Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <d705b64d-2866-e2bf-2323-dfe0cfe73da8@amd.com>
Date:   Fri, 11 Feb 2022 13:54:01 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.1
Subject: Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in
 use
Content-Language: en-US
To:     Tom Lendacky <thomas.lendacky@amd.com>,
        Borislav Petkov <bp@alien8.de>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>
Cc:     Kees Cook <keescook@chromium.org>, hughsient@gmail.com,
        Martin Fernandez <martin.fernandez@eclypsium.com>,
        linux-kernel@vger.kernel.org, Brijesh Singh <brijesh.singh@amd.com>
References: <20220211053652.64655-1-mario.limonciello@amd.com>
 <20220211053652.64655-2-mario.limonciello@amd.com>
 <4035f596-651c-c167-372b-ffb8ce1a0ac7@amd.com>
From:   "Limonciello, Mario" <mario.limonciello@amd.com>
In-Reply-To: <4035f596-651c-c167-372b-ffb8ce1a0ac7@amd.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?YUJjcDI4VzRmNXFOeTl3VWwrYzF4dUxObW9SUGFwVjgyZ09PeldlYSt3bFYx?=
 =?utf-8?B?NmtwKytHMjdVSm5LbUZpbHQ0aVp2WFk3OVhtVEdFajF1d2xGZTI1UEhVaTNF?=
 =?utf-8?B?cDhhUmhtWEpaZEJOWXNUOVIyZGhUWXZjTWNzZkRObG1nbGt1dDZEVG8reGR4?=
 =?utf-8?B?blpNR3NaNmlzNUl0NmZ5WnJ3K2FWVjFCOXgvSXdqMnlMWDVIWjhJSVdmRFkz?=
 =?utf-8?B?Z1BySmR5YW42aENNODJXU1VsNFBQWnFLWmVqQlFncjZoQTAydUhBbXpIdTQy?=
 =?utf-8?B?Si9jMVVrRHFXMndzN3VLelJVa0lWdDN3WC9zdFZmZ3RKUWNzUGwxaHVEU0VI?=
 =?utf-8?B?L3c0d2crT0hyUCtibnNSOFpyK2NnanVFdlg4ejJlWW1YNWt4V1JOOUI3WGRG?=
 =?utf-8?B?S1hKcTRuRG5icThNMDgyb25Fc3JQZjFMRVJDOHNWYmhBbytuOGg2UGtGRTcy?=
 =?utf-8?B?UFlPWWhvWHEyY3E5SkVHeWdRYUY3Ui9RdTd0UDZoak10N1h1eFNJeHJYbTIw?=
 =?utf-8?B?N1FHc0d3Tkp1MVlEYzVRbThCZThEUHZ5em5mQlROWFVZUXVveFpqaFVLNmlo?=
 =?utf-8?B?TVV2T05Ud3ZyQ1M0NlpqM0JNNGJBM3lMY2Z5WUYwSlRxa21EakdET0xMRmNK?=
 =?utf-8?B?blBkODhkU0FQNmlKcFN2K3Erb2Z0NlJqK1NCcG4rVmRaRDhXVk1XMk5UcVdi?=
 =?utf-8?B?c1k2ZUlldXZXMG1YZENocFV4dDdWQ0M2emQwQ0laN0Nlblc4ZnllUENSMTRX?=
 =?utf-8?B?U29RK3ZzOWhzRS80OWJuOXVWdk0ydVFyeWgrSXQvUW1ndFh0Q004d3c2UzF2?=
 =?utf-8?B?WXlZTWtNcFIwRHd4bndyWGFZNnBPQmZnWXdZSHBmdmlDYVoyT0NtbGF2ZGtt?=
 =?utf-8?B?OUJMNU1sOTh2cnZMZEpQc0JLczFmYnhHOHhvNG9YMWNyMVU0TFpXMWpnUUR0?=
 =?utf-8?B?V1VHOWZKeE11aUEyakxLOTN4YXdibGtpTWlUUGtRMmxONEt6UjE0UUtmdWNo?=
 =?utf-8?B?V0hkcUIzTHc3eEhGQkQ4OFlSRGJCZXU2d2tpdEFBQVpxVzVncHlUbE9lNFQ0?=
 =?utf-8?B?MHlnSm9Gajk5SlFEOGMxcWI5a2pKa2tPOUw5QTZuTlFvU3UwV3lDK2xMbTRa?=
 =?utf-8?B?eFh1TmhRUnp4N2MyQTEwSVIzSFJteUVSTHloeDB0ZDI1bTBxOE1kaWRvaTBm?=
 =?utf-8?B?aUJYQ1ZFc24yTThkTGpNaWgyVkQzMnFheEdNVW82TlFHc3IwdUN5TUJXZmg4?=
 =?utf-8?B?NXRwY01CTGVlVkN4NWlOSHM0SEdSMlVlS0FDS0xxcTdvbTVOTUZ5L3VISmJw?=
 =?utf-8?B?aWxnRmE3WTZZVm1yQk5uR0NyV050elRETklZOWRZaGNWTVovM3BkQ042UDd6?=
 =?utf-8?B?YnFNQWczc29rMDlVZjdWTHBwbWFHZU1qdkhJUjV3NWJXOEd1ckxiUTF5L0ZF?=
 =?utf-8?B?QUY3NDFBMjJMRDl2MDgvZG4vYU93ck16VFZDRjRhZEJHOFJoMjlvREJhM2J2?=
 =?utf-8?B?ZlM0YUdRazdwTHVseitzT2xSaWNHenhmTGtTcVVSMVhWQnJBZ3Jkc1UrU2VJ?=
 =?utf-8?B?R2RMUXhlb0Jnc1c1U0Q2MWF3WThLOVFyVkgvYnlRenViWXZPTjZFUUY0eHB2?=
 =?utf-8?B?bmtUcTZKL2VidWFEeEI4eHNyZkV6d0JkS3UzcDdlVVNzRjlJNFNxNndYdGJk?=
 =?utf-8?B?MnIzd3pTRW10RGRrVlh3emRWVXhwTk1hZE5lZGZpeE83N0VLK1Nubk00bGZ3?=
 =?utf-8?B?THJoaWNBTnBPckNoNzd5WnR1VWNBSmxvb1Q1UXNTZ3huWUpOUWs5b29xRWND?=
 =?utf-8?B?eUpJQWJVUEtoTEVmcE4zMEdyby9HQmUxSWltdVhpa2NSRkREQjBKbDRRcUd0?=
 =?utf-8?B?RzVWSlI0bFBBTnFFUFZJQUVhYWZRUmt0OGtTSEJwTVhTM0Nrd1NKTi81WURS?=
 =?utf-8?B?MHVyK29SemtnYVhmQ3dONFpyZkV1d3o3YnE0cVdERllaclZadVV3Y2t4UExC?=
 =?utf-8?B?SE5NQWh2T2g3OGVGM0J6b3NLdC9rM0VLdWFsMkc0QXBhOW94Wk9qRjBsYmRr?=
 =?utf-8?B?MFpXdzZwcDlGYjVtRng5SkNPL1Y4WmRRWW44UHlWM2pZc0NVSlZKbk56ak0x?=
 =?utf-8?B?UnAvZENmeWNpQUg3RmE1NjFEWXgrTlUyUFpxc1d1b2pnU09Qb1h5dG8wZ2hP?=
 =?utf-8?Q?yqm2Yt5QEescukDfiJcN30Y=3D?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4330902a-ef70-4ad7-b746-08d9ed98414a
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5157.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2022 19:54:03.7113
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: kebpkf2Hm8Eb+pgQLgU2a30f1y15lmTdVq56TANs+m4nhY3EvV5xdZJg4WIl+HvP9kuELjmiEEO5tDeVergJXA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB3695
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2/11/2022 08:46, Tom Lendacky wrote:
> +Brijesh (please copy him, too, on all SEV related things)
> 
> On 2/10/22 23:36, Mario Limonciello wrote:
>> Currently SME/SEV/SEV_ES features are reflective of whether the CPU
>> supports the features but not whether they have been activated by the
>> kernel.
>>
>> Change this around to clear the features if the kernel is not using
>> them so userspace can determine if they are available and in use
>> from `/proc/cpuinfo`.
>>
>> Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
>> ---
>>   arch/x86/kernel/cpu/amd.c | 8 ++++++++
>>   1 file changed, 8 insertions(+)
>>
>> diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
>> index 4edb6f0f628c..4a7d4801fa0b 100644
>> --- a/arch/x86/kernel/cpu/amd.c
>> +++ b/arch/x86/kernel/cpu/amd.c
>> @@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct 
>> cpuinfo_x86 *c)
>>           if (!(msr & MSR_K7_HWCR_SMMLOCK))
>>               goto clear_sev;
>> +        if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT))
>> +            goto clear_all;
>> +        if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
>> +            goto clear_sev;
>> +        if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
>> +            goto clear_sev_es;
>> +
> 
> A host/hypervisor will never see GUEST related attributes return true, 
> you need to verify all uses of X86_FEATURE_SEV* in the kernel. I see two 
> files where this change will break SEV hypervisor support:
> 

Maybe it's best then to just check for/clear the SME feature at this 
time and let Brijesh handle plumbing the applicable removals/additions 
for SEV/SEV_ES separately.

> - arch/x86/kvm/svm/sev.c / sev_hardware_setup()
> - drivers/crypto/ccp/sev-dev.c / sev_dev_init()
> 
> I imagine that some of this has to be re-thought a bit. The current SEV 
> and SEV-ES feature attributes are intended for hypervsior side usage.  
> For example, MSR MSR_K7_HWCR_SMMLOCK, which is likely never going to be 
> provided to a guest, needs to be checked to be certain that an SEV guest 
> can be launched, even though SEV is advertised in CPUID.
> 
> Once in the guest, it is the cc_platform_has() support that determines 
> feature support and not X86_FEATURE_SEV*
> 
> Thanks,
> Tom
> 
>>           return;
>>   clear_all:
>>           setup_clear_cpu_cap(X86_FEATURE_SME);
>>   clear_sev:
>>           setup_clear_cpu_cap(X86_FEATURE_SEV);
>> +clear_sev_es:
>>           setup_clear_cpu_cap(X86_FEATURE_SEV_ES);
>>       }
>>   }