From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1512C433F5 for ; Mon, 7 Feb 2022 03:39:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 67E6B6B0073; Sun, 6 Feb 2022 22:39:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 62D9B6B0074; Sun, 6 Feb 2022 22:39:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4CE076B0075; Sun, 6 Feb 2022 22:39:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0065.hostedemail.com [216.40.44.65]) by kanga.kvack.org (Postfix) with ESMTP id 3AEF66B0073 for ; Sun, 6 Feb 2022 22:39:49 -0500 (EST) Received: from smtpin07.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id D6EC4180DA191 for ; Mon, 7 Feb 2022 03:39:48 +0000 (UTC) X-FDA: 79114579656.07.438B6D8 Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by imf28.hostedemail.com (Postfix) with ESMTP id 6F28FC0005 for ; Mon, 7 Feb 2022 03:39:48 +0000 (UTC) Received: by mail-pj1-f41.google.com with SMTP id h14-20020a17090a130e00b001b88991a305so4081648pja.3 for ; Sun, 06 Feb 2022 19:39:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TE4Fcz5LUDXq9tJfptglh1I9oeIlQep8aAPqHvx1w3w=; b=IncxP+N43XXu2TlRPOutUe1pYH5qBDSw6Z+0xd5vBPbCSAHb5Od2YWGc748wQBkNWb jVH/6e3mz7CsRauNlnmvDvDDcT+YrJQv3x4bdgfjrgVBk55s5D1Eqfw+xeOe4MHdwiMq 1bggp6Q6bDkfbuEVHA5rVaDDonQcVLHho6ujY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TE4Fcz5LUDXq9tJfptglh1I9oeIlQep8aAPqHvx1w3w=; b=D1WmJD38whTsodOIBNXfXZUs21XEP0wRIQX5Bxb1t2XSs3LDH2mWjkuIN+20s9OuG/ TnjK6/dI6nrCVlRj0gYp/Y0kQhUHRIv1wUfw+KXFht+r/xsZPT3aQcTApX3YRDepHvcN bjGJciPMGlAc/0YkXmHdpRY3Y/QzaF7VKLUsgu+58n0MgiBkwnwa4AS5FeZCw3XgKmd7 SQtpfi8EQ/7JhbUwqFu/TIwKY19KKCwmIdFXTPYXf6TZeG4hz12JP7PE0ttLrIgsAYzE ZuYSOWNtCVEq9DiogF+5W44dDdfdh1tGMBDgUi9Kc4Pm5IeddVpevptk8wTiHOeHoJyt b7Kw== X-Gm-Message-State: AOAM532LK9m+NkkbxZ70NI5cXyUxlS0UD+X5WRAWQzb8SfMJeCc7FYlG dwlfCsxNXSYOxHDpjOR5WQDHhg== X-Google-Smtp-Source: ABdhPJw3IFxdke4ePmbOOI4seyzSXmrKv4qKoP0CweR3VbpMgmkaTmSB9utEO6FmUwhC7baQPPZ2gQ== X-Received: by 2002:a17:903:11c9:: with SMTP id q9mr14587074plh.144.1644205187326; Sun, 06 Feb 2022 19:39:47 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y41sm9964701pfa.213.2022.02.06.19.39.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Feb 2022 19:39:46 -0800 (PST) Date: Sun, 6 Feb 2022 19:39:46 -0800 From: Kees Cook To: Borislav Petkov Cc: "Limonciello, Mario" , Tom Lendacky , Martin Fernandez , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com Subject: Re: [PATCH v6 6/6] drivers/node: Show in sysfs node's crypto capabilities Message-ID: <202202061924.6A2D278@keescook> References: <20220203164328.203629-1-martin.fernandez@eclypsium.com> <20220203164328.203629-7-martin.fernandez@eclypsium.com> <67d2711b-200c-0894-4ff7-beb3eb304399@amd.com> <5c5ffe29-d3d3-2955-cf78-ad275110f012@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 6F28FC0005 X-Stat-Signature: gcjk9fdxdgq4e8a4jx55d4cni86yos5c Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=IncxP+N4; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf28.hostedemail.com: domain of keescook@chromium.org designates 209.85.216.41 as permitted sender) smtp.mailfrom=keescook@chromium.org X-Rspam-User: nil X-HE-Tag: 1644205188-67453 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Feb 04, 2022 at 05:28:43PM +0100, Borislav Petkov wrote: > Then we should clear that "sme" flag if memory encryption is not > enabled. Like we do for all other flags. Oh, this seems weird to me, as I'd expect it to show up since the CPU is _capable_ of it, even if it's not in use. (Am I really using avx512vl, e.g.?) But as you point out later, it does work that way for a lot of things and boot params. If this is the way things are supposed to be done, it looks like we should wire up "nx" vs "noexec=off" boot param to do the same (separate from this series), though it would need special care since that bit needs very very early handling both and boot and resume. Maybe kernel/cpu/common.c should check for _PAGE_NX in __supported_pte_mask? (And would that break KVM's NX, etc?) Hmmm. -- Kees Cook