public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Dave Hansen <dave.hansen@intel.com>
To: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
	linux-kernel@vger.kernel.org,
	Michael Kelley <mhklinux@outlook.com>,
	Dexuan Cui <decui@microsoft.com>
Cc: linux-hyperv@vger.kernel.org, stefan.bader@canonical.com,
	tim.gardner@canonical.com, roxana.nicolescu@canonical.com,
	cascardo@canonical.com, kys@microsoft.com,
	haiyangz@microsoft.com, wei.liu@kernel.org,
	kirill.shutemov@linux.intel.com, sashal@kernel.org
Subject: Re: [PATCH] x86/mm: Check cc_vendor when printing memory encryption info
Date: Thu, 9 Nov 2023 08:50:25 -0800	[thread overview]
Message-ID: <ee9de366-6027-495a-98d9-b8b0cd866bf2@intel.com> (raw)
In-Reply-To: <58abbc79-64d4-41f9-9fd2-1de7826fbbf6@linux.microsoft.com>

On 11/9/23 08:35, Jeremi Piotrowski wrote:
> On 09/11/2023 17:25, Dave Hansen wrote:
>> On 11/9/23 08:14, Jeremi Piotrowski wrote:
>> ...
>>>  	pr_info("Memory Encryption Features active:");
>>>  
>>> -	if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
>>> +	if (cc_vendor == CC_VENDOR_INTEL) {
>>>  		pr_cont(" Intel TDX\n");
>>>  		return;
>>>  	}
>>
>> Why aren't these guests setting X86_FEATURE_TDX_GUEST?
> 
> They could if we can confirm that the code gated behind
> cpu_feature_enabled(X86_FEATURE_TDX_GUEST) is correct when running with TD partitioning.

Let me elaborate a bit on my question.

X86_FEATURE_TDX_GUEST is set based on some specific gunk that shows up
in CPUID in TDX guests.  I *believe* it's in one of the CPUID leaves
that the VMM has no control over.

So, first, what in practice is keeping tdx_early_init() from running on
these "TD partitioning" systems?  Because it's either not running, or
I'm misreading the code horribly.

> It still makes sense to have these prints based on the cc_xxx abstractions.

I'm not sure I'm following.

For instance, let's say that someone came up with a nutty reason to do
MKTME in Linux.  We'd need a host-side contraption that sets
CC_ATTR_MEM_ENCRYPT and so forth.  It would also, obviously, set
cc_vendor=CC_VENDOR_INTEL just like host-side SME sets
cc_vendor=CC_VENDOR_AMD.

Then we'd have to go back and disentangle all the places where we
assumed CC_VENDOR_INTEL==TDX.

That, combined with this patch's apparent disregard for why
X86_FEATURE_TDX_GUEST isn't getting set makes me think that the big
picture was not considered here and this patch represents the quickest
hack to get the right spew out to dmesg that is desired.

  reply	other threads:[~2023-11-09 16:50 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-09 16:14 [PATCH] x86/mm: Check cc_vendor when printing memory encryption info Jeremi Piotrowski
2023-11-09 16:25 ` Dave Hansen
2023-11-09 16:35   ` Jeremi Piotrowski
2023-11-09 16:50     ` Dave Hansen [this message]
2023-11-09 18:41       ` Jeremi Piotrowski
2023-11-10 12:06         ` kirill.shutemov
2023-11-10 12:27           ` Jeremi Piotrowski
2023-11-10 12:46             ` kirill.shutemov
2023-11-10 13:42               ` Jeremi Piotrowski
2023-11-10 18:57                 ` kirill.shutemov
2023-11-22 17:11                   ` Jeremi Piotrowski
2023-11-10 13:17         ` Borislav Petkov
2023-11-10 15:51           ` Jeremi Piotrowski
2023-11-10 16:45             ` Borislav Petkov
2023-11-22 17:09               ` Jeremi Piotrowski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ee9de366-6027-495a-98d9-b8b0cd866bf2@intel.com \
    --to=dave.hansen@intel.com \
    --cc=bp@alien8.de \
    --cc=cascardo@canonical.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=decui@microsoft.com \
    --cc=haiyangz@microsoft.com \
    --cc=hpa@zytor.com \
    --cc=jpiotrowski@linux.microsoft.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kys@microsoft.com \
    --cc=linux-hyperv@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mhklinux@outlook.com \
    --cc=mingo@redhat.com \
    --cc=peterz@infradead.org \
    --cc=roxana.nicolescu@canonical.com \
    --cc=sashal@kernel.org \
    --cc=stefan.bader@canonical.com \
    --cc=tglx@linutronix.de \
    --cc=tim.gardner@canonical.com \
    --cc=wei.liu@kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox