Commit-ID: d68baa3fa6e4d703fd0c7954ee5c739789e7242f
Gitweb: http://git.kernel.org/tip/d68baa3fa6e4d703fd0c7954ee5c739789e7242f
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:12 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:01 +0200
x86/boot/e820: Add support
Commit-ID: b9d05200bc12444c7778a49c9694d8382ed06aa8
Gitweb: http://git.kernel.org/tip/b9d05200bc12444c7778a49c9694d8382ed06aa8
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:11 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:01 +0200
x86/mm: Insure that boot
Commit-ID: f88a68facd9a15b94f8c195d9d2c0b30c76c595a
Gitweb: http://git.kernel.org/tip/f88a68facd9a15b94f8c195d9d2c0b30c76c595a
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:09 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:00 +0200
x86/mm: Extend
Commit-ID: 21729f81ce8ae76a6995681d40e16f7ce8075db4
Gitweb: http://git.kernel.org/tip/21729f81ce8ae76a6995681d40e16f7ce8075db4
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:07 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:00 +0200
x86/mm: Provide general
Commit-ID: eef9c4abe77f55b1600f59d8ac5f1d953e2f5384
Gitweb: http://git.kernel.org/tip/eef9c4abe77f55b1600f59d8ac5f1d953e2f5384
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:08 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:00 +0200
x86/mm: Add SME support
Commit-ID: fd7e315988b784509ba3f1b42f539bd0b1fca9bb
Gitweb: http://git.kernel.org/tip/fd7e315988b784509ba3f1b42f539bd0b1fca9bb
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:06 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:38:00 +0200
x86/mm: Simplify p[g4um
Commit-ID: 7744ccdbc16f0ac4adae21b3678af93775b3a386
Gitweb: http://git.kernel.org/tip/7744ccdbc16f0ac4adae21b3678af93775b3a386
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:03 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/mm: Add Secure Memory
Commit-ID: 33c2b803edd13487518a2c7d5002d84d7e9c878f
Gitweb: http://git.kernel.org/tip/33c2b803edd13487518a2c7d5002d84d7e9c878f
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:04 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/mm: Remove
Commit-ID: 5868f3651fa0dff96a57f94d49247d3ef320ebe2
Gitweb: http://git.kernel.org/tip/5868f3651fa0dff96a57f94d49247d3ef320ebe2
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:05 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/mm: Add support to
Commit-ID: 9af9b94068fb1ea3206a700fc222075966fbef14
Gitweb: http://git.kernel.org/tip/9af9b94068fb1ea3206a700fc222075966fbef14
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:02 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/cpu/AMD: Handle SME
Commit-ID: f7750a79568788473c5e8092ee58a52248f34329
Gitweb: http://git.kernel.org/tip/f7750a79568788473c5e8092ee58a52248f34329
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:00 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:58 +0200
x86, mpparse, x86/acpi
Commit-ID: 872cbefd2d9c52bd0b1e2c7942c4369e98a5a5ae
Gitweb: http://git.kernel.org/tip/872cbefd2d9c52bd0b1e2c7942c4369e98a5a5ae
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:10:01 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:59 +0200
x86/cpu/AMD: Add the
Commit-ID: c262f3b9a3246da87c66ce398cd7e30d8f1529ea
Gitweb: http://git.kernel.org/tip/c262f3b9a3246da87c66ce398cd7e30d8f1529ea
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:09:58 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:58 +0200
x86/cpu/AMD: Document AMD
Commit-ID: aac7b79eea6118dee3da9b99dcd564471672806d
Gitweb: http://git.kernel.org/tip/aac7b79eea6118dee3da9b99dcd564471672806d
Author: Tom Lendacky
AuthorDate: Mon, 17 Jul 2017 16:09:59 -0500
Committer: Ingo Molnar
CommitDate: Tue, 18 Jul 2017 11:37:58 +0200
x86/mm/pat: Set write
being mapped
decrypted vs encrypted.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/dmi.h | 8
arch/x86/kernel/acpi/boot.c | 6 +++---
arch/x86/kernel/kdebugfs.c | 34 +++---
arch/x86/kernel/ksysfs.c | 28
scenario, remove the ISA range check and
usage of phys_to_virt() and have ISA range mappings continue through the
remaining ioremap() path.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c | 18 --
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/arch/x86/mm
For processors that support PAT, set the write-protect cache mode
(_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
Acked-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/pat.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86
Create a Documentation entry to describe the AMD Secure Memory
Encryption (SME) feature and add documentation for the mem_encrypt=
kernel parameter.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
Documentation/admin-guide/kernel-parameters.txt | 11
Documentation/x86/amd
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c | 24 +---
1 file changed, 13 insertions
and not configured as CONFIG_X86_32.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 2 ++
arch/x86/kernel/cpu/amd.c | 19 +++
arch/x86/kernel/cpu/scattered.c| 1 +
4 files changed, 23 insertions(+)
diff
routines to set the encryption mask and perform the encryption are
stub routines for now with functionality to be added in a later patch.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 8 ++
arch/x86/kernel/head64.c | 53
encryption mask so
that user-space allocations will automatically have the encryption mask
applied.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/boot/compressed/pagetable.c | 7 ++
arch/x86/include/asm/fixmap.h| 7 ++
arch/x86/include/asm
initrd, encrypt this data in place. Since the future mapping of
the initrd area will be mapped as encrypted the data will be accessed
properly.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 6
arch/x86/include/asm/pgtable.h | 3 ++
arch/x86/kernel/head64.c
initrd will have been loaded by the boot loader and will not be
encrypted, but the memory that it resides in is marked as encrypted).
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 10 +
arch/x86/mm/mem_encrypt.c | 76
native version of read_cr3_pa(),
so create native_read_cr3_pa().
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/processor-flags.h | 5 +++--
arch/x86/include/asm/processor.h | 5 +
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch
on to return a negative error value when no memmap entry is
found.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/ia64/kernel/efi.c | 4 ++--
arch/x86/platform/efi/efi.c | 6 +++---
include/linux/efi.h | 2 +-
3 files changed, 6 inser
s that the hardware will never give the core a
dirty line with this memtype.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig | 4
arch/x86/include/asm/fixmap.h| 13 +++
arch/x86/include/asm/pgtable_types.h | 8 +++
a
successfully. The pagetable mapping
as well as the kernel are also added to the pagetable mapping as encrypted.
All other EFI mappings are mapped decrypted (tables, etc.).
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 15
Add a function that will return the E820 type associated with an address
range.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/e820/api.h | 2 ++
arch/x86/kernel/e820.c | 26 +++---
2 files changed, 25 insertions(+), 3 deletions
remapping, ioremap_cache() will be used
instead, which will provide a decrypted mapping of the boot related data.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 5 ++
arch/x86/mm/ioremap.c | 180
mask range.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/set_memory.h | 3 ++
arch/x86/mm/pageattr.c| 62 +++
2 files changed, 65 insertions(+)
diff --git a/arch/x86/include/asm/set_memory.h
b/arch/x86/includ
When Secure Memory Encryption is enabled, the trampoline area must not
be encrypted. A CPU running in real mode will not be able to decrypt
memory that has been encrypted because it will not be able to use addresses
with the memory encryption mask.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom
.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c | 31 ++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index 8986b28..704fc08 100644
--- a/arch/x86/mm/ioremap.c
+++ b
Move the setting of the cpuinfo_x86.microcode field from amd_init() to
early_amd_init() so that it is available earlier in the boot process. This
avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel
-by: Tom Lendacky
---
arch/x86/include/asm/dma-mapping.h | 5 ++--
arch/x86/include/asm/mem_encrypt.h | 5
arch/x86/kernel/pci-dma.c | 11 +---
arch/x86/kernel/pci-nommu.c| 2 +-
arch/x86/kernel/pci-swiotlb.c | 15 +--
arch/x86/mm/mem_encrypt.c
: Borislav Petkov
Signed-off-by: Tom Lendacky
---
drivers/iommu/amd_iommu.c | 30 --
drivers/iommu/amd_iommu_init.c | 34 --
drivers/iommu/amd_iommu_proto.h | 10 ++
drivers/iommu/amd_iommu_types.h | 2 +-
4 files changed, 55
Since video memory needs to be accessed decrypted, be sure that the
memory encryption mask is not set for the video ranges.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/vga.h | 14 +-
arch/x86/mm/pageattr.c | 2 ++
drivers/gpu
tables.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/mmu.c | 11 +++
arch/x86/kvm/mmu.h | 2 +-
arch/x86/kvm/svm.c | 35 ++-
arch/x86/kvm/vmx.c
mapped encrypted then the VMA protection
value is updated to remove the encryption bit.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 3 +++
arch/x86/mm/ioremap.c | 18 +-
arch/x86/mm/pat.c | 3 +++
3 files changed, 15
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is encrypted by copying it through
a temporary buffer.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm
Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS
is greater than 4. Create a macro that will allow for defining and using
native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable_types.h | 5 +
1
encryption bit. This
can cause random memory corruption when caches are flushed depending on
which cacheline is written last.
Cc:
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/init.h | 1 +
arch/x86/include/asm/kexec.h | 8
arch/x86
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 6 ++-
arch/x86/kernel/head64.c | 5 ++-
arch/x86/mm/mem_encrypt.c | 77 +-
3 files changed, 83 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/mem_encrypt
the
AP to continue start up.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/realmode.h | 12
arch/x86/realmode/init.c | 4
arch/x86/realmode/rm/trampoline_64.S | 24
3 files changed, 40 insertions
Create a new function attribute, __nostackp, that can used to turn off
stack protection on a per function basis.
Signed-off-by: Tom Lendacky
---
include/linux/compiler-gcc.h | 2 ++
include/linux/compiler.h | 4
2 files changed, 6 insertions(+)
diff --git a/include/linux/compiler
Add a cmdline_find_option() function to look for cmdline options that
take arguments. The argument is returned in a supplied buffer and the
argument length (regardless of whether it fits in the supplied buffer)
is returned, with -1 indicating not found.
Signed-off-by: Tom Lendacky
---
arch/x86
Xen does not currently support SME for PV guests. Clear the SME CPU
capability in order to avoid any ambiguity.
Cc:
Cc: Boris Ostrovsky
Cc: Juergen Gross
Reviewed-by: Borislav Petkov
Reviewed-by: Juergen Gross
Signed-off-by: Tom Lendacky
---
arch/x86/xen/enlighten_pv.c | 1 +
1 file
Add a function that will determine if a supplied physical address matches
the address of an EFI table.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
drivers/firmware/efi/efi.c | 33 +
include/linux/efi.h| 7
encryption mask so that the data can be successfully accessed when
SME is active.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/mpparse.c | 98 +--
1 file changed, 70 insertions(+), 28 deletions(-)
diff --git a/arch/x86/kernel
, replacing the device with another device that can support 64-bit
DMA, ignoring the message if the device isn't used much, etc.
Signed-off-by: Tom Lendacky
---
include/linux/dma-mapping.h | 13 +
lib/swiotlb.c | 3 +++
2 files changed, 16 insertions(+)
diff --git a/in
30 @@
+/*
+ * AMD Memory Encryption Support
+ *
+ * Copyright (C) 2016 Advanced Micro Devices, Inc.
+ *
+ * Author: Tom Lendacky
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by th
Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then
use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of
duplicating the code.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable.h | 16 +---
1 file changed
n of physical address size
of the processor. It is possible that BIOS could have configured resources
resources into a range that will now not be addressable. To prevent this,
rely on BIOS to set the SYSCFG[MEME] bit and only then enable memory
encryption support in the kernel.
To
On 7/11/2017 10:38 AM, Brian Gerst wrote:
On Tue, Jul 11, 2017 at 11:02 AM, Tom Lendacky wrote:
On 7/10/2017 11:58 PM, Brian Gerst wrote:
On Mon, Jul 10, 2017 at 3:50 PM, Tom Lendacky
wrote:
On 7/8/2017 7:57 AM, Brian Gerst wrote:
On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky
wrote
On 7/11/2017 12:56 AM, Borislav Petkov wrote:
On Tue, Jul 11, 2017 at 01:07:46AM -0400, Brian Gerst wrote:
If I make the scattered feature support conditional on CONFIG_X86_64
(based on comment below) then cpu_has() will always be false unless
CONFIG_X86_64 is enabled. So this won't need to be w
On 7/11/2017 12:07 AM, Brian Gerst wrote:
On Mon, Jul 10, 2017 at 3:41 PM, Tom Lendacky wrote:
On 7/8/2017 7:50 AM, Brian Gerst wrote:
On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky
wrote:
Update the CPU features to include identifying and reporting on the
Secure Memory Encryption (SME
On 7/10/2017 11:58 PM, Brian Gerst wrote:
On Mon, Jul 10, 2017 at 3:50 PM, Tom Lendacky wrote:
On 7/8/2017 7:57 AM, Brian Gerst wrote:
On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky
wrote:
Currently there is a check if the address being mapped is in the ISA
range (is_ISA_range()), and if it
On 7/8/2017 7:57 AM, Brian Gerst wrote:
On Fri, Jul 7, 2017 at 9:39 AM, Tom Lendacky wrote:
Currently there is a check if the address being mapped is in the ISA
range (is_ISA_range()), and if it is, then phys_to_virt() is used to
perform the mapping. When SME is active, the default is to add
On 7/8/2017 7:50 AM, Brian Gerst wrote:
On Fri, Jul 7, 2017 at 9:38 AM, Tom Lendacky wrote:
Update the CPU features to include identifying and reporting on the
Secure Memory Encryption (SME) feature. SME is identified by CPUID
0x801f, but requires BIOS support to enable it (set bit 23 of
On 7/8/2017 4:24 AM, Ingo Molnar wrote:
* Tom Lendacky wrote:
This patch series provides support for AMD's new Secure Memory Encryption (SME)
feature.
I'm wondering, what's the typical performance hit to DRAM access latency when
SME
is enabled?
It's about an ext
.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/cpufeatures.h |1 +
arch/x86/include/asm/msr-index.h |2 ++
arch/x86/kernel/cpu/amd.c | 13 +
arch/x86/kernel/cpu/scattered.c|1 +
4 files changed, 17 insertions(+)
diff
routines to set the encryption mask and perform the encryption are
stub routines for now with functionality to be added in a later patch.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |8 +
arch/x86/kernel/head64.c | 53
native version of read_cr3_pa(),
so create native_read_cr3_pa().
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/processor-flags.h |5 +++--
arch/x86/include/asm/processor.h |5 +
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a
s that the hardware will never give the core a
dirty line with this memtype.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/Kconfig |4 +++
arch/x86/include/asm/fixmap.h| 13 ++
arch/x86/include/asm/pgtable_types.h |8 ++
a
remapping, ioremap_cache() will be used
instead, which will provide a decrypted mapping of the boot related data.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h |5 +
arch/x86/mm/ioremap.c | 179
mask range.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/set_memory.h |3 ++
arch/x86/mm/pageattr.c| 62 +
2 files changed, 65 insertions(+)
diff --git a/arch/x86/include/asm/set_memory.h
b/arch/x86/in
Move the setting of the cpuinfo_x86.microcode field from amd_init() to
early_amd_init() so that it is available earlier in the boot process. This
avoids having to read MSR_AMD64_PATCH_LEVEL directly during early boot.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel
-by: Tom Lendacky
---
arch/x86/include/asm/dma-mapping.h |5 ++-
arch/x86/include/asm/mem_encrypt.h |5 +++
arch/x86/kernel/pci-dma.c | 11 +--
arch/x86/kernel/pci-nommu.c|2 +
arch/x86/kernel/pci-swiotlb.c | 15 +-
arch/x86/mm/mem_encrypt.c
tables.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h |2 +-
arch/x86/kvm/mmu.c | 12
arch/x86/kvm/mmu.h |2 +-
arch/x86/kvm/svm.c | 35 ++-
arch/x86/kvm
mapped encrypted then the VMA protection
value is updated to remove the encryption bit.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h |3 +++
arch/x86/mm/ioremap.c | 18 +-
arch/x86/mm/pat.c |3 +++
3 files changed, 15
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |6 ++-
arch/x86/kernel/head64.c |5 +-
arch/x86/mm/mem_encrypt.c | 77
3 files changed, 83 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/mem_en
Add a cmdline_find_option() function to look for cmdline options that
take arguments. The argument is returned in a supplied buffer and the
argument length (regardless of whether it fits in the supplied buffer)
is returned, with -1 indicating not found.
Signed-off-by: Tom Lendacky
---
arch/x86
Add the support to encrypt the kernel in-place. This is done by creating
new page mappings for the kernel - a decrypted write-protected mapping
and an encrypted mapping. The kernel is encrypted by copying it through
a temporary buffer.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm
Create a new function attribute, __nostackp, that can used to turn off
stack protection on a per function basis.
Signed-off-by: Tom Lendacky
---
include/linux/compiler-gcc.h |2 ++
include/linux/compiler.h |4
2 files changed, 6 insertions(+)
diff --git a/include/linux
Currently, native_make_p4d() is only defined when CONFIG_PGTABLE_LEVELS
is greater than 4. Create a macro that will allow for defining and using
native_make_p4d() when CONFIG_PGTABLES_LEVELS is not greater than 4.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable_types.h |5
encryption bit. This
can cause random memory corruption when caches are flushed depending on
which cacheline is written last.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/init.h |1 +
arch/x86/include/asm/kexec.h |8
arch/x86
Xen does not currently support SME for PV guests. Clear the SME CPU
capability in order to avoid any ambiguity.
Reviewed-by: Borislav Petkov
Reviewed-by: Juergen Gross
Signed-off-by: Tom Lendacky
---
arch/x86/xen/enlighten_pv.c |1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86
the
AP to continue start up.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/realmode.h | 12
arch/x86/realmode/init.c |4
arch/x86/realmode/rm/trampoline_64.S | 24
3 files changed, 40
Since video memory needs to be accessed decrypted, be sure that the
memory encryption mask is not set for the video ranges.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/vga.h | 14 +-
arch/x86/mm/pageattr.c |2 ++
drivers
-by: Tom Lendacky
---
drivers/iommu/amd_iommu.c | 30 --
drivers/iommu/amd_iommu_init.c | 34 --
drivers/iommu/amd_iommu_proto.h | 10 ++
drivers/iommu/amd_iommu_types.h |2 +-
4 files changed, 55 insertions(+), 21
, replacing the device with another device that can support 64-bit
DMA, ignoring the message if the device isn't used much, etc.
Signed-off-by: Tom Lendacky
---
include/linux/dma-mapping.h | 13 +
lib/swiotlb.c |3 +++
2 files changed, 16 insertions(+)
diff --git a/in
.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c | 31 ++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
index ee33838..effa529 100644
--- a/arch/x86/mm/ioremap.c
+++ b
When Secure Memory Encryption is enabled, the trampoline area must not
be encrypted. A CPU running in real mode will not be able to decrypt
memory that has been encrypted because it will not be able to use addresses
with the memory encryption mask.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom
successfully. The pagetable mapping
as well as the kernel are also added to the pagetable mapping as encrypted.
All other EFI mappings are mapped decrypted (tables, etc.).
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 15
encryption mask so that the data can be successfully accessed when
SME is active.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/mpparse.c | 98 -
1 file changed, 70 insertions(+), 28 deletions(-)
diff --git a/arch/x86/kernel
on to return a negative error value when no memmap entry is
found.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/ia64/kernel/efi.c |4 ++--
arch/x86/platform/efi/efi.c |6 +++---
include/linux/efi.h |2 +-
3 files chang
Add a function that will return the E820 type associated with an address
range.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/e820/api.h |2 ++
arch/x86/kernel/e820.c | 26 +++---
2 files changed, 25 insertions(+), 3
Add a function that will determine if a supplied physical address matches
the address of an EFI table.
Reviewed-by: Matt Fleming
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
drivers/firmware/efi/efi.c | 33 +
include/linux/efi.h|7
encryption mask so
that user-space allocations will automatically have the encryption mask
applied.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/boot/compressed/pagetable.c |7 +
arch/x86/include/asm/fixmap.h|7 +
arch/x86/include/asm
initrd, encrypt this data in place. Since the future mapping of
the initrd area will be mapped as encrypted the data will be accessed
properly.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |6 +++
arch/x86/include/asm/pgtable.h |3 ++
arch/x86/kernel/head64.c
initrd will have been loaded by the boot loader and will not be
encrypted, but the memory that it resides in is marked as encrypted).
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h | 10 +
arch/x86/mm/mem_encrypt.c | 76
scenario, remove the ISA range check and
usage of phys_to_virt() and have ISA range mappings continue through the
remaining ioremap() path.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/ioremap.c |7 +--
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/arch/x86/mm/ioremap.c b/arch
Create a pgd_pfn() macro similar to the p[4um]d_pfn() macros and then
use the p[g4um]d_pfn() macros in the p[g4um]d_page() macros instead of
duplicating the code.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/pgtable.h | 16 +---
1 file changed
-0,0 +1,30 @@
+/*
+ * AMD Memory Encryption Support
+ *
+ * Copyright (C) 2016 Advanced Micro Devices, Inc.
+ *
+ * Author: Tom Lendacky
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+
When System Memory Encryption (SME) is enabled, the physical address
space is reduced. Adjust the x86_phys_bits value to reflect this
reduction.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/cpu/amd.c | 10 +++---
1 file changed, 7 insertions(+), 3
being mapped
decrypted vs encrypted.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/dmi.h |8
arch/x86/kernel/acpi/boot.c |6 +++---
arch/x86/kernel/kdebugfs.c | 34 +++---
arch/x86/kernel/ksysfs.c | 28
For processors that support PAT, set the write-protect cache mode
(_PAGE_CACHE_MODE_WP) entry to the actual write-protect value (x05).
Acked-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
arch/x86/mm/pat.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch
cryption.txt
create mode 100644 arch/x86/include/asm/mem_encrypt.h
create mode 100644 arch/x86/mm/mem_encrypt.c
create mode 100644 arch/x86/mm/mem_encrypt_boot.S
create mode 100644 include/linux/mem_encrypt.h
--
Tom Lendacky
Create a Documentation entry to describe the AMD Secure Memory
Encryption (SME) feature and add documentation for the mem_encrypt=
kernel parameter.
Reviewed-by: Borislav Petkov
Signed-off-by: Tom Lendacky
---
Documentation/admin-guide/kernel-parameters.txt | 11
Documentation/x86/amd
On 6/28/2017 3:26 PM, Brijesh Singh wrote:
On 06/28/2017 02:53 PM, Tom Lendacky wrote:
In this I am leaving the top level config as-is and adding
CONFIG_CRYPTO_DEV_SP_CCP to enable the CCP device support inside the
SP device driver.
[*] Support for AMD Secure Processor
Secure Processor
701 - 800 of 1214 matches
Mail list logo