From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B5468C64ED6
	for <linux-mm@archiver.kernel.org>; Tue, 21 Feb 2023 21:22:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 234F46B0074; Tue, 21 Feb 2023 16:22:07 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 1E5156B0075; Tue, 21 Feb 2023 16:22:07 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 0AD956B007B; Tue, 21 Feb 2023 16:22:07 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id F23DB6B0074
	for <linux-mm@kvack.org>; Tue, 21 Feb 2023 16:22:06 -0500 (EST)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id B8B67C0503
	for <linux-mm@kvack.org>; Tue, 21 Feb 2023 21:22:06 +0000 (UTC)
X-FDA: 80492571852.30.B92ED9B
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
	by imf07.hostedemail.com (Postfix) with ESMTP id 0E15A40005
	for <linux-mm@kvack.org>; Tue, 21 Feb 2023 21:22:03 +0000 (UTC)
Authentication-Results: imf07.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=Ow+OIUk9;
	spf=none (imf07.hostedemail.com: domain of sathyanarayanan.kuppuswamy@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=sathyanarayanan.kuppuswamy@linux.intel.com;
	dmarc=pass (policy=none) header.from=intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1677014524;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=IV5qaZZbSiW8URz+Du0jdjrJebYqS5JcDgQFf55VqD0=;
	b=OmDehPA/iBgPIaC3C94RYevhL75ozYIKC9TwJ7VK9m4CAKhGcZlYRGTw/9sOVc8ygFvaFv
	tkYRoojl9y1r7IfXlzIb/U0UA3bUzlHV1LjoZT0G6+T9jZd6FGRq3YOyRWejHtVEcQMAOb
	Ohroarw3mfmehufyLu/SbyV1eTToF8g=
ARC-Authentication-Results: i=1;
	imf07.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=Ow+OIUk9;
	spf=none (imf07.hostedemail.com: domain of sathyanarayanan.kuppuswamy@linux.intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=sathyanarayanan.kuppuswamy@linux.intel.com;
	dmarc=pass (policy=none) header.from=intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677014524; a=rsa-sha256;
	cv=none;
	b=q4kSJmTso8RsFW5h4vM9wpASOqOcnG3IOo8OpSiJgU/8eE71xeZM9QluzOVgrMWB5ucoV9
	c4UhyV/lsdf0ouJR9PNrZaTiGDksjTkQ1erXZBLsY7pIaZJg75cZDCdpEqk3u98FHbLoU9
	7OlMBZICj0+WTXARVUag+6xHhr9HSW4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1677014524; x=1708550524;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=ehLy/IW0xpkSfeCuJBkmt64WJ8nBnpPBUAfnlKm8V7U=;
  b=Ow+OIUk9gQI1ANPVFj4ED5DJERcyauEQpiSDIEC9l73cucwIb2fOeMGQ
   UlNNdR5EdtnNomOZwYkmvuPd2xDZ8P88c6ixFQaLr35Sh9BIpG4JwQ5Ld
   ibbdfXxCPxwkqHc2JAj7cos3DImyBU2MclyCUnnJzGz2i3dmsiyKritnK
   O2cHNGw6S32YaLtdhfwbwXu59TFspcjK/WMZ3L5AI6Oy4g1mBRsvFDBcF
   w4SOHVTBfeAHDCJJIwoXgF3xLsKmKph8P1goOHtfWmrXc64GMCQvR1vFX
   Cc4pq4gtctANKFDz7wQQNiQviZCMzUnaEdM0WYjURLjO+GZNsaTGBsMY2
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="332758861"
X-IronPort-AV: E=Sophos;i="5.97,315,1669104000"; 
   d="scan'208";a="332758861"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2023 13:22:02 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10628"; a="781151547"
X-IronPort-AV: E=Sophos;i="5.97,315,1669104000"; 
   d="scan'208";a="781151547"
Received: from dakateri-mobl2.amr.corp.intel.com (HELO [10.212.137.160]) ([10.212.137.160])
  by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2023 13:21:59 -0800
Message-ID: <856ded9e-facd-fe6d-2f71-bb0cf5b1d546@linux.intel.com>
Date: Tue, 21 Feb 2023 13:21:58 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Firefox/102.0 Thunderbird/102.4.2
Subject: Re: [PATCH RFC v8 10/56] x86/cpufeatures: Add SEV-SNP CPU feature
Content-Language: en-US
To: Michael Roth <michael.roth@amd.com>, kvm@vger.kernel.org
Cc: linux-coco@lists.linux.dev, linux-mm@kvack.org,
 linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org,
 tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de,
 thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org,
 pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com,
 jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com,
 slp@redhat.com, pgonda@google.com, peterz@infradead.org,
 srinivas.pandruvada@linux.intel.com, rientjes@google.com,
 dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz,
 kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com,
 marcorr@google.com, alpergun@google.com, dgilbert@redhat.com,
 jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com,
 Brijesh Singh <brijesh.singh@amd.com>, Jarkko Sakkinen <jarkko@profian.com>
References: <20230220183847.59159-1-michael.roth@amd.com>
 <20230220183847.59159-11-michael.roth@amd.com>
From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
In-Reply-To: <20230220183847.59159-11-michael.roth@amd.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspam-User: 
X-Rspamd-Server: rspam03
X-Stat-Signature: qpxd5d1ayfqrdewhxpdqxeifx7xjs368
X-Rspamd-Queue-Id: 0E15A40005
X-HE-Tag: 1677014523-548930
X-HE-Meta: U2FsdGVkX1/NSIGqzuWR+JqnbX60C9LGe9te0LO32ZDILxKUj2j5vqcfWzYarbIymWdEad9l7uFXFvAHln1HiA6W9qN2OZKgQoPhb1XyLRLRfHfkqdAUtubZNKi0Dn8SQKjDg946TnLa1yO33zmtApMXr+luMZd/q1Y035GJdBYobNqsubvby5jwpA07TwqePIlwKd+AJpjoWBKQkJ81kDAux+gDejdc+L65OvTS0GFqXru3yHbivJLIYeJeGZT0ganvx6cwEfq5vun3OQaQu7HXsusMzGoZ0+z3TzhFBsLUQnMVZNW2HpbFGCvXYIwFltBvK0PYbjVUJ0g5jgIM+ch6YqTGQ4FcgLWLnHxk5QTyvxKCLzX/84s0htpna+tj+oYtwVQxO6gAB6pad7YWS6Wcza77MFHNrdYa32KNfwUfscq3gR32pbTaJgXi6dEQsxHdjSPumChWUGKsxMfGpmLuvP5pQnCl6PiGtLTOXu3VKfODfMTW4IYuKQO8vWom6L21S0YZ/kJ2LWXp5HVYEbIq81WJNe4/3CjbLuHuhf2hTnOiqwdbv1S2ds+SnfFhBXFglq3BSto7lySBjfCH5xtMDXKTkCvbcJH3NAv6x5lFcCgcPtJD3mIVPn0fmQIdNIGFKxTqAvM6ZzB/1WBiPY4blEJ3hcoo7olx6ewIOdZh08FgxsYyawaY/C5Hj55wK+zs5z+8hXAgKRXUxCb2Hxe51OxWLJhEhQFrKk59MzOXtNzrGKwrzrujvrUG1ZbcDlPbWLP5Ob0cLdMqLQLHoxO/wNsGdEb3s5BfkbWVnZVKdbP7lckdiRvWxoSojbzNACjgscFJfeyFdW+CwOybfd5FYA6NdclmCHlByMeAG8GvqZoU29MKozX/fi5+Poi+bd3EMFgIcGgAh98sz+xwS3Jn/lUBp6kEqIDt2tkZijG8TjnUwJW4pvUjQ+XcVAlPwQPNdajlSCsnRlVl7OT
 Leb/Wun3
 i9L3hbnJCjd6WBIRAGXRbAe2xfdhAxwTvY4dFhwCXYnyInjXPrsS4e5dNm/WsqUWC88H7jRVDsuMZWsDzBrGCZ9kdOr3UCfuA0ow6Bon4TjWBK4JeYLpmYxgWibNfmxCtEncTd9s8Fbj+GADGOIAhnU429XTS0dJ6Utp1Zw+FDHUHlrLDLRuKNZCOt6UijClhudmpY7sQeHs35Hn5Eg4Kk2Nkb5kRDrdOwVy1
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>



On 2/20/23 10:38 AM, Michael Roth wrote:
> From: Brijesh Singh <brijesh.singh@amd.com>
> 
> Add CPU feature detection for Secure Encrypted Virtualization with
> Secure Nested Paging. This feature adds a strong memory integrity
> protection to help prevent malicious hypervisor-based attacks like
> data replay, memory re-mapping, and more.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Jarkko Sakkinen <jarkko@profian.com>
> Signed-off-by: Ashish Kalra <Ashish.Kalra@amd.com>

Too many signed-off-by's. Are you missing Co-developed-by?

> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
>  arch/x86/include/asm/cpufeatures.h       | 1 +
>  arch/x86/kernel/cpu/amd.c                | 5 +++--
>  tools/arch/x86/include/asm/cpufeatures.h | 1 +
>  3 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 1419c4e04d45..480b4eaef310 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -420,6 +420,7 @@
>  #define X86_FEATURE_SEV			(19*32+ 1) /* AMD Secure Encrypted Virtualization */
>  #define X86_FEATURE_VM_PAGE_FLUSH	(19*32+ 2) /* "" VM Page Flush MSR is supported */
>  #define X86_FEATURE_SEV_ES		(19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */
> +#define X86_FEATURE_SEV_SNP		(19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */
>  #define X86_FEATURE_V_TSC_AUX		(19*32+ 9) /* "" Virtual TSC_AUX */
>  #define X86_FEATURE_SME_COHERENT	(19*32+10) /* "" AMD hardware-enforced cache coherency */
>  
> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 860b60273df3..c7884198ad5b 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -558,8 +558,8 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>  	 *	      SME feature (set in scattered.c).
>  	 *	      If the kernel has not enabled SME via any means then
>  	 *	      don't advertise the SME feature.
> -	 *   For SEV: If BIOS has not enabled SEV then don't advertise the
> -	 *            SEV and SEV_ES feature (set in scattered.c).

Did you remove the related scattered.c code mentioned above in a different patch?

> +	 *   For SEV: If BIOS has not enabled SEV then don't advertise SEV and
> +	 *	      any additional functionality based on it.
>  	 *
>  	 *   In all cases, since support for SME and SEV requires long mode,
>  	 *   don't advertise the feature under CONFIG_X86_32.
> @@ -594,6 +594,7 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
>  clear_sev:
>  		setup_clear_cpu_cap(X86_FEATURE_SEV);
>  		setup_clear_cpu_cap(X86_FEATURE_SEV_ES);
> +		setup_clear_cpu_cap(X86_FEATURE_SEV_SNP);
>  	}
>  }
>  
> diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h
> index b71f4f2ecdd5..e81606fcd2ab 100644
> --- a/tools/arch/x86/include/asm/cpufeatures.h
> +++ b/tools/arch/x86/include/asm/cpufeatures.h
> @@ -417,6 +417,7 @@
>  #define X86_FEATURE_SEV			(19*32+ 1) /* AMD Secure Encrypted Virtualization */
>  #define X86_FEATURE_VM_PAGE_FLUSH	(19*32+ 2) /* "" VM Page Flush MSR is supported */
>  #define X86_FEATURE_SEV_ES		(19*32+ 3) /* AMD Secure Encrypted Virtualization - Encrypted State */
> +#define X86_FEATURE_SEV_SNP		(19*32+ 4) /* AMD Secure Encrypted Virtualization - Secure Nested Paging */
>  #define X86_FEATURE_V_TSC_AUX		(19*32+ 9) /* "" Virtual TSC_AUX */
>  #define X86_FEATURE_SME_COHERENT	(19*32+10) /* "" AMD hardware-enforced cache coherency */
>  

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer