017 10:08 AM, Borislav Petkov wrote: ... + +extern struct static_key_false __sev; +static inline bool __sev_active(void) +{ + return static_branch_unlikely(&__sev); +} I'm still not happy about the two's sev_active() and __sev_active() naming. Perhaps the __ variant should

Re: [Part1 PATCH v4 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

On 09/17/2017 09:02 AM, Borislav Petkov wrote: ... +unsigned int sev_enabled __section(.data) = 0; static. Will covert to static in next rev. ... -static inline u64 sme_get_me_mask(void) +static inline bool mem_encrypt_active(void) { - return sme_me_mask; + return

Re: [Part1 PATCH v4 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

On 09/17/2017 09:02 AM, Borislav Petkov wrote: ... +unsigned int sev_enabled __section(.data) = 0; static. Will covert to static in next rev. ... -static inline u64 sme_get_me_mask(void) +static inline bool mem_encrypt_active(void) { - return sme_me_mask; + return

Re: [Part1 PATCH v4 15/17] percpu: introduce DEFINE_PER_CPU_UNENCRYPTED

On 09/20/2017 02:34 AM, Borislav Petkov wrote: On Tue, Sep 19, 2017 at 08:50:20AM -0500, Brijesh Singh wrote: "..shared_aligned" section does not start and end with page-size alignment. Nowhere in the code there's a comment saying: "This percpu section really must be pa

Re: [Part1 PATCH v4 15/17] percpu: introduce DEFINE_PER_CPU_UNENCRYPTED

On 09/20/2017 02:34 AM, Borislav Petkov wrote: On Tue, Sep 19, 2017 at 08:50:20AM -0500, Brijesh Singh wrote: "..shared_aligned" section does not start and end with page-size alignment. Nowhere in the code there's a comment saying: "This percpu section really must be pa

[Part2 PATCH v4 01/29] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

t;Radim Krčmář" <rkrc...@redhat.com> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: k...@vger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...

[Part2 PATCH v4 01/29] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

ger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virtual/kvm/00-INDEX | 3 + .../virtual/kvm/amd-memory-encryption.txt | 210 + 2 files changed, 213 insertions(+) create mode 100644 Documenta

[Part2 PATCH v4 00/29] x86: Secure Encrypted Virtualization (AMD)

CRYPT commands to work with more than one page \ (recommended by Paolo) * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Brijesh Singh (26): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (

[Part2 PATCH v4 00/29] x86: Secure Encrypted Virtualization (AMD)

EBUG DECRYPT/ENCRYPT commands to work with more than one page \ (recommended by Paolo) * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Brijesh Singh (26): Documentation/virtual/kvm: Add AMD Secure Encrypted Vir

[Part2 PATCH v4 02/29] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

mář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: k...@vger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/

[Part2 PATCH v4 02/29] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

Lendacky Signed-off-by: Brijesh Singh --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/cpu/amd.c | 66 ++ arch/x86/kernel/cpu/scattered.c| 1 + 4 files changed, 50 insertions(+), 20 dele

[Part2 PATCH v4 05/29] crypto: ccp: Add Platform Security Processor (PSP) device support

com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 111 +

[Part2 PATCH v4 05/29] crypto: ccp: Add Platform Security Processor (PSP) device support

trusted applications. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/Kconf

[Part2 PATCH v4 03/29] kvm: svm: prepare for new bit definition in nested_ctl

mář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com

[Part2 PATCH v4 03/29] kvm: svm: prepare for new bit definition in nested_ctl

off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/include/asm/svm.h | 2 ++ arch/x86/kvm/svm.c | 7 --- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 14835dd205a5.

[Part2 PATCH v4 06/29] ccp: crypto: Define SEV key management command id

.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/linux/psp-sev.h | 512 1 file changed, 512 insertions(+) create mode 100644 include/linux/psp-sev.h diff --git a/include/lin

[Part2 PATCH v4 06/29] ccp: crypto: Define SEV key management command id

: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- include/linux/psp-sev.h | 512 ++

[Part2 PATCH v4 10/29] KVM: X86: Extend CPUID range to include new leaf

gt; Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel

[Part2 PATCH v4 10/29] KVM: X86: Extend CPUID range to include new leaf

Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm.c | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/

[Part2 PATCH v4 11/29] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl

gt; Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel

[Part2 PATCH v4 11/29] KVM: Introduce KVM_MEMORY_ENCRYPT_OP ioctl

slav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virtual/kvm/api.txt | 15 +++ arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/x86.c| 12 incl

[Part2 PATCH v4 09/29] KVM: SVM: Reserve ASID range for SEV guest

Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 2c3a3c88596c..360f4b90f48d 100644

[Part2 PATCH v4 09/29] KVM: SVM: Reserve ASID range for SEV guest

dim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 16 +++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/arch/x86/

[Part2 PATCH v4 12/29] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

.@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Documentation/virtual/kvm/api.txt | 22 ++ arch/x8

[Part2 PATCH v4 12/29] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virt

[Part2 PATCH v4 14/29] KVM: SVM: Add KVM_SEV_INIT command

om> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h | 7 ++ arch/x86/kvm/svm.c | 184 +++- 2 files changed, 190 insertions(

[Part2 PATCH v4 14/29] KVM: SVM: Add KVM_SEV_INIT command

Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 7 ++ arch/x86/kvm/svm.

[Part2 PATCH v4 13/29] KVM: Define SEV key management command id

.@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/uapi/linux/kvm.h | 141 +++ 1 file changed, 141 inser

[Part2 PATCH v4 13/29] KVM: Define SEV key management command id

: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- include/ua

[Part2 PATCH v4 15/29] KVM: SVM: VMRUN should use assosiated ASID when SEV is enabled

Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 58 -- 1 file changed, 56 insertions(+),

[Part2 PATCH v4 15/29] KVM: SVM: VMRUN should use assosiated ASID when SEV is enabled

Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arc

[Part2 PATCH v4 08/29] KVM: SVM: Prepare to reserve asid for SEV guest

r.kernel.org Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 8186b8d7c469..2c3a3c88596c 100

[Part2 PATCH v4 08/29] KVM: SVM: Prepare to reserve asid for SEV guest

Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Paolo Bonzini Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch

[Part2 PATCH v4 16/29] KVM: SVM: Add support for SEV LAUNCH_START command

dhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch

[Part2 PATCH v4 16/29] KVM: SVM: Add support for SEV LAUNCH_START command

rnel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm.c | 194 2 files changed, 196 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.

[Part2 PATCH v4 20/29] KVM: svm: Add support for SEV GUEST_STATUS command

t; Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 35 +

[Part2 PATCH v4 20/29] KVM: svm: Add support for SEV GUEST_STATUS command

er.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 35 +++ 1 file changed, 35 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index c1688542df72..7a6e82c48142 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6075,6 +6

[Part2 PATCH v4 19/29] KVM: SVM: Add support for SEV LAUNCH_FINISH command

dhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/s

[Part2 PATCH v4 19/29] KVM: SVM: Add support for SEV LAUNCH_FINISH command

org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 24 1 file changed, 24 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index b7099fd8b641..c1688542df72 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6055,6 +6

[Part2 PATCH v4 22/29] KVM: SVM: Add support for SEV DEBUG_ENCRYPT command

" <h...@zytor.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kern

[Part2 PATCH v4 22/29] KVM: SVM: Add support for SEV DEBUG_ENCRYPT command

t; Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 132 + 1 file changed, 124 insertions(+), 8 dele

[Part2 PATCH v4 17/29] KVM: SVM: Add support for SEV LAUNCH_UPDATE_DATA command

pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off

[Part2 PATCH v4 17/29] KVM: SVM: Add support for SEV LAUNCH_UPDATE_DATA command

Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 191 +++- 2 files changed, 190 insertions(+), 2 deletions(-) d

[Part2 PATCH v4 21/29] KVM: SVM: Add support for SEV DEBUG_DECRYPT command

ot; <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by:

[Part2 PATCH v4 21/29] KVM: SVM: Add support for SEV DEBUG_DECRYPT command

org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 180 - 1 file changed, 179 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 7a6e82c48142..4d51ccb462db 100644 ---

[Part2 PATCH v4 23/29] KVM: SVM: Add support for SEV LAUNCH_SECRET command

ot; <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x8

[Part2 PATCH v4 23/29] KVM: SVM: Add support for SEV LAUNCH_SECRET command

org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 79 ++ 1 file changed, 79 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 16b338d9dc87..dadfb8e15db9 100644 --- a/arch/x86/kvm/svm.c +++

[Part2 PATCH v4 25/29] KVM: X86: Add memory encryption enabled ops

pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off

[Part2 PATCH v4 25/29] KVM: X86: Add memory encryption enabled ops

Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 6 ++ 2 files changed, 7 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/in

[Part2 PATCH v4 24/29] KVM: SVM: Pin guest memory when SEV is active

om> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 109 2 files changed, 110 insertio

[Part2 PATCH v4 24/29] KVM: SVM: Pin guest memory when SEV is active

Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.

[Part2 PATCH v4 29/29] KVM: X86: Add CONFIG_KVM_AMD_SEV

ot; <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x

[Part2 PATCH v4 29/29] KVM: X86: Add CONFIG_KVM_AMD_SEV

org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/Kconfig | 8 arch/x86/kvm/svm.c | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 3ea624452f93..06d3d221a503 100644 --- a/arch/x86/kvm/Kconfi

[Part2 PATCH v4 27/29] KVM: SVM: Do not install #UD intercept when SEV is enabled

ot; <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brij

[Part2 PATCH v4 27/29] KVM: SVM: Do not install #UD intercept when SEV is enabled

org Cc: linux-kernel@vger.kernel.org Reviewed-by: Borislav Petkov Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index b9906cb59238..d997f63c765d 100644 --- a/arch/x86/kvm/svm.c +++

[Part2 PATCH v4 18/29] KVM: SVM: Add support for SEV LAUNCH_MEASURE command

t.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by

[Part2 PATCH v4 26/29] KVM: SVM: Clear C-bit from the page fault address

.@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Bor

[Part2 PATCH v4 26/29] KVM: SVM: Clear C-bit from the page fault address

Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Borislav Petkov Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 208c8abf0bbd.

[Part2 PATCH v4 18/29] KVM: SVM: Add support for SEV LAUNCH_MEASURE command

...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 61 ++ 1 file changed, 61 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 4667504acca5..b7099fd8b6

[Part2 PATCH v4 28/29] KVM: X86: Restart the guest when insn_len is zero and SEV is enabled

rg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/mmu.c | 17

[Part2 PATCH v4 28/29] KVM: X86: Restart the guest when insn_len is zero and SEV is enabled

ernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/mmu.c | 17 + 1 file changed, 17 insertions(+) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index eca30c1eb1d9..2bc0fe84aca2 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -4953,6 +4953,23 @@ int kvm_mmu_page_f

[Part2 PATCH v4 07/29] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

y Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 743 +++

[Part2 PATCH v4 07/29] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 743 ++- drivers/crypto/ccp/psp-dev.h | 17 + include/linux/psp-sev.h | 171 ++ include/uapi/linux/psp-sev.h | 114 +++ 4 files changed, 1044 insertions(+), 1 deletion(-) c

[Part2 PATCH v4 04/29] kvm: svm: Add SEV feature definitions to KVM

..@zytor.com> Cc: Paolo Bonzini <pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by:

[Part2 PATCH v4 04/29] kvm: svm: Add SEV feature definitions to KVM

Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/include/asm/svm.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/inc

Re: [Part1 PATCH v4 16/17] X86/KVM: Unencrypt shared per-cpu variables when SEV is active

On 09/19/2017 06:06 AM, Borislav Petkov wrote: ... + unsigned long pa = slow_virt_to_phys(var); + + /* decrypt the memory in-place */ + sme_early_decrypt(pa, size); + + /* clear the C-bit from the page table */ + early_set_memory_decrypted(pa, size); So those

Re: [Part1 PATCH v4 16/17] X86/KVM: Unencrypt shared per-cpu variables when SEV is active

On 09/19/2017 06:06 AM, Borislav Petkov wrote: ... + unsigned long pa = slow_virt_to_phys(var); + + /* decrypt the memory in-place */ + sme_early_decrypt(pa, size); + + /* clear the C-bit from the page table */ + early_set_memory_decrypted(pa, size); So those

Re: [Part1 PATCH v4 15/17] percpu: introduce DEFINE_PER_CPU_UNENCRYPTED

Hi Boris, On 09/19/2017 05:39 AM, Borislav Petkov wrote: ... @@ -815,6 +825,7 @@ . = ALIGN(cacheline); \ *(.data..percpu)\ *(.data..percpu..shared_aligned)

Re: [Part1 PATCH v4 15/17] percpu: introduce DEFINE_PER_CPU_UNENCRYPTED

Hi Boris, On 09/19/2017 05:39 AM, Borislav Petkov wrote: ... @@ -815,6 +825,7 @@ . = ALIGN(cacheline); \ *(.data..percpu)\ *(.data..percpu..shared_aligned)

[Part1 PATCH v4 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description

slav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Documentation/x86/amd-memory-encryption.txt | 30 + 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/Document

[Part1 PATCH v4 01/17] Documentation/x86: Add AMD Secure Encrypted Virtualization (SEV) description

Update the AMD memory encryption document describing the Secure Encrypted Virtualization (SEV) feature. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Jonathan Corbet Cc: Borislav Petkov Cc: Tom Lendacky Signed-off-by: Brijesh Singh --- Documentation/x86/

[Part1 PATCH v4 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

hat.com> Cc: "H. Peter Anvin" <h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: Andy Lutomirski <l...@kernel.org> Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Sin

[Part1 PATCH v4 02/17] x86/mm: Add Secure Encrypted Virtualization (SEV) support

mirski Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/include/asm/mem_encrypt.h | 6 ++ arch/x86/mm/mem_encrypt.c | 26 ++ include/linux/mem_encrypt.h| 12 3 fil

[Part1 PATCH v4 04/17] x86/realmode: Don't decrypt trampoline area under SEV

lt;h...@zytor.com> Cc: Borislav Petkov <b...@suse.de> Cc: Andy Lutomirski <l...@kernel.org> Cc: Laura Abbott <labb...@redhat.com> Cc: "Kirill A. Shutemov" <kirill.shute...@linux.intel.com> Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by:

[Part1 PATCH v4 04/17] x86/realmode: Don't decrypt trampoline area under SEV

. Shutemov" Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- arch/x86/realmode/init.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c index 1f7198

[Part1 PATCH v4 05/17] x86/mm: Use encrypted access of boot related data with SEV

edhat.com> Cc: "Kirill A. Shutemov" <kirill.shute...@linux.intel.com> Cc: Matt Fleming <m...@codeblueprint.co.uk> Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- a

[Part1 PATCH v4 05/17] x86/mm: Use encrypted access of boot related data with SEV

: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Borislav Petkov Cc: Andy Lutomirski Cc: Laura Abbott Cc: "Kirill A. Shutemov" Cc: Matt Fleming Cc: linux-kernel@vger.kernel.org Cc: x...@kernel.org Signed-off-by: Tom Lendacky Signed-off-by: Brijesh Singh --- a

<    6   7   8   9   10   11   12   13   14   15   >