From nobody Mon Jun 8 16:28:22 2026 Received: from mail-dl1-f53.google.com (mail-dl1-f53.google.com [74.125.82.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A61A830E84D for ; Thu, 28 May 2026 03:22:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938566; cv=none; b=kA6VjqJDGV0VoshfdveACTsJ28gB5Hr4HR/jcdDhHkxsk5RRzF9g3bvj0mmeMEwwJo/PmDC7Tyoj+swCVUilKfP36Qb2kpmZPgAT846E/PWoP9AVdZFk2J8xsZQ8Oaue/3jtEgJTubif6y/a6812aJ1Jw4mRva0jugg8ioFzNzE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938566; c=relaxed/simple; bh=OVkYg2LwRBc+md8NfIOjyJx2HVPlAWaFleOj1m6Zids=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=SPCR4nphdiWcMDwqHito1tg2eZ1bHu9BJxfAG51zjuRrISJ+UKEORJdcQZu4Nl1zlWH2q9bBT7oEfX8e8+hGxOVg/I6H5WwcCwkdeuFgzAkoMJjoL3IKeR5GrH9eOM8P3NpTo0l38dpY8KO0lDgpzzbMZbp65MFZ0U8yEB3LQRU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZDLh9IcN; arc=none smtp.client-ip=74.125.82.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZDLh9IcN" Received: by mail-dl1-f53.google.com with SMTP id a92af1059eb24-1363e78746eso8379227c88.1 for ; Wed, 27 May 2026 20:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779938564; x=1780543364; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yvcljGfx6QiYG5/DvoKGj+F6+hoiC/dtA0HwV2U//Hk=; b=ZDLh9IcNZ05l64gzouxFOwtEVH7Y8P51E/WYEPqQ1TVQVmjzVptYnBPpu6NxrtwluW e13QXROPaZelZ0MlS8pzApnH9q6ihEAZVP8fGqfiM0UJcABGRwPyZH0ovfhHMNBuDOrW X40cbZp3Osuc6lOIf47e3G6gH2EYWfYRMHTeRjhv1mC35cnea7RGJcOWy6jKO/6aWJu7 2rUxGVEWirddiaX4J+m7wC+z9ZP2bHXy21SNkpXCUS7WTFhmMmZSQpJswvCyO+noMdhJ Z+iiyfNdxoRPf+BWMBsnAYIHCSJj5vmpiBEDCbKap+1cpMTxnwM4zfNQsyc+dRZk8U/n 3m+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779938564; x=1780543364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yvcljGfx6QiYG5/DvoKGj+F6+hoiC/dtA0HwV2U//Hk=; b=Ch8a8j3+eoeD2776iU0Jg/VjBqO55zt0aGxkbIZzF6lNGCXIZV5A/RAksj85Lt4hAw Lgm8XkCfGGmCDFykVv5arowbRhKffM8vj+uk0/UlEyYvXyRHDSCHIKlx8cwplbJJKPfk GpON5z0Oq0MrHsp+uMUG+/Ud1Qb5tHmDlk58z/Na4ZphFpu2yViAqbr5qExNOxAX6zt/ Mv99Z4hlCTv8+sCpL+1Ps/rEU9N9QNFqe5CvlspkN17Uh0kNoQ66sfG1U57E+JR8S/Ak MHqAbe3VZG2/8ciAi8WvIa/zKLzc4voU9gBlKlgPwH6dAM0W7bZKCXYYWupNsGzxMdD8 U3uA== X-Forwarded-Encrypted: i=1; AFNElJ94iY3+tyFnIUOjVt4/47QrWZRH1t6IRBNl+gWC0s9AIhWyjftMRFbTn8rIngTniYBPgc0xYX6uwwYeB+M=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+6oTgJlLtVFz2E3AF+HplZGdNEDfLAIchR6Z3XhoGGHgsF+nd 8DBa/2iX1PguNR7DjvlA+5nHG/7RdqHrGbaBIixCYf2dC8vl4+gpx/FT X-Gm-Gg: Acq92OEKJ7bRiI3XbRrcMSU9FuclU6AvFaRWC3W6gpsOJHXDBeeIWxDzIpUsvlFyaSp 60Vk97f9VEThN9yMQgaIySkN8Y7vZQXS9Aj6od0dUY9lZTQSfG5jw8mBTGfIWBZhqNkeHVuJUlV k2FI5oWIb7m2ZhGexJn8X6qXB9ko2cZwXinYf+y4KE27CkTkakMqk0zpftSzedSU/dYlSy9bp8h ynTg07QKyJ8JtZW0sAEX+XSNAlYLEIp6BYPHzlBPfSjB3iAIrsjJEZLWEpUAOlhQGP6viR90omg Q5ruLzVWoIGJ9ik3fEQBk+HdBMLxQToifZ+XAbXMVZDA0VCj9I0bxODRVtUUdBNzE1JCk0r/x4G lWDe/k+mJHZtLniTf56vbbLVrszTbqMKhe9nsG1jzTkeX2LouDGBX/9yU2scYu8+LHjt2cDXRBR Il7t1OI+HMZW0BKzB8H+yAJGicmWSL6YBphBv6CrGHlCWZCHZnC39t7OkLL2o= X-Received: by 2002:a05:7022:502:b0:136:b67e:93e6 with SMTP id a92af1059eb24-136b67e9748mr6449840c88.37.1779938563720; Wed, 27 May 2026 20:22:43 -0700 (PDT) Received: from ewan-server.tailb932da.ts.net ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1366aa88c7esm11650007c88.10.2026.05.27.20.22.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 20:22:43 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, ewanhai@zhaoxin.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v2 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature Date: Thu, 28 May 2026 11:22:30 +0800 Message-Id: <20260528032234.1322565-2-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260528032234.1322565-1-ewandevelop@gmail.com> References: <20260528032234.1322565-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin SM2 instruction support to guests via CPUID 0xC0000001 EDX bits 0 (SM2) and 1 (SM2_EN). The SM2 instruction (encoding F2 0F A6 C0) implements the SM2 elliptic-curve public-key cryptography algorithm specified in GM/T 0003-2012; the hardware-level behavior is documented in the Zhaoxin GMI Instruction Set Reference, chapter 1 ("SM2"). The instruction multiplexes its sub-functions on the RDX[5:0] control word: encryption (subsection 1.1), decryption (1.2), signing (1.3), signature verification (1.4), the three key-exchange sub-operations of section 1.5 (1.5.1 SM2 key-pair generation, which the spec also uses for the initiator's ephemeral key; 1.5.2 responder shared-key derivation; 1.5.3 initiator shared-key derivation), and two preprocess steps for identity and message hashing (1.6.1 and 1.6.2). The instruction is unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The SM2 and SM2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for SM2 availability. Signed-off-by: Ewan Hai Reviewed-by: Binbin Wu --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 1d506e5d6f46..20b33413189c 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -136,6 +136,8 @@ #define X86_FEATURE_HYPERVISOR ( 4*32+31) /* "hypervisor" Running on a hy= pervisor */ =20 /* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 = */ +#define X86_FEATURE_SM2 ( 5*32+ 0) /* "sm2" SM2 algorithm */ +#define X86_FEATURE_SM2_EN ( 5*32+ 1) /* "sm2_en" SM2 enabled */ #define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ #define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ #define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e69156b54cff..1eb4b88aaa80 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1272,6 +1272,8 @@ void kvm_initialize_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, + F(SM2), + F(SM2_EN), F(XSTORE), F(XSTORE_EN), F(XCRYPT), --=20 2.34.1 From nobody Mon Jun 8 16:28:22 2026 Received: from mail-dl1-f41.google.com (mail-dl1-f41.google.com [74.125.82.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD222301472 for ; Thu, 28 May 2026 03:22:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938569; cv=none; b=baEZj6TGqDXF/2cixxlzM166L5IFFgrO5P04BGeXk2afSwt0bwCjO41jYSkC+XLDlfcKPB/PZ8I27ZuHzvqHclN3sk6pOFQ3YcCnaDU8bNKpr1oDmNVwU+N+ae8OowwU/RwPLjJbhsI5EEsqYhtlbX4dX+RYc9lCm/8qVgM5j9A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938569; c=relaxed/simple; bh=tDF3ZmKVpEC4shYM/JHRfNnBmzTPIz70W6cP79CziYI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UK4KSLQHH6a3kaLbdRnwx6V2yZ3gjk31cC7+IDhd/uzPCgRNuRdFiQka7dYyg5pAQgPt0yX84jGFpXEeT6qsPH2EKR5nthFa+SxmR7H425+Bh3c1VgXk/tAOmGuTxbRqDebaILuXuXq5r/8vpyXd40gmcmd84j+LQ1JQwcwMfus= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YpO9D6T+; arc=none smtp.client-ip=74.125.82.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YpO9D6T+" Received: by mail-dl1-f41.google.com with SMTP id a92af1059eb24-1334825de43so10968969c88.0 for ; Wed, 27 May 2026 20:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779938567; x=1780543367; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=0R9tOzrr8KJ8Ew/2llqW/EXyCybA2lhbdpTnPfEMUP0=; b=YpO9D6T+gu7EOSyIi1mo8/gguA3k+CWyfNP1/sggLUZI365twxqZyQxWQs+GLKwk2E ERF61R8ZDNd3WXUm3rOFzQ625LlgSlpfhV/xNHGJF5ETOHmovFmsE8QDTrp10FGhlWVX 1webr4vziTLnLi40xSdCpTd+LFELKOfUO2AsjJxClpLuvuMoF2Tm4ZhwXPaVOQM/4t6D wL8We2Cc6KKAMPMPLNDwnKjCdJRdtxLqeWngtX221rG5DYVvoiTLARW1azEpmuz8Z4Q1 MqPg22hOB2kV4sSGc6S6mxlGpfuuC7M+Kxg9IgYvAqAzBhA90cmtDpo35WqB6YnmO/Cc twHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779938567; x=1780543367; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=0R9tOzrr8KJ8Ew/2llqW/EXyCybA2lhbdpTnPfEMUP0=; b=XafG6slTXGFXtP/op5qd03zpjGsybfWpdOBB7V4xnzmNwN5jzfwkCylMTEsFCJG4jV 9bXbypzTO+jEmyg9LB9rYqoGOaArcwHJK34PxBYqvNDZ0VaO7draQwUSaOw0X4XcE6u1 tIl50R4iYzVhEl944b84iyqAO66cBwZhyI0YSdGwtR3XuhMBNzaHxoh3SWE02JrDkUZV pv2yiCRpAue6Ps7Z/1wcS3NCX1lbpuQ79z1rHHzrrdWlNR0fx98Bo5jaK9MBLvbTt57T 8Nt+QRMhn8nnBNC7+h7rn/qVaOiQ/fefgaSElIwUxxZDgd9zwnD0WEua4LTUjCCNsLyc 2iNQ== X-Forwarded-Encrypted: i=1; AFNElJ8roYi77XeUpHk/i5jZEY6KC9AljcT4tyTorzVT0mBX4/qxUgtlbXoQ3FTvchnzCMrkR/u8gzKG/nQpiGY=@vger.kernel.org X-Gm-Message-State: AOJu0YzliBFII9sOEDESx7zbyN0sUxCZvJ70e6b+oDeypZ/HIPuB6ruO KQG91J5vdGbI/pxXz2ZBANZspB8gOt5Pra9VGeE6RseZUqe0bHwEfaHZ X-Gm-Gg: Acq92OEnjktgQuSGRQXijezxR+Fgq59hGjmhi55VxLtOnkVkTC+WuRSBHhTi5HPrqha 4fQio/hdXz7U5oX0yIa5MblBLjAqewqYsUSc4jneJF5A0jErofIPXeJaL1xYgL57IdOpfLRcVcA KEjDy3DbPiG717M8Jk4YlH9f3JkwhTIXD38dSLioEytsP34DCYj16hffIQfFG6xs9meeQSVODFg jnUxV8DZVafSZXDw62dFF1N5TyBeYRB5bO0MSESpxqnx06dyxMGf5UH/D3LeRRn0FTiFhR4LEOz xyyhzFP8YZJV94AywBo0UxGlMNU3BkMgTUKMQnpIDwdcXCxvU/OIJPCWvafBWJcVzi/Ykk2fseW mb28ezHltyZgqBdT6SLndtIwnT99tTCKhGL3G+oYL9mQKrChmBg+9zYWk2GwqDtAT3S05S0c3oi AcCqIGo0RHvK4VInTsdWiinfTh3dm3ywrRstjMEgkiCjkbIsSpcHD3mrMwbVE= X-Received: by 2002:a05:7022:fd0a:b0:136:4103:a5b8 with SMTP id a92af1059eb24-1365fa38819mr8508431c88.22.1779938566980; Wed, 27 May 2026 20:22:46 -0700 (PDT) Received: from ewan-server.tailb932da.ts.net ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1366aa88c7esm11650007c88.10.2026.05.27.20.22.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 20:22:46 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, ewanhai@zhaoxin.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v2 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature Date: Thu, 28 May 2026 11:22:31 +0800 Message-Id: <20260528032234.1322565-3-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260528032234.1322565-1-ewandevelop@gmail.com> References: <20260528032234.1322565-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin CCS (Chinese Cryptography Standard) feature to guests via CPUID 0xC0000001 EDX bits 4 (CCS) and 5 (CCS_EN). CCS groups two user-mode instructions for Chinese national cryptographic primitives, documented in the Zhaoxin GMI Instruction Set Reference, chapter 2 ("CCS instruction group"): - SM3 (encoding F3 0F A6 E8, subsection 2.1) implements the SM3 hash algorithm specified in GM/T 0004-2012. It supports two modes selected by RAX: auto-padding stream mode (RAX=3D0) and pre-padded block mode (RAX=3D-1). - SM4 (encoding F3 0F A7 F0, subsection 2.2) implements the SM4 block cipher specified in GM/T 0002-2012, supporting ECB / CBC / CFB / OFB / CTR modes via a control word in RAX, and CBC-MAC / CFB-MAC when RAX bit[11] is set. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The CCS and CCS_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for CCS availability. Signed-off-by: Ewan Hai Reviewed-by: Binbin Wu --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 20b33413189c..276e4ef90bd0 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -140,6 +140,8 @@ #define X86_FEATURE_SM2_EN ( 5*32+ 1) /* "sm2_en" SM2 enabled */ #define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ #define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ +#define X86_FEATURE_CCS ( 5*32+ 4) /* "ccs" SM3 + SM4 instructions */ +#define X86_FEATURE_CCS_EN ( 5*32+ 5) /* "ccs_en" CCS enabled */ #define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ #define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enable= d */ #define X86_FEATURE_ACE2 ( 5*32+ 8) /* "ace2" Advanced Cryptography Engin= e v2 */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1eb4b88aaa80..8aaa3f20670e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1276,6 +1276,8 @@ void kvm_initialize_cpu_caps(void) F(SM2_EN), F(XSTORE), F(XSTORE_EN), + F(CCS), + F(CCS_EN), F(XCRYPT), F(XCRYPT_EN), F(ACE2), --=20 2.34.1 From nobody Mon Jun 8 16:28:22 2026 Received: from mail-dl1-f51.google.com (mail-dl1-f51.google.com [74.125.82.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2568C2F7F03 for ; Thu, 28 May 2026 03:22:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938572; cv=none; b=APistU/KGWihI1p7EQABTLO1hnTF4zMiViBsMiabPPS9r3fiI/aFu17fQQHhHQBaHkyhh03HEjJLbxA9SbKyq1kU56fVk4sJFjOHmnTw57Zh45RN+pWfniwUe/mRa+UNEyOA9jjg6FYBTlq+4Mw7kDynTmmwGIlVfnoeOdecIQo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938572; c=relaxed/simple; bh=eMORQvS9aR5FjqYCVZbdydejsuj+xDuXWlicDHJHYgE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UR2EpIUWXqt2okDRUHiQDXmoHAC3M+ibGT2JS3bl1MtPzz+NUR4oAFjJ3sJ1lSXWbT+546C/RfvP8QGmbEj1HRAL0XkJNn3wlwC3ae3XwQBESK5kKprd8rLrMm3vDJI94/RUEvnhyXqOBiNn4MVvS63JWsXlIVaZYZVV9On5E/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bIg7dBd2; arc=none smtp.client-ip=74.125.82.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bIg7dBd2" Received: by mail-dl1-f51.google.com with SMTP id a92af1059eb24-1363fe80fe8so7095386c88.0 for ; Wed, 27 May 2026 20:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779938570; x=1780543370; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=yWz98vafF6jvWb4m4QX8sFPHOZ07yidVKCklk7kM428=; b=bIg7dBd25ZHNQgZw/s/MnbkyotIkmHVy4VGeBahIkYbMHPS+BbQ3Jnzn+Ou8/PsoKy /1pkiXrLcYGY0lLVR5LNgJkCdWke1rwQBa6Cai1nrZOB4h/q6yjMPhY1OblV30ye+e1k C1TPNpx8FH/ikaXU7WcFg+uSmiuXpw1RR1SBEov7vmxMPZI2UliqA0uKZHc4VpHz6KWX xV0r4aCX0MRMitAf37Wtz9UN1+g6cp0yr1STgX1SeZzJtLKIKfzIEgmpD/+NCIHPiuMX sZhFNLfVJnhcX3Qxbp3GIPlzyhDG8MxdmESw9JI4Q9xwJMXCOjFqRV6jsA9ktYCSp3q9 74pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779938570; x=1780543370; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=yWz98vafF6jvWb4m4QX8sFPHOZ07yidVKCklk7kM428=; b=ATYtG8dxl1u3L9S+ucBQFrWbD6xcD+Is6hupv0TMiYVbgxVoZnpPIfCo9ew5xa7Llh hr6QGiO0t4r10D60FxzAAltAUbIRVZXjLXZahwTBpNanPyuuxowKRjYMNJTv44RWxWsE yvfrkoqa6fPPti0a1TAUaeIEHkv8/vhIn6CCDFkcGLWrYL3pnInNnGGEGLqHwElIxidV 2PSjnBdjq4DSLP7bGfFoNKjib6EEaLgFuTGMfA/wSyvnHh2Nw6NSA6cjVgENYSBjaBH3 J5nbSIUUhG6rbPWpE5A4BpZmBryTsh3ZGN9Tjd6YQ4RKoACJR64EFYAVy+f6HPu/Bd6h /nMw== X-Forwarded-Encrypted: i=1; AFNElJ+E4dh1EPf42MWDFVfy5wECrhgbsbwe8J+lZ4RXjSotdWt6jqJy7uDPFIrxXSlkvAqC4bTCzgva5TXf5qQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yz5cU1vIeHtlkdBGRASCUaQJXjtHzxpx2uak+Vbw0gx7XzeEFqi VubtE2u57mf6N430d2ig1zWRkLGHhL4jGXHKrRicWihgYfaekDFi9uoG X-Gm-Gg: Acq92OHf1CK39q3WmX4rf1jbynsnvUIAaoTpYETar1qEKmafxL/7sM+sKiDT6tWusq5 /pDBh5jt3AYqvJ3A2zXhkBTRbu5MD228Q7vxXaobVQUAIVIGyqSZy3pDkHRVqKGYtlzsQ5RkdWt Q4IpXzA8VMFBskZxmL+UFJS+B35TwIIt/bL7X199nDc6i3W+9M04WpbmyiSeKf18APoiZ1OC62w tvCLElfMUt1XBk8SIvseLegg+7sHzUHWn80+cuKPANxyWB4iUEjIh+iNTKEcq+d+IUCWWRFF6Cb /498lAeUzGJnNXJNuqWNgmV9XeKDFjzxiR7Xz26QpHKczCuVMHZYXziN9j6YymVxDU9UbC2g29+ oNqVEZZFpBmZc1xneBaAMQ64F0m81gPEaSokhQcgdaU6Z90Kq3txU1f8HpBEGsPVxjsi4f/VY6c CY303fOUSwE/ARkVfSmMsO3Fdvui6e9zpyS/w4komWpah1Q/RVDqYPKPtBNFo0m7sGofVbkg== X-Received: by 2002:a05:7022:689d:b0:127:5cd6:fa45 with SMTP id a92af1059eb24-1365f818ee5mr10812257c88.14.1779938570253; Wed, 27 May 2026 20:22:50 -0700 (PDT) Received: from ewan-server.tailb932da.ts.net ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1366aa88c7esm11650007c88.10.2026.05.27.20.22.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 20:22:50 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, ewanhai@zhaoxin.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v2 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature Date: Thu, 28 May 2026 11:22:32 +0800 Message-Id: <20260528032234.1322565-4-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260528032234.1322565-1-ewandevelop@gmail.com> References: <20260528032234.1322565-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin second-generation hardware RNG to guests via CPUID 0xC0000001 EDX bits 22 (RNG2) and 23 (RNG2_EN). RNG2 is exposed by the REP XRNG2 instruction (encoding F3 0F A7 F8), documented in the Zhaoxin PadLock Instruction Reference, subsection 1.3 ("REP XRNG2"). It produces random bytes from two on-die RNG sources selectable via RAX bits[10:9] and an output mode (raw vs post-processed) controlled by RDX bits[1:0], providing high-quality entropy intended for cryptographic operations. REP XRNG2 is unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The RNG2 and RNG2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RNG2 availability. Signed-off-by: Ewan Hai Reviewed-by: Binbin Wu --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 276e4ef90bd0..e264758d58e2 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -150,6 +150,8 @@ #define X86_FEATURE_PHE_EN ( 5*32+11) /* "phe_en" PHE enabled */ #define X86_FEATURE_PMM ( 5*32+12) /* "pmm" PadLock Montgomery Multiplie= r */ #define X86_FEATURE_PMM_EN ( 5*32+13) /* "pmm_en" PMM enabled */ +#define X86_FEATURE_RNG2 ( 5*32+22) /* "rng2" RNG v2 */ +#define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8aaa3f20670e..087c41341240 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1286,6 +1286,8 @@ void kvm_initialize_cpu_caps(void) F(PHE_EN), F(PMM), F(PMM_EN), + F(RNG2), + F(RNG2_EN), ); =20 /* --=20 2.34.1 From nobody Mon Jun 8 16:28:22 2026 Received: from mail-dl1-f53.google.com (mail-dl1-f53.google.com [74.125.82.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 751252FD7C3 for ; Thu, 28 May 2026 03:22:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938576; cv=none; b=ffMUF9nzatM6sEq0gDKtRaJbAiXMHKU+ZHrXzFvgN0vB8/n1wlIZ5FWLG1N7xzU3hUVfGnbcr+JiJEZ3prqBHgjV3gbhEpgsfr5nvw3z2/UPnm97uG+7DQLnjwZoX9hjxBqhMne8/0/uVTrEbS54+hzmo+bWA9V1W9ZsFD2TkFQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938576; c=relaxed/simple; bh=1k577+1w5r9YRoVpypILqIfv/ZodMglY3KUFYU2Cz0o=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=jS/FZSO6wyEqq2q/jeU+n+XhB00KkstRpbLdHWj5LulpPdP0GtW0eech2Jk7uIthGrJLgcimyXA2a0peuzxEZIVXHehfDfnnwW94R/n8RSLl9UuvpPNkdTBIQZpf9BpVZb72rLnzONaQ0QYRbHvUKfPp+1qBwFS7CCh37BJ8Xb4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=O5+WbTvg; arc=none smtp.client-ip=74.125.82.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="O5+WbTvg" Received: by mail-dl1-f53.google.com with SMTP id a92af1059eb24-134ac81c445so21852514c88.1 for ; Wed, 27 May 2026 20:22:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779938574; x=1780543374; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mYRejrKAPEg0gypyudYE+J5U28eexbZuZvhZhYjI5Uw=; b=O5+WbTvg+kA/4BLNXtGkPlZGJogjUEt2yrtCquqzUHyNFnTJUaW18Lc1z2pB/dMaYQ s1vX/lvCqabRYI/lAEbaEbsL91o9RfH5b/D0+neoazppU6o4Z0L5Rr/wDfwHSK6Q07zo z0xYSKVdSlo8Pf/QXmE36pcS626AlXgyidAl+rSJYQ+l3o9B6EmYmZ5rxk2OUtRJRFo8 8bgSBH5sbkLWBeWT3e5Z9jtW2V8KonhgvWEWJuE/Y98bFxyKdZj76WTCf07fUVoRVaQN 8aTbXhJ4162uUikONbHVcvIeDMtr1kQlK05RFCCAmPi3hl9bM8L3FyMUXILEZ2G3em1I F7+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779938574; x=1780543374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=mYRejrKAPEg0gypyudYE+J5U28eexbZuZvhZhYjI5Uw=; b=KaBQexMgv0RysbMtwXMN24k4m74KBV7ymBcJeSI7iWU2a2TXMo6EhH6UZ4a/kTlOsz MyfIkCdG+72nQFzEJLcHMMK1nJCbM2dcq//9u3U7jLfbFPUfr+orYZcpjPE5pnH1cpXy bohtcFn6seEBHfdmnqHFw5WuK+5YqM361bbHbB07CPgHxeaY7RjDu6zPEmqWryws0boa WTbRSsWoKg556YjWZtYKRjHojI4BNcsNxkLRaPMadSLVPWzhB0Wi3ypp3IaOfKpbTi3d h80Tbz4o9vACDfJCU9MK4SU2jvWQWeNJlmmfjFDK9adTYl/EjcLr23IrVA3okAdIP+u1 h7aw== X-Forwarded-Encrypted: i=1; AFNElJ8papqVjwupVFHQE/Da8GMA+zx4FqEt+idi/7HlsVcm78zp9yUeWNz6o5x9v8Jxq9ZhCxATwD3cTmAWDIA=@vger.kernel.org X-Gm-Message-State: AOJu0YwBp9FD6HWpn+752ioLqbKXXwxjIHzmIT1Y0pS/gw9hG1OhS1zQ LKOlBFC8jl/dhb10q0PRBPcmovYfEszxAkb4DP2ITKmvUFVcLyatn2mV X-Gm-Gg: Acq92OH19s1MKuKSmHsnRmV4/AC4UQQU4q8SNenRET0UwD/7mrdIMm5UcOTIrqCEKqt TRswI2hOJAzojzOI5WLHKuicEtlCLiXHq+cQBiNlt+ec21mW7B24BbmRVeXVCk1AsItyTeAQAuN t1IHVrtniAfQ+9Id2hUFlo31RCve6NPHywFQJfLVbESXKA30xYo8L8lr4FBdpziH+qBQYuglS32 Jny34BbtS1EeZ/AdY9R85woGScax6KYHCiaNdWZbmyjDnXdEsJ446ouQQYaLTeBgvwsjFEFyGb3 lcBes/D8L9/EIQWOqxWwHJjQDOyJWD1DMGfUlBDfijiN4n+qtWbGMufv2iAytScAl1wuknCLhUs 3wxYDrNJdWryNM7zkNCP6TWMc4QkxwMJJsIIlypjMaxuRw+Ni9oWIL8ppRqYaFR3GMkLcto5nm0 boJFDXer0smO6E5SzSfKYRxBuzA4fR0Q9ZAQ2YnsJEfmAi+iXphoIe2i4mj2E= X-Received: by 2002:a05:7022:fa0:b0:12d:ea4f:99de with SMTP id a92af1059eb24-1365f1c58cbmr8407366c88.0.1779938573546; Wed, 27 May 2026 20:22:53 -0700 (PDT) Received: from ewan-server.tailb932da.ts.net ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1366aa88c7esm11650007c88.10.2026.05.27.20.22.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 20:22:53 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, ewanhai@zhaoxin.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v2 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature Date: Thu, 28 May 2026 11:22:33 +0800 Message-Id: <20260528032234.1322565-5-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260528032234.1322565-1-ewandevelop@gmail.com> References: <20260528032234.1322565-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin PadLock Hash Engine v2 to guests via CPUID 0xC0000001 EDX bits 25 (PHE2) and 26 (PHE2_EN). PHE2 extends the PadLock hash family with SHA-384 and SHA-512 support per FIPS 180-3, complementing the existing PHE feature (SHA-1 and SHA-256). Two user-mode instructions are exposed, documented in the Zhaoxin PadLock Instruction Reference, chapter 3 ("Hash Engine"): - REP XSHA384 (encoding F3 0F A6 D8, subsection 3.3) - REP XSHA512 (encoding F3 0F A6 E0, subsection 3.4) Both consume software-padded 128-byte blocks (RCX =3D block count, RSI =3D input, RDI =3D state) and produce hash output in the state buffer. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The PHE2 and PHE2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for PHE2 availability. Signed-off-by: Ewan Hai Reviewed-by: Binbin Wu --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index e264758d58e2..3702d7a30ae6 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -152,6 +152,8 @@ #define X86_FEATURE_PMM_EN ( 5*32+13) /* "pmm_en" PMM enabled */ #define X86_FEATURE_RNG2 ( 5*32+22) /* "rng2" RNG v2 */ #define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ +#define X86_FEATURE_PHE2 ( 5*32+25) /* "phe2" PadLock Hash Engine v2 */ +#define X86_FEATURE_PHE2_EN ( 5*32+26) /* "phe2_en" PHE2 enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 087c41341240..3fb81f7a6107 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1288,6 +1288,8 @@ void kvm_initialize_cpu_caps(void) F(PMM_EN), F(RNG2), F(RNG2_EN), + F(PHE2), + F(PHE2_EN), ); =20 /* --=20 2.34.1 From nobody Mon Jun 8 16:28:22 2026 Received: from mail-dl1-f50.google.com (mail-dl1-f50.google.com [74.125.82.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0D6430C359 for ; Thu, 28 May 2026 03:22:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938581; cv=none; b=aGFR4+U9SH8ShGdmBT570DZBfugYlDV8LtN+uQJwS0pIEgjt/w8jrqGWKJuG2YugbLM0r3wOtBujGKTwkqF0BihhExebqLDXU3A8Q/tU8QbXvQPzuXMcG7rNpLQdyQHSNn/fk1FDz4Q1z2SNlfKDUaLRoCC72KS57BKungd0Xsk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779938581; c=relaxed/simple; bh=Jvfk7gaLUjWx7ArQLFOHYObsLwYlIgAWiOPOiuDioAA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=r+Cwqpr6sdF67qDvPYlTv0zSQylEdSrBV/wel3ixsB+TeKUrbXKUtSseD0QXpjiSebkNIkJwKKd/ZuRLShdncLUhWj9Kl/oaAmmavwH8LitdVib+Wfql8qmUF8XIpAlk6vD2tCfH7k6CyHs8bPadE8taFCXNeP9qL0ge0nRUj3o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AcVKD3cy; arc=none smtp.client-ip=74.125.82.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AcVKD3cy" Received: by mail-dl1-f50.google.com with SMTP id a92af1059eb24-1353c2f35cfso3309282c88.1 for ; Wed, 27 May 2026 20:22:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779938577; x=1780543377; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FGJ1VhqmwIMs22XCOQT4AiP80fa6L3cM+BSo0I/Hwjk=; b=AcVKD3cylQrZqcygaknv7iPA7Hp1DT230/lLt8efshtmq9o7Jmzj7fzc9QCLrqtlbF FB3Ql6KkfIIsYqRQdLouz+4ml7cApkpCPj4Vmr48yLGlOs8OBo01FtZBfx2vqCG5TV4n xFs43LjxMJ/PRZrJhLkMnNxYS3HQ6dCe4y4JgheVaIMBb5DBy7e/Niza3hqrkVH+INWr 5Xr9obR3Pj27+Crndjoy7Ximtv3wegJj8v4N6yVus1CUqMx83MOx/997TiY2zm9pmRkk TKyAucg3QbruJLucDV+bt5GovHAZCWm4U7DNagYQcxr2kMxO7WiOd9M7o9oGQXLrwadt DIew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779938577; x=1780543377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=FGJ1VhqmwIMs22XCOQT4AiP80fa6L3cM+BSo0I/Hwjk=; b=HoHRmkDmhyl1KPMhHDMWxdajCo1ffNu7RX7SaQbopTcOXj75TCOMo6HM3JyGxv/WU9 RXUmrCnJrDpxY30u8Br88E6YgesW5/z89qkm9QAOj7N2vvFpZHH17dzg9YTQPC3SBVrF +h/lDB+HYfUnFnTwYEd7AEc2KdxS/OJ6AMWvUS6JtY/LiuIiNyjVp7ZwBP8xboGRlFTW hp6UPhzJDJQlzXjzRYZlr91iU8/cwNC3hm5bREZN7+t+nU1QBXJdCGAM3Svh1L1f0sIt 1pj67epF7O11U4EtxMpiIf8/B2RYXSbkLwRIqywsC/p9k6Kv4yxBUzGbKwdqUqgJ49sn oImQ== X-Forwarded-Encrypted: i=1; AFNElJ+E6NV/Q8EOOzvP02aEPYkvQlI7byn0sUpTTTeSwURoAzsMQgaI5SwezWOPy37AHtKpEmBhQmclUrKBEo4=@vger.kernel.org X-Gm-Message-State: AOJu0YzcKdCijbGsk+u8lfgiNeSkcGRopZaRv3dJHHDNtC/jvQug0hav PStQ3dDuwTl1r7w86su0b/5UQtXpaHX318x4wzAxmEj+HLCzHfWrtLCYmH9lqtKi X-Gm-Gg: Acq92OEwbDpbsvWKcu98JdKIaSjg4QtisqORXTQCZ7A02QPacbXrsYI77uNqOSYKy5i k9+QFcOtv1XkR/uy0KHF1NDwVpfByKw5iVcykmDs0vl3Y2l0so9NejOYEJoWA6PuX9sfkEVbK6y grBi1gehhP9F36Mj8oQB/PCC4PD3QBluEFnHod8Ef/hm1ACH+T9UtwJqaFKUKBI3DCgaW9YhHU3 YjLnDwgBWdm6NGEJy16EHhot8rJ2r14j9/fOQ/bnHTMOssJfLDhYeMbRHMJ7OahUPUOmKk5Bkez nkL/Y2GrWBXq0J5laL0SEKBN30hGkwC4lj1s3UyXNzbaSM1zXv+8rYCF1OUUDivFEa3wWhL0w+T n5HYooH99dy7sng1VI7h2haBk1zm7oMwaaSAU+mkrojXP7VMgvp4y27UV69J84VsVugnJkXGb4Q 95QoxANmJYbvEJx+5T6fkvnHM/3dgqpl/1kxuMc2XjPskPcLX0BAi+fXphiSQ= X-Received: by 2002:a05:7022:6892:b0:12d:b7bb:4f54 with SMTP id a92af1059eb24-1365f810e21mr11285738c88.3.1779938576838; Wed, 27 May 2026 20:22:56 -0700 (PDT) Received: from ewan-server.tailb932da.ts.net ([154.26.185.247]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-1366aa88c7esm11650007c88.10.2026.05.27.20.22.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2026 20:22:56 -0700 (PDT) From: Ewan Hai To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, ewanhai@zhaoxin.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v2 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature Date: Thu, 28 May 2026 11:22:34 +0800 Message-Id: <20260528032234.1322565-6-ewandevelop@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260528032234.1322565-1-ewandevelop@gmail.com> References: <20260528032234.1322565-1-ewandevelop@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin big-number arithmetic engine to guests via CPUID 0xC0000001 EDX bits 27 (RSA) and 28 (RSA_EN). The RSA feature provides two user-mode instructions for modular arithmetic on big integers, documented in the Zhaoxin PadLock Instruction Reference, chapter 4 ("Modular Multiplication and Exponentiation Engine"). Both support operand sizes from 256 to 32768 bits (in 128-bit increments): - REP XMODEXP (encoding F3 0F A6 F8, subsection 4.1) computes A^B mod M - REP MONTMUL2 (encoding F3 0F A6 F0, subsection 4.2) computes A*B mod M REP MONTMUL2 is the long-mode replacement of legacy REP MONTMUL, which is restricted to compatibility and 32-bit protected modes. These primitives accelerate RSA and related public-key operations. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The RSA and RSA_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RSA availability. Signed-off-by: Ewan Hai Reviewed-by: Binbin Wu --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 3702d7a30ae6..a769c83588f7 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -154,6 +154,8 @@ #define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ #define X86_FEATURE_PHE2 ( 5*32+25) /* "phe2" PadLock Hash Engine v2 */ #define X86_FEATURE_PHE2_EN ( 5*32+26) /* "phe2_en" PHE2 enabled */ +#define X86_FEATURE_RSA ( 5*32+27) /* "rsa" Big-number arithmetic */ +#define X86_FEATURE_RSA_EN ( 5*32+28) /* "rsa_en" RSA enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3fb81f7a6107..94ea9abae566 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1290,6 +1290,8 @@ void kvm_initialize_cpu_caps(void) F(RNG2_EN), F(PHE2), F(PHE2_EN), + F(RSA), + F(RSA_EN), ); =20 /* --=20 2.34.1