From nobody Wed Jun 10 21:10:12 2026 Received: from mx2.zhaoxin.com (mx2.zhaoxin.com [61.152.208.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 51F882147F9 for ; Wed, 10 Jun 2026 02:35:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=61.152.208.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058927; cv=none; b=HZCwio9QTuENfj+GWbc1N1+AHLrth8OWGbuNviWQ+NfcVxuTp9keQB6kpNO6ZrxIMfP3SONzSjg6SPZ1nREUx5u7NCfotAPW0UilrF8wKHPHzIdgcE6aUhAVPF/cOwRBDf8r0P+YpzSIR3hFx+WkTPxeWPuEti0rkEgkeNFFcNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058927; c=relaxed/simple; bh=wy4VcW6zxfvNKRMWS0eZrwqMtBovB3dxMFw7xrcEszU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DBALS4NCFqoaVIdfSPRKQFs/VaE6YC4PsASgpbbITex4OyA/75cK4JzplXe5wSwXeYsVtBnSD+gGHiuedN6K5P2ApdpiASRH6RngvdMpJWSwxIzC1619RYJ1Zh4DQhpjwaJYhlbZeQQl3vL/bNkdhZ5GBOdicqoJEcXhiZ3V17k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com; spf=pass smtp.mailfrom=zhaoxin.com; arc=none smtp.client-ip=61.152.208.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zhaoxin.com X-ASG-Debug-ID: 1781058915-1eb14e680bbe4b0001-xx1T2L Received: from zhaoxin.com (zxmail.zhaoxin.com [10.28.208.166]) by mx2.zhaoxin.com with ESMTP id 0cbQqoMVIOfBTmEx; Wed, 10 Jun 2026 10:35:15 +0800 (CST) X-Barracuda-Envelope-From: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.208.166 Received: from ewan-server.tailb932da.ts.net (ewan-server.tailb932da.ts.net [10.28.24.2]) by zhaoxin.com (8.30) with ESMTP4ad870936500fb2b95ecb346b7f35086 Wed, 10 Jun 2026 10:35:13 +0800 X-Eyou-Smtpauth: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.24.2 X-Eyou-EnvelopeSender: ewanhai-oc@zhaoxin.com X-Eyou-From: Ewan Hai From: "=?UTF-8?B?RXdhbiBIYWktb2M=?=" To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v3 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature Date: Wed, 10 Jun 2026 10:35:08 +0800 X-ASG-Orig-Subj: [PATCH v3 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature Message-Id: <20260610023512.3690734-2-ewanhai-oc@zhaoxin.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> References: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Eyou-Sender: X-Barracuda-Connect: zxmail.zhaoxin.com[10.28.208.166] X-Barracuda-Start-Time: 1781058915 X-Barracuda-URL: https://10.28.252.36:4443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at zhaoxin.com X-Barracuda-Scan-Msg-Size: 2646 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 X-Barracuda-Spam-Score: -0.96 X-Barracuda-Spam-Status: No, SCORE=-0.96 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=FROM_EXCESS_BASE64, FROM_EXCESS_BASE64_2 X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.159832 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.01 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.05 FROM_EXCESS_BASE64_2 From: base64 encoded unnecessarily Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin SM2 instruction support to guests via CPUID 0xC0000001 EDX bits 0 (SM2) and 1 (SM2_EN). The SM2 instruction (encoding F2 0F A6 C0) implements the SM2 elliptic-curve public-key cryptography algorithm specified in GM/T 0003-2012; the hardware-level behavior is documented in the Zhaoxin GMI Instruction Set Reference, chapter 1 ("SM2"). The instruction multiplexes its sub-functions on the RDX[5:0] control word: encryption (subsection 1.1), decryption (1.2), signing (1.3), signature verification (1.4), the three key-exchange sub-operations of section 1.5 (1.5.1 SM2 key-pair generation, which the spec also uses for the initiator's ephemeral key; 1.5.2 responder shared-key derivation; 1.5.3 initiator shared-key derivation), and two preprocess steps for identity and message hashing (1.6.1 and 1.6.2). The instruction is unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The SM2 and SM2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for SM2 availability. Reviewed-by: Binbin Wu Signed-off-by: Ewan Hai --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 1d506e5d6f46..20b33413189c 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -136,6 +136,8 @@ #define X86_FEATURE_HYPERVISOR ( 4*32+31) /* "hypervisor" Running on a hy= pervisor */ =20 /* VIA/Cyrix/Centaur-defined CPU features, CPUID level 0xC0000001, word 5 = */ +#define X86_FEATURE_SM2 ( 5*32+ 0) /* "sm2" SM2 algorithm */ +#define X86_FEATURE_SM2_EN ( 5*32+ 1) /* "sm2_en" SM2 enabled */ #define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ #define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ #define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e69156b54cff..1eb4b88aaa80 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1272,6 +1272,8 @@ void kvm_initialize_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE); =20 kvm_cpu_cap_init(CPUID_C000_0001_EDX, + F(SM2), + F(SM2_EN), F(XSTORE), F(XSTORE_EN), F(XCRYPT), --=20 2.34.1 From nobody Wed Jun 10 21:10:12 2026 Received: from mx2.zhaoxin.com (mx2.zhaoxin.com [61.152.208.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1AF653093D3 for ; Wed, 10 Jun 2026 02:35:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=61.152.208.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058933; cv=none; b=VMNkolYeFusLLrPoVJ6W4pv3CHpUn1R3I1aVW2SkbPaxOiXmO4O7XbOITLnFqllbvCEfyeqW2uZM3LQcZaijDHKf7j6pQf+1AdHVpkh/mwlfg5Y9jjH770VEOfqTgGWphWtnVgc4xSTmAQeDBDyfSt3FMSjayEfJEoD9XWiycDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058933; c=relaxed/simple; bh=LvqXSc8Xfn7hVMcvUPCj9ztTXe7ul5Dmd8/EQMyHN3g=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YFL5O6NJ1YCcGhlU5vuGDVOuYo/x1IgnBgvK82IVa0mDQcIc2T2BmnHZttXWtAYUrnU00NcVJYEQFVUbOnaPSOua+BQKV8jA0DNwQTX4xTFRoTDOIy+1upKFHEVaYC20IaA9iXyStfe5JJMRICCMdJYVNi2g6IixDKperTJhJ/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com; spf=pass smtp.mailfrom=zhaoxin.com; arc=none smtp.client-ip=61.152.208.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zhaoxin.com X-ASG-Debug-ID: 1781058916-1eb14e680fbe4c0001-xx1T2L Received: from zhaoxin.com (zxmail.zhaoxin.com [10.28.208.166]) by mx2.zhaoxin.com with ESMTP id cWXyKrrqdIwGy6UD; Wed, 10 Jun 2026 10:35:16 +0800 (CST) X-Barracuda-Envelope-From: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.208.166 Received: from ewan-server.tailb932da.ts.net (ewan-server.tailb932da.ts.net [10.28.24.2]) by zhaoxin.com (8.30) with ESMTP179db99e0c2d20671b9b939d8b475086 Wed, 10 Jun 2026 10:35:14 +0800 X-Eyou-Smtpauth: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.24.2 X-Eyou-EnvelopeSender: ewanhai-oc@zhaoxin.com X-Eyou-From: Ewan Hai From: "=?UTF-8?B?RXdhbiBIYWktb2M=?=" To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v3 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature Date: Wed, 10 Jun 2026 10:35:09 +0800 X-ASG-Orig-Subj: [PATCH v3 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature Message-Id: <20260610023512.3690734-3-ewanhai-oc@zhaoxin.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> References: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Eyou-Sender: X-Barracuda-Connect: zxmail.zhaoxin.com[10.28.208.166] X-Barracuda-Start-Time: 1781058916 X-Barracuda-URL: https://10.28.252.36:4443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at zhaoxin.com X-Barracuda-Scan-Msg-Size: 2627 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 X-Barracuda-Spam-Score: -2.01 X-Barracuda-Spam-Status: No, SCORE=-2.01 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=FROM_EXCESS_BASE64 X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.159832 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.01 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin CCS (Chinese Cryptography Standard) feature to guests via CPUID 0xC0000001 EDX bits 4 (CCS) and 5 (CCS_EN). CCS groups two unprivileged instructions for Chinese national cryptographic primitives, documented in the Zhaoxin GMI Instruction Set Reference, chapter 2 ("CCS instruction group"): - SM3 (encoding F3 0F A6 E8, subsection 2.1) implements the SM3 hash algorithm specified in GM/T 0004-2012. It supports two modes selected by RAX: auto-padding stream mode (RAX=3D0) and pre-padded block mode (RAX=3D-1). - SM4 (encoding F3 0F A7 F0, subsection 2.2) implements the SM4 block cipher specified in GM/T 0002-2012, supporting ECB / CBC / CFB / OFB / CTR modes via a control word in RAX, and CBC-MAC / CFB-MAC when RAX bit[11] is set. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The CCS and CCS_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for CCS availability. Reviewed-by: Binbin Wu Signed-off-by: Ewan Hai --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 20b33413189c..276e4ef90bd0 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -140,6 +140,8 @@ #define X86_FEATURE_SM2_EN ( 5*32+ 1) /* "sm2_en" SM2 enabled */ #define X86_FEATURE_XSTORE ( 5*32+ 2) /* "rng" RNG present (xstore) */ #define X86_FEATURE_XSTORE_EN ( 5*32+ 3) /* "rng_en" RNG enabled */ +#define X86_FEATURE_CCS ( 5*32+ 4) /* "ccs" SM3 + SM4 instructions */ +#define X86_FEATURE_CCS_EN ( 5*32+ 5) /* "ccs_en" CCS enabled */ #define X86_FEATURE_XCRYPT ( 5*32+ 6) /* "ace" on-CPU crypto (xcrypt) */ #define X86_FEATURE_XCRYPT_EN ( 5*32+ 7) /* "ace_en" on-CPU crypto enable= d */ #define X86_FEATURE_ACE2 ( 5*32+ 8) /* "ace2" Advanced Cryptography Engin= e v2 */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 1eb4b88aaa80..8aaa3f20670e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1276,6 +1276,8 @@ void kvm_initialize_cpu_caps(void) F(SM2_EN), F(XSTORE), F(XSTORE_EN), + F(CCS), + F(CCS_EN), F(XCRYPT), F(XCRYPT_EN), F(ACE2), --=20 2.34.1 From nobody Wed Jun 10 21:10:12 2026 Received: from mx2.zhaoxin.com (mx2.zhaoxin.com [61.152.208.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05654278161 for ; Wed, 10 Jun 2026 02:35:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=61.152.208.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058935; cv=none; b=FAhcjReLj/hdklWkwAdh37jSUrJukhMCXnZCJhq8TLJTrQyTtzs2VNiXQS/3fiTcvJxqNU+BiTPBqO0RSakHay16OQUWTPGiyjUEDojSZTSQ/uCC0qAcoF2SteS4dbR6ZrOsjYedgvqggG/P5+WZxwl1BimO4qBxIOnJxCFlC1M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058935; c=relaxed/simple; bh=xistowtJYDdD1yLQ3ZTUaLPuGUiLU44YdN7WY4YGAcs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ZNHXmomJOSWjB7ne51quaTi4i1LCb3hLn7Dxvn7LXzPi+dFSiUXGFm4PLaYYMoqnX9iqjMtENw+nwfOSpEd/wHXYLRjQu0iWTCmf0lJWakdT4P9c/DRaIwK87PQ0m8roqEW/HGotq3a2lxQKdAuiZohW/zVKOKOlboRI5njqvY8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com; spf=pass smtp.mailfrom=zhaoxin.com; arc=none smtp.client-ip=61.152.208.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zhaoxin.com X-ASG-Debug-ID: 1781058916-1eb14e680ebe4c0001-xx1T2L Received: from zhaoxin.com (zxmail.zhaoxin.com [10.28.208.166]) by mx2.zhaoxin.com with ESMTP id 3HWCyhBlZmClwyjS; Wed, 10 Jun 2026 10:35:16 +0800 (CST) X-Barracuda-Envelope-From: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.208.166 Received: from ewan-server.tailb932da.ts.net (ewan-server.tailb932da.ts.net [10.28.24.2]) by zhaoxin.com (8.30) with ESMTPa0e123fa20ebb6cdc0b5b20647d55086 Wed, 10 Jun 2026 10:35:15 +0800 X-Eyou-Smtpauth: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.24.2 X-Eyou-EnvelopeSender: ewanhai-oc@zhaoxin.com X-Eyou-From: Ewan Hai From: "=?UTF-8?B?RXdhbiBIYWktb2M=?=" To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v3 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature Date: Wed, 10 Jun 2026 10:35:10 +0800 X-ASG-Orig-Subj: [PATCH v3 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature Message-Id: <20260610023512.3690734-4-ewanhai-oc@zhaoxin.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> References: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Eyou-Sender: X-Barracuda-Connect: zxmail.zhaoxin.com[10.28.208.166] X-Barracuda-Start-Time: 1781058916 X-Barracuda-URL: https://10.28.252.36:4443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at zhaoxin.com X-Barracuda-Scan-Msg-Size: 2204 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 X-Barracuda-Spam-Score: -0.96 X-Barracuda-Spam-Status: No, SCORE=-0.96 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=FROM_EXCESS_BASE64, FROM_EXCESS_BASE64_2 X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.159832 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.01 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.05 FROM_EXCESS_BASE64_2 From: base64 encoded unnecessarily Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin second-generation hardware RNG to guests via CPUID 0xC0000001 EDX bits 22 (RNG2) and 23 (RNG2_EN). RNG2 is exposed by the REP XRNG2 instruction (encoding F3 0F A7 F8), documented in the Zhaoxin PadLock Instruction Reference, subsection 1.3 ("REP XRNG2"). It produces random bytes from two on-die RNG sources selectable via RAX bits[10:9] and an output mode (raw vs post-processed) controlled by RDX bits[1:0], providing high-quality entropy intended for cryptographic operations. REP XRNG2 is unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The RNG2 and RNG2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RNG2 availability. Reviewed-by: Binbin Wu Signed-off-by: Ewan Hai --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 276e4ef90bd0..e264758d58e2 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -150,6 +150,8 @@ #define X86_FEATURE_PHE_EN ( 5*32+11) /* "phe_en" PHE enabled */ #define X86_FEATURE_PMM ( 5*32+12) /* "pmm" PadLock Montgomery Multiplie= r */ #define X86_FEATURE_PMM_EN ( 5*32+13) /* "pmm_en" PMM enabled */ +#define X86_FEATURE_RNG2 ( 5*32+22) /* "rng2" RNG v2 */ +#define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 8aaa3f20670e..087c41341240 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1286,6 +1286,8 @@ void kvm_initialize_cpu_caps(void) F(PHE_EN), F(PMM), F(PMM_EN), + F(RNG2), + F(RNG2_EN), ); =20 /* --=20 2.34.1 From nobody Wed Jun 10 21:10:12 2026 Received: from mx2.zhaoxin.com (mx2.zhaoxin.com [61.152.208.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38FF62FC00D for ; Wed, 10 Jun 2026 02:35:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=61.152.208.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058934; cv=none; b=WEnRB0BhZJpPU/Zv/XO8Xb5NSMsvmR+AGJeuPoG9R3JELhV8seA/k7YexPJZPdhvXczzqVx4Zp5UkwJW4UJ1t/d7Yi2Qrm9C+pU8/1PR0e7urc8BWDfbJDJoQZG0wrVsSK67HqLWeGyml+hjEQcINy4tqRBbUCtIRDR5fOttLuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058934; c=relaxed/simple; bh=PBPUvazHcWjYuzbD3d/xPveShQgYTtGXgb+VilZmCtk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YLoPkzTKzsXBT6vAHroikVNomXZlHWQRAp4Hc4UmnOHOI+y1/X13HHo7lJzsTHfH/hGDTWt2awyOmHwUvwZ7e6NirIcDhtyEBkQPgtyrfAcpJJ15SdKF2Q81TGkVa9RYI1Ydod/v3w/qDlo9DxQyLRgFiflqcff5KLeGmb7M+Rg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com; spf=pass smtp.mailfrom=zhaoxin.com; arc=none smtp.client-ip=61.152.208.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zhaoxin.com X-ASG-Debug-ID: 1781058917-1eb14e680cbe4c0001-xx1T2L Received: from zhaoxin.com (zxmail.zhaoxin.com [10.28.208.166]) by mx2.zhaoxin.com with ESMTP id uXWxQEIah6IBk494; Wed, 10 Jun 2026 10:35:17 +0800 (CST) X-Barracuda-Envelope-From: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.208.166 Received: from ewan-server.tailb932da.ts.net (ewan-server.tailb932da.ts.net [10.28.24.2]) by zhaoxin.com (8.30) with ESMTP33dd185c0c2bccb26bbc09eae7285086 Wed, 10 Jun 2026 10:35:16 +0800 X-Eyou-Smtpauth: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.24.2 X-Eyou-EnvelopeSender: ewanhai-oc@zhaoxin.com X-Eyou-From: Ewan Hai From: "=?UTF-8?B?RXdhbiBIYWktb2M=?=" To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v3 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature Date: Wed, 10 Jun 2026 10:35:11 +0800 X-ASG-Orig-Subj: [PATCH v3 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature Message-Id: <20260610023512.3690734-5-ewanhai-oc@zhaoxin.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> References: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Eyou-Sender: X-Barracuda-Connect: zxmail.zhaoxin.com[10.28.208.166] X-Barracuda-Start-Time: 1781058917 X-Barracuda-URL: https://10.28.252.36:4443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at zhaoxin.com X-Barracuda-Scan-Msg-Size: 2348 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 X-Barracuda-Spam-Score: -0.96 X-Barracuda-Spam-Status: No, SCORE=-0.96 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=FROM_EXCESS_BASE64, FROM_EXCESS_BASE64_2 X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.159832 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.01 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.05 FROM_EXCESS_BASE64_2 From: base64 encoded unnecessarily Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin PadLock Hash Engine v2 to guests via CPUID 0xC0000001 EDX bits 25 (PHE2) and 26 (PHE2_EN). PHE2 extends the PadLock hash family with SHA-384 and SHA-512 support per FIPS 180-3, complementing the existing PHE feature (SHA-1 and SHA-256). Two unprivileged instructions are exposed, documented in the Zhaoxin PadLock Instruction Reference, chapter 3 ("Hash Engine"): - REP XSHA384 (encoding F3 0F A6 D8, subsection 3.3) - REP XSHA512 (encoding F3 0F A6 E0, subsection 3.4) Both consume software-padded 128-byte blocks (RCX =3D block count, RSI =3D input, RDI =3D state) and produce hash output in the state buffer. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The PHE2 and PHE2_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for PHE2 availability. Reviewed-by: Binbin Wu Signed-off-by: Ewan Hai --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index e264758d58e2..3702d7a30ae6 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -152,6 +152,8 @@ #define X86_FEATURE_PMM_EN ( 5*32+13) /* "pmm_en" PMM enabled */ #define X86_FEATURE_RNG2 ( 5*32+22) /* "rng2" RNG v2 */ #define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ +#define X86_FEATURE_PHE2 ( 5*32+25) /* "phe2" PadLock Hash Engine v2 */ +#define X86_FEATURE_PHE2_EN ( 5*32+26) /* "phe2_en" PHE2 enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 087c41341240..3fb81f7a6107 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1288,6 +1288,8 @@ void kvm_initialize_cpu_caps(void) F(PMM_EN), F(RNG2), F(RNG2_EN), + F(PHE2), + F(PHE2_EN), ); =20 /* --=20 2.34.1 From nobody Wed Jun 10 21:10:12 2026 Received: from mx2.zhaoxin.com (mx2.zhaoxin.com [61.152.208.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 055CE274B5C for ; Wed, 10 Jun 2026 02:35:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=61.152.208.219 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058934; cv=none; b=sspAVrsrhnICdhPBKqgCa4Dy2TvRvrminfyKb21Q6ZFXDiScbOqB5XRNSA5xNfz1YaK5WScO+PICElNdxz1ACFysUe9jm4/nGd2hrTlNCt81u98DFRFSSXjoXqkh6GSeI7lhzDb8mX2WEiUGuV+47199mHraTeuPqhzzu8BzHlo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781058934; c=relaxed/simple; bh=Nc2fshPyr/aIhu+foihGacIoeXNaC2kfdR68oN3KEPk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=C+4Z6iSoMWYPkng10aSsS7Zt6Y0gY3WSO6OujGbgVWEC2/Vhkr6hq6ae2m6r4jApx09/RhnU7n/K0SNORARdOF3SGh7mJecqanEOQpUNcv38CNA8ralAkONaXHOtvszRphVb/0L4P7cPn2Msu/XLOzbhhoSvulZTtSURCUAPXJw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com; spf=pass smtp.mailfrom=zhaoxin.com; arc=none smtp.client-ip=61.152.208.219 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=zhaoxin.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zhaoxin.com X-ASG-Debug-ID: 1781058918-1eb14e680bbe4c0001-xx1T2L Received: from zhaoxin.com (zxmail.zhaoxin.com [10.28.208.166]) by mx2.zhaoxin.com with ESMTP id Sffz6uBDLIQ0rpSp; Wed, 10 Jun 2026 10:35:18 +0800 (CST) X-Barracuda-Envelope-From: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.208.166 Received: from ewan-server.tailb932da.ts.net (ewan-server.tailb932da.ts.net [10.28.24.2]) by zhaoxin.com (8.30) with ESMTP927a0bf868a4e13f73f06f3ff2305086 Wed, 10 Jun 2026 10:35:16 +0800 X-Eyou-Smtpauth: ewanhai-oc@zhaoxin.com X-Barracuda-RBL-Trusted-Forwarder: 10.28.24.2 X-Eyou-EnvelopeSender: ewanhai-oc@zhaoxin.com X-Eyou-From: Ewan Hai From: "=?UTF-8?B?RXdhbiBIYWktb2M=?=" To: seanjc@google.com, pbonzini@redhat.com, tglx@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: binbin.wu@linux.intel.com, cobechen@zhaoxin.com, tonywwang@zhaoxin.com Subject: [PATCH v3 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature Date: Wed, 10 Jun 2026 10:35:12 +0800 X-ASG-Orig-Subj: [PATCH v3 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature Message-Id: <20260610023512.3690734-6-ewanhai-oc@zhaoxin.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> References: <20260610023512.3690734-1-ewanhai-oc@zhaoxin.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Eyou-Sender: X-Barracuda-Connect: zxmail.zhaoxin.com[10.28.208.166] X-Barracuda-Start-Time: 1781058918 X-Barracuda-URL: https://10.28.252.36:4443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at zhaoxin.com X-Barracuda-Scan-Msg-Size: 2490 X-Barracuda-BRTS-Status: 1 X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210 X-Barracuda-Spam-Score: -0.96 X-Barracuda-Spam-Status: No, SCORE=-0.96 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=FROM_EXCESS_BASE64, FROM_EXCESS_BASE64_2 X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.159832 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.01 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.05 FROM_EXCESS_BASE64_2 From: base64 encoded unnecessarily Content-Type: text/plain; charset="utf-8" Advertise the Zhaoxin big-number arithmetic engine to guests via CPUID 0xC0000001 EDX bits 27 (RSA) and 28 (RSA_EN). The RSA feature provides two unprivileged instructions for modular arithmetic on big integers, documented in the Zhaoxin PadLock Instruction Reference, chapter 4 ("Modular Multiplication and Exponentiation Engine"). Both support operand sizes from 256 to 32768 bits (in 128-bit increments): - REP XMODEXP (encoding F3 0F A6 F8, subsection 4.1) computes A^B mod M - REP MONTMUL2 (encoding F3 0F A6 F0, subsection 4.2) computes A*B mod M REP MONTMUL2 is the long-mode replacement of legacy REP MONTMUL, which is restricted to compatibility and 32-bit protected modes. These primitives accelerate RSA and related public-key operations. Both instructions are unprivileged (no CPL restriction) and available in all CPU modes, with no associated MSR control. The RSA and RSA_EN bits are redundant by hardware design (set or cleared together) and both serve purely as CPUID-level feature-presence reporting flags requiring no KVM emulation. Both bits are advertised because different software may probe either one when checking for RSA availability. Reviewed-by: Binbin Wu Signed-off-by: Ewan Hai --- arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kvm/cpuid.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 3702d7a30ae6..a769c83588f7 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -154,6 +154,8 @@ #define X86_FEATURE_RNG2_EN ( 5*32+23) /* "rng2_en" RNG2 enabled */ #define X86_FEATURE_PHE2 ( 5*32+25) /* "phe2" PadLock Hash Engine v2 */ #define X86_FEATURE_PHE2_EN ( 5*32+26) /* "phe2_en" PHE2 enabled */ +#define X86_FEATURE_RSA ( 5*32+27) /* "rsa" Big-number arithmetic */ +#define X86_FEATURE_RSA_EN ( 5*32+28) /* "rsa_en" RSA enabled */ =20 /* More extended AMD flags: CPUID level 0x80000001, ECX, word 6 */ #define X86_FEATURE_LAHF_LM ( 6*32+ 0) /* "lahf_lm" LAHF/SAHF in long mod= e */ diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3fb81f7a6107..94ea9abae566 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -1290,6 +1290,8 @@ void kvm_initialize_cpu_caps(void) F(RNG2_EN), F(PHE2), F(PHE2_EN), + F(RSA), + F(RSA_EN), ); =20 /* --=20 2.34.1