[RFC 1/3] x86: Expose Secure Memory Encryption capabilities in sysfs

From: Alejandro Jimenez
Date: Wed Mar 09 2022 - 17:10:50 EST

Next message: Arnd Bergmann: "Re: [PATCH] PCI: Remove the deprecated "pci-dma-compat.h" API"
Previous message: Alejandro Jimenez: "[RFC 3/3] x86: Expose SEV-ES capabilities in sysfs"
In reply to: Alejandro Jimenez: "[RFC 3/3] x86: Expose SEV-ES capabilities in sysfs"
Next in thread: Alejandro Jimenez: "[RFC 2/3] x86: Expose SEV capabilities in sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When testing SME behavior, it is useful to determine whether or not SME is
actively being used, or just merely enabled. The distinction between
supported, enabled, and active is provided by the documentation at:

https://www.kernel.org/doc/Documentation/x86/amd-memory-encryption.txt

There are currently no user-space interfaces to determine if SME is active
or not, other than searching dmesg:

$ sudo dmesg | grep -i sme
[ 4.275215] AMD Secure Memory Encryption (SME) active

Provide a sysfs interface for a convenient way to display this information.
This patch also provides the framework to easily add entries for other
Confidential Computing features that are currently available e.g. SEV.

Also add documentation describing the new ABI.

Signed-off-by: Alejandro Jimenez <alejandro.j.jimenez@xxxxxxxxxx>
Reviewed-by: Darren Kenny <darren.kenny@xxxxxxxxxx>
---
.../ABI/testing/sysfs-kernel-mm-mem-encrypt | 31 +++
arch/x86/include/asm/mem_encrypt.h | 6 +
arch/x86/mm/mem_encrypt.c | 27 +++
arch/x86/mm/mem_encrypt_amd.c | 192 ++++++++++++++++++
4 files changed, 256 insertions(+)
create mode 100644 Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt

diff --git a/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt b/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
new file mode 100644
index 000000000000..a53f87f28704
--- /dev/null
+++ b/Documentation/ABI/testing/sysfs-kernel-mm-mem-encrypt
@@ -0,0 +1,31 @@
+What: /sys/kernel/mm/mem_encrypt/
+Date: March 2022
+KernelVersion: 5.17
+Contact: Alejandro Jimenez <alejandro.j.jimenez@xxxxxxxxxx>
+Description: Interface for Secure Memory Encryption capabilities
+
+What: /sys/kernel/mm/mem_encrypt/c_bit_position
+Date: March 2022
+KernelVersion: 5.17
+Description: Bit position of C-bit in a Page Table entries. Setting this bit
+ in a PTE indicates that the page is encrypted, causing
+ accesses to that memory to be automatically encrypted and
+ decrypted by the memory controller.
+
+What: /sys/kernel/mm/mem_encrypt/sme/status
+Date: March 2022
+KernelVersion: 5.17
+Description: (Host only) Expose status of SME feature. Valid values are:
+
+ unsupported: Secure Memory Encryption capability is not
+ supported by the processor.
+
+ disabled: Memory encryption has been disabled by
+ System-Configuration Register (SYSCFG) MemEncryptionModeEn bit.
+
+ active: Secure Memory Encryption is supported, enabled, and the
+ kernel is applying encryption bit to page table entries.
+
+ inactive: Secure Memory Encryption is supported, enabled, but
+ the kernel is not applying encryption bit to page table entries
+ (SME mask in kernel is zero).
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
index e2c6f433ed10..48d41cf764ab 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -17,6 +17,8 @@

#include <asm/bootparam.h>

+struct kobject;
+
#ifdef CONFIG_AMD_MEM_ENCRYPT

extern u64 sme_me_mask;
@@ -49,6 +51,8 @@ void __init early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages,

void __init mem_encrypt_free_decrypted_mem(void);

+int amd_cc_sysfs_init(struct kobject *parent);
+
/* Architecture __weak replacement functions */
void __init mem_encrypt_init(void);

@@ -85,6 +89,8 @@ early_set_mem_enc_dec_hypercall(unsigned long vaddr, int npages, bool enc) {}

static inline void mem_encrypt_free_decrypted_mem(void) { }

+static inline int amd_cc_sysfs_init(struct kobject *parent) { return 0; }
+
#define __bss_decrypted

#endif /* CONFIG_AMD_MEM_ENCRYPT */
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 50d209939c66..f1731faa96de 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -14,6 +14,33 @@
#include <linux/mem_encrypt.h>
#include <linux/virtio_config.h>

+/*
+ * Expose the available Confidential Computing features via sysfs interface.
+ */
+static struct kobject *coco_kobj;
+
+static int __init coco_sysfs_init(void)
+{
+ int err;
+
+ coco_kobj = kobject_create_and_add("mem_encrypt", mm_kobj);
+ if (!coco_kobj) {
+ pr_err("Failed to create sysfs directory for CoCo features.\n");
+ return -ENOMEM;
+ }
+
+ /*
+ * Initialize sysfs entries for CoCo features. Each CPU vendor providing
+ * features of this type must add a call to initialize relevant entries.
+ */
+ err = amd_cc_sysfs_init(coco_kobj);
+ if (err)
+ kobject_put(coco_kobj);
+
+ return err;
+}
+subsys_initcall(coco_sysfs_init);
+
/* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
bool force_dma_unencrypted(struct device *dev)
{
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index 2b2d018ea345..ccd6448042fe 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -34,6 +34,35 @@

#include "mm_internal.h"

+#define CPUID_MAX_EXTENDED_CAP 0x80000000
+#define AMD_CPUID_ENCRYPTED_MEM 0x8000001f
+
+#define AMD_SME_BIT BIT(0)
+
+#define CC_ATTR_RO(_name) \
+ static struct kobj_attribute _name##_attr = __ATTR_RO(_name)
+
+#define foreach_cc_feature(ccf, feat_list) \
+ for ((ccf) = (feat_list); \
+ (ccf)->cc_attr_grp; \
+ (ccf)++)
+
+#define AMD_CC_FEATURE(cc_name, attr_grp, kobj) \
+{ \
+ .name = cc_name, \
+ .cc_attr_grp = &attr_grp, \
+ .cc_kobj = kobj, \
+}
+
+#define CC_FEATURE_NAME_LEN 32
+
+struct amd_cc_feature {
+ char name[CC_FEATURE_NAME_LEN];
+ /* Specifies the attributes exposed by this cc feature */
+ const struct attribute_group *cc_attr_grp;
+ struct kobject *cc_kobj;
+};
+
/*
* Since SME related variables are set early in the boot process they must
* reside in the .data section so as not to be zeroed out when the .bss
@@ -47,6 +76,169 @@ EXPORT_SYMBOL(sme_me_mask);
/* Buffer used for early in-place encryption by BSP, no locking needed */
static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE);

+static u8 cbit_pos;
+static u32 sec_encrypt_support_mask;
+
+static inline bool is_vm(void)
+{
+ return boot_cpu_has(X86_FEATURE_HYPERVISOR);
+}
+
+/*
+ * Initialize and cache values from Memory Encryption Caps CPUID Function.
+ */
+static void encrypted_mem_caps_init(void)
+{
+ u32 eax, ebx, ecx, edx;
+
+ /* Already verified that AMD_CPUID_ENCRYPTED_MEM CPUID exists */
+ cpuid(AMD_CPUID_ENCRYPTED_MEM, &eax, &ebx, &ecx, &edx);
+
+ cbit_pos = ebx & 0x3f;
+ sec_encrypt_support_mask = eax & AMD_SME_BIT;
+}
+
+/* Verify that memory encryption capabilities are supported */
+static inline bool mem_encrypt_feat_supported(u32 feat_bit)
+{
+ return !!(sec_encrypt_support_mask & feat_bit);
+}
+
+/*
+ * sysfs interface for SME/SEV.
+ * Expose whether the various memory encryption capabilities are
+ * supported/enabled/active.
+ */
+static ssize_t status_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ if (!mem_encrypt_feat_supported(AMD_SME_BIT))
+ return sysfs_emit(buf, "%s\n", "unsupported");
+
+ /*
+ * Memory encryption must be enabled in BIOS.
+ * We can avoid reading MSR_AMD64_SYSCFG MSR to check for
+ * MemEncryptionModeEn (bit 23) since an earlier call to
+ * early_detect_mem_encrypt() clears the feature from the CPU
+ * caps if the bit is not set. It is sufficient to check the
+ * CPU caps here.
+ */
+ if (!boot_cpu_has(X86_FEATURE_SME))
+ return sysfs_emit(buf, "%s\n", "disabled");
+
+ return sysfs_emit(buf, "%s\n",
+ !!cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT) ?
+ "active" : "inactive");
+
+}
+CC_ATTR_RO(status);
+
+static ssize_t c_bit_position_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "%u\n", cbit_pos);
+}
+CC_ATTR_RO(c_bit_position);
+
+static struct attribute *sme_attrs[] = {
+ &status_attr.attr,
+ NULL,
+};
+static const struct attribute_group sme_attr_group = {
+ .attrs = sme_attrs,
+};
+
+/* List of features to be exposed when running as hypervisor host */
+static struct amd_cc_feature host_cc_feat_list[] = {
+ AMD_CC_FEATURE("sme", sme_attr_group, NULL),
+ {},
+};
+
+/* List of features to be exposed when running as guest */
+static struct amd_cc_feature guest_cc_feat_list[] = {
+ {},
+};
+
+static int cc_sysfs_add_feature(struct amd_cc_feature *ccf,
+ struct kobject *parent)
+{
+ int err;
+
+ ccf->cc_kobj = kobject_create_and_add(ccf->name, parent);
+ if (!ccf->cc_kobj) {
+ pr_err("Failed to create %s kobject.\n", ccf->name);
+ return -ENOMEM;
+ }
+
+ err = sysfs_create_group(ccf->cc_kobj, ccf->cc_attr_grp);
+ if (err) {
+ pr_err("Failed to register %s group.\n", ccf->name);
+ kobject_put(ccf->cc_kobj);
+ ccf->cc_kobj = NULL;
+ }
+ return err;
+}
+
+static void cc_sysfs_remove_features(struct amd_cc_feature *feature_list,
+ struct kobject *parent)
+{
+ struct amd_cc_feature *ccf;
+
+ /* Remove standalone files created for common features */
+ sysfs_remove_file(parent, &c_bit_position_attr.attr);
+
+ foreach_cc_feature(ccf, feature_list) {
+ if (ccf->cc_kobj) {
+ sysfs_remove_group(ccf->cc_kobj,
+ ccf->cc_attr_grp);
+ kobject_put(ccf->cc_kobj);
+ }
+ }
+}
+
+int amd_cc_sysfs_init(struct kobject *parent)
+{
+ int err;
+ struct amd_cc_feature *ccf, *feature_list;
+
+ /*
+ * Check Encrypted Mem Capabilities CPUID function is available.
+ * Nothing to do otherwise.
+ */
+ if (cpuid_eax(CPUID_MAX_EXTENDED_CAP) < AMD_CPUID_ENCRYPTED_MEM)
+ return -EOPNOTSUPP;
+
+ encrypted_mem_caps_init();
+
+ /* C-bit position is common to all AMD CoCo features */
+ err = sysfs_create_file(parent, &c_bit_position_attr.attr);
+ if (err) {
+ pr_err("Failed to add entry for %s attribute.\n",
+ c_bit_position_attr.attr.name);
+ return err;
+ }
+ /*
+ * Not all features or attributes in a feature are relevant to both
+ * hypervisor hosts and guests (e.g. SME is never available on guests).
+ * Determine which mode we are running in and register the appropriate
+ * list of features.
+ */
+ feature_list = is_vm() ? guest_cc_feat_list : host_cc_feat_list;
+
+ foreach_cc_feature(ccf, feature_list) {
+ err = cc_sysfs_add_feature(ccf, parent);
+ if (err) {
+ pr_err("Failed to add entry for CoCo feature: %s.\n",
+ ccf->name);
+
+ cc_sysfs_remove_features(feature_list, parent);
+ return err;
+ }
+ }
+
+ return err;
+}
+
/*
* This routine does not change the underlying encryption setting of the
* page(s) that map this memory. It assumes that eventually the memory is
--
2.34.1

Next message: Arnd Bergmann: "Re: [PATCH] PCI: Remove the deprecated "pci-dma-compat.h" API"
Previous message: Alejandro Jimenez: "[RFC 3/3] x86: Expose SEV-ES capabilities in sysfs"
In reply to: Alejandro Jimenez: "[RFC 3/3] x86: Expose SEV-ES capabilities in sysfs"
Next in thread: Alejandro Jimenez: "[RFC 2/3] x86: Expose SEV capabilities in sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]