From: Tom Lendacky
Currently the nested_ctl variable in the vmcb_control_area structure is
used to indicate nested paging support. The nested paging support field
is actually defined as bit 0 of the this field. In order to support a new
feature flag the usage of the nested_ctl and nested paging s
The command decrypts a page of guest memory for debugging purposes.
For more information see [1], section 7.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 83
1 file
In current implementation, asid allocation starts from 1, this patch
adds a min_asid variable in svm_vcpu structure to allow starting asid
from something other than 1.
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c |4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ar
From: Tom Lendacky
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/acpi/boot.c |4 ++--
arch/x86/kernel/mpparse.c | 10 +-
drivers/sfi/sfi_core.c |6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/ac
From: Tom Lendacky
Secure Encrypted Virtualization (SEV) does not support string I/O, so
unroll the string I/O operation into a loop operating on one element at
a time.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/io.h | 26 ++
1 file changed, 22 insertions(+)
From: Tom Lendacky
When Secure Encrypted Virtualization is active instruction fetches are
always interpreted as being from encrypted memory so the trampoline area
must remain encrypted when SEV is active.
Signed-off-by: Tom Lendacky
---
arch/x86/realmode/init.c |9 ++---
1 file changed
The patch adds initial support required for Secure Encrypted
Virtualization (SEV) guest management API's.
ASID management:
- Reserve asid range for SEV guest, SEV asid range is obtained
through CPUID Fn8000_001f[ECX]. A non-SEV guest can use any
asid outside the SEV asid range.
- SEV guest
From: Tom Lendacky
Early in the boot process, add a check to determine if the kernel is
running with Secure Encrypted Virtualization (SEV) enabled. If active,
the kernel will perform steps necessary to insure the proper kernel
initialization process is performed.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
Define a new KVM cpu feature for Secure Encrypted Virtualization (SEV).
The kernel will check for the presence of this feature to determine if
it is running with SEV active.
Define the SEV enable bit for the VMCB control structure. The hypervisor
will use this bit to enable SE
From: Tom Lendacky
When SEV is active the virtual machine cannot set the MSR for SME, so
don't set the trampoline flag for SME.
Signed-off-by: Tom Lendacky
---
arch/x86/realmode/init.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/realmode/init.c b/arch/x86/re
From: Tom Lendacky
When Secure Encrypted Virtualization (SEV) is active, BOOT data (such as
EFI related data) is encrypted and needs to be access as such. Update the
architecture override in early_memremap to keep the encryption attribute
when mapping this data.
Signed-off-by: Tom Lendacky
---
From: Tom Lendacky
DMA must be performed to memory that is not mapped encrypted when running
with SEV active. So if SEV is active, do not return the encryption mask
to the IOMMU.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/mem_encrypt.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
This RFC series provides support for AMD's new Secure Encrypted
Virtualization (SEV) feature. This RFC is build upon Secure Memory
Encryption (SME) RFC.
SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. When enabled, SEV
hardwa
From: Tom Lendacky
Update the I/O interception support to add the kvm_fast_pio_in function
to speed up the in instruction similar to the out instruction.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/kvm_host.h |1 +
arch/x86/kvm/svm.c |5 +++--
arch/x86/kvm/x86.c
This RFC series provides support for AMD's new Secure Encrypted
Virtualization (SEV) feature. This RFC is build upon Secure Memory
Encryption (SME) RFC.
SEV is an extension to the AMD-V architecture which supports running
multiple VMs under the control of a hypervisor. When enabled, SEV
hardwa
From: Tom Lendacky
DMA access to memory mapped as encrypted while SEV is active can not be
encrypted during device write or decrypted during device read. In order
for DMA to properly work when SEV is active, the swiotlb bounce buffers
must be used.
Signed-off-by: Tom Lendacky
---
arch/x86/mm/m
From: Tom Lendacky
Provide support for Secure Encyrpted Virtualization (SEV). This initial
support defines the SEV active flag in order for the kernel to determine
if it is running with SEV active or not.
Signed-off-by: Tom Lendacky
---
arch/x86/include/asm/mem_encrypt.h |3 +++
arch/x86/k
The command initate the process to launch this guest into
SEV-enabled mode.
For more information on command structure see [1], section 6.1
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 212
The driver to communicate with Secure Encrypted Virtualization (SEV)
firmware running within the AMD secure processor providing a secure key
management interface for SEV guests.
Signed-off-by: Tom Lendacky
Signed-off-by: Brijesh Singh
---
drivers/crypto/Kconfig | 11 +
drivers/crypto/Ma
From: Tom Lendacky
EFI data is encrypted when the kernel is run under SEV. Update the
page table references to be sure the EFI memory areas are accessed
encrypted.
Signed-off-by: Tom Lendacky
---
arch/x86/platform/efi/efi_64.c | 14 --
1 file changed, 12 insertions(+), 2 deletion
From: Tom Lendacky
When running under SEV, some memory areas that were originally not
encrypted under SME are already encrypted. In these situations do not
attempt to encrypt them.
Signed-off-by: Tom Lendacky
---
arch/x86/kernel/head64.c |4 ++--
arch/x86/kernel/setup.c |7 ---
2
From: Tom Lendacky
Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active by setting the SEV KVM cpu features bit
if SEV is active. SEV is active if Secure Memory Encryption is active
in the host and the SEV_ENABLE bit of the VMCB is set.
Signed-off-
From: Tom Lendacky
AMD hardware adds two additional bits to aid in nested page fault handling.
Bit 32 - NPF occurred while translating the guest's final physical address
Bit 33 - NPF occurred while translating the guest page tables
The guest page tables fault indicator can be used as an aid for
From: Tom Lendacky
When a guest causes a NPF which requires emulation, KVM sometimes walks
the guest page tables to translate the GVA to a GPA. This is unnecessary
most of the time on AMD hardware since the hardware provides the GPA in
EXITINFO2.
The only exception cases involve string operation
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 4af195d..88b8f89 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5779,6 +5779,25 @@ err_1:
return r
The command is used for encrypting guest memory region.
For more information see [1], section 6.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 126
1 file changed, 126
The command is used for finializing the guest launch into SEV mode.
For more information see [1], section 6.3
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 78
1 file
The command encrypts a region of guest memory for debugging purposes.
For more information see [1], section 7.2
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 100
1 fil
The command is used to query the SEV guest status.
For more information see [1], section 6.10
[1] http://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf
Signed-off-by: Brijesh Singh
---
arch/x86/kvm/svm.c | 41 +
1 file changed, 41 insertions(+)
The ioctl will be used by qemu to issue the Secure Encrypted
Virtualization (SEV) guest commands to transition a guest into
into SEV-enabled mode.
a typical usage:
struct kvm_sev_launch_start start;
struct kvm_sev_issue_cmd data;
data.cmd = KVM_SEV_LAUNCH_START;
data.opaque = &start;
ret = ioct
On Mon, Aug 22, 2016 at 07:49:09AM -0700, David Daney wrote:
> On 08/22/2016 07:36 AM, Bjorn Helgaas wrote:
> >Hi David & Omer,
> >
> >On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
> >>From: David Daney
> >>
> >>Some hardware presents an incorrect SR-IOV Function Dependency Link,
>
From: Wei Yongjun
Fixes the following sparse warning:
drivers/crypto/chelsio/chcr_algo.c:593:5: warning:
symbol 'cxgb4_is_crypto_q_full' was not declared. Should it be static?
Signed-off-by: Wei Yongjun
---
drivers/crypto/chelsio/chcr_algo.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion
On 08/22/2016 07:36 AM, Bjorn Helgaas wrote:
Hi David & Omer,
On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
From: David Daney
Some hardware presents an incorrect SR-IOV Function Dependency Link,
add a function to allow this to be overridden in the PF driver for
such devices.
S
Hi David & Omer,
On Fri, Aug 19, 2016 at 03:32:12PM -0700, Omer Khaliq wrote:
> From: David Daney
>
> Some hardware presents an incorrect SR-IOV Function Dependency Link,
> add a function to allow this to be overridden in the PF driver for
> such devices.
>
> Signed-off-by: David Daney
> Signe
34 matches
Mail list logo
