Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <3c7bc679-6366-ab7f-7001-7b5ab71fa364@amd.com>
Date:   Fri, 7 Jul 2023 10:46:59 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Subject: Re: [PATCH v2] x86/kexec: Add EFI config table identity mapping for
 kexec kernel
Content-Language: en-US
To:     Joerg Roedel <jroedel@suse.de>, Baoquan He <bhe@redhat.com>
Cc:     Tao Liu <ltao@redhat.com>, Borislav Petkov <bp@alien8.de>,
        tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com,
        x86@kernel.org, hpa@zytor.com, ardb@kernel.org,
        linux-kernel@vger.kernel.org, dyoung@redhat.com,
        kexec@lists.infradead.org, linux-efi@vger.kernel.org,
        michael.roth@amd.com
References: <20230601072043.24439-1-ltao@redhat.com>
 <20230705173359.GDZKWphyFbNE8id6Jm@fat_crate.local>
 <CAO7dBbXdJgpO4Ym=4WME3OOrUhq2MNKpNZmhpsC7pOSugHiKDg@mail.gmail.com>
 <ZKeTX2aemPbsMiVr@MiWiFi-R3L-srv> <ZKfLYG_4DANc_i5r@suse.de>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <ZKfLYG_4DANc_i5r@suse.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NzNMNGNmci9YMjU2ODU2QnlGcTZkUU9abXd2TGcyRVhPNXorN2JndnM5NGlt?=
 =?utf-8?B?Vy9FMlVCUGJSMU9QNGRzR3BsQXpmd09KbFVxMXhaMG1QcFlQdS8zT0crYlI0?=
 =?utf-8?B?Q2dWRWU4aGpUY1pWQXBFZ1crQmpSdmRYVlZFM3JsOUtsNkg2MzdNVmdpNHRh?=
 =?utf-8?B?NGlvZSt2S2UwQmhRZHdseDZCb3BOaGQ1TkczTy8wa25uSytOY3gycGdJQ2tT?=
 =?utf-8?B?RVBnamxQUTJmZ1J0ek00cndjNnVxbnMwd2dWQ3dZNVYyUENUeDNKUDZ3aTJo?=
 =?utf-8?B?N1RTNjI5Wk9YYVZ3U3BFa0s5Y1VucDVPNDdwcUNxYXB4R3FIaEFocXZpY1I4?=
 =?utf-8?B?KzkveUpUZ2FSdHIzZnRkdTNNMG1vUUpXZk1uQnpKdy9rV2hxdHJsYmhEa0Jj?=
 =?utf-8?B?eHhRd0hXY2FyQnVTVFlVNGZZNGVOM092QlhBZFdzVjZrTGdPenI3TFE2ZHV1?=
 =?utf-8?B?aUpuaDBBVnhzMGZWY1pObGp1RUVZYnhKaHNzdmt2L0dkcitRL0R6U3QvOUtr?=
 =?utf-8?B?cll2WDI2QVUzVThTdkZIN1RReWxMYW5HMFNmSlo0MytRQ2ZxYTZTbE9hVG8r?=
 =?utf-8?B?N0ptSmMrRjY3cit1SHJFOHMrWlE1S01KZUNHVWZVZ3pJeE4yd0VlTkZzcFFq?=
 =?utf-8?B?blRORDdvcDN1ekdtRXI5bkdHNEpFaGk1QnNCdVl5djY2N1hBTVUvVjF6cEp1?=
 =?utf-8?B?RE9ndnlHYVNMeTgzK1NMdmRKUjhKdHdLcnp2VXVQZG50MzJyOGxMc1FFKzFM?=
 =?utf-8?B?ZXJWYTJjZVlRSWxZUnloWUpSU0hhMjdDUmpFZzk1VnpubWdhVEc2N0pDQmpn?=
 =?utf-8?B?R3BISHIyR2V2cERCV3ZPOXMraTB6VXFPUGlJQlRVdzJnVGZESUZGSFBNc2J0?=
 =?utf-8?B?cGdIVUdzVXNnZ3d5MFhsVE9xVnB5MG1CN1o0azczTkdwRGhHclQ3YkpCYTFa?=
 =?utf-8?B?RzArMThnMktxMWZHaDRTemlUVE5EWlN5ZTdVc0lKZnFJRXgyaGp1emhsbXZz?=
 =?utf-8?B?N1E2SGFEbUs3N0VnMndVOVpJQy9MRXYyMnhsL3ZVV1hRRHF3OWh1TUVGUDlj?=
 =?utf-8?B?eVpxZE0rVS9tUjRnOEt0VmtoWE0wSEZvSUUxb3U5dmRUMkwvSk1rK3R2ZWFo?=
 =?utf-8?B?ZHJkWFBGWjRDb2lSNXd4OU1WelhKcldSTUFTRmxyaW9uYjBzcDFxSUJRSHVH?=
 =?utf-8?B?cFhGNjRRY1FxL1pucVdOSnl2TE9qZTB3S0lhUWk4bmM2QmxtNDFNT1NNSjZI?=
 =?utf-8?B?dng4VTZqQmhjVDR1V05sK09PUXYvSERYZ1FhZFB4enQxR2FMWE55UjY3R0M4?=
 =?utf-8?B?M1lrL3czZVFYZlFFR09od1RkOEplOWpidG0yNGNTMU4yYWFSeVUyTlgwam95?=
 =?utf-8?B?dGtRMEwvbmNNcy9NL2EwNTE5LzhrNWdwMDZoYk5ZaXp6Y254MktxdzdSYlpK?=
 =?utf-8?B?elZsTnA1aEJFQ2pTTTdjdXhzUGFkM0JIb2JKZUJsS3ZsaXBHbHVHOVNHOVVl?=
 =?utf-8?B?K0VMdmp2ME94bGM0cjRVeTJzL2UwaERGNi9vRFd3OHZ6NkE0ZnNtdXJ6SXFp?=
 =?utf-8?B?azJmZWJFeWNuVXdDdWpDb0YyQ1EydFVwOUh6L1RvQ1RRbnBqSXZiOHdCZ2h3?=
 =?utf-8?B?T0Zxd2lQS1FTY1ZaaGs2dDY5MVNGMjBHMHl3K3JSNDQvbW1HT0VMb1g2bTdv?=
 =?utf-8?B?d2l0ZitUdnBxQ3NWdGQvVXJaZ0VGWVdWUjFha20vZy9hUDFkTUtPZExrbktt?=
 =?utf-8?B?S01aQWY1cnJQNFU0NWZ5bHl1NFhzbE5MQzBsMDc5VnpjOHlFdk1LbHAvZmt5?=
 =?utf-8?B?R1RGRm5qei9pblV4WW1oUlNxYXh6MVcvRUROSzBTS3lab016SXV4RU9PQUxM?=
 =?utf-8?B?VFVKYU9aOTY0NWRWUVpjNjdmanR1Q1ZyRUU3NUNqZGFZanhkdnhuMDVHRFly?=
 =?utf-8?B?bXB4ZjNiYnZobGlVM05iYk0vTEcxVEo4eDBMTitUekdWV2hQQTJxVzE2cTIw?=
 =?utf-8?B?SkNsY01IVVVYeWI4K2Z1RUI5TmxHWlE2aHk0Tk9QSzZVMnhGQTY2QUhvSmFJ?=
 =?utf-8?B?LzArT0U4eXpTOG5yRWN0NTBJanF3SlBidG9yWkdrWVcwNjNFL1Fra0svMVlC?=
 =?utf-8?Q?r8WXiNHM8xiPgjbukn74wvvKX?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 15995680-c66d-4ffc-3eea-08db7f01681e
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2023 15:47:02.3536
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 7Bg+O/jamDU1hP0RXv9/fOCGWGGNJz6FsTZak4V4ytuzUvU0Dd137IFN62F12OGlOVCdVJdsyYUNY5Y/cEa/PA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB5456
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 7/7/23 03:22, Joerg Roedel wrote:
> On Fri, Jul 07, 2023 at 12:23:59PM +0800, Baoquan He wrote:
>> I am wondering why we don't detect the cpu type and return early inside
>> sev_enable() if it's Intel cpu.
>>
>> We can't rely on CONFIG_AMD_MEM_ENCRYPT to decide if the code need be
>> executed or not because we usually enable them all in distros.
> 
> Looking at the code in head_64.S, by the time sev_enable() runs the SEV
> bit should already be set in sev_status. Maybe use that to detect
> whether SEV is enabled and bail out early?

I think that is only if you enter on the 32-bit path. If invoked from EFI 
in 64-bit, efi64_stub_entry(), then I don't believe that sev_status will 
be set yet.

Before it can be determined if it is a non-AMD platform, the EFI config 
table has to be searched in order to find the CC blob table. Once that is 
found (or not found), then the checks for the platform are performed and 
sev_enable() will exit if not on an AMD platform.

I think it was an oversight to not add support for identity mapping the 
EFI config tables for kexec. Any features in the future that need to 
search for an EFI config table early like this will need the same.

Thanks,
Tom

> 
> Regards,
>