Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751569AbdG0NkJ (ORCPT ); Thu, 27 Jul 2017 09:40:09 -0400 Received: from mx2.suse.de ([195.135.220.15]:54908 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751444AbdG0NkH (ORCPT ); Thu, 27 Jul 2017 09:40:07 -0400 Date: Thu, 27 Jul 2017 15:39:27 +0200 From: Borislav Petkov To: Tom Lendacky Cc: Brijesh Singh , linux-kernel@vger.kernel.org, x86@kernel.org, linux-efi@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm@vger.kernel.org, Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , Andy Lutomirski , Tony Luck , Piotr Luc , Fenghua Yu , Lu Baolu , Reza Arbab , David Howells , Matt Fleming , "Kirill A . Shutemov" , Laura Abbott , Ard Biesheuvel , Andrew Morton , Eric Biederman , Benjamin Herrenschmidt , Paul Mackerras , Konrad Rzeszutek Wilk , Jonathan Corbet , Dave Airlie , Kees Cook , Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Arnd Bergmann , Tejun Heo , Christoph Lameter Subject: Re: [RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted Virtualization (SEV) support Message-ID: <20170727133927.GC28553@nazgul.tnic> References: <20170724190757.11278-1-brijesh.singh@amd.com> <20170724190757.11278-4-brijesh.singh@amd.com> <20170726042840.GB30702@nazgul.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1403 Lines: 35 On Wed, Jul 26, 2017 at 11:47:32AM -0500, Tom Lendacky wrote: > If it's made static then the sme_active()/sev_active() inline functions > would need to be turned into functions within the mem_encrypt.c file. So > there's a trade-off to do that, which is the better one? Simple: why do we have functions if the variables are exported? The reasoning for sme_me_mask is more or less obvious but for sev_enabled... IOW, either make the bool static and unlinine the function - this way you're free to change how you determine whether SEV is enabled later as callers will be using the function. Or, if it doesn't really matter because you can always change callers later, simply drop sev_active() the function and use a bool sev_active everywhere. > The kernel needs to distinguish between running under SME and running > under SEV. SME and SEV are similar but not the same. The trampoline code > is a good example. Before paging is activated, SME will access all > memory as decrypted, but SEV will access all memory as encrypted. So > when APs are being brought up under SME the trampoline area cannot be > encrypted, whereas under SEV the trampoline area must be encrypted. I guess you're sensing by now that we need this clarification in a comment above it... :-) -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --