From: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
To: kirill.shutemov@linux.intel.com
Cc: Dave Hansen <dave.hansen@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org,
Michael Kelley <mhklinux@outlook.com>,
Dexuan Cui <decui@microsoft.com>,
linux-hyperv@vger.kernel.org, stefan.bader@canonical.com,
tim.gardner@canonical.com, roxana.nicolescu@canonical.com,
cascardo@canonical.com, kys@microsoft.com,
haiyangz@microsoft.com, wei.liu@kernel.org, sashal@kernel.org
Subject: Re: [PATCH] x86/mm: Check cc_vendor when printing memory encryption info
Date: Fri, 10 Nov 2023 13:27:08 +0100 [thread overview]
Message-ID: <6feecf9e-10cb-441f-97a4-65c98e130f7a@linux.microsoft.com> (raw)
In-Reply-To: <20231110120601.3mbemh6djdazyzgb@box.shutemov.name>
On 10/11/2023 13:06, kirill.shutemov@linux.intel.com wrote:
> On Thu, Nov 09, 2023 at 07:41:33PM +0100, Jeremi Piotrowski wrote:
>> It's not disregard, the way the kernel behaves in this case is correct except
>> for the error in reporting CPU vendor. Users care about seeing the correct
>> information in dmesg.
>
> I think it is wrong place to advertise CoCo features. It better fits into
> Intel/AMD-specific code that knows better what it is running on. Inferring
> it from generic code has been proved problematic as you showed.
>
Let's not make this into a bigger issue than it is. There is a check that does
not cover all cases, and needs to be changed into a different check that covers
all cases. I'd wouldn't call that problematic.
I would be open to moving the function to arch/x86/coco/core.c or providing a
mechanism for cpu/paravisor-specific code to do the reporting (which is what
Dexuan originally proposed [1]).
[1]: https://lore.kernel.org/lkml/20231019062030.3206-1-decui@microsoft.com/
> Maybe just remove incorrect info and that's it?
>
I disagree, other users and I find the print very useful to see which coco
platform the kernel is running on and which confidential computing features
the kernel detected. I'm willing to fix the code to report correct info.
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index c290c55b632b..f573a97c0524 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -40,42 +40,6 @@ bool force_dma_unencrypted(struct device *dev)
> return false;
> }
>
> -static void print_mem_encrypt_feature_info(void)
> -{
> - pr_info("Memory Encryption Features active:");
> -
> - if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
> - pr_cont(" Intel TDX\n");
> - return;
> - }
> -
> - pr_cont(" AMD");
> -
> - /* Secure Memory Encryption */
> - if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
> - /*
> - * SME is mutually exclusive with any of the SEV
> - * features below.
> - */
> - pr_cont(" SME\n");
> - return;
> - }
> -
> - /* Secure Encrypted Virtualization */
> - if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> - pr_cont(" SEV");
> -
> - /* Encrypted Register State */
> - if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
> - pr_cont(" SEV-ES");
> -
> - /* Secure Nested Paging */
> - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> - pr_cont(" SEV-SNP");
> -
> - pr_cont("\n");
> -}
> -
> /* Architecture __weak replacement functions */
> void __init mem_encrypt_init(void)
> {
> @@ -85,7 +49,7 @@ void __init mem_encrypt_init(void)
> /* Call into SWIOTLB to update the SWIOTLB DMA buffers */
> swiotlb_update_mem_attributes();
>
> - print_mem_encrypt_feature_info();
> + pr_info("Memory Encryption is active\n");
> }
>
> void __init mem_encrypt_setup_arch(void)
next prev parent reply other threads:[~2023-11-10 17:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 16:14 [PATCH] x86/mm: Check cc_vendor when printing memory encryption info Jeremi Piotrowski
2023-11-09 16:25 ` Dave Hansen
2023-11-09 16:35 ` Jeremi Piotrowski
2023-11-09 16:50 ` Dave Hansen
2023-11-09 18:41 ` Jeremi Piotrowski
2023-11-10 12:06 ` kirill.shutemov
2023-11-10 12:27 ` Jeremi Piotrowski [this message]
2023-11-10 12:46 ` kirill.shutemov
2023-11-10 13:42 ` Jeremi Piotrowski
2023-11-10 18:57 ` kirill.shutemov
2023-11-22 17:11 ` Jeremi Piotrowski
2023-11-10 13:17 ` Borislav Petkov
2023-11-10 15:51 ` Jeremi Piotrowski
2023-11-10 16:45 ` Borislav Petkov
2023-11-22 17:09 ` Jeremi Piotrowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6feecf9e-10cb-441f-97a4-65c98e130f7a@linux.microsoft.com \
--to=jpiotrowski@linux.microsoft.com \
--cc=bp@alien8.de \
--cc=cascardo@canonical.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=roxana.nicolescu@canonical.com \
--cc=sashal@kernel.org \
--cc=stefan.bader@canonical.com \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox