From nobody Tue Jun 23 06:12:11 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BBD18C433EF
	for <linux-kernel@archiver.kernel.org>; Wed,  9 Mar 2022 22:10:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238544AbiCIWLs (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 9 Mar 2022 17:11:48 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44742 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238534AbiCIWLo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Mar 2022 17:11:44 -0500
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
 [205.220.165.32])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88AD7120E9E
        for <linux-kernel@vger.kernel.org>;
 Wed,  9 Mar 2022 14:10:44 -0800 (PST)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
        by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 229KcmF2022216;
        Wed, 9 Mar 2022 22:10:05 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references :
 content-transfer-encoding : content-type : mime-version;
 s=corp-2021-07-09; bh=rnCiA9rRkTMfW6osRF4fhz5Mw4VzlRtn338PAVBlhS4=;
 b=WM0gS0vxm3oipf7dpcmUQjjt7GNwVyAwwyaiLzjAarrRVh3wAZ8gcG7XGONdLGg17l3w
 NvSaYMEXguYUBeczLrLgZiFozme+wDhb15qA5bXaHNOJjIu8hjwSXAuqIodrBlXnj6Pk
 D72D+6+V4CJ0ZiJKGDMWIVG+J0wwQKgY/OFXiSnUFCpC+uMbS2kWDVehR3ZUds0Id3z1
 5NRAITGg/D0lbsMm1SsaCBKP/SVxiUAHw4ciIB76dmAJNxWtcQfRP222Me3RaBNx1+0K
 VyXNcX413XUbbaIi9vpdSiDMh7dN2zYMS/jbSXUv7z6PZlje6/HvNjsFiaqLTX9NhZcK Kg==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80])
        by mx0b-00069f02.pphosted.com with ESMTP id 3ekxf0ugk6-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:05 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1])
        by userp3030.oracle.com (8.16.1.2/8.16.1.2) with SMTP id
 229M6Pb9076248;
        Wed, 9 Mar 2022 22:10:04 GMT
Received: from nam10-bn7-obe.outbound.protection.outlook.com
 (mail-bn7nam10lp2106.outbound.protection.outlook.com [104.47.70.106])
        by userp3030.oracle.com with ESMTP id 3ekvyw6x88-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:03 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=SI5Hoh8aDSb0Z8aGf7T1U1kDMoMJoV4HCWtHEFpVMQP82LNiD7awJiPQjEF/TMAkIrarMjLM9X5qbvbs6Q/iJ5E5mk+NlRVDhBw2ygL19t30PByZe8cdTo52Xuy3R8O+2se7TKmw5ZwDr7QNhqpE5S0gPrSVRatECYxmQTgnuASn7KbIv3F/aZpz3LYlLkrX0Qmwct9KE8huKNPitcCl4gruVLdw4aYEgjM8B6U5PTZoydw17AV0uM0f9DyAOt8crYVEorpd8vnz61/RarBcU+ZO3Hx5w1Tu1LW8mFvckx/kcUxvh9Z/rs+vZW5X5GKIrG21Ns2o7A8lhQL2b5PWPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=rnCiA9rRkTMfW6osRF4fhz5Mw4VzlRtn338PAVBlhS4=;
 b=AL2XxlAeN0Mfj9fAgmczyRrdtjwD3vHKQjGQvp5TqYwzTdoYhOowrqimos/pp67JRkvjgCos004uldiYZSF1Cpw7zqa1ISqNjHK1yxcAl9HbIE92703wbeJgtIadjkjig+Sokxlw/y50dLuOMwYaN5FJ7TtG+ceRn4YrF0hlJf730AaNZXdfkoGE/IUxqBnDq5rtLehfflZtEhtcQio/dLZc3RRBIsXmrET3VOmhj2uh7OQ+9HAkEqoBGxe9hCjJsNIdFnmJrhCudRJuJ20RzBFay+sOsjtKPGZERmGYq2tJOi5EiDhd14oytdJSFK1aPy38KhHreav2mGkBsp6+LQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=rnCiA9rRkTMfW6osRF4fhz5Mw4VzlRtn338PAVBlhS4=;
 b=qyLsBrUvbsbc76PoHQulR6Wp3tDrYbgbX17GHymVUT6lqef9XixO+bYr5eD7myJ8X28QlJCrU8wGM0bH0U1lzp40BW0XMpAZ2JXvb25zXf396atz3mHdIEaIUWLe7lwhKigEgBMXXe6L3GCIZ7XHwADstvSQJiS91aPuiu+kDdk=
Received: from SA1PR10MB5866.namprd10.prod.outlook.com (2603:10b6:806:22b::19)
 by SN4PR10MB5560.namprd10.prod.outlook.com (2603:10b6:806:203::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.17; Wed, 9 Mar
 2022 22:10:01 +0000
Received: from SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702]) by SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702%4]) with mapi id 15.20.5061.021; Wed, 9 Mar 2022
 22:10:01 +0000
From: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org,
        x86@kernel.org, linux-kernel@vger.kernel.org
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
        kirill.shutemov@linux.intel.com, hpa@zytor.com,
        pbonzini@redhat.com, seanjc@google.com, srutherford@google.com,
        ashish.kalra@amd.com, darren.kenny@oracle.com,
        venu.busireddy@oracle.com, boris.ostrovsky@oracle.com,
        alejandro.j.jimenez@oracle.com
Subject: [RFC 1/3] x86: Expose Secure Memory Encryption capabilities in sysfs
Date: Wed,  9 Mar 2022 17:06:06 -0500
Message-Id: <20220309220608.16844-2-alejandro.j.jimenez@oracle.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
References: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: BY5PR04CA0015.namprd04.prod.outlook.com
 (2603:10b6:a03:1d0::25) To SA1PR10MB5866.namprd10.prod.outlook.com
 (2603:10b6:806:22b::19)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: d1023780-1975-4c64-d336-08da02198e43
X-MS-TrafficTypeDiagnostic: SN4PR10MB5560:EE_
X-Microsoft-Antispam-PRVS: 
 <SN4PR10MB55607FAC2D32A9E9A9A16B7AC70A9@SN4PR10MB5560.namprd10.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 eIBebYgwrevlZc7yBNaIbhz5aU7k+0Rz7XRvCNhf9K+LdlGeqboKQqKaUdH8ZcmyKMLvwdG9z8qSiym0N1Fqqsp7/F9CYpYczRb4XefQqCZRy4mJN0CT0l+C/H6prcoyEcI5ZyBzwIqq6teNf56+U7tP8sDPK9DNJwETaMuCJmnQmP1SIZSxPZQvOLB/wNW9zZIDLOC3y3/p51ZbAaOMdlTqeQIfQ631hGTenMaSAbM/1SCm4Wgv82LHHoH2B4dirO443yzb8yKhWfgLdHe73sZPe//uk7JS+N7LWR/1lO2Rxj/dYpQAdQxyhUEIcHA2kSHn1QqX3JPNtkiCe3kMolbTzMlx9rkU606w5LlE058Q6uhEBLLbBVg+28YoUHxj0Nft2Ypm8b25M2XZHJF/MsGQ5A3xzsOYUm9ha1qbQnbdawMuHJAxPPxPvh9Mn7AFyg7v7hRIcNChIu89JbzvituCRLcU1wNxzwQdkDocOeGiw5leHB9cFgeQs02a+8LkNfiBwP0YeuQ6zERWKbgiXINKhq02X7/0p7Yxiw82HiUY8GtSGnFsmNtiALJsuuvksICh5OlDLl8mSGeglSsmtu1B20JGTTn2UMyT4BbqZp19HIVNo5rWscOgTr5+CTHX17tcML25sPV/xBeQjTaE2JfT6qOY+tOHnH6PbyxnlVVrWbLAHP491TM5XSGUgB/fYQl1/bHoYVDmNnFqrI5b9wPv/wMsDaS1b2XWb6zjHJtrsk7DT/tKWQFflVx9Dt2DYLwB/tp8s3IY207KcEd4VR3Q3br3mRFkMsXMjCE29ari8O1FqorzXBsoRlPGff2/
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR10MB5866.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(316002)(8676002)(4326008)(36756003)(86362001)(103116003)(107886003)(186003)(2616005)(1076003)(5660300002)(52116002)(966005)(6506007)(38350700002)(7416002)(66946007)(83380400001)(6486002)(26005)(38100700002)(6512007)(508600001)(30864003)(8936002)(66476007)(66556008)(2906002)(309714004);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?dJfzMkfutQuFEhopymb10KYxUimqX0jlI5oY6yTXoQLxTrI6zzBUUgeCINvK?=
 =?us-ascii?Q?L964jFFXJ+r+7Knfig9u81v9fvggOSXJaEwt/M1ufqQ6SSNj+6EuHXV/Ufbn?=
 =?us-ascii?Q?k0CKqRhfGb5HefMc2FHYywokcdJ5hW9RMJYObRmO2dLnLi8PQBZwFDhp9AAt?=
 =?us-ascii?Q?8uUhTAjyuwrDh5fE67tZzQx+LeWuCwwu+gD/iopXfN7b+Gc430pYlWA9aEkw?=
 =?us-ascii?Q?4Z4epCeR9AP0XqCryV2FFXJCcdwDFYzvycAKaNOSZYAnu11i30jdkiGk/TN0?=
 =?us-ascii?Q?FvaNA3fzDkl+gbqrxfJZ1YNCiHomrsTbKlp30WxeMvldUJXAFUr/71T2kj++?=
 =?us-ascii?Q?sqvFhGX1H7/yS0b7Rdb2BaEGfqMpJa0Bzg0exsD7pNGMmiqyOvze0GK4Kbtz?=
 =?us-ascii?Q?lXUPHY6SmkQS2q79wWVNIyBOhmYrkEkH4odlpptTFcjKofHLyGccaPiLOvKx?=
 =?us-ascii?Q?XdE4v35PDxZ8YlL3VMJ+33aC5PlWZOvPHjmrtvHm2/uMSt5tAC553W94OVGv?=
 =?us-ascii?Q?18thDQ3aU6nrVRPo21yTMbapEIE0ImPUSA6DCKGm50dCy4orLzjidihMo6/e?=
 =?us-ascii?Q?p6NtodpvLvD6wQtT6j/QT2rGv1CbKcURg6MXhiGEJ2wLOAlayC/+NYc2aBGU?=
 =?us-ascii?Q?t2CiM/hyLzFMHtBK/2hY4pageyF+MSFHkev1EJjVVofdKQLB3KkaXRfjUtN2?=
 =?us-ascii?Q?kfKYz7hCwOVldsj+H7bMeA+pwIHB/3A4oT4VAfSiAN90iDwnFy4pwCStLHqS?=
 =?us-ascii?Q?Q3zvddPaWU0b6AyakE8dDtKov32rmFu+i9iH0mSUv+JG8YDvZWftXQhsiVus?=
 =?us-ascii?Q?F5/wJjANYMzdwg4J5aN9yGiNQ2M8akr1E0KpzN7Fgqp7O/l3ok5rkubY/Tub?=
 =?us-ascii?Q?Dn3YJZbGSxv4WPEI/YfTXDcYQ0L46CG+qeR80J06uoMXG5BRTdLje9zK65RN?=
 =?us-ascii?Q?PBdXBsROcIqrsPyQIQfoEhu9Rd12AlDl2jyhLw/gJXJjW1mKxE/ElnlIvWxd?=
 =?us-ascii?Q?5YIB4t5tlNZT3xkFaqcCLileNUHsQNilkCuizd7DpZwj/jsb5OBtvbhO1u4X?=
 =?us-ascii?Q?CA6D/qFH72Az1gZCurj9Jh5b9jas1wUZHcNSWI3PaODjV3QvjBFvxs7MDyc8?=
 =?us-ascii?Q?E/UDOKYmZAC4eC4QUsLJxVBnHilAeOkWKpaBLsJTtzqIfjOQGBNpyGTqOKqG?=
 =?us-ascii?Q?ompEs2DfeqReRcJo3QjnrWTKeucLqLxLESOlUQMQzylwEc2Z6B+51qAjEhut?=
 =?us-ascii?Q?Zgl4iVWV6TEL7Hkn08CTqTUEZp7R4eaqBTFNWjTDOu5qY9PbAOOjRLEjZZjK?=
 =?us-ascii?Q?d3CawjQOeRoDiEy4V4iG5JpIvFrnLHYW3JTg7VTujuTUSMLOKVhWXeuoc1Ii?=
 =?us-ascii?Q?xFp3kp6fUOPAjHKMEvHppmLJeTsx6bMjPtXwL4ZvuO//xS8C8Ey472QRKcNb?=
 =?us-ascii?Q?c/0zaJBcRPHKyw+/C/KkAoqB6e0clDL1j0iozGa2tkvXKSf9LLGHpnU0ZHyT?=
 =?us-ascii?Q?AggwMV9VEWvZ3/aHx5U1ESFkoTvHWG7KqtBG452UawAubiT6sRSOb28PaPlw?=
 =?us-ascii?Q?nVcGNubOTgC8udhhcHSPYC/tCE/bSf/EnzC4YE6ZR73edoUAE4bOLjdWfbJS?=
 =?us-ascii?Q?SlHlhTjtETflexrxJyKDy6yFG07mBOfV85DyEx6z6JRnKoURYR4eFz5vG04+?=
 =?us-ascii?Q?HgPI2g=3D=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d1023780-1975-4c64-d336-08da02198e43
X-MS-Exchange-CrossTenant-AuthSource: SA1PR10MB5866.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2022 22:10:01.2312
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 y0glKdRzjRSmZ7FUTp7Cd48Efa0qerEN61z6rBTykvOM5K6V0vPpFOBW8G2mKXxLSRXGpz3McNX+BsQTspu8pXcxcdDX/9Rk2Mdw3/2uiHg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR10MB5560
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10281
 signatures=692062
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0
 mlxscore=0
 suspectscore=0 bulkscore=0 mlxlogscore=999 adultscore=0 spamscore=0
 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2202240000 definitions=main-2203090111
X-Proofpoint-ORIG-GUID: Lgz4s9sBR8F8vqqHjXb-sjpZN9sF0A1N
X-Proofpoint-GUID: Lgz4s9sBR8F8vqqHjXb-sjpZN9sF0A1N
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

When testing SME behavior, it is useful to determine whether or not SME is
actively being used, or just merely enabled. The distinction between
supported, enabled, and active is provided by the documentation at:

https://www.kernel.org/doc/Documentation/x86/amd-memory-encryption.txt

There are currently no user-space interfaces to determine if SME is active
or not, other than searching dmesg:

$ sudo dmesg | grep -i sme
[    4.275215] AMD Secure Memory Encryption (SME) active

Provide a sysfs interface for a convenient way to display this information.
This patch also provides the framework to easily add entries for other
Confidential Computing features that are currently available e.g. SEV.

Also add documentation describing the new ABI.

Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
 .../ABI/testing/sysfs-kernel-mm-mem-encrypt   |  31 +++
 arch/x86/include/asm/mem_encrypt.h            |   6 +
 arch/x86/mm/mem_encrypt.c                     |  27 +++
 arch/x86/mm/mem_encrypt_amd.c                 | 192 ++++++++++++++++++
 4 files changed, 256 insertions(+)
 create mode 100644 Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt

diff --git a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt b/Docume=
ntation/ABI/testing/sysfs-kernel-mm-mem-encrypt
new file mode 100644
index 000000000000..a53f87f28704
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
@@ -0,0 +1,31 @@
+What:		/sys/kernel/mm/mem_encrypt/
+Date:		March 2022
+KernelVersion:	5.17
+Contact:	Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+Description:	Interface for Secure Memory Encryption capabilities
+
+What:		/sys/kernel/mm/mem_encrypt/c_bit_position
+Date:		March 2022
+KernelVersion:	5.17
+Description:	Bit position of C-bit in a Page Table entries. Setting this b=
it
+		in a PTE indicates that the page is encrypted, causing
+		accesses to that memory to be automatically encrypted and
+		decrypted by the memory controller.
+
+What:		/sys/kernel/mm/mem_encrypt/sme/status
+Date:		March 2022
+KernelVersion:	5.17
+Description:	(Host only) Expose status of SME feature. Valid values are:
+
+		unsupported: Secure Memory Encryption capability is not
+		supported by the processor.
+
+		disabled: Memory encryption has been disabled by
+		System-Configuration Register (SYSCFG) MemEncryptionModeEn bit.
+
+		active: Secure Memory Encryption is supported, enabled, and the
+		kernel is applying encryption bit to page table entries.
+
+		inactive: Secure Memory Encryption is supported, enabled, but
+		the kernel is not applying encryption bit to page table entries
+		(SME mask in kernel is zero).
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_=
encrypt.h
index e2c6f433ed10..48d41cf764ab 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -17,6 +17,8 @@
=20
 #include <asm/bootparam.h>
=20
+struct kobject;
+
 #ifdef CONFIG_AMD_MEM_ENCRYPT
=20
 extern u64 sme_me_mask;
@@ -49,6 +51,8 @@ void __init early_set_mem_enc_dec_hypercall(unsigned long=
 vaddr, int npages,
=20
 void __init mem_encrypt_free_decrypted_mem(void);
=20
+int amd_cc_sysfs_init(struct kobject *parent);
+
 /* Architecture __weak replacement functions */
 void __init mem_encrypt_init(void);
=20
@@ -85,6 +89,8 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int =
npages, bool enc) {}
=20
 static inline void mem_encrypt_free_decrypted_mem(void) { }
=20
+static inline int amd_cc_sysfs_init(struct kobject *parent) { return 0; }
+
 #define __bss_decrypted
=20
 #endif	/* CONFIG_AMD_MEM_ENCRYPT */
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 50d209939c66..f1731faa96de 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -14,6 +14,33 @@
 #include <linux/mem_encrypt.h>
 #include <linux/virtio_config.h>
=20
+/*
+ * Expose the available Confidential Computing features via sysfs interfac=
e.
+ */
+static struct kobject *coco_kobj;
+
+static int __init coco_sysfs_init(void)
+{
+	int err;
+
+	coco_kobj =3D kobject_create_and_add("mem_encrypt", mm_kobj);
+	if (!coco_kobj) {
+		pr_err("Failed to create sysfs directory for CoCo features.\n");
+		return -ENOMEM;
+	}
+
+	/*
+	 * Initialize sysfs entries for CoCo features. Each CPU vendor providing
+	 * features of this type must add a call to initialize relevant entries.
+	 */
+	err =3D amd_cc_sysfs_init(coco_kobj);
+	if (err)
+		kobject_put(coco_kobj);
+
+	return err;
+}
+subsys_initcall(coco_sysfs_init);
+
 /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPT=
ED */
 bool force_dma_unencrypted(struct device *dev)
 {
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 2b2d018ea345..ccd6448042fe 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -34,6 +34,35 @@
=20
 #include "mm_internal.h"
=20
+#define CPUID_MAX_EXTENDED_CAP		0x80000000
+#define AMD_CPUID_ENCRYPTED_MEM		0x8000001f
+
+#define AMD_SME_BIT			BIT(0)
+
+#define CC_ATTR_RO(_name) \
+	static struct kobj_attribute _name##_attr =3D __ATTR_RO(_name)
+
+#define foreach_cc_feature(ccf, feat_list)				\
+	for ((ccf) =3D (feat_list);					\
+		(ccf)->cc_attr_grp;					\
+		(ccf)++)
+
+#define AMD_CC_FEATURE(cc_name, attr_grp, kobj)		\
+{							\
+	.name           =3D cc_name,                      \
+	.cc_attr_grp    =3D &attr_grp,                    \
+	.cc_kobj        =3D kobj,                         \
+}
+
+#define CC_FEATURE_NAME_LEN	32
+
+struct amd_cc_feature {
+	char name[CC_FEATURE_NAME_LEN];
+	/* Specifies the attributes exposed by this cc feature */
+	const struct attribute_group *cc_attr_grp;
+	struct kobject *cc_kobj;
+};
+
 /*
  * Since SME related variables are set early in the boot process they must
  * reside in the .data section so as not to be zeroed out when the .bss
@@ -47,6 +76,169 @@ EXPORT_SYMBOL(sme_me_mask);
 /* Buffer used for early in-place encryption by BSP, no locking needed */
 static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE);
=20
+static u8 cbit_pos;
+static u32 sec_encrypt_support_mask;
+
+static inline bool is_vm(void)
+{
+	return boot_cpu_has(X86_FEATURE_HYPERVISOR);
+}
+
+/*
+ * Initialize and cache values from Memory Encryption Caps CPUID Function.
+ */
+static void encrypted_mem_caps_init(void)
+{
+	u32 eax, ebx, ecx, edx;
+
+	/* Already verified that AMD_CPUID_ENCRYPTED_MEM CPUID exists */
+	cpuid(AMD_CPUID_ENCRYPTED_MEM, &eax, &ebx, &ecx, &edx);
+
+	cbit_pos =3D ebx & 0x3f;
+	sec_encrypt_support_mask =3D eax & AMD_SME_BIT;
+}
+
+/* Verify that memory encryption capabilities are supported */
+static inline bool mem_encrypt_feat_supported(u32 feat_bit)
+{
+	return !!(sec_encrypt_support_mask & feat_bit);
+}
+
+/*
+ * sysfs interface for SME/SEV.
+ * Expose whether the various memory encryption capabilities are
+ * supported/enabled/active.
+ */
+static ssize_t status_show(struct kobject *kobj,
+				struct kobj_attribute *attr, char *buf)
+{
+	if (!mem_encrypt_feat_supported(AMD_SME_BIT))
+		return sysfs_emit(buf, "%s\n", "unsupported");
+
+	/*
+	 * Memory encryption must be enabled in BIOS.
+	 * We can avoid reading MSR_AMD64_SYSCFG MSR to check for
+	 * MemEncryptionModeEn (bit 23) since an earlier call to
+	 * early_detect_mem_encrypt() clears the feature from the CPU
+	 * caps if the bit is not set. It is sufficient to check the
+	 * CPU caps here.
+	 */
+	if (!boot_cpu_has(X86_FEATURE_SME))
+		return sysfs_emit(buf, "%s\n", "disabled");
+
+	return sysfs_emit(buf, "%s\n",
+			!!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT) ?
+			"active" : "inactive");
+
+}
+CC_ATTR_RO(status);
+
+static ssize_t c_bit_position_show(struct kobject *kobj,
+					struct kobj_attribute *attr, char *buf)
+{
+	return sysfs_emit(buf, "%u\n", cbit_pos);
+}
+CC_ATTR_RO(c_bit_position);
+
+static struct attribute *sme_attrs[] =3D {
+	&status_attr.attr,
+	NULL,
+};
+static const struct attribute_group sme_attr_group =3D {
+	.attrs =3D sme_attrs,
+};
+
+/* List of features to be exposed when running as hypervisor host */
+static struct amd_cc_feature host_cc_feat_list[] =3D {
+	AMD_CC_FEATURE("sme", sme_attr_group, NULL),
+	{},
+};
+
+/* List of features to be exposed when running as guest */
+static struct amd_cc_feature guest_cc_feat_list[] =3D {
+	{},
+};
+
+static int cc_sysfs_add_feature(struct amd_cc_feature *ccf,
+				struct kobject *parent)
+{
+	int err;
+
+	ccf->cc_kobj =3D kobject_create_and_add(ccf->name, parent);
+	if (!ccf->cc_kobj) {
+		pr_err("Failed to create %s kobject.\n", ccf->name);
+		return -ENOMEM;
+	}
+
+	err =3D sysfs_create_group(ccf->cc_kobj, ccf->cc_attr_grp);
+	if (err) {
+		pr_err("Failed to register %s group.\n", ccf->name);
+		kobject_put(ccf->cc_kobj);
+		ccf->cc_kobj =3D NULL;
+	}
+	return err;
+}
+
+static void cc_sysfs_remove_features(struct amd_cc_feature *feature_list,
+					struct kobject *parent)
+{
+	struct amd_cc_feature *ccf;
+
+	/* Remove standalone files created for common features */
+	sysfs_remove_file(parent, &c_bit_position_attr.attr);
+
+	foreach_cc_feature(ccf, feature_list) {
+		if (ccf->cc_kobj) {
+			sysfs_remove_group(ccf->cc_kobj,
+						ccf->cc_attr_grp);
+			kobject_put(ccf->cc_kobj);
+		}
+	}
+}
+
+int amd_cc_sysfs_init(struct kobject *parent)
+{
+	int err;
+	struct amd_cc_feature *ccf, *feature_list;
+
+	/*
+	 * Check Encrypted Mem Capabilities CPUID function is available.
+	 * Nothing to do otherwise.
+	 */
+	if (cpuid_eax(CPUID_MAX_EXTENDED_CAP) < AMD_CPUID_ENCRYPTED_MEM)
+		return -EOPNOTSUPP;
+
+	encrypted_mem_caps_init();
+
+	/* C-bit position is common to all AMD CoCo features */
+	err =3D sysfs_create_file(parent, &c_bit_position_attr.attr);
+	if (err) {
+		pr_err("Failed to add entry for %s attribute.\n",
+			c_bit_position_attr.attr.name);
+		return err;
+	}
+	/*
+	 * Not all features or attributes in a feature are relevant to both
+	 * hypervisor hosts and guests (e.g. SME is never available on guests).
+	 * Determine which mode we are running in and register the appropriate
+	 * list of features.
+	 */
+	feature_list =3D is_vm() ? guest_cc_feat_list : host_cc_feat_list;
+
+	foreach_cc_feature(ccf, feature_list) {
+		err =3D cc_sysfs_add_feature(ccf, parent);
+		if (err) {
+			pr_err("Failed to add entry for CoCo feature: %s.\n",
+				ccf->name);
+
+			cc_sysfs_remove_features(feature_list, parent);
+			return err;
+		}
+	}
+
+	return err;
+}
+
 /*
  * This routine does not change the underlying encryption setting of the
  * page(s) that map this memory. It assumes that eventually the memory is
--=20
2.34.1
From nobody Tue Jun 23 06:12:11 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BEA6DC433F5
	for <linux-kernel@archiver.kernel.org>; Wed,  9 Mar 2022 22:12:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238566AbiCIWMx (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 9 Mar 2022 17:12:53 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45910 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238557AbiCIWMt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Mar 2022 17:12:49 -0500
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
 [205.220.165.32])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1873120F4E
        for <linux-kernel@vger.kernel.org>;
 Wed,  9 Mar 2022 14:11:48 -0800 (PST)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
        by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 229Kclxm022212;
        Wed, 9 Mar 2022 22:10:08 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references :
 content-transfer-encoding : content-type : mime-version;
 s=corp-2021-07-09; bh=oRAKl0H0TZNhMdCI+8vB61CbQYLRZvaq+CovkWIIVCA=;
 b=LyX21OyfS9I/wE7d6uwQKPQFBUikE/Ve3NyM4EfJ0ylvLfuGJnlqHed5xxfbmL26VELW
 sJuj2KAkRJbDVOygtkisl25wALhwEIP1iv5VxgBwgAOer6SlaK9BQQezPhRWr1oTMklZ
 y8j7qR3ZnXdg3nZfU5eWPjw6HciMO+yW9hrxC5ESNWl8A+E2Es9nr77iy8js+sslrFjb
 nDcb4dlqXu7S2k4Unn8m4Ml2ysBdmzW7S7aJyWZIU64qIvCS+96M8WvardVsd5Z441qy
 6s8FUj0c1zKyBEId9r6bhrLBvihTKM2U9IzyeXp8Lcz3zJqNeBL+icdAgAuuY5arK+B6 2Q==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71])
        by mx0b-00069f02.pphosted.com with ESMTP id 3ekxf0ugkg-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:08 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1])
        by aserp3030.oracle.com (8.16.1.2/8.16.1.2) with SMTP id
 229M5geo132868;
        Wed, 9 Mar 2022 22:10:07 GMT
Received: from nam10-bn7-obe.outbound.protection.outlook.com
 (mail-bn7nam10lp2107.outbound.protection.outlook.com [104.47.70.107])
        by aserp3030.oracle.com with ESMTP id 3ekwwd28by-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=GLjFsX/ZNrvg8+lynU18llOCurU+fVfBbNMqiP39W+vGeVZhTJBNWe67u7Hd8enUCjHfk2Lt8w94p3dgpxWlPmMFmwAXJ2Qf+r0T0rGJuOl6okQP2H9dzBt2957AOufM8lkfzTxTxnEOR0/9cII9+aMwVZ3d45TcGAhvmDxllk3fMUR4BaD6klf9IzyAGtPvTptNCPS3/JVerWiIv0PtfZu3hWNxMrTYeXUNcj4fQ2asHvoYR1pVRxNNZ4krwS5dnA95/kqvz6hKvgmRE/fyKKEl9lnv29gFSk7l14UjkmBSckurUSrkVsGsNMIsX6vo+TTEOx1bIuo/6i6KEOrTcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=oRAKl0H0TZNhMdCI+8vB61CbQYLRZvaq+CovkWIIVCA=;
 b=nL/ox7baI50FwInNh093Xb0M6dHptCWF26OCn/2o6SqVBhqKdXEFNB2wOTStKkiixyOAg1FG+2xI0e7oMjwEDK4cHu7sk4cIdlxqVanYdazXtA+wKhQxsuCD4wWD6LOmAy9P28HJMYWAtjY0iYQJytUMHL2Isrw+jipdx2jTJr4BmJv1kKWa6yqrA+yzcvx+eWCrxzZWr1lICLHxBLKAQsL2GSbFHmT9+RJ2uKC+sk6De6x3JHqbCm8jqsApJsnM1NMGyG7JqTa1L2yCTPEGGoHK5zyc3giaEt5YB9/Y3h0IkoV9U4h7LXI/2TxIr6ol6WtnpwW0OIkDFxdBdIOw9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=oRAKl0H0TZNhMdCI+8vB61CbQYLRZvaq+CovkWIIVCA=;
 b=JP6CObGUb3r2f2Ofa+J2EIK586NlxgLZtQ0WlOjfFksWn5hfY1UgkAfTf6gUkP43Jh6bVfGj0wr+M7qK/V9EPj9nYpSscPjTbJviH6QBEmeTVdLHbHHzbPSejeXxjl2DNFBWv1CigYlTVHYv6q6yXjt97xezm1HX3aHOxYePrdY=
Received: from SA1PR10MB5866.namprd10.prod.outlook.com (2603:10b6:806:22b::19)
 by SN4PR10MB5560.namprd10.prod.outlook.com (2603:10b6:806:203::9) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.17; Wed, 9 Mar
 2022 22:10:04 +0000
Received: from SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702]) by SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702%4]) with mapi id 15.20.5061.021; Wed, 9 Mar 2022
 22:10:04 +0000
From: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org,
        x86@kernel.org, linux-kernel@vger.kernel.org
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
        kirill.shutemov@linux.intel.com, hpa@zytor.com,
        pbonzini@redhat.com, seanjc@google.com, srutherford@google.com,
        ashish.kalra@amd.com, darren.kenny@oracle.com,
        venu.busireddy@oracle.com, boris.ostrovsky@oracle.com,
        alejandro.j.jimenez@oracle.com
Subject: [RFC 2/3] x86: Expose SEV capabilities in sysfs
Date: Wed,  9 Mar 2022 17:06:07 -0500
Message-Id: <20220309220608.16844-3-alejandro.j.jimenez@oracle.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
References: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: BY5PR04CA0015.namprd04.prod.outlook.com
 (2603:10b6:a03:1d0::25) To SA1PR10MB5866.namprd10.prod.outlook.com
 (2603:10b6:806:22b::19)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7c620303-b0d7-4c56-fbe2-08da02199001
X-MS-TrafficTypeDiagnostic: SN4PR10MB5560:EE_
X-Microsoft-Antispam-PRVS: 
 <SN4PR10MB5560035A7DD9E9B093CA08F7C70A9@SN4PR10MB5560.namprd10.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 LZGVvk1AiTEUlkO5ztgW0mFAeAlqWPeAnt3ixR9qyebj91PyNl0GSVzq0/L0PnFSwb/Ex5EOOCSxPmI+anQMaUQYDYuy5q0XMgnIqVBkEVIyHwbikL5l7OapG1XwOi7husU+BueQcoSSmEHPPB/KQ+z4XmNDVidTOXvyZ5nalA9vX+DtmF2/uhQHJrKRouYGbWhHKZdKuVxl5NlqCT+5Yx0C/SWoZF0mekxtK4U/nGkkpfnsyZiedMeMpYbhXXFh2Dm6i6fPExLjb5TOn2Rk8+59gEEuDhzBTc+vC3cGEfEZrSxdHNattkA4MiKTAdqlj/SPFjiO6G7TDyELUnSy5Mt4U0npvj1kknzkto/iDiA9KjlE2gmRRNtyb7nzWmAJOGgZBURHDZ7L6DQ3dc41nx50/n6u9X8/QzxGeJm/EztKunAcc1yHZMCkoXmL9SKID8lCSK+AgRq8NPD0GXCTqVIxg1vgg3Q41NGqV+iiDtEWZfNo//eec0y5hlsshgdKW9WXvVY6pQeMAqkmfKmcp7gaxUjgzn2udHlotdUcD/aXPFzf0qAizt1Y2WwVVIhzqN5GFK8dzyzkYXNT2pCnCeaCOSVtSWJw7bjkAl43Y1toj1c5ZGtvDRrUexFW4dnhImcmx8I3VHyJU29ktlI/Jaqsm7xPxX8VxoWQznPEvEfhasgqqtv7DUGAZZzlGLkmpqQ37W4Y4I+9AgUHHT5op2m9BiJhxuwsWcKPfML+tH8=
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR10MB5866.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(316002)(8676002)(4326008)(36756003)(86362001)(103116003)(107886003)(186003)(2616005)(1076003)(5660300002)(52116002)(6506007)(38350700002)(7416002)(66946007)(83380400001)(6486002)(26005)(38100700002)(6512007)(508600001)(8936002)(66476007)(66556008)(2906002)(309714004);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?JdkDTm3ylhlxZNqrmre5mNmq6i4MPLwUlN71rGWj5ux5KoAO3AtxQwza6ctq?=
 =?us-ascii?Q?jZmpU7ammb91CtiKiFR0xNdkmnNubySgrYmYo5d+QVMmANsShDxUOwYEYGpO?=
 =?us-ascii?Q?/gZ3jUlH681J0BUo5bwfkzD3TO47hBNLmFT9AU8CEXOBZTbGoJwo6WRK+aVW?=
 =?us-ascii?Q?I2DA0a+pXVcuf3vqatf1qvyhSLhwxgF/G5zUIzuoQFisnMKYc4K//gA6QGVR?=
 =?us-ascii?Q?6C4XAorEohhfacbXOA3eRiOEJo/XFzRzbhY/TUGr/C0WLNPSS/RrXMwG+u82?=
 =?us-ascii?Q?jrkZNafcppV3Y2H5iq0dWLhIGnHuU8+gu6kHKDjAK3lrMD0ER/FcqW7rmUrF?=
 =?us-ascii?Q?pvEnQJGOqdS8VzrIb9V3ZMg8OVAYfPRcIq7FGGwRlQa/GIvhc0e8DidjcxpE?=
 =?us-ascii?Q?KDu3XA2KaOvquduBLsYXyqOwTvpxRs8s/AvxAZIzOrUwsDWveCEgIQN0taIi?=
 =?us-ascii?Q?UBg3ajfN4LyT1lgU/C1elS171ScA+2RKz1KCxTUt2Ad+1Y7/hX0P+upEhXk6?=
 =?us-ascii?Q?SxyeJAVoq2Re/DGysUDnMtwpuaw7mmCxvXbHj6e8CrYg93l76azdNKgu8xj8?=
 =?us-ascii?Q?9o9vCSZDYsmdoZNyfUzMgUXZrfvOZAUeds9gTFYK8raAIAIqLzO2sfeb9T7d?=
 =?us-ascii?Q?G0mdUNV53U2jsC8OF/6uUP6F4haGKdnrGuAJp/q+IAdXvXtaN/qwveqei5vj?=
 =?us-ascii?Q?P0czxRLsc5lTFpVOXMC50X9M8v1hi7YIAZZPSItPtKXGsvpi+RJzfwdLUgpi?=
 =?us-ascii?Q?Xp/zb4L+dSUSjK7+z3o1ykXCWStBMYNTQL+ePUuBVZv5Ax9Cp75opOHrGkGx?=
 =?us-ascii?Q?dGgs0WT0Od28GjIGlUBRRI38h/X2qslhMdFUAcWyq60+G8eEtCp898uTe2Ca?=
 =?us-ascii?Q?Uo/HAK4vJoF87RAk3i99PDyfJftJ+El89wBFbcWezB3aVZP9PSMj2+wYR8qm?=
 =?us-ascii?Q?l6Dhd/B1ew2Wn8YnBga1sv79Ey9GHKrQBohymEIJM5PDXbxgV5mg9OM5Bjrz?=
 =?us-ascii?Q?Hy+11f9ecScrFJHx54lZG+GLy54wRx2qqf5jj5vr5sCuv694lnukOHS4xsZJ?=
 =?us-ascii?Q?bn8ZnYysM02IvJ4ziRXjN/ZoGZ7jkAct1L6W46oOC4jgMlb5Oy86AKQBE1gz?=
 =?us-ascii?Q?SREKj+s1igc54TYqknHoMmTJTP3jVycA9iRHZWJs3AXgo25EIE2SbwGbRzjA?=
 =?us-ascii?Q?FkVsM6/T+JyjISqa6CwOmvM527VC1U3egjH2fioBU5bWO7oO/OVxltwPAkYR?=
 =?us-ascii?Q?Bbi3xQ33Cd5/QITkGiDzqYazZsXVzaCF+vfGAU0E2lgZWOA4BvenNKmdxjG7?=
 =?us-ascii?Q?lVOQt7lYK+fpkbEoCGKx9PNKcQ+WYY5WJ8rod7z/t870gMlg4pvZww0+oSLi?=
 =?us-ascii?Q?xqSlIjsYKFj0jLOunf48o8IlnMevozCaUp4htH38dD+wt+gHiC6c8G63f8cE?=
 =?us-ascii?Q?uUohqU36gF6UsKKPdLLaXiB1Q+ba5A4RMUiAtHy3cDqYx8ubg762fC+3iILZ?=
 =?us-ascii?Q?d7zesZSRTx9VedfBvRVCRjoeV4IGxLM06nRd9Z5FzQw1wioRl+Hy5N7pcpwn?=
 =?us-ascii?Q?4bqbuY80i/53DwrmEXrWV8EuQuw3z3uL5XANwk4bthk3uagOWCuCiYRLmcKb?=
 =?us-ascii?Q?XT7MbRhcyYeuBraEjUGHefplFl/76C+2TicDhu0+IHhO2NrC2qDw/Vf6wTJL?=
 =?us-ascii?Q?ChalkA=3D=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7c620303-b0d7-4c56-fbe2-08da02199001
X-MS-Exchange-CrossTenant-AuthSource: SA1PR10MB5866.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2022 22:10:04.1239
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 35Fg6NEo/NVbSTTFDosXbBd8lOPow+9YgkwxYIT51zTc0vZBkwUu++Bie+csss0IPLQJnfP9RFD12+rFeAjrNv8DUku8nAcC02LaDX3iHmE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR10MB5560
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10281
 signatures=692062
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999
 spamscore=0
 phishscore=0 bulkscore=0 adultscore=0 malwarescore=0 suspectscore=0
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2202240000 definitions=main-2203090111
X-Proofpoint-ORIG-GUID: iZuVj_WW4QMJZMTycOHM7-sfLEIMx1gk
X-Proofpoint-GUID: iZuVj_WW4QMJZMTycOHM7-sfLEIMx1gk
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Expose the state of the SEV feature via the new sysfs interface. Document
the new ABI.

Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
 .../ABI/testing/sysfs-kernel-mm-mem-encrypt   |  31 +++++
 arch/x86/mm/mem_encrypt_amd.c                 | 106 ++++++++++++++++--
 2 files changed, 129 insertions(+), 8 deletions(-)

diff --git a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt b/Docume=
ntation/ABI/testing/sysfs-kernel-mm-mem-encrypt
index a53f87f28704..68a932d4540b 100644
--- a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
+++ b/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
@@ -29,3 +29,34 @@ Description:	(Host only) Expose status of SME feature. V=
alid values are:
 		inactive: Secure Memory Encryption is supported, enabled, but
 		the kernel is not applying encryption bit to page table entries
 		(SME mask in kernel is zero).
+
+What:		/sys/kernel/mm/mem_encrypt/sev/status
+Date:		March 2022
+KernelVersion:	5.17
+Description:	Expose status of sev feature. Valid values are:
+
+		unsupported: Secure Encrypted Virtualization capability is not
+		supported by the processor.
+
+		enabled (Host only): Hypervisor host capable of running SEV
+		guests.
+
+		disabled (Host only): Memory encryption has been disabled by
+		System-Configuration Register (SYSCFG) MemEncryptionModeEn bit.
+
+		active (Guest only): Running in virtual machine with encrypted
+		code and data.
+
+		inactive (Guest only): Running in unencrypted virtual machine.
+
+What:		/sys/kernel/mm/mem_encrypt/sev/nr_asid_available
+Date:		March 2022
+KernelVersion:	5.17
+Description:	(Host only) Total number of ASIDs available for encrypted
+		guests. Number of encrypted guests supported simultaneously.
+
+What:		/sys/kernel/mm/mem_encrypt/sev/nr_sev_asid
+Date:		March 2022
+KernelVersion:	5.17
+Description:	(Host only) Number of ASIDs available for SEV guests with
+		SEV-ES disabled.
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index ccd6448042fe..86979e0e26c7 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -38,6 +38,7 @@
 #define AMD_CPUID_ENCRYPTED_MEM		0x8000001f
=20
 #define AMD_SME_BIT			BIT(0)
+#define AMD_SEV_BIT			BIT(1)
=20
 #define CC_ATTR_RO(_name) \
 	static struct kobj_attribute _name##_attr =3D __ATTR_RO(_name)
@@ -78,6 +79,8 @@ static char sme_early_buffer[PAGE_SIZE] __initdata __alig=
ned(PAGE_SIZE);
=20
 static u8 cbit_pos;
 static u32 sec_encrypt_support_mask;
+static u32 max_sev_asid;
+static u32 min_sev_asid;
=20
 static inline bool is_vm(void)
 {
@@ -95,7 +98,10 @@ static void encrypted_mem_caps_init(void)
 	cpuid(AMD_CPUID_ENCRYPTED_MEM, &eax, &ebx, &ecx, &edx);
=20
 	cbit_pos =3D ebx & 0x3f;
-	sec_encrypt_support_mask =3D eax & AMD_SME_BIT;
+	sec_encrypt_support_mask =3D eax & (AMD_SME_BIT | AMD_SEV_BIT);
+
+	max_sev_asid =3D ecx;
+	min_sev_asid =3D edx;
 }
=20
 /* Verify that memory encryption capabilities are supported */
@@ -104,13 +110,7 @@ static inline bool mem_encrypt_feat_supported(u32 feat=
_bit)
 	return !!(sec_encrypt_support_mask & feat_bit);
 }
=20
-/*
- * sysfs interface for SME/SEV.
- * Expose whether the various memory encryption capabilities are
- * supported/enabled/active.
- */
-static ssize_t status_show(struct kobject *kobj,
-				struct kobj_attribute *attr, char *buf)
+static inline ssize_t sme_status_show(char *buf)
 {
 	if (!mem_encrypt_feat_supported(AMD_SME_BIT))
 		return sysfs_emit(buf, "%s\n", "unsupported");
@@ -129,7 +129,58 @@ static ssize_t status_show(struct kobject *kobj,
 	return sysfs_emit(buf, "%s\n",
 			!!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT) ?
 			"active" : "inactive");
+}
+
+static inline ssize_t sev_status_show(u32 feat_bit, u32 feat_cap,
+					enum cc_attr encrypt_attr, char *buf)
+{
+	if (!mem_encrypt_feat_supported(feat_bit))
+		return sysfs_emit(buf, "%s\n", "unsupported");
+
+	if (!is_vm()) {
+		/*
+		 * When in a host, we can avoid reading MSR_AMD64_SYSCFG MSR to
+		 * check for MemEncryptionModeEn (bit 23) since an earlier call
+		 * to early_detect_mem_encrypt() clears the feature from the
+		 * CPU caps if the bit is not set. So it is sufficient to check
+		 * the CPU caps here.
+		 */
+		return sysfs_emit(buf, "%s\n", !!boot_cpu_has(feat_cap) ?
+				"enabled" : "disabled");
+	} else {
+		/*
+		 * When in a guest, we cannot check MemEncryptionModeEn(bit 23)
+		 * since KVM currently masks off MSR_AMD64_SYSCFG. Use the
+		 * cc_platform_has() API which uses the SEV_STATUS MSR to
+		 * determine if the feature is active.
+		 */
+		return sysfs_emit(buf, "%s\n",
+				!!cc_platform_has(encrypt_attr) ?
+				"active" : "inactive");
+	}
+}
+
+/*
+ * sysfs interface for SME/SEV.
+ * Expose whether the various memory encryption capabilities are
+ * supported/enabled/active.
+ */
+static ssize_t status_show(struct kobject *kobj,
+				struct kobj_attribute *attr, char *buf)
+{
+	if (!strcmp(kobj->name, "sme")) {
+		return sme_status_show(buf);
+
+	} else if (!strcmp(kobj->name, "sev")) {
+		return sev_status_show(AMD_SEV_BIT, X86_FEATURE_SEV,
+					CC_ATTR_GUEST_MEM_ENCRYPT, buf);
+	}
=20
+	/*
+	 * The checks above must cover all of the possible CoCo features that
+	 * have the status attribute.
+	 */
+	return -1;
 }
 CC_ATTR_RO(status);
=20
@@ -140,6 +191,25 @@ static ssize_t c_bit_position_show(struct kobject *kob=
j,
 }
 CC_ATTR_RO(c_bit_position);
=20
+static ssize_t nr_asid_available_show(struct kobject *kobj,
+					struct kobj_attribute *attr, char *buf)
+{
+	return sysfs_emit(buf, "%u\n", max_sev_asid);
+}
+CC_ATTR_RO(nr_asid_available);
+
+static ssize_t nr_sev_asid_show(struct kobject *kobj,
+				struct kobj_attribute *attr, char *buf)
+{
+	u32 nr_sev_asid =3D 0;
+
+	if (max_sev_asid)
+		nr_sev_asid =3D max_sev_asid - min_sev_asid + 1;
+
+	return sysfs_emit(buf, "%u\n", nr_sev_asid);
+}
+CC_ATTR_RO(nr_sev_asid);
+
 static struct attribute *sme_attrs[] =3D {
 	&status_attr.attr,
 	NULL,
@@ -148,14 +218,34 @@ static const struct attribute_group sme_attr_group =
=3D {
 	.attrs =3D sme_attrs,
 };
=20
+static struct attribute *sev_host_attrs[] =3D {
+	&status_attr.attr,
+	&nr_asid_available_attr.attr,
+	&nr_sev_asid_attr.attr,
+	NULL,
+};
+static const struct attribute_group sev_host_attr_group =3D {
+	.attrs =3D sev_host_attrs,
+};
+
+static struct attribute *sev_guest_attrs[] =3D {
+	&status_attr.attr,
+	NULL,
+};
+static const struct attribute_group sev_guest_attr_group =3D {
+	.attrs =3D sev_guest_attrs,
+};
+
 /* List of features to be exposed when running as hypervisor host */
 static struct amd_cc_feature host_cc_feat_list[] =3D {
 	AMD_CC_FEATURE("sme", sme_attr_group, NULL),
+	AMD_CC_FEATURE("sev", sev_host_attr_group, NULL),
 	{},
 };
=20
 /* List of features to be exposed when running as guest */
 static struct amd_cc_feature guest_cc_feat_list[] =3D {
+	AMD_CC_FEATURE("sev", sev_guest_attr_group, NULL),
 	{},
 };
=20
--=20
2.34.1
From nobody Tue Jun 23 06:12:11 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 92AE2C433F5
	for <linux-kernel@archiver.kernel.org>; Wed,  9 Mar 2022 22:10:46 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238536AbiCIWLo (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Wed, 9 Mar 2022 17:11:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44706 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238526AbiCIWLm (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Mar 2022 17:11:42 -0500
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
 [205.220.165.32])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16836120E9E
        for <linux-kernel@vger.kernel.org>;
 Wed,  9 Mar 2022 14:10:43 -0800 (PST)
Received: from pps.filterd (m0246629.ppops.net [127.0.0.1])
        by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 229Kd9OT022976;
        Wed, 9 Mar 2022 22:10:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references :
 content-transfer-encoding : content-type : mime-version;
 s=corp-2021-07-09; bh=5UTdP0HIaDKrwOQIyNmOaNJemcSZtyoVpIkXrdol39s=;
 b=BH02WDiG/16/0SdsxpityJfGXgneYJkanS64xYXyH6J9FMixKNjILwP/2QjKWEwBk9AY
 jKewEpE6wvboUW/spTDJrqDW13Lfomq8TmWedr9V/EddhK9iSxqaU2VeFQh7T8J0CVgY
 MUJDV6LP2BMTsLjCuvBnWtTxbRvW07MM2dnYqrrzozvhoxdhvXzPHQETJ5hmVECa8GKk
 +jOn1pGoKDlg8tejMh8chPZf/TXl6xRV0A0Xcp5qJSuuTA/cBheIM0+zzXcOCWMJpoRl
 NdVPL8RWr9gfwEFyZEhpRhwvTsPl88Qb8DvwTHM7LII167A7A88xf0IislP0BeadC03b Lw==
Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70])
        by mx0b-00069f02.pphosted.com with ESMTP id 3ekyrau1w2-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:11 +0000
Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1])
        by aserp3020.oracle.com (8.16.1.2/8.16.1.2) with SMTP id
 229M5EaQ067926;
        Wed, 9 Mar 2022 22:10:10 GMT
Received: from nam11-co1-obe.outbound.protection.outlook.com
 (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177])
        by aserp3020.oracle.com with ESMTP id 3ekyp36srk-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Wed, 09 Mar 2022 22:10:09 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=odtP8gqsbA4PhkQj9avC9Y8vpzJA82WR9diEHw4MN0/1XAl9IO4/A2eMjlMvaSx6NXxwfTO3EZSeC6meks8oAkvM70fodzap74A3n+qXJlb82ExBQRaGJ1ldHvQxScV37KVXjCslooOQrBekVVucSdc6N5pgKRm1/jhSUJr/fF/IJMPzj5awqyhfrW7YhWb4l3ymVVgjccKjv51Q0CI898a0oa1WGsOp/mif6afs3w7yUvx/fbaETwhq/mB7ThN1AjYjCTepiTdhxpenhAYQrAEByUGkDVu8F/QgM3I4HGiqSIqI95KCxu/v1YIe8SZZj/mwq7T/0SWpPHHWcic6vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=5UTdP0HIaDKrwOQIyNmOaNJemcSZtyoVpIkXrdol39s=;
 b=hV4xhNz5uMLRWQj1TUQcX6RgJJNwnDdagggZIrMj/AVl2c12VgsgyuScBZycP4I+rDmaCIWTMkWX1k7w0OPfkC0S6AR2JcJHHIVNSLDFdqLNJ5Uz/iLDaQRrN8lnaLnq/jMjd3M5znV2TEmt1x8iW2gZfYMygyHwp51Lph9FDMLEKOUe3fQ1JK+YnOk3ciQtcJf0joZpiy1rkkDhfv2OPq2vRCXIBPEXNxrwE+iacJicfWJsHPWzEvnhNdSKWTzmSDZEzg/9rqF0DSg79m5fXtYJyfC211GvuzL/yJ3/qD3zsEznxsz6Ej6Gp6FeYb/sXdD/AMfmMlSTiQbudi3FvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=5UTdP0HIaDKrwOQIyNmOaNJemcSZtyoVpIkXrdol39s=;
 b=w515qnmlEqudzdOEBUdqnpImAkLFfwVOLXfCGNGCqntvLT6f+idUpHUv2JitDgvCRgjBCvx7JALVIuS/QBG+fMJ94hmfWe7GX8fu39N3QY56fZsM5Thha/SZ8JDtKb4JwlvnEUtSxDyebUz99EsYsvzlYdGuuSFm+94v1AkEzxQ=
Received: from SA1PR10MB5866.namprd10.prod.outlook.com (2603:10b6:806:22b::19)
 by CY4PR10MB1639.namprd10.prod.outlook.com (2603:10b6:910:b::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.16; Wed, 9 Mar
 2022 22:10:07 +0000
Received: from SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702]) by SA1PR10MB5866.namprd10.prod.outlook.com
 ([fe80::e82a:9be1:793c:1702%4]) with mapi id 15.20.5061.021; Wed, 9 Mar 2022
 22:10:07 +0000
From: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@linux.intel.com, luto@kernel.org, peterz@infradead.org,
        x86@kernel.org, linux-kernel@vger.kernel.org
Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com,
        kirill.shutemov@linux.intel.com, hpa@zytor.com,
        pbonzini@redhat.com, seanjc@google.com, srutherford@google.com,
        ashish.kalra@amd.com, darren.kenny@oracle.com,
        venu.busireddy@oracle.com, boris.ostrovsky@oracle.com,
        alejandro.j.jimenez@oracle.com
Subject: [RFC 3/3] x86: Expose SEV-ES capabilities in sysfs
Date: Wed,  9 Mar 2022 17:06:08 -0500
Message-Id: <20220309220608.16844-4-alejandro.j.jimenez@oracle.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
References: <20220309220608.16844-1-alejandro.j.jimenez@oracle.com>
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: BY5PR04CA0015.namprd04.prod.outlook.com
 (2603:10b6:a03:1d0::25) To SA1PR10MB5866.namprd10.prod.outlook.com
 (2603:10b6:806:22b::19)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 49d5d547-09b9-48fb-6164-08da021991bd
X-MS-TrafficTypeDiagnostic: CY4PR10MB1639:EE_
X-Microsoft-Antispam-PRVS: 
 <CY4PR10MB1639D298CF44E8D270F9D044C70A9@CY4PR10MB1639.namprd10.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 WwHP974gR1Bpwpvz9VhGXF6yjP0MXShEbyYOUtlGYo6ekt0YDEFz+2wKJ+bw3rFxJvypPL4yL38yXUWm8K2+H9uH2Sm8UZlX0ls21AYJ3kqlg66fucNwm1TC7blbmd/yFI1Tf6oY6g3iGgeBIRftEMlzKhZC6ksJdntBWMhtG8Fkm0Dn5knt2m2ilaJWxdOfmGraoWziJRkzDByscR6mklMEaJIRDY/CUwFVD2ti2GvWTxNI2KWClEGdFM7lcpGw9tRr/rmVFb7Y+ASIXdF81KD381VNMdrwQXrhgk4rRdvii4aulIK8JpzoWcHi1IwBTii3OlR7xvoxUEtL54pjbuzenNKECXz9hpplSPQkAq7lrHqsfjWGoXiHsExXAaZ6T5dATY9OwEUlqnflxhb2DzWoTHiIfrHAVAwoE2fKOpSRKmyITpZkNFZUjgu1i/OVpxRjYyPJNquAKjZjjG+kdKRbjUaSxSwcgHptkV/UaQv8VmnQ7BLqLneT31GwSUC4abt0IDbeY3P+C4bqvbm/KbI6hFJ0ECw6Ktsm5stX1ncD/OM/gXjd5vTMHhhrr2UNkFeyDcmCQuoUsbwE9nHy/Vb0tI402RWCLEstbHxwJxPDeH5xOuAOfWvYvnaGm6Glc/9OLvtMxW6PtX78VHuP1CBh076OuzQHu8M/A2L1uxuFhNeEiqKBqAiO/WBtA7jwt+100FBIUVNFi5N+AzqSug==
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR10MB5866.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(66946007)(4326008)(2906002)(103116003)(66476007)(66556008)(8676002)(5660300002)(1076003)(508600001)(316002)(8936002)(7416002)(38350700002)(38100700002)(52116002)(6486002)(36756003)(86362001)(186003)(107886003)(6512007)(6506007)(2616005)(26005)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?sFobs9c05FXAtL4j7LcGxurHSnlie3n71K19KcRIJ29V+O1r1ES+Ds3lqg89?=
 =?us-ascii?Q?U131YgI/Zk5lR3IRfzrt2UC2MQH/gRobkIdesh+mDnURrQV48kkDmg8ar9yK?=
 =?us-ascii?Q?tELZvHqTxfebUo0L1WdMmh5Ln7dzXK5UZNy7VxVQWUbVgwwRFVJ/Pvei9ISL?=
 =?us-ascii?Q?2Fnb/haUHLYS1Hvp9eERfc+bx9xZ7kjzBa9BugzFw5XWEwZ5T9F/qNY2z7SK?=
 =?us-ascii?Q?3rN86iMWdwZ4/x8WOva8piCFi+KkCDiDvluJj/0gIDam44pGNwmdNymfF7jX?=
 =?us-ascii?Q?mNRELYzddbwIFMGdPtmwL/GmutpI2ipDdae78NSslBk6/iUuNq2iLSGldkhz?=
 =?us-ascii?Q?qg9gcWL1vzTtvdBc7bRAiIirkxEIpmWde+4YObNUp/8vcY4+w6XWv1yPPi4t?=
 =?us-ascii?Q?AkxiK0pIbPHpOGaBksfOAMybCFq3d2i+rc5hmfCCRSvJMV4RBoHunWm/D9xk?=
 =?us-ascii?Q?0N2xQ87sG2q1tRg4OnzsOo051hWZNCmGrqJubD1DKszoSudkwOVGqUIih0pP?=
 =?us-ascii?Q?+uTBaHQV8oXDFwCK0/3JZ5CBczuL/q3AbqMWnz/8hcoWZCMmQUqCLedsPr0s?=
 =?us-ascii?Q?+BR++fXJVK5mftfDkkckuI7sTwCZzB7X4kW3vn7O+ZRPQy9M8ILmJlywMG0S?=
 =?us-ascii?Q?lz6TWMem5LP/8TLHUwaACtIQAHcGkynyNw0N+I3bc0eSONv0zS8nH4L+YH+z?=
 =?us-ascii?Q?EFmlYwqahaxi8pSm/jKoxFCwYSuLr89IX2K0+19u4QvcU5KNfEg/3JNzvkKs?=
 =?us-ascii?Q?mgVR/Hq+5yD1JxZ76b5PwFM3h5ptPwkPYgvkmg5KCxDyqIqxHoIqM1lUqlX9?=
 =?us-ascii?Q?WGSGRAkgoFxzdMBeFmmBXj018SF5Igr4/Fc7Q4M/1GwR3UB9sDWtMc/Tuymx?=
 =?us-ascii?Q?lNfmyP/pR45K81UvQsIp6U/ErubXMNCKk2d9bMzOiZO2gZ+j2jWCwV65THPN?=
 =?us-ascii?Q?bi6fDOLiDWFB+zmbeCMIXMuzEDATAbvbGmuOv4FIzzXJGUWjT5htf6DWr8EU?=
 =?us-ascii?Q?z+QGywJA4yqiPDffjPUcmNCnYEtKS1ofynfEqB3VZDf3aAJwAvNC6OwhMBuy?=
 =?us-ascii?Q?s+3WwO4p3g/dvrioA7hxSd1a8RdbgC6RrwFmoqnd3eMACjCA4+sV1ZZNgqGN?=
 =?us-ascii?Q?hzgMhzbsra6S/O+xeAlONoy6RzqZiwpwfj81m0UVX9Xsco9Mwzfk/c62dOUv?=
 =?us-ascii?Q?3C1BoYbMFfJ/12bi1gF7QpATFsrRaWGE8xLfi8PEItVXuNfzqHloNIDPR8L1?=
 =?us-ascii?Q?RXgYN9dbaEaQLvs4WR/3SGBSYEDUmjRNAlWBGFodh7vmUmwQEW1J0A7cp6DL?=
 =?us-ascii?Q?n9Hahkz7R4XgdEAmOb/aGm+VrGwBKiKSeo0R0bETc31EFh+WXaZnYNy/bYHg?=
 =?us-ascii?Q?0nkXddqgO1GWbmW8HUP8PPvfOQyRYk629zdRUrchho+bY5qjSYNMLga4BSAJ?=
 =?us-ascii?Q?lOgvdW6rWBqJlsSijYqMWj03qTgtxluW2uK2yBbNvLV9CwbCLy4k79TswLj9?=
 =?us-ascii?Q?9LNe4ko/KxaiEz5dfGc/VGCunlUaaTqqX9ZWr4iIibFFme2kxKDpeudj7N6G?=
 =?us-ascii?Q?4YLuXyn5Iq9hPv/EetMe1YWzDwxzi4YqnHdkN33P9hUOAmeDEOXqtv8idc/3?=
 =?us-ascii?Q?uq770c7ol3+5/snWW10QY/MklPkkVXp/8yeuOQ0hH1x01fef4RVq6fLlZ0nw?=
 =?us-ascii?Q?qbTP0Q=3D=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 49d5d547-09b9-48fb-6164-08da021991bd
X-MS-Exchange-CrossTenant-AuthSource: SA1PR10MB5866.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2022 22:10:07.0297
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 0dJ2XDyupz7HMBO4vKgr91tMo9soxZQKxH5UUbEu5OeX9nIB3+dW0SMxz328fY4hqHI6M4AncP74daRpB4loRIPl8H9fpG71TK4FFL9ZNcQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR10MB1639
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10281
 signatures=692062
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
 phishscore=0 mlxscore=0
 bulkscore=0 mlxlogscore=999 spamscore=0 adultscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000
 definitions=main-2203090111
X-Proofpoint-GUID: 5zitXrpuhG_CzNuIAl72TDrey_IrVgM-
X-Proofpoint-ORIG-GUID: 5zitXrpuhG_CzNuIAl72TDrey_IrVgM-
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="utf-8"

Expose the state of the SEV-ES feature via the new sysfs interface.
Document the new ABI.

Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
 .../ABI/testing/sysfs-kernel-mm-mem-encrypt   | 28 ++++++++++++-
 arch/x86/mm/mem_encrypt_amd.c                 | 40 ++++++++++++++++++-
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt b/Docume=
ntation/ABI/testing/sysfs-kernel-mm-mem-encrypt
index 68a932d4540b..ecd491c0a7bd 100644
--- a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
+++ b/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
@@ -49,7 +49,7 @@ Description:	Expose status of sev feature. Valid values a=
re:
=20
 		inactive (Guest only): Running in unencrypted virtual machine.
=20
-What:		/sys/kernel/mm/mem_encrypt/sev/nr_asid_available
+What:		/sys/kernel/mm/mem_encrypt/{sev,sev_es}/nr_asid_available
 Date:		March 2022
 KernelVersion:	5.17
 Description:	(Host only) Total number of ASIDs available for encrypted
@@ -60,3 +60,29 @@ Date:		March 2022
 KernelVersion:	5.17
 Description:	(Host only) Number of ASIDs available for SEV guests with
 		SEV-ES disabled.
+
+What:		/sys/kernel/mm/mem_encrypt/sev_es/status
+Date:		March 2022
+KernelVersion:	5.17
+Description:	Expose status of sev_es feature. Valid values are:
+
+		unsupported: Secure Encrypted Virtualization with Encrypted
+		State is not supported by the processor.
+
+		enabled (Host only): Hypervisor host capable of running SEV
+		guests.
+
+		disabled (Host only): Memory encryption has been disabled by
+		System-Configuration Register (SYSCFG) MemEncryptionModeEn bit.
+
+		active (Guest only): Running in virtual machine with encrypted
+		code, data, and guest register state.
+
+		inactive (Guest only): Running in virtual machine with
+		unencrypted register state.
+
+What:		/sys/kernel/mm/mem_encrypt/sev_es/nr_sev_es_asid
+Date:		March 2022
+KernelVersion:	5.17
+Description:	(Host only) Number of ASIDs available for SEV guests with SEV-
+		ES enabled.
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 86979e0e26c7..bafc34bf6121 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -39,6 +39,7 @@
=20
 #define AMD_SME_BIT			BIT(0)
 #define AMD_SEV_BIT			BIT(1)
+#define AMD_SEV_ES_BIT			BIT(3)
=20
 #define CC_ATTR_RO(_name) \
 	static struct kobj_attribute _name##_attr =3D __ATTR_RO(_name)
@@ -98,7 +99,8 @@ static void encrypted_mem_caps_init(void)
 	cpuid(AMD_CPUID_ENCRYPTED_MEM, &eax, &ebx, &ecx, &edx);
=20
 	cbit_pos =3D ebx & 0x3f;
-	sec_encrypt_support_mask =3D eax & (AMD_SME_BIT | AMD_SEV_BIT);
+	sec_encrypt_support_mask =3D eax &
+		(AMD_SME_BIT | AMD_SEV_BIT | AMD_SEV_ES_BIT);
=20
 	max_sev_asid =3D ecx;
 	min_sev_asid =3D edx;
@@ -174,6 +176,10 @@ static ssize_t status_show(struct kobject *kobj,
 	} else if (!strcmp(kobj->name, "sev")) {
 		return sev_status_show(AMD_SEV_BIT, X86_FEATURE_SEV,
 					CC_ATTR_GUEST_MEM_ENCRYPT, buf);
+
+	} else if (!strcmp(kobj->name, "sev_es")) {
+		return sev_status_show(AMD_SEV_ES_BIT, X86_FEATURE_SEV_ES,
+					CC_ATTR_GUEST_STATE_ENCRYPT, buf);
 	}
=20
 	/*
@@ -210,6 +216,18 @@ static ssize_t nr_sev_asid_show(struct kobject *kobj,
 }
 CC_ATTR_RO(nr_sev_asid);
=20
+static ssize_t nr_sev_es_asid_show(struct kobject *kobj,
+					struct kobj_attribute *attr, char *buf)
+{
+	unsigned int nr_sev_es_asid =3D 0;
+
+	if (min_sev_asid)
+		nr_sev_es_asid =3D min_sev_asid - 1;
+
+	return sysfs_emit(buf, "%u\n", nr_sev_es_asid);
+}
+CC_ATTR_RO(nr_sev_es_asid);
+
 static struct attribute *sme_attrs[] =3D {
 	&status_attr.attr,
 	NULL,
@@ -236,16 +254,36 @@ static const struct attribute_group sev_guest_attr_gr=
oup =3D {
 	.attrs =3D sev_guest_attrs,
 };
=20
+static struct attribute *sev_es_host_attrs[] =3D {
+	&status_attr.attr,
+	&nr_asid_available_attr.attr,
+	&nr_sev_es_asid_attr.attr,
+	NULL,
+};
+static const struct attribute_group sev_es_host_attr_group =3D {
+	.attrs =3D sev_es_host_attrs,
+};
+
+static struct attribute *sev_es_guest_attrs[] =3D {
+	&status_attr.attr,
+	NULL,
+};
+static const struct attribute_group sev_es_guest_attr_group =3D {
+	.attrs =3D sev_es_guest_attrs,
+};
+
 /* List of features to be exposed when running as hypervisor host */
 static struct amd_cc_feature host_cc_feat_list[] =3D {
 	AMD_CC_FEATURE("sme", sme_attr_group, NULL),
 	AMD_CC_FEATURE("sev", sev_host_attr_group, NULL),
+	AMD_CC_FEATURE("sev_es", sev_es_host_attr_group, NULL),
 	{},
 };
=20
 /* List of features to be exposed when running as guest */
 static struct amd_cc_feature guest_cc_feat_list[] =3D {
 	AMD_CC_FEATURE("sev", sev_guest_attr_group, NULL),
+	AMD_CC_FEATURE("sev_es", sev_es_guest_attr_group, NULL),
 	{},
 };
=20
--=20
2.34.1