[PATCH 0/5] KVM: x86: Expose Zhaoxin CPUID 0xC0000001 EDX cryptographic features

[PATCH 0/5] KVM: x86: Expose Zhaoxin CPUID 0xC0000001 EDX cryptographic features

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2920 bytes --]

This series exposes five groups of Zhaoxin-specific CPUID 0xC0000001 EDXfeature bits to KVM guests. Each group corresponds to a category ofuser-mode cryptographic or RNG instructions that have been present inZhaoxin processors but not yet advertised by KVM.All instructions covered here are user-mode and available in all CPUmodes (real / V86 / compat / protected / long), with no associated MSRcontrol. Each feature is reported as a (X, X_EN) pair where the twobits are redundant by hardware design (set or cleared together), and bothare CPUID-level reporting bits requiring no KVM emulation.The five feature groups:1. SM2 (bits 0, 1): SM2 elliptic-curve public-key cryptography algorithm   per GM/T 0003-2012. Used for key generation, encryption/decryption,   digital signatures, and key exchange in Chinese cryptographic   standards.2. CCS (bits 4, 5): SM3 hash algorithm per GM/T 0004-2012 and SM4 block   cipher per GM/T 0002-2012 (supports ECB / CBC / CFB / OFB / CTR plus   CBC-MAC / CFB-MAC). Foundational primitives for Chinese cryptographic   protocols.3. RNG2 (bits 22, 23): Second-generation hardware RNG exposed via the   REP XRNG2 instruction. Two on-die RNG sources selectable per call,   with raw and post-processed output modes. Provides high-quality   entropy for cryptographic operations.4. PHE2 (bits 25, 26): SHA-384 and SHA-512 hardware acceleration per   FIPS 180-3, exposed via REP XSHA384 and REP XSHA512. Used by TLS,   SSH, file integrity, and signature schemes.5. RSA (bits 27, 28): Big-number modular exponentiation (REP XMODEXP,   A^B mod M) and modular multiplication (REP MONTMUL2, A*B mod M),   supporting operand sizes from 256 to 32768 bits. Used for RSA and   related public-key operations.References:  The instruction encodings, control-word formats, and per-feature  semantics referenced in the individual patches are documented in:    - GMI Instruction Set Reference (SM2 / SM3 / SM4)    - PadLock Instruction Reference (XRNG2 / XSHA384 / XSHA512 /      XMODEXP / MONTMUL2)  Both available from https://kib.kiev.ua/x86docs/Zhaoxin/Ewanhaioc (5):  KVM: x86: Expose Zhaoxin SM2 CPUID feature  KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature  KVM: x86: Expose Zhaoxin RNG2 CPUID feature  KVM: x86: Expose Zhaoxin PHE2 CPUID feature  KVM: x86: Expose Zhaoxin RSA CPUID feature arch/x86/kvm/cpuid.c         | 10 ++++++++++ arch/x86/kvm/reverse_cpuid.h | 12 ++++++++++++ 2 files changed, 22 insertions(+)base-commit: 50897c955902c93ae71c38698abb910525ebdc89--2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

[PATCH 1/5] KVM: x86: Expose Zhaoxin SM2 CPUID feature

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2722 bytes --]

Advertise the Zhaoxin SM2 instruction support to guests via CPUID0xC0000001 EDX bits 0 (SM2) and 1 (SM2_EN).The SM2 instruction (encoding F2 0F A6 C0) implements the SM2elliptic-curve public-key cryptography algorithm specified inGM/T 0003-2012; the hardware-level behavior is documented in theZhaoxin GMI Instruction Set Reference, chapter 1 ("SM2"). Theinstruction multiplexes its sub-functions on the RDX[5:0] controlword: encryption (subsection 1.1), decryption (1.2), signing (1.3),signature verification (1.4), the three key-exchange sub-operationsof section 1.5 (1.5.1 SM2 key-pair generation, which the spec alsouses for the initiator's ephemeral key; 1.5.2 responder shared-keyderivation; 1.5.3 initiator shared-key derivation), and twopreprocess steps for identity and message hashing (1.6.1 and 1.6.2).The instruction is user-mode and available in all CPU modes, with noassociated MSR control. The SM2 and SM2_EN bits are redundant byhardware design (set or cleared together) and both serve purely asCPUID-level feature-presence reporting flags requiring no KVMemulation. Both bits are advertised because different software mayprobe either one when checking for SM2 availability.Signed-off-by: Ewan Hai <ewanhai-oc@zhaoxin.com>--- arch/x86/kvm/cpuid.c         | 2 ++ arch/x86/kvm/reverse_cpuid.h | 4 ++++ 2 files changed, 6 insertions(+)diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.cindex e69156b54cff..1eb4b88aaa80 100644--- a/arch/x86/kvm/cpuid.c+++ b/arch/x86/kvm/cpuid.c@@ -1272,6 +1272,8 @@ void kvm_initialize_cpu_caps(void) 		kvm_cpu_cap_set(X86_FEATURE_NULL_SEL_CLR_BASE);  	kvm_cpu_cap_init(CPUID_C000_0001_EDX,+		F(SM2),+		F(SM2_EN), 		F(XSTORE), 		F(XSTORE_EN), 		F(XCRYPT),diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.hindex 657f5f743ed9..7b55110cc046 100644--- a/arch/x86/kvm/reverse_cpuid.h+++ b/arch/x86/kvm/reverse_cpuid.h@@ -76,6 +76,10 @@ #define KVM_X86_FEATURE_TSA_SQ_NO	KVM_X86_FEATURE(CPUID_8000_0021_ECX, 1) #define KVM_X86_FEATURE_TSA_L1_NO	KVM_X86_FEATURE(CPUID_8000_0021_ECX, 2) +/* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */+#define X86_FEATURE_SM2			KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0)+#define X86_FEATURE_SM2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1)+ struct cpuid_reg { 	u32 function; 	u32 index;-- 2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

[PATCH 2/5] KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2597 bytes --]

Advertise the Zhaoxin CCS (Chinese Cryptography Standard) feature toguests via CPUID 0xC0000001 EDX bits 4 (CCS) and 5 (CCS_EN). CCS groupstwo user-mode instructions for Chinese national cryptographicprimitives, documented in the Zhaoxin GMI Instruction Set Reference,chapter 2 ("CCS instruction group"):  - SM3 (encoding F3 0F A6 E8, subsection 2.1) implements the SM3 hash    algorithm specified in GM/T 0004-2012. It supports two modes    selected by RAX: auto-padding stream mode (RAX=0) and pre-padded    block mode (RAX=-1).  - SM4 (encoding F3 0F A7 F0, subsection 2.2) implements the SM4 block    cipher specified in GM/T 0002-2012, supporting ECB / CBC / CFB /    OFB / CTR modes via a control word in RAX, and CBC-MAC / CFB-MAC    when RAX bit[11] is set.Both instructions are user-mode and available in all CPU modes, with noassociated MSR control. The CCS and CCS_EN bits are redundant byhardware design (set or cleared together) and both serve purely asCPUID-level feature-presence reporting flags requiring no KVMemulation. Both bits are advertised because different software mayprobe either one when checking for CCS availability.Signed-off-by: Ewan Hai <ewanhai-oc@zhaoxin.com>--- arch/x86/kvm/cpuid.c         | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+)diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.cindex 1eb4b88aaa80..8aaa3f20670e 100644--- a/arch/x86/kvm/cpuid.c+++ b/arch/x86/kvm/cpuid.c@@ -1276,6 +1276,8 @@ void kvm_initialize_cpu_caps(void) 		F(SM2_EN), 		F(XSTORE), 		F(XSTORE_EN),+		F(CCS),+		F(CCS_EN), 		F(XCRYPT), 		F(XCRYPT_EN), 		F(ACE2),diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.hindex 7b55110cc046..a1cd9116ef63 100644--- a/arch/x86/kvm/reverse_cpuid.h+++ b/arch/x86/kvm/reverse_cpuid.h@@ -79,6 +79,8 @@ /* Zhaoxin/Centaur sub-features, CPUID level 0xC0000001 (EDX) */ #define X86_FEATURE_SM2			KVM_X86_FEATURE(CPUID_C000_0001_EDX, 0) #define X86_FEATURE_SM2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1)+#define X86_FEATURE_CCS			KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4)+#define X86_FEATURE_CCS_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5)  struct cpuid_reg { 	u32 function;-- 2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

[PATCH 3/5] KVM: x86: Expose Zhaoxin RNG2 CPUID feature

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]

Advertise the Zhaoxin second-generation hardware RNG to guests viaCPUID 0xC0000001 EDX bits 22 (RNG2) and 23 (RNG2_EN).RNG2 is exposed by the REP XRNG2 instruction (encoding F3 0F A7 F8),documented in the Zhaoxin PadLock Instruction Reference, subsection 1.3("REP XRNG2"). It produces random bytes from two on-die RNG sourcesselectable via RAX bits[10:9] and an output mode (raw vs post-processed)controlled by RDX bits[1:0], providing high-quality entropy intendedfor cryptographic operations.REP XRNG2 is user-mode and available in all CPU modes, with noassociated MSR control. The RNG2 and RNG2_EN bits are redundant byhardware design (set or cleared together) and both serve purely asCPUID-level feature-presence reporting flags requiring no KVMemulation. Both bits are advertised because different software mayprobe either one when checking for RNG2 availability.Signed-off-by: Ewan Hai <ewanhai-oc@zhaoxin.com>--- arch/x86/kvm/cpuid.c         | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+)diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.cindex 8aaa3f20670e..087c41341240 100644--- a/arch/x86/kvm/cpuid.c+++ b/arch/x86/kvm/cpuid.c@@ -1286,6 +1286,8 @@ void kvm_initialize_cpu_caps(void) 		F(PHE_EN), 		F(PMM), 		F(PMM_EN),+		F(RNG2),+		F(RNG2_EN), 	);  	/*diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.hindex a1cd9116ef63..859ba43126d8 100644--- a/arch/x86/kvm/reverse_cpuid.h+++ b/arch/x86/kvm/reverse_cpuid.h@@ -81,6 +81,8 @@ #define X86_FEATURE_SM2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 1) #define X86_FEATURE_CCS			KVM_X86_FEATURE(CPUID_C000_0001_EDX, 4) #define X86_FEATURE_CCS_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5)+#define X86_FEATURE_RNG2		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22)+#define X86_FEATURE_RNG2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23)  struct cpuid_reg { 	u32 function;-- 2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

[PATCH 4/5] KVM: x86: Expose Zhaoxin PHE2 CPUID feature

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2430 bytes --]

Advertise the Zhaoxin PadLock Hash Engine v2 to guests via CPUID0xC0000001 EDX bits 25 (PHE2) and 26 (PHE2_EN). PHE2 extends thePadLock hash family with SHA-384 and SHA-512 support per FIPS 180-3,complementing the existing PHE feature (SHA-1 and SHA-256).Two user-mode instructions are exposed, documented in the ZhaoxinPadLock Instruction Reference, chapter 3 ("Hash Engine"):  - REP XSHA384 (encoding F3 0F A6 D8, subsection 3.3)  - REP XSHA512 (encoding F3 0F A6 E0, subsection 3.4)Both consume software-padded 128-byte blocks (RCX = block count, RSI =input, RDI = state) and produce hash output in the state buffer.Both instructions are user-mode and available in all CPU modes, with noassociated MSR control. The PHE2 and PHE2_EN bits are redundant byhardware design (set or cleared together) and both serve purely asCPUID-level feature-presence reporting flags requiring no KVMemulation. Both bits are advertised because different software mayprobe either one when checking for PHE2 availability.Signed-off-by: Ewan Hai <ewanhai-oc@zhaoxin.com>--- arch/x86/kvm/cpuid.c         | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+)diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.cindex 087c41341240..3fb81f7a6107 100644--- a/arch/x86/kvm/cpuid.c+++ b/arch/x86/kvm/cpuid.c@@ -1288,6 +1288,8 @@ void kvm_initialize_cpu_caps(void) 		F(PMM_EN), 		F(RNG2), 		F(RNG2_EN),+		F(PHE2),+		F(PHE2_EN), 	);  	/*diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.hindex 859ba43126d8..f28300c2d5e0 100644--- a/arch/x86/kvm/reverse_cpuid.h+++ b/arch/x86/kvm/reverse_cpuid.h@@ -83,6 +83,8 @@ #define X86_FEATURE_CCS_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 5) #define X86_FEATURE_RNG2		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 22) #define X86_FEATURE_RNG2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23)+#define X86_FEATURE_PHE2		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25)+#define X86_FEATURE_PHE2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26)  struct cpuid_reg { 	u32 function;-- 2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

[PATCH 5/5] KVM: x86: Expose Zhaoxin RSA CPUID feature

[Ewan Hai]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 2555 bytes --]

Advertise the Zhaoxin big-number arithmetic engine to guests viaCPUID 0xC0000001 EDX bits 27 (RSA) and 28 (RSA_EN). The RSA featureprovides two user-mode instructions for modular arithmetic on bigintegers, documented in the Zhaoxin PadLock Instruction Reference,chapter 4 ("Modular Multiplication and Exponentiation Engine"). Bothsupport operand sizes from 256 to 32768 bits (in 128-bit increments):  - REP XMODEXP  (encoding F3 0F A6 F8, subsection 4.1) computes    A^B mod M  - REP MONTMUL2 (encoding F3 0F A6 F0, subsection 4.2) computes    A*B mod MREP MONTMUL2 is the long-mode replacement of legacy REP MONTMUL, whichis restricted to compatibility and 32-bit protected modes. Theseprimitives accelerate RSA and related public-key operations.Both instructions are user-mode and available in all CPU modes, with noassociated MSR control. The RSA and RSA_EN bits are redundant byhardware design (set or cleared together) and both serve purely asCPUID-level feature-presence reporting flags requiring no KVMemulation. Both bits are advertised because different software mayprobe either one when checking for RSA availability.Signed-off-by: Ewan Hai <ewanhai-oc@zhaoxin.com>--- arch/x86/kvm/cpuid.c         | 2 ++ arch/x86/kvm/reverse_cpuid.h | 2 ++ 2 files changed, 4 insertions(+)diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.cindex 3fb81f7a6107..94ea9abae566 100644--- a/arch/x86/kvm/cpuid.c+++ b/arch/x86/kvm/cpuid.c@@ -1290,6 +1290,8 @@ void kvm_initialize_cpu_caps(void) 		F(RNG2_EN), 		F(PHE2), 		F(PHE2_EN),+		F(RSA),+		F(RSA_EN), 	);  	/*diff --git a/arch/x86/kvm/reverse_cpuid.h b/arch/x86/kvm/reverse_cpuid.hindex f28300c2d5e0..0df96ff9515c 100644--- a/arch/x86/kvm/reverse_cpuid.h+++ b/arch/x86/kvm/reverse_cpuid.h@@ -85,6 +85,8 @@ #define X86_FEATURE_RNG2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 23) #define X86_FEATURE_PHE2		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 25) #define X86_FEATURE_PHE2_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 26)+#define X86_FEATURE_RSA			KVM_X86_FEATURE(CPUID_C000_0001_EDX, 27)+#define X86_FEATURE_RSA_EN		KVM_X86_FEATURE(CPUID_C000_0001_EDX, 28)  struct cpuid_reg { 	u32 function;-- 2.34.1




保密声明
本邮件含有保密或专有信息，仅供指定收件人使用。严禁对本邮件或其内容做任何未经授权的查阅、使用、复制或转发。

This email contains confidential or legally privileged information and is for the sole use of its intended recipient. Any unauthorized review, use, copying or forwarding of this email or the content of this email is strictly prohibited.

Re: [PATCH 0/5] KVM: x86: Expose Zhaoxin CPUID 0xC0000001 EDX cryptographic features

[Ewan Hai]

Apologies for the noise. The previous posting at

  https://lore.kernel.org/all/20260513083042.1603237-1-ewanhai-oc@zhaoxin.com/

was sent through our corporate SMTP relay, which appended a legal
disclaimer footer and corrupted the patch encoding, leaving the series
effectively unreviewable.

Please disregard the original submission. I will resend a clean copy from
a different SMTP path shortly in a fresh thread.

Thanks for your patience.

Ewan

[PATCH 0/5] KVM: x86: Expose Zhaoxin CPUID 0xC0000001 EDX cryptographic features

[Ewan Hai]

This series exposes five groups of Zhaoxin-specific CPUID 0xC0000001 EDX
feature bits to KVM guests. Each group corresponds to a category of
user-mode cryptographic or RNG instructions that have been present in
Zhaoxin processors but not yet advertised by KVM.

All instructions covered here are user-mode and available in all CPU
modes (real / V86 / compat / protected / long), with no associated MSR
control. Each feature is reported as a (X, X_EN) pair where the two
bits are redundant by hardware design (set or cleared together), and both
are CPUID-level reporting bits requiring no KVM emulation.

The five feature groups:

1. SM2 (bits 0, 1): SM2 elliptic-curve public-key cryptography algorithm
   per GM/T 0003-2012. Used for key generation, encryption/decryption,
   digital signatures, and key exchange in Chinese cryptographic
   standards.

2. CCS (bits 4, 5): SM3 hash algorithm per GM/T 0004-2012 and SM4 block
   cipher per GM/T 0002-2012 (supports ECB / CBC / CFB / OFB / CTR plus
   CBC-MAC / CFB-MAC). Foundational primitives for Chinese cryptographic
   protocols.

3. RNG2 (bits 22, 23): Second-generation hardware RNG exposed via the
   REP XRNG2 instruction. Two on-die RNG sources selectable per call,
   with raw and post-processed output modes. Provides high-quality
   entropy for cryptographic operations.

4. PHE2 (bits 25, 26): SHA-384 and SHA-512 hardware acceleration per
   FIPS 180-3, exposed via REP XSHA384 and REP XSHA512. Used by TLS,
   SSH, file integrity, and signature schemes.

5. RSA (bits 27, 28): Big-number modular exponentiation (REP XMODEXP,
   A^B mod M) and modular multiplication (REP MONTMUL2, A*B mod M),
   supporting operand sizes from 256 to 32768 bits. Used for RSA and
   related public-key operations.

References:
  The instruction encodings, control-word formats, and per-feature
  semantics referenced in the individual patches are documented in:
    - GMI Instruction Set Reference (SM2 / SM3 / SM4)
    - PadLock Instruction Reference (XRNG2 / XSHA384 / XSHA512 /
      XMODEXP / MONTMUL2)
  Both available from https://kib.kiev.ua/x86docs/Zhaoxin/

Ewan Hai (5):
  KVM: x86: Expose Zhaoxin SM2 CPUID feature
  KVM: x86: Expose Zhaoxin CCS (SM3 + SM4) CPUID feature
  KVM: x86: Expose Zhaoxin RNG2 CPUID feature
  KVM: x86: Expose Zhaoxin PHE2 CPUID feature
  KVM: x86: Expose Zhaoxin RSA CPUID feature

 arch/x86/kvm/cpuid.c         | 10 ++++++++++
 arch/x86/kvm/reverse_cpuid.h | 12 ++++++++++++
 2 files changed, 22 insertions(+)


base-commit: 50897c955902c93ae71c38698abb910525ebdc89
--
2.34.1