Message ID | 20221214194056.161492-14-michael.roth@amd.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support | expand |
On Wed, Dec 14, 2022 at 01:40:05PM -0600, Michael Roth wrote: > From: Brijesh Singh <brijesh.singh@amd.com> > > Add CPU feature detection for Secure Encrypted Virtualization with > Secure Nested Paging. This feature adds a strong memory integrity > protection to help prevent malicious hypervisor-based attacks like > data replay, memory re-mapping, and more. > > Link: https://lore.kernel.org/all/YrGINaPc3cojG6%2F3@zn.tnic/ That points to some review feedback I've given - dunno if it is relevant. > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > Signed-off-by: Jarkko Sakkinen <jarkko@profian.com> I read this as Jarkko has handled this patch too. Is that the case? > Signed-off-by: Ashish Kalra <Ashish.Kalra@amd.com> > Signed-off-by: Michael Roth <michael.roth@amd.com> Those last two are ok - you took ovef from Ashish. Thx.
On Wed, Feb 01, 2023 at 07:39:32PM +0100, Borislav Petkov wrote: > On Wed, Dec 14, 2022 at 01:40:05PM -0600, Michael Roth wrote: > > From: Brijesh Singh <brijesh.singh@amd.com> > > > > Add CPU feature detection for Secure Encrypted Virtualization with > > Secure Nested Paging. This feature adds a strong memory integrity > > protection to help prevent malicious hypervisor-based attacks like > > data replay, memory re-mapping, and more. > > > > Link: https://lore.kernel.org/all/YrGINaPc3cojG6%2F3@zn.tnic/ > > That points to some review feedback I've given - dunno if it is > relevant. > > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > > Signed-off-by: Jarkko Sakkinen <jarkko@profian.com> > > I read this as Jarkko has handled this patch too. Is that the case? Yes we shared some patches via an internal tree at some stages. -Mike > > > Signed-off-by: Ashish Kalra <Ashish.Kalra@amd.com> > > Signed-off-by: Michael Roth <michael.roth@amd.com> > > Those last two are ok - you took ovef from Ashish. > > Thx. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
On Mon, Feb 20, 2023 at 10:26:47AM -0600, Michael Roth wrote: > On Wed, Feb 01, 2023 at 07:39:32PM +0100, Borislav Petkov wrote: > > On Wed, Dec 14, 2022 at 01:40:05PM -0600, Michael Roth wrote: > > > From: Brijesh Singh <brijesh.singh@amd.com> > > > > > > Add CPU feature detection for Secure Encrypted Virtualization with > > > Secure Nested Paging. This feature adds a strong memory integrity > > > protection to help prevent malicious hypervisor-based attacks like > > > data replay, memory re-mapping, and more. > > > > > > Link: https://lore.kernel.org/all/YrGINaPc3cojG6%2F3@zn.tnic/ > > > > That points to some review feedback I've given - dunno if it is > > relevant. > > > > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > > > Signed-off-by: Jarkko Sakkinen <jarkko@profian.com> > > > > I read this as Jarkko has handled this patch too. Is that the case? > > Yes we shared some patches via an internal tree at some stages. In the sense that, he took Brijesh's patch, then he did something with it(?) and then Ashish took it from him and then you took it from Ashish? This is how I'm reading this SOB chain at least...
On Mon, Feb 20, 2023 at 06:50:09PM +0100, Borislav Petkov wrote: > On Mon, Feb 20, 2023 at 10:26:47AM -0600, Michael Roth wrote: > > On Wed, Feb 01, 2023 at 07:39:32PM +0100, Borislav Petkov wrote: > > > On Wed, Dec 14, 2022 at 01:40:05PM -0600, Michael Roth wrote: > > > > From: Brijesh Singh <brijesh.singh@amd.com> > > > > > > > > Add CPU feature detection for Secure Encrypted Virtualization with > > > > Secure Nested Paging. This feature adds a strong memory integrity > > > > protection to help prevent malicious hypervisor-based attacks like > > > > data replay, memory re-mapping, and more. > > > > > > > > Link: https://lore.kernel.org/all/YrGINaPc3cojG6%2F3@zn.tnic/ > > > > > > That points to some review feedback I've given - dunno if it is > > > relevant. > > > > > > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > > > > Signed-off-by: Jarkko Sakkinen <jarkko@profian.com> > > > > > > I read this as Jarkko has handled this patch too. Is that the case? > > > > Yes we shared some patches via an internal tree at some stages. > > In the sense that, he took Brijesh's patch, then he did something with > it(?) and then Ashish took it from him and then you took it from Ashish? Yes, I think he rebased Ashish's tree on a newer tree and added his SoB on patches that required any conflict resolutions or changes on his end, so we kept those intact since then. -Mike > > This is how I'm reading this SOB chain at least... > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette
On Mon, Feb 20, 2023 at 12:00:38PM -0600, Michael Roth wrote: > Yes, I think he rebased Ashish's tree on a newer tree and added his SoB on > patches that required any conflict resolutions or changes on his end, so > we kept those intact since then. Ok, that makes sense. Thx.
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 1419c4e04d45..480b4eaef310 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -420,6 +420,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */ diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 860b60273df3..c7884198ad5b 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -558,8 +558,8 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) * SME feature (set in scattered.c). * If the kernel has not enabled SME via any means then * don't advertise the SME feature. - * For SEV: If BIOS has not enabled SEV then don't advertise the - * SEV and SEV_ES feature (set in scattered.c). + * For SEV: If BIOS has not enabled SEV then don't advertise SEV and + * any additional functionality based on it. * * In all cases, since support for SME and SEV requires long mode, * don't advertise the feature under CONFIG_X86_32. @@ -594,6 +594,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c) clear_sev: setup_clear_cpu_cap(X86_FEATURE_SEV); setup_clear_cpu_cap(X86_FEATURE_SEV_ES); + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); } } diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h index b71f4f2ecdd5..e81606fcd2ab 100644 --- a/tools/arch/x86/include/asm/cpufeatures.h +++ b/tools/arch/x86/include/asm/cpufeatures.h @@ -417,6 +417,7 @@ #define X86_FEATURE_SEV (19*32+ 1) /* AMD Secure Encrypted Virtualization */ #define X86_FEATURE_VM_PAGE_FLUSH (19*32+ 2) /* "" VM Page Flush MSR is supported */ #define X86_FEATURE_SEV_ES (19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */ +#define X86_FEATURE_SEV_SNP (19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* "" Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* "" AMD hardware-enforced cache coherency */