2020-01-15 23:20:08

by Tom Lendacky

[permalink] [raw]
Subject: [PATCH] x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained

If the SME and SEV features are present via CPUID, but memory encryption
support is not enabled (MSR 0xC001_0010[23]), the features are cleared
using clear_cpu_cap(). However, if get_cpu_cap() is later called, these
features will be reset back to present, which is not desired.

Change from using clear_cpu_cap() to setup_clear_cpu_cap() so that the
clearing of the features is maintained.

Cc: <[email protected]> # 4.16.x-
Signed-off-by: Tom Lendacky <[email protected]>
---
arch/x86/kernel/cpu/amd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 90f75e515876..62c30279be77 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -615,9 +615,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
return;

clear_all:
- clear_cpu_cap(c, X86_FEATURE_SME);
+ setup_clear_cpu_cap(X86_FEATURE_SME);
clear_sev:
- clear_cpu_cap(c, X86_FEATURE_SEV);
+ setup_clear_cpu_cap(X86_FEATURE_SEV);
}
}

--
2.17.1


2020-01-17 13:04:00

by Joerg Roedel

[permalink] [raw]
Subject: Re: [PATCH] x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained

On Wed, Jan 15, 2020 at 04:05:16PM -0600, Tom Lendacky wrote:
> If the SME and SEV features are present via CPUID, but memory encryption
> support is not enabled (MSR 0xC001_0010[23]), the features are cleared
> using clear_cpu_cap(). However, if get_cpu_cap() is later called, these
> features will be reset back to present, which is not desired.
>
> Change from using clear_cpu_cap() to setup_clear_cpu_cap() so that the
> clearing of the features is maintained.
>
> Cc: <[email protected]> # 4.16.x-
> Signed-off-by: Tom Lendacky <[email protected]>

Reviewed-by: Joerg Roedel <[email protected]>

> ---
> arch/x86/kernel/cpu/amd.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
> index 90f75e515876..62c30279be77 100644
> --- a/arch/x86/kernel/cpu/amd.c
> +++ b/arch/x86/kernel/cpu/amd.c
> @@ -615,9 +615,9 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
> return;
>
> clear_all:
> - clear_cpu_cap(c, X86_FEATURE_SME);
> + setup_clear_cpu_cap(X86_FEATURE_SME);
> clear_sev:
> - clear_cpu_cap(c, X86_FEATURE_SEV);
> + setup_clear_cpu_cap(X86_FEATURE_SEV);
> }
> }
>
> --
> 2.17.1