From nobody Fri Jun 12 17:15:19 2026 Received: from mail-dl1-f49.google.com (mail-dl1-f49.google.com [74.125.82.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F19BE423A99 for ; Wed, 13 May 2026 12:48:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676537; cv=none; b=N2/Ip7BYvhvo/I9pJyscw5+jQVaz1Nk/PnvagVI0QvwSySdKrjH3sWRu/B1JUlcLI4rnUDUDbxCclaRR6RwjDVP7A71yJUYlELwj9spfQfxjWqTzm4TX6qot3cz2x4sWxofRqacbCXzfc7l7hajdJPiPTPSsS4Vd5enL0MCtokE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676537; c=relaxed/simple; bh=At1gf0Mua3N4YYtHisgY0h9wtx8xtKox/CUCEWQanfk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=h4r8BbTwLuDW2imchqfxdeMshsuXuOfJq+PNCfOp6787+P6nYmLQdCx8xrBBZG7gYOvA73dsRCCStIOOxNFTqxNg34P9CrpvFT5ITpeCklQGh0K/mGJQc8Jv42tPJxKfMEhbJRYn95c85TYVDezAUMVqMYdqe6SwtIGSWG912l4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=P4dhLRlB; arc=none smtp.client-ip=74.125.82.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="P4dhLRlB" Received: by mail-dl1-f49.google.com with SMTP id a92af1059eb24-130c9dcbd25so6168443c88.1 for ; Wed, 13 May 2026 05:48:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778676535; x=1779281335; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7R9QlZtKzGZ9Srh0EOuGXWhWVZA7AopSSa5Bhm29kr0=; b=P4dhLRlBXY0yvNw/Xywjzd8ZgI03EidLtCMa1oJUtpk8pP2mfDPAixmAZqskOtIbCO p0hL8quhOLvZHtV9/6KGdPPNyGh/KERiRKdWDyFGxvclXnaMF5miK5dqwQJjWaEoF316 hO7NEreHvKs6qfDbWx2Bpw9V8Y9+2nzWApK7v/hMiZDpfWRxLCa1/qlXo9qy9dneJFcF WJKkGcCfo56PhtkaMKLYKHV1fBRxQkbcuobOCuypFprOTbyYI0i5QIuko5AiQeqgUF1k X7q9aoRqREmJooFEtMTLz6bXok6HCFHKZq2GLnqIO+ZBLHu4lTz4y7flCKDU/4SwKDVx rPNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778676535; x=1779281335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=7R9QlZtKzGZ9Srh0EOuGXWhWVZA7AopSSa5Bhm29kr0=; b=rSR9feAF0Ij5z7R4pG6iEvIL9DBiKBX3nV4CovVLWoGyhDnmHVtaHk8a3x/WJEaLSH hGoR8y1Y+fxuoLaoSxWpouoMMriEWdLDTjGrZgwIgEm0t5219Ubjr+tlGhpyZx8x48Q+ nFQK9NjmBSNxSZGz0NqmzfDNK43+7seVaez1m8s83AB+798aWhJbGBdAF+LaSbpWlW4l X/rbEwpG3Sq61XRfFGJ39YJVXiXJquS+BD9/aTEKiljVXLuTXceWj1d94BxADi6dnLJB Bowqv6VnF+3zM/kvUI87fti3ZTMy1djhGlkiOoC3FjTbGgm1XJqMrg4NIdSq1Ayq+B+w 6tMg== X-Forwarded-Encrypted: i=1; AFNElJ9N9zDQovh3/3c9/OgzdNb9v66CmHVSNLkLLhOXlWFJ0FlF8YSwmK0cD7vIabhTb8JdzAzs7Xw2Xdx4oBo=@vger.kernel.org X-Gm-Message-State: AOJu0YxSnh8akgnLjMjDCoaNUIeqokzKnPF08CofRq5vGn1AdgqiLbPp 3ZRBiiJL0glCO6KEXPgVhTl/IDkX08RNaCysL8M5PPsh+MTuFuhr38+mePQ7zS46Vjc= X-Gm-Gg: Acq92OFlzbY7p71Rdoe3y2/34Z0lPT90UGfNNpToOocvkZ2pGcKVO6IheZP145UNV0Q kC4KVs5I6DmMlDmz1mkMZoyZJBPApV30YeZFGHwGPMjkPwLgYjz3mvg9r8uVlvBHhQJZ/wXOxwj Dsm+6PE5jJ1HVAMFE3UcOFi6Yi4eaXLbyhpxh/rUJpjg76hMIKaO35Kb4xjYgZY/sBFGq1Ql2M7 PWCnyLcqq33EUnKyFPSL2WAJeQA7wk3bECvwGwtrftgKdbwQspH6TerxLSnheBuUBuUZ4qjXXez ZdtGzajci1JSwY9Ign+hWi21ntrqGc8jIRDemEsEjwdQyCObGrYK9OKbi5q/waBtYwm/AzYNSmc tnEKMPT65ElzB3VNE8/W2mTd9FqQ9A11AM8qusn4/JsfFkwYmgefSPREMlAeK3nYWNZJJQkcEh+ DsqmA6BidyL1n17AwPQo2Lv6GZ+AzIT0S6TnKlQ24K X-Received: by 2002:a05:7022:6894:b0:12e:57fd:ca2 with SMTP id a92af1059eb24-1341e7be18bmr1775851c88.3.1778676534984; Wed, 13 May 2026 05:48:54 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-134b4e153dbsm1066142c88.12.2026.05.13.05.48.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 05:48:54 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v1 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature Date: Wed, 13 May 2026 20:48:42 +0800 Message-Id: <20260513124846.1622462-2-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513124846.1622462-1-ewandevelop@gmail.com> References: <20260513124846.1622462-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin SM2 instruction support to guests via CPUID 0xC0000001 EDX bits 0 (SM2) and 1 (SM2_EN). The SM2 instruction (encoding F2 0F A6 C0) implements the SM2 elliptic-curve public-key cryptography algorithm specified in GM/T 0003-2012; the hardware-level behavior is documented in the Zhaoxin GMI Instruction Set Reference, chapter 1 ("SM2"). The instruction multiplexes its sub-functions on the RDX[5:0] control word: encryption (subsection 1.1), decryption (1.2), signing (1.3), signature verification (1.4), the three key-exchange sub-operations of section 1.5 (1.5.1 SM2 key-pair generation, which the spec also uses for the initiator's ephemeral key; 1.5.2 responder shared-key derivation; 1.5.3 initiator shared-key derivation), and two preprocess steps for identity and message hashing (1.6.1 and 1.6.2). The instruction is user-mode and available in all CPU modes, with no associated MSR control. The SM2 and SM2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for SM2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e69156b54cff..1eb4b88aaa80 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1272,6 +1272,8 @@ void kvm_initialize_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, + F(SM2), + F(SM2_EN), F(XSTORE), F(XSTORE_EN), F(XCRYPT), diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 657f5f743ed9..7b55110cc046 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -76,6 +76,10 @@ #define KVM_X86_FEATURE_TSA_SQ_NO KVM_X86_FEATURE(CPUID_8000_0021_ECX, 1) #define KVM_X86_FEATURE_TSA_L1_NO KVM_X86_FEATURE(CPUID_8000_0021_ECX, 2) =20 +/* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */ +#define X86_FEATURE_SM2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0) +#define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) + struct cpuid_reg { u32 function; u32 index; --=20 2.34.1 From nobody Fri Jun 12 17:15:19 2026 Received: from mail-dl1-f47.google.com (mail-dl1-f47.google.com [74.125.82.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 084E0425CF6 for ; Wed, 13 May 2026 12:48:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676540; cv=none; b=dZwhKqhFaax8GjvFKLl21Mqo76LjqFn0vU/kFlc89XEcMl9kg0pvqBci+7MoW0Qt4AgRl+9xzuwHNaSqWY/KdO58u/6L438oBazxAsoHd/cvtnG9FircFEl3pA1t53JNwdkCofqAb5SLLJbaOFumU6tgwwPovP4eJHvdrhyuxt0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676540; c=relaxed/simple; bh=WrAyTmwYSRYTeMp0wl4NRx12Jro3naVKJVOSJpgIEYI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=g+mvLHbSVeDx3kZnT4plzedsRLZXeetADhb7Pq+ZsJGUjNsiUI02sfIylO8z/Zbk2CjoP3GC2qPAQ3bCuuithObPsvraoSbIgZjouTCPf4Tw3uS5FqPldHHEVlrPqtSYbaY8uJfMjt20+c4UE++XDJUvu0MGLeggZl4Vvgea+js= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=IcWzAMNO; arc=none smtp.client-ip=74.125.82.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IcWzAMNO" Received: by mail-dl1-f47.google.com with SMTP id a92af1059eb24-1332772f6b3so4555988c88.1 for ; Wed, 13 May 2026 05:48:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778676538; x=1779281338; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ERPLFt1DzdQWZj46mxvIXYh6fAkpMfWFMGg+XUXEJ+0=; b=IcWzAMNO8hg0Qr60DK2Ni1pWk24y90JParLWGrXyXLb/RV/hPcQbPvkx7SvdMGQCau SbDfHwHZTlrjpxlb4RNacBXsjxo1TmFFpXaUVnhFhKG6OM3hIiq1xhPmRXTgXhEnvKaY Zt7Gak4IGYjoexWMqyz84nz8C7Y1uXhLlM3m+FjHHgB6qxsz32eIRtZ6joYjODOGnHN8 W3xiJdPC/vf9fHUx/VHveRI1OFRVnqsgWTGN2J7qncpkgXq/svyiOdLHu5ez5pqJYX4d S5D/JsoVtamiHS3rNdRqTnmDqnpGx0bEpLVgu3fM6h3TXdiLPtQ4OHKhcKuPpTeTREFy KJ3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778676538; x=1779281338; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=ERPLFt1DzdQWZj46mxvIXYh6fAkpMfWFMGg+XUXEJ+0=; b=c5ZssbJcEGAidj0GKU+LbUk0Rr6BzvLM6Np7oNjpMONpmPaURW4OvvZyFxeBeiVE3m Y6pBfZij31DDTinsbTyhHIobcmuEZDL/e7djuE9LIS3alNb3rwWJPL57mYtagD8OLyx1 Of32M4YA6sHaO9Ux3HD1PvmOCLFJXXqHOoErR0Nub8MafOfNMx0a08TNQrnvIB1TIRvg EjBwu82n3dKiEBaWMJvfJbTs/+V1BBefUh+0m9LywUK4wU4YIzmaZktq9nz3af9exs0R JGw5Ond693c6ZeXWF5bzWqzHsNyLR4vsnp0ioLxv1NRGeuX+Prn4B8k6l1VZ647Bo5DI B33A== X-Forwarded-Encrypted: i=1; AFNElJ8TfyiP0id1NqswiiMnoV75wmxB0mxhU0TmVYa/H/YM0C5anQnLl6M0lCGXKu8UegzlOujC/JdTL7S2b/k=@vger.kernel.org X-Gm-Message-State: AOJu0Ywa9IfMgzIXZDCLOhhxPT4X7wZ4x9UUjV3FZysDQ/dpeloK5/0m cH6or74CDuM94SWjkE2Qz+UFu8WlNcrdMBuGO2auJnvAeXX/NRcGPOpH X-Gm-Gg: Acq92OEbjTx7iYcRAXFwLv4Z+zhdqnU/Lp9VyjqrI5GsNjPC5EyaksQW7d+8VhcaLP2 uCr5LLG5Y285koxwUsa3JmfV/5uVeXdtZ7RcGSiDz+OAzrue1AVKsd5GTWo8qoG1cHomb44AyRh vG7yUeJJNUdhRP7dTl4wjyUcUedbc07Gp0UugiBNcbLZcSNZ8kcGVYilXJVlVBY+PGUOaS+H+yu b5fQ7VI3bpc37y9s15VcK/h561GUwUIqDs4oPV3F6rXFjjWrtnbs1JIZx9/KpbDzhBcVRPNLD2+ gCDxzzQnr32TcgN6F0bozGPT8RhhKYFJPDCbXc5Vc/h+hpj2GTM1gVdpFm6KtipOGEwea7DEOo3 vkH0Rg3h1VJrxK7fhYjl0++K5wY4NJ1EH/eWEpRs71kp6ujWMmXTNdgUhqyVHJ5elcP5DJUGAKG gK9mjxSLKNgBQCU1ppLpsIvrPi0tRn68eoO8yRYBH/3Ul+gx+7E6g= X-Received: by 2002:a05:7022:f008:b0:130:c9cc:3383 with SMTP id a92af1059eb24-1344054de55mr1661638c88.43.1778676538017; Wed, 13 May 2026 05:48:58 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-134b4e153dbsm1066142c88.12.2026.05.13.05.48.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 05:48:57 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v1 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature Date: Wed, 13 May 2026 20:48:43 +0800 Message-Id: <20260513124846.1622462-3-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513124846.1622462-1-ewandevelop@gmail.com> References: <20260513124846.1622462-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin CCS (Chinese Cryptography Standard) feature to guests via CPUID 0xC0000001 EDX bits 4 (CCS) and 5 (CCS_EN). CCS groups two user-mode instructions for Chinese national cryptographic primitives, documented in the Zhaoxin GMI Instruction Set Reference, chapter 2 ("CCS instruction group"): - SM3 (encoding F3 0F A6 E8, subsection 2.1) implements the SM3 hash algorithm specified in GM/T 0004-2012. It supports two modes selected by RAX: auto-padding stream mode (RAX=3D0) and pre-padded block mode (RAX=3D-1). - SM4 (encoding F3 0F A7 F0, subsection 2.2) implements the SM4 block cipher specified in GM/T 0002-2012, supporting ECB / CBC / CFB / OFB / CTR modes via a control word in RAX, and CBC-MAC / CFB-MAC when RAX bit[11] is set. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The CCS and CCS_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for CCS availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1eb4b88aaa80..8aaa3f20670e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1276,6 +1276,8 @@ void kvm_initialize_cpu_caps(void) F(SM2_EN), F(XSTORE), F(XSTORE_EN), + F(CCS), + F(CCS_EN), F(XCRYPT), F(XCRYPT_EN), F(ACE2), diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 7b55110cc046..a1cd9116ef63 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -79,6 +79,8 @@ /* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */ #define X86_FEATURE_SM2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0) #define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) +#define X86_FEATURE_CCS KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4) +#define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 17:15:19 2026 Received: from mail-dl1-f53.google.com (mail-dl1-f53.google.com [74.125.82.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35527428834 for ; Wed, 13 May 2026 12:49:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676544; cv=none; b=cjAWryd3CxXOw+SJXrGEqZjnPiFXXado9uAkY53MB9EqHVx+0ugjwjENBjKi9W8Y4BEX43zjtOAtHpVWKHVDczbsb/2Pn9Y6QkBYelmT33Uc70t7+b7YXYR9461F1CAcAqba+PkdGlOt06YfD4cU4uAE7xd5zw/XIPtX8AQgNFs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676544; c=relaxed/simple; bh=wZJWjnqIbm8WDtqhSpFj+q2nylcM9L473xSd9G+0pUI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tClY23W5CJ+Q8SYTXWL8nxUogHQH5zai+7L9FJzC+ykWbc9mCMzmWJjr1EcCR2vv+Cl/VDgcu+H9Tg3mpvNtLR9eWVsP760pC1UD+6EkOQBBp9sLT8lZSbyC5hAZITjV6Drw1RN4QAE1TZ2I6/GaZR4C2P5Tyf2dHq4nQX3PTiI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HQfilCM6; arc=none smtp.client-ip=74.125.82.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HQfilCM6" Received: by mail-dl1-f53.google.com with SMTP id a92af1059eb24-134ac81c445so852534c88.1 for ; Wed, 13 May 2026 05:49:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778676541; x=1779281341; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oMLcF3QpmorqUOiR9XBa4GuV1rXFYpYVsToIbq6Xxoo=; b=HQfilCM68J/eWCYUMA3s0j8nPkJkfeOn6Mnx7BvPDCIGc4/g8A0rYItyO5D75GJbbN 9djdaKs5sFaIIkXSQZWTzRn2tPEMGArVhr2QWS5qNSOlD9lgei0dOTM39NejwJ0/S9Fq 6hVdFOOgNFmmwOQz4WXTu56H2UNtUnf85s0PCzMsnl/wBoaTZ+wk4ceOhGQ5L0YIq0ez jKZwzlk92PTKVibTmIJkep0FBzk91Ub1Jy/A1UxjBspFI7ICuBMEDSj4Q8zmLzx0w2Jb 2AINdRBgwdfr27713hIu2Ow9WQbUSAxa6DZtqTk3KI6GwPpozXc6N/LAZnvMK22lOiTz Cq/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778676541; x=1779281341; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=oMLcF3QpmorqUOiR9XBa4GuV1rXFYpYVsToIbq6Xxoo=; b=KXeJZEPFjsfZe+EgtQztlQ2JUWyopMSgKr6ueLzg+lHPKpFMXc+0NAE86Ji/nLV7ta QF/uv/Xys1+WhrO+fJH3NyGm0D22HSM+LM8uSz8UHqkm1iGt2gmn8dF3NHv7R8iG6Cs9 ksYi66A5/vOMsm6+DxMwuWJSbczaylRFab3exgdOOaDgLiRKSLGfhrQbl8u7eDWbgLJg Fcrfs1ehB6RhtLT3hVLXchvVPyxAptDbcmARQ2djuHJB73QhTOGC4JvUobwaVLAdy69u fIjFlTn/8ylkNauAhXnu3CiDftvoncLo+4rSJboExMWYeIDXYEzwEhvbbsmqc3XEtKSN Jbsw== X-Forwarded-Encrypted: i=1; AFNElJ8e56qM03L2IcFwR7hFBoLnTK6Y7/I073vFd2TGEsWdnoRUoQhcFsxkhGxG4CmBYHidXVNzB798JDeGWW0=@vger.kernel.org X-Gm-Message-State: AOJu0Yz3oktvJLoGJCAyooQjBV+6n9s8tyiM5mzrDOaGPuL3UGrB3fG9 KKD/2yAfw76kVIRG6RkjXZAGmL2NmKL1dpjCVOCWn7Rb4FkKnOIj7nGT X-Gm-Gg: Acq92OG/EiOnH6AGIzbTL9fWSClePFHB1EPSXFfzWD33BHXvZog2ekbRfqw616Fa7am EBhR8YKKMMO59xKRuxNNJHsrqcZbse1aXW/duYt4rY+o8f4SWFuBgR6aiexQ/z1KEuHdHoPU6S9 PWEXJLXjJSs79WWBHjNxcxmXJi9wHriDUQXFFpooW4gzq95crKifmLVYxciGBUMdmSYfXL2ir1V Lsjy/EroVAjZQAdpnmUJlTNlU0OIMbfbtmeLBpYUNMELsI1/EzWClUaL4DGVU1ee/eiJbucVE2Y UnLQeE1OaGVzOtScOZcRt/Ihvj9oTzYw1mkO6D9JovrZt+Zri6sUEBqAcwLuxLacZWCa0x6NhXN Zp2nRksc9bJ1fqrfzHUFxPXdynbBZ0Cu0+wsFCXQT/XdEhKx9u6LmoXgGvVc0q6/AbnW9TxpAJB 78g1wS+oLKSUhJ5CSViY9fi23ikDOYIRz53ofWzNz/ X-Received: by 2002:a05:7022:43:b0:128:d4be:7428 with SMTP id a92af1059eb24-13436781e9bmr2245229c88.19.1778676541014; Wed, 13 May 2026 05:49:01 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-134b4e153dbsm1066142c88.12.2026.05.13.05.48.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 05:49:00 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v1 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature Date: Wed, 13 May 2026 20:48:44 +0800 Message-Id: <20260513124846.1622462-4-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513124846.1622462-1-ewandevelop@gmail.com> References: <20260513124846.1622462-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin second-generation hardware RNG to guests via CPUID 0xC0000001 EDX bits 22 (RNG2) and 23 (RNG2_EN). RNG2 is exposed by the REP XRNG2 instruction (encoding F3 0F A7 F8), documented in the Zhaoxin PadLock Instruction Reference, subsection 1.3 ("REP XRNG2"). It produces random bytes from two on-die RNG sources selectable via RAX bits[10:9] and an output mode (raw vs post-processed) controlled by RDX bits[1:0], providing high-quality entropy intended for cryptographic operations. REP XRNG2 is user-mode and available in all CPU modes, with no associated MSR control. The RNG2 and RNG2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RNG2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8aaa3f20670e..087c41341240 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1286,6 +1286,8 @@ void kvm_initialize_cpu_caps(void) F(PHE_EN), F(PMM), F(PMM_EN), + F(RNG2), + F(RNG2_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index a1cd9116ef63..859ba43126d8 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -81,6 +81,8 @@ #define X86_FEATURE_SM2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) #define X86_FEATURE_CCS KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4) #define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) +#define X86_FEATURE_RNG2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22) +#define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 17:15:19 2026 Received: from mail-dl1-f51.google.com (mail-dl1-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B8BBA428851 for ; Wed, 13 May 2026 12:49:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676547; cv=none; b=lQ52GUuHmFPdE/jro1jjdq4uCzz8gJLU06gOa1L0lykgP8mg8MWKyed9Gp1yKg1uBZ6MmztOSpBuQONESXiZemkuvrLeq3QJomMvSnOJtnsxcIRIYdOcswJ4DOcPlI5+dUjZjmRwp3hINR+51+6zeftNmbhPQ6SuCpl8AtA3EyY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676547; c=relaxed/simple; bh=jRvKpxoAIl60/V1P+VTJHEK99Z/0YiaHhUBAFANty0Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CfiJBLyRxSDt00tZZkExqSedE+QMDElZH26/EqG5az3KoNlPaDuke16Xz6yGYQIGHYHvP4IxaufSL1D0V9eSf9pHbCjyGn0pVoNfPyTGCsHuhARLxUPM0EWqS/9O+T9EGQh3fG/ZMLCvoaAfVoyuMtS5cLkgiuSs0tIBz5a2ZNk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Yc2jiWDc; arc=none smtp.client-ip=74.125.82.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Yc2jiWDc" Received: by mail-dl1-f51.google.com with SMTP id a92af1059eb24-12db2e415a7so4717166c88.1 for ; Wed, 13 May 2026 05:49:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778676544; x=1779281344; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LtWmrYOKzZ6UotIe01yj+lYhNEkXI+QSLpIqgQNFL98=; b=Yc2jiWDckooVMN+B5kNeu7FEdv1hUApLztH7fLQHUWgmQMSE2UAJd82NAZNIFv16H7 zmcKpmLlf2s5Y4uWFetTFr74RI/EsWpd32xLcs5xuHpmS9fk9Ak0puAnB4BXoXa2XlGr UAh1VpkJyT2w35tXfxJctbbyJjyRqtSYT3e3gH65wU+PjQD7WbTBaQRlMVAmyCt9yR6h IV0HnyTV+zbAWT1mPXawLYve9HXCbTc7hac9Jf+Jwv1UIubet9JNPr7F32VAsMuw9t7x ZNemkzbJ/OgozE2yRXWFUl8KsnnZ+ESH6c6i9E0nsK4Ghb0uVUKlM/I5DIU62Y07F0jt 4sUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778676544; x=1779281344; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=LtWmrYOKzZ6UotIe01yj+lYhNEkXI+QSLpIqgQNFL98=; b=sg8WwMJkg3UoNSbdeiCd/W3nyHXawUbqxOEjOT4Ciil/tP29lDiNYd6JWpMHvhXHMF 9TDpU+ADRG0bllDvI+/jtZhzAdEk40nMkW1QmNc5ZvS9C2GNQpgqQOSxQRp7geitabWR 9RpsJicIPHwCdYK40HSyJFOaHnqiF16Fcv9ZkmYMJ+5+4EfgmfriYD7DvUnrlettBgFy YUKR06XRS/LfwCDo8tYwJ2pZeOV1uXxjIFo0re4w0er6zGbI8MlczuAud3aBYXlNAhMr IS6mZXdLt45fvtV/QAXGKWSppeEz4RRF2MZmgIYn66NinfDkdKj12CsasUZmOMrxqj8Q XMJw== X-Forwarded-Encrypted: i=1; AFNElJ9TgoC/NKrbbz7Z+yDgSIKMYyXeSZ6bwjca1amYTMnGhWw7QKySln3S6sDCPH4RHkBP9OUnXF2gq+PnTzA=@vger.kernel.org X-Gm-Message-State: AOJu0YxHAtIngjks5UMHHL6uz3PiBn+335Xip2ZBNdS7fb/6I2lPrssq 5tht/r2NPvpqggzpqdxrvMyk9LI5KXfd9N5z8R5PpTg3iWmd9SIK/JMF X-Gm-Gg: Acq92OH5q7vTBPiqe9s/GzlovmeezjKh2zY+1CWUDMy+xK+WBGAfsfwwthmk9BtCgA/ CsQwtCvLo/wqEI+wNUl7XI3h6a0T+G7ORTobqMDkuap2IVKbLHShT1J2SEBLh4r9i6QAmRldJ2p Dm42WK2ZZu1yji+skdurq+RsZfaMvPkQlMvEmXQJeM8e7LxYz4J1afAa/Hk1BgPDNY1B6vokJTK +3/Se/3/S2ywVnRV/FXGYs4f+phvnu6lm7VUp4RaJSpLf9J3zDF0FAvy/oTr4oHWa9JcwP/m3r6 4NdL+xvjOpuQ7tsgdLz1hbsmyJoBbZyyye2/Ly7+9MvKMuYYl9tzyj2stlxY/2WlOXvLJ2WwNmj 0TqyOFJXMaxnXMFwqZAojkrmNAt6Hz4PYdvuwnzZ/DQzIqZw+cK5FwrykCZsZEwaS8ChkJdFHhQ L/OED73H5f834RatNm3ymY1LGzSzBL8w/SC86+KVO1 X-Received: by 2002:a05:7022:ead3:b0:133:3bb1:8e43 with SMTP id a92af1059eb24-1349a938025mr1465669c88.19.1778676543906; Wed, 13 May 2026 05:49:03 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-134b4e153dbsm1066142c88.12.2026.05.13.05.49.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 05:49:03 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v1 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature Date: Wed, 13 May 2026 20:48:45 +0800 Message-Id: <20260513124846.1622462-5-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513124846.1622462-1-ewandevelop@gmail.com> References: <20260513124846.1622462-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin PadLock Hash Engine v2 to guests via CPUID 0xC0000001 EDX bits 25 (PHE2) and 26 (PHE2_EN). PHE2 extends the PadLock hash family with SHA-384 and SHA-512 support per FIPS 180-3, complementing the existing PHE feature (SHA-1 and SHA-256). Two user-mode instructions are exposed, documented in the Zhaoxin PadLock Instruction Reference, chapter 3 ("Hash Engine"): - REP XSHA384 (encoding F3 0F A6 D8, subsection 3.3) - REP XSHA512 (encoding F3 0F A6 E0, subsection 3.4) Both consume software-padded 128-byte blocks (RCX =3D block count, RSI =3D input, RDI =3D state) and produce hash output in the state buffer. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The PHE2 and PHE2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for PHE2 availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 087c41341240..3fb81f7a6107 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1288,6 +1288,8 @@ void kvm_initialize_cpu_caps(void) F(PMM_EN), F(RNG2), F(RNG2_EN), + F(PHE2), + F(PHE2_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index 859ba43126d8..f28300c2d5e0 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -83,6 +83,8 @@ #define X86_FEATURE_CCS_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) #define X86_FEATURE_RNG2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22) #define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) +#define X86_FEATURE_PHE2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25) +#define X86_FEATURE_PHE2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26) =20 struct cpuid_reg { u32 function; --=20 2.34.1 From nobody Fri Jun 12 17:15:19 2026 Received: from mail-dl1-f47.google.com (mail-dl1-f47.google.com [74.125.82.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEC0342EED8 for ; Wed, 13 May 2026 12:49:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676549; cv=none; b=pvmOCUVCjFWtGp30G7awIT8JdN5oh3coZEhmrrKscENLtp0efosQcfd7blBjRRu0wnZvSapcq+auLGtZTQyBQ98TKvD1rOXBLH6YSCl4S1JBOo9PMqf+LojGc7bD+XysK09+mY+C4JV/oiHh26ZnbG1JfmqyxS2CLTbhPIEZ/XQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778676549; c=relaxed/simple; bh=msb6kSwfYjtLrK6yh4A/4jW6Efwpn03Z7DhCQJ9v1j8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qNuV8NVN6So0mJabyZstt4/OuvylSMF+nDoCbvKGrK16+GACc3sFw9GPRf5tdP6u2Z8rJgjPIgHLav1Y2dN1AKOqcoDUlnorf46HP2mfwvQ+tYJf67/dYPkZA0atAygl75taDDakPZti9jcxA/TRX8V7CkpywVLWjFFCJfa4hqY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Uo9s1RH1; arc=none smtp.client-ip=74.125.82.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Uo9s1RH1" Received: by mail-dl1-f47.google.com with SMTP id a92af1059eb24-12c88e5f4aeso3903054c88.0 for ; Wed, 13 May 2026 05:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778676547; x=1779281347; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Yuxzue6n4LxKbQsyok/03Qurt5Jav9jZzMMI1LVz9Kw=; b=Uo9s1RH1Xd9WvH2CrmzbqCt9I7sYNknx7zujdeOkKh6i90STCYPqXZl5al2mp+FEs5 VHS2lZlbKEC4FAYQTzIzvd0vUxtPNMjJupvF/mWsZKpgtEf3VSWk3hTnwAhUFBcdXr79 7DxezbONgQxnWTZ3ORYWJirkMutiuzNMECOFLJdlndaRcoCzNNEeVEuSNLLxz5F/fEtF tE8RbhjFcR9ihd411xUk74D5725ga8yLPG9UNJy4R9sCI+rmEepz1SMu1dDM/wuK1pv/ QQBgnUz7AsadUD8Xkqj/6JPzi8nUy5FQsjy1dQ/NFQZlVdlV+BP/yEqQVWi/Oi6QGZC1 K6LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778676547; x=1779281347; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Yuxzue6n4LxKbQsyok/03Qurt5Jav9jZzMMI1LVz9Kw=; b=koSMjHeN9ic3cDEl3FJFZYh3jcGfskl3tuq885cXaJj/Sw4Dhno2GBn9jqTHkVm9KW ZSfBD0ia9oWhtiSYGUOO4Z/Dh3ldPxqfznZT7/kTvCjMtOCTQuSvkjUfiAVWLNTDHq0E eJMYHd1gSWHlT+M5xSkdEyoi2A6joNphOdOv0tmDkRvfdh9g50b9rKJKRjBP5B3ojYeE 81duKJXN4GfAqOGZ0SkjFRm+ChhHaCPuX9rTFO3v3SKTusVIMJqi/AubF9fCXSAK9Hgd zvMdu6v+VkF3CMzAeMRbAjsoLSAsH/ixmgAu2q2u4gUKxeuB5/9A8ICWoku6gfpsHshy 4aaA== X-Forwarded-Encrypted: i=1; AFNElJ+6Da/QxMN3B+iB53u+Wkt0l+Wl6jZC/6C3GHzXV9ymLtqbuxYA3C4k/QpDBvkbWKH2cF8k82RI5YNX2+Q=@vger.kernel.org X-Gm-Message-State: AOJu0YxZOyYDJ/D96apqbDJyaG3XkFItxEm2134QEQshw8qeBXrDqI1Z fzkOXUP2JIka3sSRW3oZGunw5vqX4v+Up+8F12M3szFj3vT8kaTVoux9hqIWYDUhlI4= X-Gm-Gg: Acq92OFCpA8/yHhUyWIp6+5Otq12jm0HyzmFD+zslQpydmHUjga8aiDbqWRNNaj6pkn fO6jEAVqOMA3ZZbxbCqp/3FKxgQrmiago/lefU/7VwW8Myu08fia96Tgpkjll8N87r+p0QvlVg5 JQyIMeK31wMOpT90MxdhQ1nZ/uFmBtkKW7WZDhmDlXjdpg5ej2TNnq03VBAU2GnSNNiyNQQpEbD koCAtl+77ffcnKWkkizoNW3QN8DeOtbrSLLuzVX6X+SMnIKikACtgpNnvauWwmpGfMbRy5GIv0M JGlH9pWYhGj8Os49Pxhk9r20KqkdPxQv1ZkCRkZvwqiFtSy7956fxJ0unuk16Fe9Pqft+g39idx E7/4FipxdkgCdCpzpK7ayyEaKSxk2rmv69UbgJALYCWUq4JVhcrjPvmDVsbyjRl/7nrZuX6Sqhe /8tGTMX+3VgvEqnozOMmkicPGzMJM9KdRbxh3IDpP2 X-Received: by 2002:a05:701b:2303:b0:134:74a6:7db1 with SMTP id a92af1059eb24-13474a67ecdmr911411c88.20.1778676546790; Wed, 13 May 2026 05:49:06 -0700 (PDT) Received: from ewan-server.zhaoxin.com ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-134b4e153dbsm1066142c88.12.2026.05.13.05.49.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 May 2026 05:49:06 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v1 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature Date: Wed, 13 May 2026 20:48:46 +0800 Message-Id: <20260513124846.1622462-6-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260513124846.1622462-1-ewandevelop@gmail.com> References: <20260513124846.1622462-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin big-number arithmetic engine to guests via CPUID 0xC0000001 EDX bits 27 (RSA) and 28 (RSA_EN). The RSA feature provides two user-mode instructions for modular arithmetic on big integers, documented in the Zhaoxin PadLock Instruction Reference, chapter 4 ("Modular Multiplication and Exponentiation Engine"). Both support operand sizes from 256 to 32768 bits (in 128-bit increments): - REP XMODEXP (encoding F3 0F A6 F8, subsection 4.1) computes A^B mod M - REP MONTMUL2 (encoding F3 0F A6 F0, subsection 4.2) computes A*B mod M REP MONTMUL2 is the long-mode replacement of legacy REP MONTMUL, which is restricted to compatibility and 32-bit protected modes. These primitives accelerate RSA and related public-key operations. Both instructions are user-mode and available in all CPU modes, with no associated MSR control. The RSA and RSA_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RSA availability. Signed-off-by: Ewan Hai --- arch/x86/kvm/cpuid.c | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3fb81f7a6107..94ea9abae566 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1290,6 +1290,8 @@ void kvm_initialize_cpu_caps(void) F(RNG2_EN), F(PHE2), F(PHE2_EN), + F(RSA), + F(RSA_EN), ); =20 /* diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.h index f28300c2d5e0..0df96ff9515c 100644 --- a/arch/x86/kvm/reverse_cpuid.h +++ b/arch/x86/kvm/reverse_cpuid.h @@ -85,6 +85,8 @@ #define X86_FEATURE_RNG2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) #define X86_FEATURE_PHE2 KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25) #define X86_FEATURE_PHE2_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26) +#define X86_FEATURE_RSA KVM_X86_FEATURE(CPUID_C000_0001_EDX, 27) +#define X86_FEATURE_RSA_EN KVM_X86_FEATURE(CPUID_C000_0001_EDX, 28) =20 struct cpuid_reg { u32 function; --=20 2.34.1