Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 4:41 PM, Borislav Petkov wrote: > On Thu, Oct 12, 2017 at 04:11:18PM -0500, Brijesh Singh wrote: >> The sev_exit() will be called for all the psp_device instance. we need >> to set psp_misc_dev = NULL after deregistering the device. >> >> if (psp_misc_

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 4:41 PM, Borislav Petkov wrote: > On Thu, Oct 12, 2017 at 04:11:18PM -0500, Brijesh Singh wrote: >> The sev_exit() will be called for all the psp_device instance. we need >> to set psp_misc_dev = NULL after deregistering the device. >> >> if (psp_misc_

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 9:08 AM, Borislav Petkov wrote: ... > Well, if you're going to have a global var, why not pull up the misc > device instead? > > And mind you, I've moved out this assignments: > > + psp->sev_misc = psp_misc_dev; > + init_waitqueue_head(>sev_int_queue); > +

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 9:08 AM, Borislav Petkov wrote: ... > Well, if you're going to have a global var, why not pull up the misc > device instead? > > And mind you, I've moved out this assignments: > > + psp->sev_misc = psp_misc_dev; > + init_waitqueue_head(>sev_int_queue); > +

Re: [Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/12/17 3:21 PM, Borislav Petkov wrote: > On Thu, Oct 12, 2017 at 03:11:07PM -0500, Brijesh Singh wrote: >> Lets  consider this scenario >> 1- platform is in uninit state, we transition it to INIT >> 2- PEK_GEN command failed >> 3- since we have transitioned the p

Re: [Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/12/17 3:21 PM, Borislav Petkov wrote: > On Thu, Oct 12, 2017 at 03:11:07PM -0500, Brijesh Singh wrote: >> Lets  consider this scenario >> 1- platform is in uninit state, we transition it to INIT >> 2- PEK_GEN command failed >> 3- since we have transitioned the p

Re: [Part2 PATCH v5.1 12.6/31] crypto: ccp: Implement SEV_PDH_GEN ioctl command

On 10/12/17 1:48 PM, Borislav Petkov wrote: ... > On Fri, Oct 06, 2017 at 08:06:04PM -0500, Brijesh Singh wrote: >> The SEV_PDH_GEN command is used to re-generate the Platform >> Diffie-Hellman (PDH) key. The command is defined in SEV spec section >> 5.9. >>

Re: [Part2 PATCH v5.1 12.6/31] crypto: ccp: Implement SEV_PDH_GEN ioctl command

On 10/12/17 1:48 PM, Borislav Petkov wrote: ... > On Fri, Oct 06, 2017 at 08:06:04PM -0500, Brijesh Singh wrote: >> The SEV_PDH_GEN command is used to re-generate the Platform >> Diffie-Hellman (PDH) key. The command is defined in SEV spec section >> 5.9. >> >>

Re: [Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/12/17 1:28 PM, Borislav Petkov wrote: > On Fri, Oct 06, 2017 at 08:06:03PM -0500, Brijesh Singh wrote: >> The SEV_PEK_GEN command is used to generate a new Platform Endorsement >> Key (PEK). The command is defined in SEV spec section 5.6. >> >> Cc: Paolo Bonzini

Re: [Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

On 10/12/17 1:28 PM, Borislav Petkov wrote: > On Fri, Oct 06, 2017 at 08:06:03PM -0500, Brijesh Singh wrote: >> The SEV_PEK_GEN command is used to generate a new Platform Endorsement >> Key (PEK). The command is defined in SEV spec section 5.6. >> >> Cc: Paolo Bo

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 1:21 PM, Borislav Petkov wrote: . > Btw, that function returns 0 unconditionally. So you can make it return > void and... Will do >> +if (ret) >> +goto unlock; > ... remove this check and initialize ret to 0 at the beginning. > Will do

Re: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/12/17 1:21 PM, Borislav Petkov wrote: . > Btw, that function returns 0 unconditionally. So you can make it return > void and... Will do >> +if (ret) >> +goto unlock; > ... remove this check and initialize ret to 0 at the beginning. > Will do

Re: [Part2 PATCH v5.2 12.1/31] crypto: ccp: Define SEV userspace ioctl and command id

On 10/12/2017 08:27 AM, Borislav Petkov wrote: ... +/** + * struct sev_user_data_status - PLATFORM_STATUS command parameters + * + * @major: major API version + * @minor: minor API version + * @state: platform state + * @owner: self-owned or externally owned + * @config: platform config

Re: [Part2 PATCH v5.2 12.1/31] crypto: ccp: Define SEV userspace ioctl and command id

On 10/12/2017 08:27 AM, Borislav Petkov wrote: ... +/** + * struct sev_user_data_status - PLATFORM_STATUS command parameters + * + * @major: major API version + * @minor: minor API version + * @state: platform state + * @owner: self-owned or externally owned + * @config: platform config

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:45 PM, Brijesh Singh wrote: On 10/11/2017 03:28 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote: The current 'struct sev_data_status' matches with the firmware names and the bit fields. Only thing I did was the fields with no name

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:45 PM, Brijesh Singh wrote: On 10/11/2017 03:28 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote: The current 'struct sev_data_status' matches with the firmware names and the bit fields. Only thing I did was the fields with no name

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:28 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote: The current 'struct sev_data_status' matches with the firmware names and the bit fields. Only thing I did was the fields with no name is called as "reservedX" Ok, I see i

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:28 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 03:10:49PM -0500, Brijesh Singh wrote: The current 'struct sev_data_status' matches with the firmware names and the bit fields. Only thing I did was the fields with no name is called as "reservedX" Ok, I see i

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:04 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 02:49:55PM -0500, Brijesh Singh wrote: This is OK for now. But in future if FW steals another bit from reserved1 field to expose a new flag then 'owner' name will no longer be valid. If you don't to use bit field then we

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 03:04 PM, Borislav Petkov wrote: On Wed, Oct 11, 2017 at 02:49:55PM -0500, Brijesh Singh wrote: This is OK for now. But in future if FW steals another bit from reserved1 field to expose a new flag then 'owner' name will no longer be valid. If you don't to use bit field then we

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 12:02 PM, Borislav Petkov wrote: ... What's with the curly brackets around the case: statements? I will remove the curly braces. Anyway, here are some more improvements: * you can get rid of the struct copying into out and the bitfields by doing something like this:

Re: [Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

On 10/11/2017 12:02 PM, Borislav Petkov wrote: ... What's with the curly brackets around the case: statements? I will remove the curly braces. Anyway, here are some more improvements: * you can get rid of the struct copying into out and the bitfields by doing something like this:

[Part2 PATCH v5.2 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com&g

[Part2 PATCH v5.2 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Changes since v5.1: * rename sev_handle_cmd -> sev_do_cmd drivers/crypto/ccp/psp-dev.c | 34 ++ 1 file changed, 34 insertions(+) diff --git a/drivers/c

[Part2 PATCH v5.2 12.3/31] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by

[Part2 PATCH v5.2 12.3/31] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh --- Changes since v5.1: * rename sev_handle_cmd -> sev_do_cmd (from Boris) * skip copy_to_user when invalid cmd id is passed (from Boris) * use SEV_MAX instead o

[Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Make it as a second patc

[Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

provements-by: Borislav Petkov Signed-off-by: Brijesh Singh --- Make it as a second patch in the series (changes from 12.1 -> 12.2) Changes since v5.1: * text streamlining (from Boris) * rename sev_handle_cmd -> sev_do_cmd (from Boris) * PSP_P2CMSG needs arg eval (from Boris) * us

[Part2 PATCH v5.2 12.1/31] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si

[Part2 PATCH v5.2 12.1/31] crypto: ccp: Define SEV userspace ioctl and command id

Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Make it as the first patch in the series (changed from 12.2/31 -> 12.1/31) Changes since v5.1: * add __packed improvement from Boris The full tree is available at:

Re: [PATCH] KVM: SVM: limit kvm_handle_page_fault to #PF handling

cpu, fault_address, error_code, svm->vmcb->control.insn_bytes, svm->vmcb->control.insn_len); With that fixed. Reviewed-by: Brijesh Singh <brijesh.si...@amd.com> thanks

Re: [PATCH] KVM: SVM: limit kvm_handle_page_fault to #PF handling

cpu, fault_address, error_code, svm->vmcb->control.insn_bytes, svm->vmcb->control.insn_len); With that fixed. Reviewed-by: Brijesh Singh thanks

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/11/2017 09:19 AM, Borislav Petkov wrote: On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote: Basically we need some variable which is outside the per-device structure so that we don't end up creating multiple /dev/sev nodes. If needed, I think we can remove 'has_sev_fops

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/11/2017 09:19 AM, Borislav Petkov wrote: On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote: Basically we need some variable which is outside the per-device structure so that we don't end up creating multiple /dev/sev nodes. If needed, I think we can remove 'has_sev_fops

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/09/2017 10:21 AM, Borislav Petkov wrote: ... 03:00.1 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1468 13:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1456 Btw, what do those PCI functions each do? Public PPR doesn't have them documented.

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/09/2017 10:21 AM, Borislav Petkov wrote: ... 03:00.1 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1468 13:00.2 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1456 Btw, what do those PCI functions each do? Public PPR doesn't have them documented.

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/8/17 9:00 AM, Borislav Petkov wrote: > On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote: >> During the device probe, sev_ops_init() will be called for every device >> instance which claims to support the SEV.  One of the device will be >> 'master' but we d

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/8/17 9:00 AM, Borislav Petkov wrote: > On Sun, Oct 08, 2017 at 08:30:47AM -0500, Brijesh Singh wrote: >> During the device probe, sev_ops_init() will be called for every device >> instance which claims to support the SEV.  One of the device will be >> 'master' but we d

Re: [Part2 PATCH v5.1 12.2/31] crypto: ccp: Define SEV userspace ioctl and command id

On 10/7/17 9:20 AM, Borislav Petkov wrote: > On Fri, Oct 06, 2017 at 08:06:00PM -0500, Brijesh Singh wrote: >> Add a include file which defines the ioctl and command id used for >> issuing SEV platform management specific commands. >> >> Cc: Paolo Bonzini <pbon

Re: [Part2 PATCH v5.1 12.2/31] crypto: ccp: Define SEV userspace ioctl and command id

On 10/7/17 9:20 AM, Borislav Petkov wrote: > On Fri, Oct 06, 2017 at 08:06:00PM -0500, Brijesh Singh wrote: >> Add a include file which defines the ioctl and command id used for >> issuing SEV platform management specific commands. >> >> Cc: Paolo Bonzini >> Cc

Re: [Part2 PATCH v5 11/31] crypto: ccp: Define SEV key management command id

On 10/5/17 3:56 PM, Borislav Petkov wrote: > On Wed, Oct 04, 2017 at 08:13:52AM -0500, Brijesh Singh wrote: >> Define Secure Encrypted Virtualization (SEV) key management command id >> and structure. The command definition is available in SEV KM [1] spec >> 0.14. >> &g

Re: [Part2 PATCH v5 11/31] crypto: ccp: Define SEV key management command id

On 10/5/17 3:56 PM, Borislav Petkov wrote: > On Wed, Oct 04, 2017 at 08:13:52AM -0500, Brijesh Singh wrote: >> Define Secure Encrypted Virtualization (SEV) key management command id >> and structure. The command definition is available in SEV KM [1] spec >> 0.14. >> &g

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/7/17 1:40 PM, Borislav Petkov wrote: ... > A bunch of fixes ontop: > > * sev_fops_registered is superfluous if you can use psp->has_sev_fops I am okay with all your fixes except this one. I will add my comment below. ... > static int sev_ops_init(struct psp_device *psp) > { >

Re: [Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/7/17 1:40 PM, Borislav Petkov wrote: ... > A bunch of fixes ontop: > > * sev_fops_registered is superfluous if you can use psp->has_sev_fops I am okay with all your fixes except this one. I will add my comment below. ... > static int sev_ops_init(struct psp_device *psp) > { >

Re: [Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/6/17 1:49 PM, Borislav Petkov wrote: ... >> +static int sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg) >> +{ >> +psp->sev_int_rcvd = 0; >> + >> +wait_event(psp->sev_int_queue, psp->sev_int_rcvd); > What happens if the command times out and it never sets

Re: [Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/6/17 1:49 PM, Borislav Petkov wrote: ... >> +static int sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg) >> +{ >> +psp->sev_int_rcvd = 0; >> + >> +wait_event(psp->sev_int_queue, psp->sev_int_rcvd); > What happens if the command times out and it never sets

[Part2 PATCH v5.1 12.3/31] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

[Part2 PATCH v5.1 12.3/31] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command

kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 29 - 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index e9

[Part2 PATCH v5.1 12.2/31] crypto: ccp: Define SEV userspace ioctl and command id

dor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- include/uapi/linux/psp-sev.h | 115

[Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c

[Part2 PATCH v5.1 12.2/31] crypto: ccp: Define SEV userspace ioctl and command id

Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- include/uapi/linux/psp-sev.h | 115 +++ 1 file changed, 115 insertions(+) create mode 100644 include/uapi/linux/psp-sev.h diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp

[Part2 PATCH v5.1 12.5/31] crypto: ccp: Implement SEV_PEK_GEN ioctl command

kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 68 1 file changed, 68 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index d68303a06464..03d7bd03a

[Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

[Part2 PATCH v5.1 12.4/31] crypto: ccp: Implement SEV_PLATFORM_STATUS ioctl command

linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 34 ++ 1 file changed, 34 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 94

[Part2 PATCH v5.1 12.6/31] crypto: ccp: Implement SEV_PDH_GEN ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp

[Part2 PATCH v5.1 12.6/31] crypto: ccp: Implement SEV_PDH_GEN ioctl command

.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 32 1 file changed, 32 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 03d7bd03ad58..28efb7a9245a 100644 ---

[Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c

[Part2 PATCH v5.1 12.9/31] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

<herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...

[Part2 PATCH v5.1 12.8/31] crypto: ccp: Implement SEV_PEK_CERT_IMPORT ioctl command

kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 97 1 file changed, 97 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 8038ca7aef03..861c44bf2

[Part2 PATCH v5.1 12.9/31] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command

.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 110 +++ 1 file changed, 110 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 861c44bf2910..0a

[Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si..

[Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command

kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 85 1 file changed, 85 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 28efb7a9245a..8038ca7ae

[Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

t;gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Based on Boris feedback sp

[Part2 PATCH v5.1 12.1/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

provements-by: Borislav Petkov Signed-off-by: Brijesh Singh --- Based on Boris feedback split this patch in 9 logical patches, they are numbers from 12.1 to 12.9. drivers/crypto/ccp/psp-dev.c | 244 +++ drivers/crypto/ccp/psp-dev.h | 17 +++ include/linux

[Part2 PATCH v5.1 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support

-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petkov <b...@suse.de> --- Changes since v5: * move psp_entry in sp-pci.c (based on Boris improvement patch) drivers/crypto/ccp/Kconfig | 11 + drivers/

[Part2 PATCH v5.1 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support

y Hook Cc: Tom Lendacky Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Changes since v5: * move psp_entry in sp-pci.c (based on Boris improvement patch)

Re: [Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/6/17 1:49 PM, Borislav Petkov wrote: ... >> + >> +static unsigned int sev_poll; >> +module_param(sev_poll, uint, 0444); >> +MODULE_PARM_DESC(sev_poll, "Poll for sev command completion - any non-zero >> value"); > What is that used for? Some debugging leftover probably? If not, add a >

Re: [Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

On 10/6/17 1:49 PM, Borislav Petkov wrote: ... >> + >> +static unsigned int sev_poll; >> +module_param(sev_poll, uint, 0444); >> +MODULE_PARM_DESC(sev_poll, "Poll for sev command completion - any non-zero >> value"); > What is that used for? Some debugging leftover probably? If not, add a >

Re: [Part2 PATCH v5 09/31] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

On 10/04/2017 04:47 PM, Borislav Petkov wrote:> Signed-off-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> i.e., the first SOB is the author's and the second is yours which means, you've handled the patch further on, like send

Re: [Part2 PATCH v5 09/31] crypto: ccp: Build the AMD secure processor driver only with AMD CPU support

On 10/04/2017 04:47 PM, Borislav Petkov wrote:> Signed-off-by: Borislav Petkov Signed-off-by: Brijesh Singh i.e., the first SOB is the author's and the second is yours which means, you've handled the patch further on, like sending it upstream, for example. Noted, thanks

Re: [Part2 PATCH v5 08/31] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

On 10/04/2017 10:19 AM, Borislav Petkov wrote: +}; + +#define KVM_MEMORY_ENCRYPT_REGISTER_REGION_IOR(KVMIO, 0xbb,\ +struct kvm_enc_region) +#define KVM_MEMORY_ENCRYPT_UNREGISTER_REGION _IOR(KVMIO, 0xbc,\ +

Re: [Part2 PATCH v5 08/31] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

On 10/04/2017 10:19 AM, Borislav Petkov wrote: +}; + +#define KVM_MEMORY_ENCRYPT_REGISTER_REGION_IOR(KVMIO, 0xbb,\ +struct kvm_enc_region) +#define KVM_MEMORY_ENCRYPT_UNREGISTER_REGION _IOR(KVMIO, 0xbc,\ +

[Part2 PATCH v5 03/31] kvm: svm: prepare for new bit definition in nested_ctl

mář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com

[Part2 PATCH v5 02/31] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

mář" <rkrc...@redhat.com> Cc: Borislav Petkov <b...@suse.de> Cc: k...@vger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tom Lendacky <thomas.lenda...@amd.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> Reviewed-by: Borislav Petk

[Part2 PATCH v5 03/31] kvm: svm: prepare for new bit definition in nested_ctl

off-by: Tom Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/include/asm/svm.h | 2 ++ arch/x86/kvm/svm.c | 7 --- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 14835dd205a5.

[Part2 PATCH v5 02/31] x86/CPU/AMD: Add the Secure Encrypted Virtualization CPU feature

Lendacky Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/cpu/amd.c | 66 ++ arch/x86/kernel/cpu/scattered.c| 1 + 4 files changed,

[Part2 PATCH v5 01/31] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

t;Radim Krčmář" <rkrc...@redhat.com> Cc: Jonathan Corbet <cor...@lwn.net> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: k...@vger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Sing

[Part2 PATCH v5 01/31] Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV)

ger.kernel.org Cc: x...@kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- Documentation/virtual/kvm/00-INDEX | 3 ++ .../virtual/kvm/amd-memory-encryption.txt | 38 ++ 2 files changed, 41 insertions(+)

[Part2 PATCH v5 00/31] x86: Secure Encrypted Virtualization (AMD)

ption_enabled ops * Enhance DEBUG DECRYPT/ENCRYPT commands to work with more than one page \ (recommended by Paolo) * Optimize LAUNCH_UPDATE command to reduce the number of calls to AMD-SP driver * Changes to address v2 feedbacks Borislav Petkov (1): crypto: ccp:

[Part2 PATCH v5 00/31] x86: Secure Encrypted Virtualization (AMD)

Build the AMD secure processor driver only with AMD CPU support Brijesh Singh (27): Documentation/virtual/kvm: Add AMD Secure Encrypted Virtualization (SEV) KVM: SVM: Prepare to reserve asid for SEV guest KVM: X86: Extend CPUID range to include new leaf KVM: Introduce KVM_MEMORY_EN

[Part2 PATCH v5 05/31] KVM: SVM: Prepare to reserve asid for SEV guest

r.kernel.org Reviewed-by: Paolo Bonzini <pbonz...@redhat.com> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/svm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 8186b8d7c469..2c3a3c88596c 100

[Part2 PATCH v5 05/31] KVM: SVM: Prepare to reserve asid for SEV guest

Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Paolo Bonzini Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm.c b/arch

[Part2 PATCH v5 06/31] KVM: X86: Extend CPUID range to include new leaf

er.kernel.org Reviewed-by: Borislav Petkov <b...@suse.de> Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm.c | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index

[Part2 PATCH v5 06/31] KVM: X86: Extend CPUID range to include new leaf

Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Reviewed-by: Borislav Petkov Signed-off-by: Brijesh Singh --- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/svm.c | 6 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/

[Part2 PATCH v5 08/31] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

.@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- Documentation/virtual/kvm/api.txt | 34 ++ arch/x8

[Part2 PATCH v5 08/31] KVM: Introduce KVM_MEMORY_ENCRYPT_REGISTER_REGION ioctl

Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Documentation/virt

[Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support

tkov <b...@suse.de> Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: Gary Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brije

[Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

y Hook <gary.h...@amd.com> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- drivers/crypto/ccp/psp-dev.c | 734 +++

[Part2 PATCH v5 10/31] crypto: ccp: Add Platform Security Processor (PSP) device support

Cc: linux-cry...@vger.kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/Kconfig | 11 + drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/psp-dev.c | 109 +++ drivers/cryp

[Part2 PATCH v5 12/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

org Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 734 +++ drivers/crypto/ccp/psp-dev.h | 17 + include/linux/psp-sev.h | 159 ++ include/uapi/linux/psp-sev.h | 116 +++ 4 files changed, 1026 insertions(+) create mode 1006

[Part2 PATCH v5 16/31] KVM: Define SEV key management command id

.@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- .../virtual/kvm/amd-memory-encryption.txt | 191 + include/uapi/linux/kvm.h

[Part2 PATCH v5 16/31] KVM: Define SEV key management command id

: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- .../virtual/kvm/amd-m

[Part2 PATCH v5 17/31] KVM: SVM: Add KVM_SEV_INIT command

.@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/include/asm/kvm_host.h | 7 ++ arch/x86/kvm/svm.c | 189 +++- 2 files changed, 195 in

[Part2 PATCH v5 17/31] KVM: SVM: Add KVM_SEV_INIT command

" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 7 ++ arch/x86/kvm/svm.

[Part2 PATCH v5 14/31] KVM: SVM: Add sev module_param

.@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch/x86/

[Part2 PATCH v5 14/31] KVM: SVM: Add sev module_param

org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 4 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index fab5b1b7fc63..be2e98c01b22 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -284,6 +284,10 @@ module_

[Part2 PATCH v5 20/31] KVM: SVM: Add support for KVM_SEV_LAUNCH_UPDATE_DATA command

pbonz...@redhat.com> Cc: "Radim Krčmář" <rkrc...@redhat.com> Cc: Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off

[Part2 PATCH v5 20/31] KVM: SVM: Add support for KVM_SEV_LAUNCH_UPDATE_DATA command

Tom Lendacky Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 193 +++- 2 files changed, 192 insertions(+), 2 deletions(-) d

[Part2 PATCH v5 19/31] KVM: SVM: Add support for KVM_SEV_LAUNCH_START command

Joerg Roedel <j...@8bytes.org> Cc: Borislav Petkov <b...@suse.de> Cc: Tom Lendacky <thomas.lenda...@amd.com> Cc: x...@kernel.org Cc: k...@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.si...@amd.com> --- arch

[Part2 PATCH v5 19/31] KVM: SVM: Add support for KVM_SEV_LAUNCH_START command

ernel.org Signed-off-by: Brijesh Singh --- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/svm.c | 181 2 files changed, 183 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 6bd49e80a16d.

<    4   5   6   7   8   9   10   11   12   13   >