[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v7 05/26] target/i386: add memory encryption fea
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH v7 05/26] target/i386: add memory encryption feature cpuid support |
Date: |
Wed, 7 Feb 2018 17:54:41 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 |
On 07/02/2018 17:06, Brijesh Singh wrote:
> AMD EPYC processors support memory encryption feature. The feature
> is reported through CPUID 8000_001F[EAX].
>
> Fn8000_001F [EAX]:
> Bit 0 Secure Memory Encryption (SME) supported
> Bit 1 Secure Encrypted Virtualization (SEV) supported
> Bit 2 Page flush MSR supported
> Bit 3 Ecrypted State (SEV-ES) support
>
> when memory encryption feature is reported, CPUID 8000_001F[EBX] should
> provide additional information regarding the feature (such as which page
> table bit is used to mark pages as encrypted etc). The information in EBX
> and ECX may vary from one family to another hence we use the host cpuid
> to populate the EBX information.
>
> The details for memory encryption CPUID is available in AMD APM
> (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
>
> Cc: Paolo Bonzini <address@hidden>
> Cc: Richard Henderson <address@hidden>
> Cc: Eduardo Habkost <address@hidden>
> Signed-off-by: Brijesh Singh <address@hidden>
> ---
> target/i386/cpu.c | 36 ++++++++++++++++++++++++++++++++++++
> target/i386/cpu.h | 6 ++++++
> 2 files changed, 42 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index a49d2221adc9..4147eb6e18a9 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -234,6 +234,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t
> vendor1,
> #define TCG_EXT4_FEATURES 0
> #define TCG_SVM_FEATURES 0
> #define TCG_KVM_FEATURES 0
> +#define TCG_MEM_ENCRYPT_FEATURES 0
> #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
> CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
> CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT | \
> @@ -545,6 +546,20 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS]
> = {
> .cpuid_reg = R_EDX,
> .tcg_features = ~0U,
> },
> + [FEAT_MEM_ENCRYPT] = {
> + .feat_names = {
> + "sme", "sev", "page-flush-msr", "sev-es",
Why would sme ever be on in a guest? That is, would a guest care about
whether SME is on in the host?
Paolo
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + NULL, NULL, NULL, NULL,
> + },
> + .cpuid_eax = 0x8000001F, .cpuid_reg = R_EAX,
> + .tcg_features = TCG_MEM_ENCRYPT_FEATURES,
> + }
> };
>
> typedef struct X86RegisterInfo32 {
> @@ -1965,6 +1980,9 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_XSAVE_XGETBV1,
> .features[FEAT_6_EAX] =
> CPUID_6_EAX_ARAT,
> + /* Missing: SEV_ES */
> + .features[FEAT_MEM_ENCRYPT] =
> + CPUID_8000_001F_EAX_SME | CPUID_8000_001F_EAX_SEV,
> .xlevel = 0x8000000A,
> .model_id = "AMD EPYC Processor",
> },
> @@ -3589,6 +3607,19 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,
> uint32_t count,
> *edx = 0;
> }
> break;
> + case 0x8000001F:
> + if (env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV) {
> + *eax = env->features[FEAT_MEM_ENCRYPT];
> + host_cpuid(0x8000001F, 0, NULL, ebx, NULL, NULL);
> + *ecx = 0;
> + *edx = 0;
> + } else {
> + *eax = 0;
> + *ebx = 0;
> + *ecx = 0;
> + *edx = 0;
> + }
> + break;
> case 0xC0000000:
> *eax = env->cpuid_xlevel2;
> *ebx = 0;
> @@ -4036,10 +4067,15 @@ static void x86_cpu_expand_features(X86CPU *cpu,
> Error **errp)
> x86_cpu_adjust_feat_level(cpu, FEAT_C000_0001_EDX);
> x86_cpu_adjust_feat_level(cpu, FEAT_SVM);
> x86_cpu_adjust_feat_level(cpu, FEAT_XSAVE);
> + x86_cpu_adjust_feat_level(cpu, FEAT_MEM_ENCRYPT);
> /* SVM requires CPUID[0x8000000A] */
> if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
> x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
> }
> + /* SEV requires CPUID[0x8000001F] */
> + if ((env->features[FEAT_MEM_ENCRYPT] & CPUID_8000_001F_EAX_SEV)) {
> + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
> + }
> }
>
> /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index f91e37d25dea..f7a0ab20fdd1 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -483,6 +483,7 @@ typedef enum FeatureWord {
> FEAT_6_EAX, /* CPUID[6].EAX */
> FEAT_XSAVE_COMP_LO, /* CPUID[EAX=0xd,ECX=0].EAX */
> FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
> + FEAT_MEM_ENCRYPT, /* CPUID[8000_001F].EAX */
> FEATURE_WORDS,
> } FeatureWord;
>
> @@ -679,6 +680,11 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>
> #define CPUID_6_EAX_ARAT (1U << 2)
>
> +#define CPUID_8000_001F_EAX_SME (1U << 0) /* SME */
> +#define CPUID_8000_001F_EAX_SEV (1U << 1) /* SEV */
> +#define CPUID_8000_001F_EAX_PAGE_FLUSH_MSR (1U << 2) /* Page flush MSR */
> +#define CPUID_8000_001F_EAX_SEV_ES (1U << 3) /* SEV-ES */
> +
> /* CPUID[0x80000007].EDX flags: */
> #define CPUID_APM_INVTSC (1U << 8)
>
>
- [Qemu-devel] [PATCH v7 01/26] memattrs: add debug attribute, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 03/26] exec: add debug version of physical memory read and write API, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 05/26] target/i386: add memory encryption feature cpuid support, Brijesh Singh, 2018/02/07
- Re: [Qemu-devel] [PATCH v7 05/26] target/i386: add memory encryption feature cpuid support,
Paolo Bonzini <=
- [Qemu-devel] [PATCH v7 04/26] monitor/i386: use debug APIs when accessing guest memory, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 06/26] machine: add -memory-encryption property, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 07/26] kvm: update kvm.h to include memory encryption ioctls, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 08/26] docs: add AMD Secure Encrypted Virtualization (SEV), Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 11/26] sev: register the guest memory range which may contain encrypted data, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 09/26] accel: add Secure Encrypted Virtulization (SEV) object, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 10/26] sev: add command to initialize the memory encryption context, Brijesh Singh, 2018/02/07
- [Qemu-devel] [PATCH v7 13/26] qmp: add query-sev command, Brijesh Singh, 2018/02/07