[PATCH 1/1] x86: Add detection of the LMHS SRE hypervisor
From: Moore, Neil A
Date: Tue Jan 03 2023 - 11:26:37 EST
From: Neil Moore <neil.a.moore@xxxxxxxx>
LMHS SRE is a hypervisor developed and maintained by Lockheed Martin that
targets embedded, edge, or cloud deployments with security, isolation,
and determinism requirements.
Add detection of the LMHS SRE and enable x2APIC when available.
Signed-off-by: Neil Moore <neil.a.moore@xxxxxxxx>
---
arch/x86/Kconfig | 12 +++++++++++-
arch/x86/include/asm/hypervisor.h | 2 ++
arch/x86/include/asm/sre.h | 13 +++++++++++++
arch/x86/kernel/cpu/Makefile | 1 +
arch/x86/kernel/cpu/hypervisor.c | 3 +++
arch/x86/kernel/cpu/sre.c | 31 +++++++++++++++++++++++++++++++
6 files changed, 61 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/include/asm/sre.h
create mode 100644 arch/x86/kernel/cpu/sre.c
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 67745ceab0db..ba1f77dcbc7f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -894,7 +894,17 @@ config INTEL_TDX_GUEST
memory contents and CPU state. TDX guests are protected from
some attacks from the VMM.
-endif # HYPERVISOR_GUEST
+config SRE_GUEST
+ bool "LMHS SRE Guest support"
+ depends on X86_64
+ help
+ This option allows Linux to detect when running on top of the SRE
+ hypervisor. SRE is a hypervisor targeting environments with high
+ security, isolation, and determinism requirements and can be used
+ in embedded, edge or cloud environments. More details can found at
+ https://www.lockheedmartin.com/en-us/products/Hardened-Security-for-Intel-Processors.html
+
+endif #HYPERVISOR_GUEST
source "arch/x86/Kconfig.cpu"
diff --git a/arch/x86/include/asm/hypervisor.h b/arch/x86/include/asm/hypervisor.h
index e41cbf2ec41d..3fc5d4cb4d9c 100644
--- a/arch/x86/include/asm/hypervisor.h
+++ b/arch/x86/include/asm/hypervisor.h
@@ -30,6 +30,7 @@ enum x86_hypervisor_type {
X86_HYPER_KVM,
X86_HYPER_JAILHOUSE,
X86_HYPER_ACRN,
+ X86_HYPER_SRE,
};
#ifdef CONFIG_HYPERVISOR_GUEST
@@ -64,6 +65,7 @@ extern const struct hypervisor_x86 x86_hyper_xen_pv;
extern const struct hypervisor_x86 x86_hyper_kvm;
extern const struct hypervisor_x86 x86_hyper_jailhouse;
extern const struct hypervisor_x86 x86_hyper_acrn;
+extern const struct hypervisor_x86 x86_hyper_sre;
extern struct hypervisor_x86 x86_hyper_xen_hvm;
extern bool nopv;
diff --git a/arch/x86/include/asm/sre.h b/arch/x86/include/asm/sre.h
new file mode 100644
index 000000000000..e76a91f83bb5
--- /dev/null
+++ b/arch/x86/include/asm/sre.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_X86_SRE_H
+#define _ASM_X86_SRE_H
+
+static inline u32 sre_cpuid_base(void)
+{
+ if (boot_cpu_has(X86_FEATURE_HYPERVISOR))
+ return hypervisor_cpuid_base("SRESRESRESRE", 0);
+
+ return 0;
+}
+
+#endif /* _ASM_X86_SRE_H */
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
index f10a921ee756..70dddeb7b7e3 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -56,6 +56,7 @@ obj-$(CONFIG_X86_LOCAL_APIC) += perfctr-watchdog.o
obj-$(CONFIG_HYPERVISOR_GUEST) += vmware.o hypervisor.o mshyperv.o
obj-$(CONFIG_ACRN_GUEST) += acrn.o
+obj-$(CONFIG_SRE_GUEST) += sre.o
ifdef CONFIG_X86_FEATURE_NAMES
quiet_cmd_mkcapflags = MKCAP $@
diff --git a/arch/x86/kernel/cpu/hypervisor.c b/arch/x86/kernel/cpu/hypervisor.c
index 553bfbfc3a1b..08854aaedc74 100644
--- a/arch/x86/kernel/cpu/hypervisor.c
+++ b/arch/x86/kernel/cpu/hypervisor.c
@@ -45,6 +45,9 @@ static const __initconst struct hypervisor_x86 * const hypervisors[] =
#ifdef CONFIG_ACRN_GUEST
&x86_hyper_acrn,
#endif
+#ifdef CONFIG_SRE_GUEST
+ &x86_hyper_sre,
+#endif
};
enum x86_hypervisor_type x86_hyper_type;
diff --git a/arch/x86/kernel/cpu/sre.c b/arch/x86/kernel/cpu/sre.c
new file mode 100644
index 000000000000..9521d74c4c5b
--- /dev/null
+++ b/arch/x86/kernel/cpu/sre.c
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * LMHS SRE detection support
+ *
+ * Copyright (C) 2022 Lockheed Martin Corporation. All rights reserved.
+ *
+ * Neil Moore <neil.a.moore@xxxxxxxx>
+ *
+ */
+
+#include <asm/apic.h>
+#include <asm/cpufeatures.h>
+#include <asm/hypervisor.h>
+#include <asm/sre.h>
+
+static u32 __init sre_detect(void)
+{
+ return sre_cpuid_base();
+}
+
+static bool sre_x2apic_available(void)
+{
+ return boot_cpu_has(X86_FEATURE_X2APIC);
+}
+
+const __initconst struct hypervisor_x86 x86_hyper_sre = {
+ .name = "SRE",
+ .detect = sre_detect,
+ .type = X86_HYPER_SRE,
+ .init.x2apic_available = sre_x2apic_available,
+};
--
2.38.1