Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp1676123rdd; Thu, 11 Jan 2024 06:19:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IEhc81PkCeGvBZzrxHwpI+GUYdrdjWEM7Wdjub7vJsA0/g6ktyXEBEr+cDAiPwshXW+rsCE X-Received: by 2002:a05:6512:1184:b0:50e:9e5b:497 with SMTP id g4-20020a056512118400b0050e9e5b0497mr546777lfr.137.1704982798774; Thu, 11 Jan 2024 06:19:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704982798; cv=none; d=google.com; s=arc-20160816; b=tdjayV3cUZl8cXLfpnjyUVIRgG+4e/4UZMCYGaJBXCHf5GxgqMkSzoFvzFQ+Di7EZO RYffW3lldcVAgp2NYkjtlp3prhmBiR9gEmN4miN4q2YOJs9sWlznfCG6hLeCCA3N1PkQ Og0yuDZ3lYzIb7AtN3q+BhxMDNaq3geuUVp6kVklY/Su+/i41X8yn7mUQf3XmpefwIZt Zny1g6Nzs9NhY63n8p0xitum7/pWI5afS5heeBrtvzalumUi6qrxi0maGsHD7IMpGi9w C2/Txrha/sI+v5iWQTvTFdWRfSdsb8EyIuUpaw68uyEkQKU2jmQDcBKXEuZO9f/F/cCx M7lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=vQjGKb5A8E9EaYzdamZCLiR5IU2W1GKLaDewruPB2uI=; fh=lbwiTGTLc4MCKWfdjhjWZbgkkpp8J0bocHJHR1HmTtk=; b=uniCjgCyzkNUKjFtdaLjHhyFQnNbDDOIcs12g/YkGvT9zQGzf0HOm1uVUy93fcCSff HzpjHyQ8FJET4e6LhkT2W882laQ7VPxKYduWwIw1YnSi9Oyxl2TdyUmXWtYuRYqwKW1P f+apimUfz/cs1q+++VdCUAnQKNw9jdh8N8kCDl6PdAYTEg1ty43bGTGWpLT+WHmoZe8t 1MJOpEFr1OAj6rTwwJ/jB/Gs6KMJPEQRd7SemnFnqAI71lqpRepnLRimOI2o/4g8pNgi ro75YGBpHqeefCIurek1japdd8ESe3BO1akEgo3Zl/owbaKFRCvykhBXlGXM9+MOXcbh XDbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HDAZs6aJ; spf=pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id w25-20020a1709064a1900b00a27aa152f29si566926eju.416.2024.01.11.06.19.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jan 2024 06:19:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HDAZs6aJ; spf=pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 6704D1F249D3 for ; Thu, 11 Jan 2024 14:19:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D57713C693; Thu, 11 Jan 2024 14:19:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HDAZs6aJ" Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCA243D542 for ; Thu, 11 Jan 2024 14:19:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1704982787; x=1736518787; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=m9r/zSGvLdOLi0BGLqhWMQAD8e0dWyA3OSr/FvhjBSg=; b=HDAZs6aJxlNtnhtFqsBrZlEuw43GzA/82ADkhfLTo4kER5OBqiZ5+pLc uNp23YdV6SaBTfMX77jq8R/Y822nTO5yj8KQ64mwJqn29XpkqCAMNttsp JLxAOvrpRVK7LLh2eZlDLX2Y7sgWnspq0VD8wmWJtwCLqLDfqLtQyeYeC FLaz3MtNjEDCR5FZVD8A9BiYx22Hza84SO2pvo8XiYMsQHEB1zmpSsGak Ikie8n5fDS+xDqHatoYwGwJJgp/KE9m1OUgIdiWDtk8H+0lvza/KgGRZS 9lmxlKsdlZPi/28W0lE0ZrPDkmNWLbRRwF6r5M4NTLb+vruUE/Cap4qS9 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10950"; a="402632012" X-IronPort-AV: E=Sophos;i="6.04,186,1695711600"; d="scan'208";a="402632012" Received: from fmviesa002.fm.intel.com ([10.60.135.142]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2024 06:19:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.04,186,1695711600"; d="scan'208";a="17055629" Received: from unknown (HELO [10.125.177.125]) ([10.125.177.125]) by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2024 06:19:46 -0800 Message-ID: <1a3661d5-3539-4443-88da-003dea920188@linux.intel.com> Date: Thu, 11 Jan 2024 06:19:46 -0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCHv2] x86/mm: Fix memory encryption features advertisement Content-Language: en-US To: "Kirill A. Shutemov" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen Cc: x86@kernel.org, "H. Peter Anvin" , Tom Lendacky , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, Dexuan Cui , Jeremi Piotrowski References: <20240111111224.25289-1-kirill.shutemov@linux.intel.com> From: Kuppuswamy Sathyanarayanan In-Reply-To: <20240111111224.25289-1-kirill.shutemov@linux.intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 1/11/2024 3:12 AM, Kirill A. Shutemov wrote: > When memory encryption is enabled, the kernel prints the encryption > flavor that the system supports. > > The check assumes that everything is AMD SME/SEV if it doesn't have > the TDX CPU feature set. > > Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest > on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory > encryption enabled for I/O without the rest of CoCo enabling. > > To avoid confusion, check the cc_vendor directly. > > Possible alternative is to completely removing the print statement. > For a regular TDX guest, the kernel already prints a message indicating > that it is booting on TDX. Similarly, AMD and Hyper-V can also display > a message during their enumeration process. With this change, will it print "Intel TDX" for Hyper-V? IMO, since there is already a debug message for type identification, we can remove this part. > > Signed-off-by: Kirill A. Shutemov > Cc: Dexuan Cui > Cc: Jeremi Piotrowski > --- > arch/x86/mm/mem_encrypt.c | 56 +++++++++++++++++++++------------------ > 1 file changed, 30 insertions(+), 26 deletions(-) > > diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c > index c290c55b632b..d035bce3a2b0 100644 > --- a/arch/x86/mm/mem_encrypt.c > +++ b/arch/x86/mm/mem_encrypt.c > @@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev) > > static void print_mem_encrypt_feature_info(void) > { > - pr_info("Memory Encryption Features active:"); > + pr_info("Memory Encryption Features active: "); > > - if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { > - pr_cont(" Intel TDX\n"); > - return; > - } > + switch (cc_vendor) { > + case CC_VENDOR_INTEL: > + pr_cont("Intel TDX\n"); > + break; > + case CC_VENDOR_AMD: > + pr_cont("AMD"); > > - pr_cont(" AMD"); > - > - /* Secure Memory Encryption */ > - if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) { > + /* Secure Memory Encryption */ > + if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) { > /* > * SME is mutually exclusive with any of the SEV > * features below. > - */ > - pr_cont(" SME\n"); > - return; > + */ > + pr_cont(" SME\n"); > + return; > + } > + > + /* Secure Encrypted Virtualization */ > + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) > + pr_cont(" SEV"); > + > + /* Encrypted Register State */ > + if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) > + pr_cont(" SEV-ES"); > + > + /* Secure Nested Paging */ > + if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) > + pr_cont(" SEV-SNP"); > + > + pr_cont("\n"); > + break; > + default: > + pr_cont("Unknown\n"); > } > - > - /* Secure Encrypted Virtualization */ > - if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) > - pr_cont(" SEV"); > - > - /* Encrypted Register State */ > - if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) > - pr_cont(" SEV-ES"); > - > - /* Secure Nested Paging */ > - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) > - pr_cont(" SEV-SNP"); > - > - pr_cont("\n"); > } > > /* Architecture __weak replacement functions */ -- Sathyanarayanan Kuppuswamy Linux Kernel Developer