Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1738720pxb; Wed, 9 Feb 2022 03:32:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJzPakCHXDce51BnfZNlLJ/3kRHJKBuAlCqm+8DVK1L5gE13ttAxj+lDaNjLy/HFvw9umD93 X-Received: by 2002:a63:2c1:: with SMTP id 184mr1523505pgc.77.1644406329304; Wed, 09 Feb 2022 03:32:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644406329; cv=none; d=google.com; s=arc-20160816; b=GM4WQ7wl0zdCK/xx2QMy0Km8qF9nNw6oP6VfvrKTYuyYsaID/ilcESESeGQHFDJQ2b MiYDohF8rTdgjw8sMN9Jwo24nNj5pBglg9MsYP/R+cI3Nu2qKJx+bTebRKKIPXYEs6S0 Jsd3a/dsv24n9cTOorGOcKDszz+p4w7vUvKF2lb6NZteP0cltP5wxWKE9MCZlws2saSa Nj5k/fozgJ7f0kTEL4LLGx9wkbLdF5a+1UCVcke0FjQBitJry7Oo2YuocNahqHsVu15j sczoOVfQVLuDbkN5zkRO43d1U/3XeOzbOaZ6wi4nmY6xMM9QVd2tI+Y/oln2SeC8M7yB 1C7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=TE4Fcz5LUDXq9tJfptglh1I9oeIlQep8aAPqHvx1w3w=; b=V9A1ewrtgnyD/O+UgI5TsKjgV5jW/i4/J4jBCv0F+Dm1FWPXV56Nmb33iuX14JNbej Tbk5yabQ5rW/Do2WMdj/H1jzwz3tBy/bfthlRxaM6gMlLSiDua7XfC5Qr6evh38AIgUC G5TYEWHmPrmqxFQ7cMYpX2tMEQLCGhT3xHzmNHZImBbkr8TYbS4cMC4cjyNSdr3agrgE 5Y1z3dr2zCAfnqbyfqUMnjKpo3n8edUsfYW07CCXxOC/M6MoppiDQF2c4d8rfnsSOnoR +vrgvmG4go/aUcn6ECCYXVgHLaOh3sSmuoWEfxWIPj5JFylpKDhdsNvQgcmMGNQboElj 4cTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=IncxP+N4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id u21si17222155plq.218.2022.02.09.03.32.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 03:32:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=IncxP+N4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BB75CE01B3E1; Wed, 9 Feb 2022 01:52:28 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238126AbiBGFuP (ORCPT + 99 others); Mon, 7 Feb 2022 00:50:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350622AbiBGDjt (ORCPT ); Sun, 6 Feb 2022 22:39:49 -0500 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9B73C043181 for ; Sun, 6 Feb 2022 19:39:47 -0800 (PST) Received: by mail-pj1-x1034.google.com with SMTP id p22-20020a17090adf9600b001b8783b2647so5866604pjv.5 for ; Sun, 06 Feb 2022 19:39:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TE4Fcz5LUDXq9tJfptglh1I9oeIlQep8aAPqHvx1w3w=; b=IncxP+N43XXu2TlRPOutUe1pYH5qBDSw6Z+0xd5vBPbCSAHb5Od2YWGc748wQBkNWb jVH/6e3mz7CsRauNlnmvDvDDcT+YrJQv3x4bdgfjrgVBk55s5D1Eqfw+xeOe4MHdwiMq 1bggp6Q6bDkfbuEVHA5rVaDDonQcVLHho6ujY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TE4Fcz5LUDXq9tJfptglh1I9oeIlQep8aAPqHvx1w3w=; b=PTuxyY2hxoJ1wgn+HQhBMyjXbAy2JjEEXiZO+n7DkjmtbAbAcuYTqDepyz258fvSpa wrkO6WHIiPMUTWw76D5mbpFmO3VO9ghj8DEFLcR7f2MnZ+aNRKc0JXQUFS8EiM8IDciX jhQ919oDj1Tw+bpKDmuwxPBzjwgRARCFR1WrzsuP8cXGcl8TpXAby0XUwZ4xAvKEtNb9 3SRWd7CcC58Qdrt7peCFA4eBQIJSKbIAV61RlOG7rwY1nw5HFx36YFryzzut0Zp0Ri+K /yxBAqUYFtXunuHoVAfc/r577WIgjHWAxjdFmkpjia2KTn3jaTUySVJ71hdxbu+t1u7h LeFg== X-Gm-Message-State: AOAM530unp/DG6AALavmj5XcA+4kn3Qqf2y0nJIs5bZI9LhZMGwZMXWO toV90x5PdZ7pMzAEgx86EPGG7Q== X-Received: by 2002:a17:903:11c9:: with SMTP id q9mr14587074plh.144.1644205187326; Sun, 06 Feb 2022 19:39:47 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y41sm9964701pfa.213.2022.02.06.19.39.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Feb 2022 19:39:46 -0800 (PST) Date: Sun, 6 Feb 2022 19:39:46 -0800 From: Kees Cook To: Borislav Petkov Cc: "Limonciello, Mario" , Tom Lendacky , Martin Fernandez , linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-mm@kvack.org, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, ardb@kernel.org, dvhart@infradead.org, andy@infradead.org, gregkh@linuxfoundation.org, rafael@kernel.org, rppt@kernel.org, akpm@linux-foundation.org, daniel.gutson@eclypsium.com, hughsient@gmail.com, alex.bazhaniuk@eclypsium.com, alison.schofield@intel.com Subject: Re: [PATCH v6 6/6] drivers/node: Show in sysfs node's crypto capabilities Message-ID: <202202061924.6A2D278@keescook> References: <20220203164328.203629-1-martin.fernandez@eclypsium.com> <20220203164328.203629-7-martin.fernandez@eclypsium.com> <67d2711b-200c-0894-4ff7-beb3eb304399@amd.com> <5c5ffe29-d3d3-2955-cf78-ad275110f012@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 04, 2022 at 05:28:43PM +0100, Borislav Petkov wrote: > Then we should clear that "sme" flag if memory encryption is not > enabled. Like we do for all other flags. Oh, this seems weird to me, as I'd expect it to show up since the CPU is _capable_ of it, even if it's not in use. (Am I really using avx512vl, e.g.?) But as you point out later, it does work that way for a lot of things and boot params. If this is the way things are supposed to be done, it looks like we should wire up "nx" vs "noexec=off" boot param to do the same (separate from this series), though it would need special care since that bit needs very very early handling both and boot and resume. Maybe kernel/cpu/common.c should check for _PAGE_NX in __supported_pte_mask? (And would that break KVM's NX, etc?) Hmmm. -- Kees Cook