From nobody Fri Jun 12 18:33:08 2026 Received: from mail-dy1-f175.google.com (mail-dy1-f175.google.com [74.125.82.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66BBE3E3DB0 for ; Wed, 13 May 2026 09:36:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665004; cv=none; b=Dt7S3Xu3ayRORdqDIJQHB7fZocT8uCd2xc+52yIYEvTw6X7jPTq5bk21WqkmsKnduqeyPv4DSz8ZyHBHBlNmxFDqukcGpbffzOmdNDoGsuNe1PwW88z+/sBBCFTK6qz+ZFXvhs8KbHzGwzeGSR8pJOH9QIJTAhlDYOOfTIjSRaY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665004; c=relaxed/simple; bh=At1gf0Mua3N4YYtHisgY0h9wtx8xtKox/CUCEWQanfk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MVg3itvF2IrpHSxAaQTl2yBvTeI5ELGcjZfdyfCzo8OQq6vsQxDfm/cYbCAt0HLQcVrGOxoav5kycZmKBVVk7Y9DJF4X8uISmExJsc+u5EDmxm9aErhpvGT0naDu6UAfA72stqpa6c2VT+TFzCxSLWhHhlan8CSW6EnKcptYMtU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XcFQx3e5; arc=none smtp.client-ip=74.125.82.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XcFQx3e5" Received: by mail-dy1-f175.google.com with SMTP id 5a478bee46e88-2ef38cf04f0so10083215eec.1 for ; Wed, 13 May 2026 02:36:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778665002; x=1779269802; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7R9QlZtKzGZ9Srh0EOuGXWhWVZA7AopSSa5Bhm29kr0=; b=XcFQx3e5q0pLAya9m7yO0JSyxvUs0/irSrCJgQAuefwfmZ7WsWnUXA6AITwvBcWxRY T8GjxIPVlxlbsndMOmSuyu2q9j5MjGDVGek0GL0SOxkOfJ0vuiwhzDrOHL7O6MJqS7Re kXyHqoLgPo+8oVHQzQ/bVubBeKxv6shglDIBzQ9DAul9Ro64r1MDiML1JSHmdmH+iUX7 c3Nrf3nYUt2YPHBuQpDmO5VHkblAJo5nweXRPQF9vo66ZJPUDzyIAFedIuPlGMQwJlNg uCtL65HjwySB+uXJtCkMGw88Jm9Az8dP4fXF6VNOXxIzWwg6a64s7N4eFr1HaL9As/zc lHdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778665002; x=1779269802; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7R9QlZtKzGZ9Srh0EOuGXWhWVZA7AopSSa5Bhm29kr0=; b=lgDXMZmSEIhLInONoE2lExyEd7d0eBE8l51trYrFxBgzcVPYQtEH2RAjYCODwYDobk 71wDtZZHD41DD3XkoaLKRia+gUXIi+0EXNSY/K6wdLTze3H443IJDvQ+IgPO8RVVtnll c7FIDz6GDrfadSshlG4mm259bqBGXs+5bI2wzDXIV8f79cfDTD5QY6SIuft/mgDQ8qu6 1JF1ZyjPajXpjIbtU5o81QEKCBz6LFXDXMaramSdzhfnd1b7tCtrc67/9hYsvhfY5Mev +J8wRhkyvtc67dJUIB69XeKAPDq8WLgr00uz8ywF/8mepzVTzp5eSVAABK93yWtxNAso TYnA== X-Forwarded-Encrypted: i=1; AFNElJ88FtQdiPKOnS+i13cKuWQP8aFaCQYA9bLKdQ1o00v5nMVnhvlMS1vD2PQ1f6MynmSg+6VgjXsLpTAAsNQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yw0RDWuf3nHieUC9SU+rVbUoBrdCVRFjU4K2T2aw8ky4m926VP9 4AP8S0IP8ModXo7X7p/Ev1ZgWpSDeTfvlCfJT25ehZXAT8gWKbefxBNx X-Gm-Gg: Acq92OFqTJbmkfon00aGG/Wf6eOAoqCm8bFzSryHvNZjpQrcVOC/QhZvnlkZOWWHAF1 CKnQwODrMMo4I2ja0KJYr1aV6oD/XXAFQfgqa+QqwPJEtblQffZwbtcWVdJPcsxNUCycdQ3AOcC BLBsWjVOS7IpJHwpOMFmM8Y05wPcg0riT95r6xqLIsu06dT0vzENreWVvgf90qckWtA/9rIJiEB GcXdGJjdDHWvXJj2Zmo44yfMShOjMX7ZlCuOH6lZ/erSnSGVCq9s1sgo16aebrYBQuV2fdIEPh+ YS0QWkBnekKwX/K43WEo1xIVperN2ZwUi5WhSsnLUDQU7virkB41J+lsTbMQQed+YhQfmUP23pH 6lWLwbQnPBGqVzQ896bg01M9sZYu45iTk5cj9Zw1YRrmc4Q/d2N8/34lweMH2ZsvuGTBLYriJ21 vXnhVvTqQctazL1Fhlwf4Hdowb+Qjq/u4SdMvwdIV8 X-Received: by 2002:a05:693c:2c88:b0:2f5:5dd3:1fd8 with SMTP id 5a478bee46e88-301184afea7mr1772103eec.8.1778665002245; Wed, 13 May 2026 02:36:42 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f8859eb4b7sm22100439eec.2.2026.05.13.02.36.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 02:36:41 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature Date: Wed, 13 May 2026 17:36:29 +0800 Message-Id: <20260513093633.1608334-2-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513093633.1608334-1-ewandevelop@gmail.com> References: <20260513093633.1608334-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin SM2 instruction support to guests via CPUID 0xC0000001 EDX bits 0 (SM2) and 1 (SM2_EN). The SM2 instruction (encoding F2 0F A6 C0) implements the SM2 elliptic-curve public-key cryptography algorithm specified in GM/T 0003-2012; the hardware-level behavior is documented in the Zhaoxin GMI Instruction Set Reference, chapter 1 ("SM2"). The instruction multiplexes its sub-functions on the RDX[5:0] control word: encryption (subsection 1.1), decryption (1.2), signing (1.3), signature verification (1.4), the three key-exchange sub-operations of section 1.5 (1.5.1 SM2 key-pair generation, which the spec also uses for the initiator's ephemeral key; 1.5.2 responder shared-key derivation; 1.5.3 initiator shared-key derivation), and two preprocess steps for identity and message hashing (1.6.1 and 1.6.2). The instruction is user-mode and available in all CPU modes, with no associated MSR control. The SM2 and SM2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for SM2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e69156b54cff..1eb4b88aaa80 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1272,6 +1272,8 @@ void kvm_initialize_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, + F(SM2), + F(SM2_EN), F(XSTORE), F(XSTORE_EN), F(XCRYPT), diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 657f5f743ed9..7b55110cc046 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -76,6 +76,10 @@ #define KVM_X86_FEATURE_TSA_SQ_NO KVM_X86_FEATURE(CPUID_8000_0021_ECX, 1) #define KVM_X86_FEATURE_TSA_L1_NO KVM_X86_FEATURE(CPUID_8000_0021_ECX, 2) =20 +/* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */ +#define X86_FEATURE_SM2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0) +#define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) + struct cpuid_reg { u32 function; u32 index; --=20 2.34.1 From nobody Fri Jun 12 18:33:08 2026 Received: from mail-dy1-f182.google.com (mail-dy1-f182.google.com [74.125.82.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7671F3E9C28 for ; Wed, 13 May 2026 09:36:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665007; cv=none; b=kptrMfP6qPQK9lunGXv2Lh0oelXQirbTy7LN0VPH5MdzlHrT2Ke5Zt63lQbHmT1Xkut8N5KQvBiphmTov8qHg2fXMP9RJEeBaow2CjAGhgcZxLJphYfyw0Ei0xskvTa6TCwQ1u50pqSSpkZ88gxPpQPb6vIf/yZJ+fsda386u/s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665007; c=relaxed/simple; bh=WrAyTmwYSRYTeMp0wl4NRx12Jro3naVKJVOSJpgIEYI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=RYe7Wvqzhc+wa1Y/sNudl0EvqW38nwB/KHn5ZdT/4Ey1rGNNCW1Cy0PU7OxZboPVJ7gEXk2XpyVNOVebVT9p+Os39yCWoOOLjraMzGuZtY56grXDEzjB7p8VjABlVMCq3cfft4TbNcLcBzWAWgXuxNiU6lGYYKZUTTT95/2Q2rs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dbPwVnkt; arc=none smtp.client-ip=74.125.82.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dbPwVnkt" Received: by mail-dy1-f182.google.com with SMTP id 5a478bee46e88-2b4520f6b32so11147845eec.0 for ; Wed, 13 May 2026 02:36:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778665005; x=1779269805; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ERPLFt1DzdQWZj46mxvIXYh6fAkpMfWFMGg+XUXEJ+0=; b=dbPwVnktL2AAU7gfbif19em6/v/Z4clpb4Vv6H77ib02VXRhGqTHeQfSr/64pRnkJO 2xO66YYWtEYfJm88IP+MsdKdBAX0lYaNfBOI6igW8E0hgqBaxmXeB7A+PzH0PSHHaNuG jk+Pv2X+Vy5QxC0RTS8fUKAzcJ1KPw63ogChQ1DPvaB06sNk6xzqMzbQfYhNrzlJ6zmE 7ywp/g6BeX9NSmKUe+nvnTumpNhUenpumTjhEsXTj5nS9RJyoC934gBbYr47WI9AgTxE JEH7BFYGFgYdJ0CW711qKdsRwhi+hxC7lkl/cwJodSjgnglDFcFf6pvS7/tKLB5DOh4s M62g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778665005; x=1779269805; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ERPLFt1DzdQWZj46mxvIXYh6fAkpMfWFMGg+XUXEJ+0=; b=DcmoZUqWAmcYdzrXusI1bbONjmX+59WZkjU3vVJySlKPOdbgeZ12nUbs2yxv2as1O/ 990BwdgunQZBpKLWbOqXHBSX5b+0OUDvheIW9LTDTmbNV95oqPjTB0mXaaLK1lSxfHz5 PAilliAeFzk3XKd68SMmiBKG87VKVkQtXxb1XrfXAAUeBjR+BEy8+8zO47QD4LAFFBe+ /W8ZJBM5TyUTA5W80iOhOjz0tyqCvKmaKz2rvx88AqaiGN8tmJ3KIK4BizPtQ+hQTT7X UbFWrEXH4we4tcm/aIwj37yXtXvUVGr57ZCJ3wfx1di/RkCm105eVTz362LDpq+yj33+ 6Uiw== X-Forwarded-Encrypted: i=1; AFNElJ9OoESKNJsuke4YW7Tufy2UELj6a2ExJdPFa8P/IKkWUkPVU/cyF/k/6RE0UMjGChveHkf5USd1iTRHWaw=@vger.kernel.org X-Gm-Message-State: AOJu0Yx7Hdt8pe3bDhHjGktswzDq0qSr1e/IFFf54npCrYDIe9sXXB+I cLk/cOjA/lwlTlozTWbYLda7dYLDU97CHD7eUISCx5BAR26czp9KYMz0 X-Gm-Gg: Acq92OEFiF9AhpOqV3xlZbeQLNgnmreQuLTe/oZ6TAcjH78PU/X+oLT2qbI795CtlXg fWgLhouBXeXJRpjeWbhkKqr5tGdfCjSaR4dHHTyMqFq/QWYUB8KWMb/WnV2rE78UFozH2eQpTma lXvq7pUvWSUmGUrdS7MND70My935Qbjbbqp9i71eFN1wFSb3nvild0IbaGj2qraqye1eoGJc5K3 K59Qwx+prOETREuAflLc83wbt3Y5SdXJ7mqq4dvoqrX+uxx9dBj/9HaeFSF++MR3gTlknc+Nk8P KtVk/Ndbtbhaald1wgKSs8PhQNOc/rzB8dPQAxEFkcc99jdVPHYhmmgXN9wdmhXRxHzb2GTs81J 1P5XErutJQ42qOLJLhLjPa3QXDGqEENaT0UKexryQWYfsk0mCqqVx67mshZ4/Wba52lPJ4qTOzb OROcruf5vpm/KR5QeoqZZ1w705Xim5C3HJ2CHoUiOe X-Received: by 2002:a05:7301:1288:b0:2e1:e3e6:2909 with SMTP id 5a478bee46e88-3015468e76bmr1005616eec.9.1778665005498; Wed, 13 May 2026 02:36:45 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f8859eb4b7sm22100439eec.2.2026.05.13.02.36.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 02:36:45 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature Date: Wed, 13 May 2026 17:36:30 +0800 Message-Id: <20260513093633.1608334-3-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513093633.1608334-1-ewandevelop@gmail.com> References: <20260513093633.1608334-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin CCS (Chinese Cryptography Standard) feature to guests via CPUID 0xC0000001 EDX bits 4 (CCS) and 5 (CCS_EN). CCS groups two user-mode instructions for Chinese national cryptographic primitives, documented in the Zhaoxin GMI Instruction Set Reference, chapter 2 ("CCS instruction group"): - SM3 (encoding F3 0F A6 E8, subsection 2.1) implements the SM3 hash algorithm specified in GM/T 0004-2012. It supports two modes selected by RAX: auto-padding stream mode (RAX=3D0) and pre-padded block mode (RAX=3D-1). - SM4 (encoding F3 0F A7 F0, subsection 2.2) implements the SM4 block cipher specified in GM/T 0002-2012, supporting ECB / CBC / CFB / OFB / CTR modes via a control word in RAX, and CBC-MAC / CFB-MAC when RAX bit[11] is set. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The CCS and CCS_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for CCS availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1eb4b88aaa80..8aaa3f20670e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1276,6 +1276,8 @@ void kvm_initialize_cpu_caps(void) F(SM2_EN), F(XSTORE), F(XSTORE_EN), + F(CCS), + F(CCS_EN), F(XCRYPT), F(XCRYPT_EN), F(ACE2), diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 7b55110cc046..a1cd9116ef63 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -79,6 +79,8 @@ /* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */ #define X86_FEATURE_SM2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0) #define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) +#define X86_FEATURE_CCS KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4) +#define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 18:33:08 2026 Received: from mail-dl1-f47.google.com (mail-dl1-f47.google.com [74.125.82.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BDF33A785C for ; Wed, 13 May 2026 09:36:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665010; cv=none; b=KbSwBL3XhL0WJK3dsOl7A6VivOqfhrEH5NB4GOerp/zF1Om4jVVpFT4WeUOh7aR9t6CcnfRwdyrSmzQK4poAd4eTdBoRbPw3Vqq41CDuTrAc7g5NXwKs9kdefr82ONCS38YAoOTywZzLCZPhCSXfCoA+1nk3vxKCJK1BtuvsdW0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665010; c=relaxed/simple; bh=wZJWjnqIbm8WDtqhSpFj+q2nylcM9L473xSd9G+0pUI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=PkDEL+c6qV0K9G9JBORpAmziYHC0Q6USS88gxI472TwCAYZW68K1ova0xSguq+mnscZBgmD7wPd3QubboqS3FB5QISoy0J+IDP/VBwuX+FcAwwgqtVu1FfElvHZ2srCdUh198mIOpghKPCy3bn9LxCyy51l93QbsRsMFxnm+1FY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IaHrVgqv; arc=none smtp.client-ip=74.125.82.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IaHrVgqv" Received: by mail-dl1-f47.google.com with SMTP id a92af1059eb24-12c8f9846c8so9601596c88.0 for ; Wed, 13 May 2026 02:36:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778665009; x=1779269809; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oMLcF3QpmorqUOiR9XBa4GuV1rXFYpYVsToIbq6Xxoo=; b=IaHrVgqvHRLEcqd/mh1pC17ScnAtyic1Sse8spo84EYjUy1fMn0HeHB/BetVEG+ojL PptDRhwvUjSbBLJqxpDjpI/TNbdWTfTa5DuU8tJa8nD7CGfMwfhspEicixYj2jlWw/Co U1ilxOEdaamE/k4d9XrvXsXH3BuIAATlfYBq9tP6wTof8E1o58dgyVdTp8uc10YyQQhW tNumKX1ViJMDOubN2MExKBsrnSs1SKR+LgAV2d3LnfcyEUK0eO3B16tqEsLbKn0Rc1ol QOmfObvX48RqkAAj794euS0VcF7jFarKm/xwyTuTkc/dNw2yb+qu4IVBhZgo2RfSVHxP +bpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778665009; x=1779269809; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=oMLcF3QpmorqUOiR9XBa4GuV1rXFYpYVsToIbq6Xxoo=; b=faNVxnbTOH2dodVzVIQ8r3RA0yEF5pKYHoIddnpIwmXhNNyM/8538BqRv88Oodm78+ QYbwMNa/8HvkoIL0/SB2IGDTVBhvPCibeKJzmDM9/DZO3uiIngwyW7BT+rPXv7fczFB5 EhF8mFJemK4R3T5XZqsysJaTDtW8gpYCw7N9XaKjB7Pf4QbCM5OU03KOh35SXWoSvaK0 WH3PWxdoZJnE29vXZpxy7o6yk0fZFRiryai5o9LCBCXZof6HhW4Edrv57kjJ/KHsL+8l C8Nb3CS6xE6+s7hvdL45pCwf+ttEst1kFIvqZRZDxyg4Zj9Ih2CdKCXIASC3LV6p+wHQ i3dA== X-Forwarded-Encrypted: i=1; AFNElJ/SGL5wdd6FEwKGcctWN089CJBe6yyjuPk60j2oH9iOB1o8JapvPWHvSrJ5RDKct51XsfV3m44blcPme4M=@vger.kernel.org X-Gm-Message-State: AOJu0YxkkQtQyawTwKU7XWuo8IFbfr0GDJRrOR3oYrg7skwTY9463Qi/ j4egS2QeTgHtG3Iur9OolfC2gKqjHqE0CMQhv0WQW8+LligwDZ6hOgTj X-Gm-Gg: Acq92OEUh/l9IBys3yr2/Z6mnLEMKFvChPOW7LlqavRZ2UzOGdPwbZ2l0Iw6Ipbbhqx GogEO5DmTXpq+9t5XcBlKmlFDgSZh5ckWqWThMAbK0Xisvk1SMoez3ayEtVrLdzj1DajIgzNec5 BxSfND+GQ2r1xQdhPFGW/HYgJZy+ZoblC7dtDmXJv3tnHgtrT9Qh2rxvuHDOeQHo8Ai1gvI5U6e S6TPU3+LCQ1h2Oum9tIjcQr8bC3q7X/o30lehTe0RLaKoNo6ITWs/C6t7VXE+pLHCnPjBoChPw3 u/Jl24ZVIF9rByDi37lhU5sI7gZuxkswwf1fmPWPvUtqOOs9aAa0J7WAGRuiTb/z262UYWQfbzi EULonn6E1Y2KscndhmqF7e+0u10oNtFO17BArwznngjEyuPTLS+GAGp22YcHnvxCSOvYnShfh4S ZLv0aiqYJxUqg1SlCUsTKBcCPrVWDpXVvcfRthvMD6 X-Received: by 2002:a05:7022:61a9:b0:12a:6fb7:8801 with SMTP id a92af1059eb24-1342ef46646mr1347803c88.14.1778665008685; Wed, 13 May 2026 02:36:48 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f8859eb4b7sm22100439eec.2.2026.05.13.02.36.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 02:36:48 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature Date: Wed, 13 May 2026 17:36:31 +0800 Message-Id: <20260513093633.1608334-4-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513093633.1608334-1-ewandevelop@gmail.com> References: <20260513093633.1608334-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin second-generation hardware RNG to guests via CPUID 0xC0000001 EDX bits 22 (RNG2) and 23 (RNG2_EN). RNG2 is exposed by the REP XRNG2 instruction (encoding F3 0F A7 F8), documented in the Zhaoxin PadLock Instruction Reference, subsection 1.3 ("REP XRNG2"). It produces random bytes from two on-die RNG sources selectable via RAX bits[10:9] and an output mode (raw vs post-processed) controlled by RDX bits[1:0], providing high-quality entropy intended for cryptographic operations. REP XRNG2 is user-mode and available in all CPU modes, with no associated MSR control. The RNG2 and RNG2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RNG2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8aaa3f20670e..087c41341240 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1286,6 +1286,8 @@ void kvm_initialize_cpu_caps(void) F(PHE_EN), F(PMM), F(PMM_EN), + F(RNG2), + F(RNG2_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index a1cd9116ef63..859ba43126d8 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -81,6 +81,8 @@ #define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) #define X86_FEATURE_CCS KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4) #define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) +#define X86_FEATURE_RNG2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22) +#define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 18:33:08 2026 Received: from mail-dy1-f169.google.com (mail-dy1-f169.google.com [74.125.82.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 036E33EE1C1 for ; Wed, 13 May 2026 09:36:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665014; cv=none; b=sYmS0qc2splQlMmiG7Szw9wRgYbrRmzIAzm/yn6G4NySYC85Xc+sjoLiO67ig72mdYCHowJR6Wq5AcwW18X5rAXAN+vPyArP8Pq8SfyNeo25MgAcY7CdYSrgNEWwBUNdwXUjV7bnWqwbuKZ+Tt96sgg7h9ay58JCW9OX7nhLrKE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665014; c=relaxed/simple; bh=jRvKpxoAIl60/V1P+VTJHEK99Z/0YiaHhUBAFANty0Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Sr1f/bfxJkl8f98LydpCIcXhus226MxBE4cdDWtBAJ+uktkUUlS0mkanB+EbyivUuM2iTyhIoslghPKW5ptiepNci+nMkJME5tdxLj89EayNytDZR2nTIHWruS37N1/knqzlXqPFVqtcaKmPmScbgLIv1dwxH1FrXKBIos2DLcE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=BFxTVHaW; arc=none smtp.client-ip=74.125.82.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="BFxTVHaW" Received: by mail-dy1-f169.google.com with SMTP id 5a478bee46e88-2c15849aa2cso8670905eec.0 for ; Wed, 13 May 2026 02:36:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778665012; x=1779269812; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LtWmrYOKzZ6UotIe01yj+lYhNEkXI+QSLpIqgQNFL98=; b=BFxTVHaWIoJ+dvaar61jZAw6E6uczN4do0S2jk4xjrvtGdyKtZP+VNOkSYg2EICPc3 ieLANU/WM6jlCCdbIl1+yzU7nU87afXVn+9zDsp2ulkk5PlMJWh6zuOMQn+bMYvlWAH1 U+AMGjqH5uibv5ZW7ObAU487Qw8A/8NBk1oDaANZmclzMC0njGpmSF5emUw0PNn6KY1P nurQJnxpA8+LWXLNOf3RawUsSnRLgBiptbOGqmizgLjtoqnY/e1G1coCoDhs7BtTzigR zWBtI5/NH5XHHPX50TXurok5nQaozwKbZTWg56y4F3mu7SLJhxVvQLhZIlx9oUqfPvfB QPYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778665012; x=1779269812; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=LtWmrYOKzZ6UotIe01yj+lYhNEkXI+QSLpIqgQNFL98=; b=AlAawNOOmMZT5ECwq27H+rDrv0z3mWXNIoyOSfRxfeR7mNOoZYziJQFMezJf0gTjdz PFb6NpQ7fxXfSJTK6HnUJWin0BHmndP0H16CGAlPrbzw7WuqowK9dw7MJ+AJVm9+LRML A0YGcnrfofRU3A9NfuRqWkhr2m6M6UobKxDO7uIFzdbMkSbg3wdg+07481Bt16wAHGMi w2cs0LghbfQ4++HO+kMpOPc0jqaMCjeOxGfFkomdVZPPiDyL0JEmbn+3Cvu1fVRC6VsB pBwNckD0xr2yb45YQ6ZqWu6677cet2v49VWCDdI1ft21AMr85E2HNmwQmzs5o2062WrF 7mKA== X-Forwarded-Encrypted: i=1; AFNElJ+0kPa66+fAE/R/zGQsTcbRLnZVsxW8eh3ba4J15HoZOLPbBOy1R+euHc8RQTE7eDLeucchYl7TxJdzHKs=@vger.kernel.org X-Gm-Message-State: AOJu0YxkRBGQO4QEX7tozu4CdEqfmAerG/pG+3U+MS8Rz/S3H4V511BV hHDa9wHo4uTpVLe6rn+N2D5E6oVLZVGaiHEQuCePqCpFO+Nyqm/5oIcI X-Gm-Gg: Acq92OH3zDHITBu8tHT5IuzUNmKINXAHr/5TpfuISFqGvebm+JRzwRfrds2K3R2gCjR /cXQ/Js9cQ9QFVhDSUPip14+FjbMl1BS1iP/Re/PUEfh1TJXLdacEwIF/XYmmR1XVeMFEl72wZ4 eOGXM/wnRJ5a8Im/4h8y/8B0x2UhpBaAnqPJpMR7FQqKrGp+bRDps2pMBALunWUhvCtJQwFvnjc iD2Jj3ZSBIqIk3Lf1KLaL27AXAzbZwa8ZtoqyRvj2/E6NTddBBF+80JBmn6/Sp5aD3vngW+ZY+a 3uRYIiMeUjEBrpF7xudOW5P53bK/3ELcUAUFoP/D6pQZavFobnvPsGgukwv/JNbMmhTSh+YwbYI GyqC0Gsv8ODGdP6AIuQzCg8r4L1j/+Kst4wRBZL+W3wXEx6shllrCMEg23bDL3h1AmhRDM71L6B eSZlAhLH52AUv0E5tapFXjclY1heS2Ap5X34E3E8Og X-Received: by 2002:a05:7300:e7a4:b0:2d4:94cc:eebb with SMTP id 5a478bee46e88-30117480740mr1458096eec.13.1778665012111; Wed, 13 May 2026 02:36:52 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f8859eb4b7sm22100439eec.2.2026.05.13.02.36.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 02:36:51 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature Date: Wed, 13 May 2026 17:36:32 +0800 Message-Id: <20260513093633.1608334-5-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513093633.1608334-1-ewandevelop@gmail.com> References: <20260513093633.1608334-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin PadLock Hash Engine v2 to guests via CPUID 0xC0000001 EDX bits 25 (PHE2) and 26 (PHE2_EN). PHE2 extends the PadLock hash family with SHA-384 and SHA-512 support per FIPS 180-3, complementing the existing PHE feature (SHA-1 and SHA-256). Two user-mode instructions are exposed, documented in the Zhaoxin PadLock Instruction Reference, chapter 3 ("Hash Engine"): - REP XSHA384 (encoding F3 0F A6 D8, subsection 3.3) - REP XSHA512 (encoding F3 0F A6 E0, subsection 3.4) Both consume software-padded 128-byte blocks (RCX =3D block count, RSI =3D input, RDI =3D state) and produce hash output in the state buffer. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The PHE2 and PHE2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for PHE2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 087c41341240..3fb81f7a6107 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1288,6 +1288,8 @@ void kvm_initialize_cpu_caps(void) F(PMM_EN), F(RNG2), F(RNG2_EN), + F(PHE2), + F(PHE2_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 859ba43126d8..f28300c2d5e0 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -83,6 +83,8 @@ #define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) #define X86_FEATURE_RNG2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22) #define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) +#define X86_FEATURE_PHE2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25) +#define X86_FEATURE_PHE2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 18:33:08 2026 Received: from mail-dy1-f169.google.com (mail-dy1-f169.google.com [74.125.82.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B1093EFD0C for ; Wed, 13 May 2026 09:36:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665017; cv=none; b=aoohUrXwE4YYfv4nVW1k2CGTGPkFCJ37K6OE1LL5tG2qK96SRwGsMtflXCaxIkwihMMZ2cAw5rQJ0NyAMOuXj6DuZFaFP7j+ub0Vu6OSHny+zmfbGnxdReziPst8bkRJBPAedQ675dRd0coT5cvMW83CoG1T6YZwIkVToxco/70= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778665017; c=relaxed/simple; bh=msb6kSwfYjtLrK6yh4A/4jW6Efwpn03Z7DhCQJ9v1j8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GzvVV7mtHwghib4XxJ9nxe7WVOMnJW63oS4yD89HF+hYLi9Zme2ILYZTYsYjyoX/bdYB/CFlnaNRreaS+0vkcZ/3+lDFIrwLJbOVgtSp1R6ea83YP9VtolO6XNRaT7XK4f3nAfr4U9VLt0CcDbNwZeszIPj+2wGTaoCvVFRP9Vg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mJF15GFs; arc=none smtp.client-ip=74.125.82.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mJF15GFs" Received: by mail-dy1-f169.google.com with SMTP id 5a478bee46e88-2f03d6cf77bso7376557eec.0 for ; Wed, 13 May 2026 02:36:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778665015; x=1779269815; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Yuxzue6n4LxKbQsyok/03Qurt5Jav9jZzMMI1LVz9Kw=; b=mJF15GFsjYuSijZ+XJsWbgGd/MZH3IyCGS0HfmuzdD20DuQhJ+y3dzsa7ZcSGb0OuU r/sMmIhsqIFu/RvMMXTZRpHaZKLQG5rPZnc2mxDLAUaz4tqZvRGpauW0CbZDxir5QgLH XGdf0vF1L3phAhrJNNLFSpVfhwSyhStS2RPmxFHMnpo5P97bgyq7pqPSiQyliqWyFtbW J8zH3AMqoUfi9j/LTenNp3fzJx4Pih3wALS6tcPeJJ0cdBwCJNM90eUtuiW0DLC1I6ij 6o/4qyZneRqZ1PKuPrG7lO9eUdsSEUY8OT4zrNEyUgbLcRfnJu3SmP+J0o4fyQO2tS7Y QTvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778665015; x=1779269815; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Yuxzue6n4LxKbQsyok/03Qurt5Jav9jZzMMI1LVz9Kw=; b=ni9kQ2JnJ9J/AoYA0iZ+lvLjbdurca0ynKydCI/sfWTX+z7Z60wF8SbmrAeh6JHohS d4WlliUKetquI6LP3ITlYOsgZjwHaNqQxa9J0itSDrQnoGW6yuk/Jlt0JpS4u2nIdpYe QQjtZTvrtzcHA26Ll5v77vPGg+jsrz8j3U/xQdzr3BPvxWGGS7pOiOf7pNUxC9t70HHZ TkU7R51bXiQOUZqc167QpkKNXFavHDRYfPj652O8R7zv3cWn3rE2PvYUsjLx+9NK748s 5Xb6p/JKXcaQ5dhtzXbZutAQ1DysSHXjBt20WBBseNJKmwjZbsLPta1k9XwNBlkUgXj9 aTXQ== X-Forwarded-Encrypted: i=1; AFNElJ843vfGxjXxU4wi63N6a7Ww5U1f+DgJ8WjppZXR2lqWZXdGwgpnNjRaT3b24LCCq+gbHXVdvt3KODNaGIw=@vger.kernel.org X-Gm-Message-State: AOJu0Yx5Dhc5tkaZZ02doJoaJfyl2uNURSUCXu95oZ4WuQV4CrV5HwZe MxUfPnhMxdsBGvYU0ne9ksBRWr2agHwiW5aLHtgYFiXozXEengFbNd8k X-Gm-Gg: Acq92OGfPhrJaqZmiuCKoCeuRisHA925W+97DKWoV7ZpP7VUJav2QwAni+I3+z8v40/ oAIpIK1+9AbwuxJqSLZuJN3x/aY603JIMDzWbBvP5SU0nPrDzrGyttPIaRc5942sgdRu9/l52t+ 9wgMnaUcKs4R4vmMW//TdKLaSTqTjNA7CGYtvcbRWrlh8RsUrAyJAv2tUXYh3CFYsciNUc+3m02 YHEHBuAIL5B7TyX0WohAOhWC5v51XIE5pE0QBrMoCy8hjdmpl0i40FraGFsw0PF5BvB6Qz71I04 8ihnpo5i1hAkoKTbueI7JuSJNeczqlUQL/eRy7TkuhCm7prknpsgikJBW+dXWQtgwcGX4rj3Bc6 QVZfNLCs8zplW55bpngadkqi8lhloNEGrQ69Onb0g3kLi9srP1GBAWqlRVzBW7A0UX36RQxZgD3 G6kL+iJm6AeWWDWFCkRil6KAZ0cihFOCKkNbb0L0xGdd9H8UG/ljE= X-Received: by 2002:a05:693c:2d96:b0:2c1:7793:7bbb with SMTP id 5a478bee46e88-30119f60607mr1454106eec.27.1778665015458; Wed, 13 May 2026 02:36:55 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-2f8859eb4b7sm22100439eec.2.2026.05.13.02.36.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 02:36:55 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature Date: Wed, 13 May 2026 17:36:33 +0800 Message-Id: <20260513093633.1608334-6-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513093633.1608334-1-ewandevelop@gmail.com> References: <20260513093633.1608334-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin big-number arithmetic engine to guests via CPUID 0xC0000001 EDX bits 27 (RSA) and 28 (RSA_EN). The RSA feature provides two user-mode instructions for modular arithmetic on big integers, documented in the Zhaoxin PadLock Instruction Reference, chapter 4 ("Modular Multiplication and Exponentiation Engine"). Both support operand sizes from 256 to 32768 bits (in 128-bit increments): - REP XMODEXP (encoding F3 0F A6 F8, subsection 4.1) computes A^B mod M - REP MONTMUL2 (encoding F3 0F A6 F0, subsection 4.2) computes A*B mod M REP MONTMUL2 is the long-mode replacement of legacy REP MONTMUL, which is restricted to compatibility and 32-bit protected modes. These primitives accelerate RSA and related public-key operations. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The RSA and RSA_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RSA availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3fb81f7a6107..94ea9abae566 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1290,6 +1290,8 @@ void kvm_initialize_cpu_caps(void) F(RNG2_EN), F(PHE2), F(PHE2_EN), + F(RSA), + F(RSA_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index f28300c2d5e0..0df96ff9515c 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -85,6 +85,8 @@ #define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) #define X86_FEATURE_PHE2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25) #define X86_FEATURE_PHE2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26) +#define X86_FEATURE_RSA KVM_X86_FEATURE(CPUID_C000_0001_EDX, 27) +#define X86_FEATURE_RSA_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 28) =20 struct cpuid_reg { u32 function; --=20 2.34.1