From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
Dexuan Cui <decui@microsoft.com>,
Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Subject: Re: [PATCHv2] x86/mm: Fix memory encryption features advertisement
Date: Thu, 11 Jan 2024 12:46:11 -0800 [thread overview]
Message-ID: <6926ef5e-e2fd-42b0-b7de-11a06ac1f81b@linux.intel.com> (raw)
In-Reply-To: <1a3661d5-3539-4443-88da-003dea920188@linux.intel.com>
On 1/11/2024 6:19 AM, Kuppuswamy Sathyanarayanan wrote:
>
>
> On 1/11/2024 3:12 AM, Kirill A. Shutemov wrote:
>> When memory encryption is enabled, the kernel prints the encryption
>> flavor that the system supports.
>>
>> The check assumes that everything is AMD SME/SEV if it doesn't have
>> the TDX CPU feature set.
>>
>> Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest
>> on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory
>> encryption enabled for I/O without the rest of CoCo enabling.
>>
>> To avoid confusion, check the cc_vendor directly.
>>
>> Possible alternative is to completely removing the print statement.
>> For a regular TDX guest, the kernel already prints a message indicating
>> that it is booting on TDX. Similarly, AMD and Hyper-V can also display
>> a message during their enumeration process.
>
> With this change, will it print "Intel TDX" for Hyper-V?
>
> IMO, since there is already a debug message for type identification, we
> can remove this part.
>
>>
>> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
>> Cc: Dexuan Cui <decui@microsoft.com>
>> Cc: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
>> ---
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
>> arch/x86/mm/mem_encrypt.c | 56 +++++++++++++++++++++------------------
>> 1 file changed, 30 insertions(+), 26 deletions(-)
>>
>> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
>> index c290c55b632b..d035bce3a2b0 100644
>> --- a/arch/x86/mm/mem_encrypt.c
>> +++ b/arch/x86/mm/mem_encrypt.c
>> @@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev)
>>
>> static void print_mem_encrypt_feature_info(void)
>> {
>> - pr_info("Memory Encryption Features active:");
>> + pr_info("Memory Encryption Features active: ");
>>
>> - if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
>> - pr_cont(" Intel TDX\n");
>> - return;
>> - }
>> + switch (cc_vendor) {
>> + case CC_VENDOR_INTEL:
>> + pr_cont("Intel TDX\n");
>> + break;
>> + case CC_VENDOR_AMD:
>> + pr_cont("AMD");
>>
>> - pr_cont(" AMD");
>> -
>> - /* Secure Memory Encryption */
>> - if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
>> + /* Secure Memory Encryption */
>> + if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
>> /*
>> * SME is mutually exclusive with any of the SEV
>> * features below.
>> - */
>> - pr_cont(" SME\n");
>> - return;
>> + */
>> + pr_cont(" SME\n");
>> + return;
>> + }
>> +
>> + /* Secure Encrypted Virtualization */
>> + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
>> + pr_cont(" SEV");
>> +
>> + /* Encrypted Register State */
>> + if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
>> + pr_cont(" SEV-ES");
>> +
>> + /* Secure Nested Paging */
>> + if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
>> + pr_cont(" SEV-SNP");
>> +
>> + pr_cont("\n");
>> + break;
>> + default:
>> + pr_cont("Unknown\n");
>> }
>> -
>> - /* Secure Encrypted Virtualization */
>> - if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
>> - pr_cont(" SEV");
>> -
>> - /* Encrypted Register State */
>> - if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
>> - pr_cont(" SEV-ES");
>> -
>> - /* Secure Nested Paging */
>> - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
>> - pr_cont(" SEV-SNP");
>> -
>> - pr_cont("\n");
>> }
>>
>> /* Architecture __weak replacement functions */
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2024-01-11 20:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-11 11:12 [PATCHv2] x86/mm: Fix memory encryption features advertisement Kirill A. Shutemov
2024-01-11 14:19 ` Kuppuswamy Sathyanarayanan
2024-01-11 15:14 ` Jeremi Piotrowski
2024-01-11 20:46 ` Kuppuswamy Sathyanarayanan [this message]
2024-01-11 20:41 ` Tom Lendacky
2024-01-16 10:36 ` Huang, Kai
2024-01-16 10:58 ` kirill.shutemov
2024-01-16 21:16 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6926ef5e-e2fd-42b0-b7de-11a06ac1f81b@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=hpa@zytor.com \
--cc=jpiotrowski@linux.microsoft.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.