Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp1676123rdd;
        Thu, 11 Jan 2024 06:19:58 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEhc81PkCeGvBZzrxHwpI+GUYdrdjWEM7Wdjub7vJsA0/g6ktyXEBEr+cDAiPwshXW+rsCE
X-Received: by 2002:a05:6512:1184:b0:50e:9e5b:497 with SMTP id g4-20020a056512118400b0050e9e5b0497mr546777lfr.137.1704982798774;
        Thu, 11 Jan 2024 06:19:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704982798; cv=none;
        d=google.com; s=arc-20160816;
        b=tdjayV3cUZl8cXLfpnjyUVIRgG+4e/4UZMCYGaJBXCHf5GxgqMkSzoFvzFQ+Di7EZO
         RYffW3lldcVAgp2NYkjtlp3prhmBiR9gEmN4miN4q2YOJs9sWlznfCG6hLeCCA3N1PkQ
         Og0yuDZ3lYzIb7AtN3q+BhxMDNaq3geuUVp6kVklY/Su+/i41X8yn7mUQf3XmpefwIZt
         Zny1g6Nzs9NhY63n8p0xitum7/pWI5afS5heeBrtvzalumUi6qrxi0maGsHD7IMpGi9w
         C2/Txrha/sI+v5iWQTvTFdWRfSdsb8EyIuUpaw68uyEkQKU2jmQDcBKXEuZO9f/F/cCx
         M7lA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=vQjGKb5A8E9EaYzdamZCLiR5IU2W1GKLaDewruPB2uI=;
        fh=lbwiTGTLc4MCKWfdjhjWZbgkkpp8J0bocHJHR1HmTtk=;
        b=uniCjgCyzkNUKjFtdaLjHhyFQnNbDDOIcs12g/YkGvT9zQGzf0HOm1uVUy93fcCSff
         HzpjHyQ8FJET4e6LhkT2W882laQ7VPxKYduWwIw1YnSi9Oyxl2TdyUmXWtYuRYqwKW1P
         f+apimUfz/cs1q+++VdCUAnQKNw9jdh8N8kCDl6PdAYTEg1ty43bGTGWpLT+WHmoZe8t
         1MJOpEFr1OAj6rTwwJ/jB/Gs6KMJPEQRd7SemnFnqAI71lqpRepnLRimOI2o/4g8pNgi
         ro75YGBpHqeefCIurek1japdd8ESe3BO1akEgo3Zl/owbaKFRCvykhBXlGXM9+MOXcbh
         XDbA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=HDAZs6aJ;
       spf=pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id w25-20020a1709064a1900b00a27aa152f29si566926eju.416.2024.01.11.06.19.58
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 11 Jan 2024 06:19:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=HDAZs6aJ;
       spf=pass (google.com: domain of linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-23706-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 6704D1F249D3
	for <linux.lists.archive@gmail.com>; Thu, 11 Jan 2024 14:19:58 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id D57713C693;
	Thu, 11 Jan 2024 14:19:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HDAZs6aJ"
Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.65])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCA243D542
	for <linux-kernel@vger.kernel.org>; Thu, 11 Jan 2024 14:19:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1704982787; x=1736518787;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=m9r/zSGvLdOLi0BGLqhWMQAD8e0dWyA3OSr/FvhjBSg=;
  b=HDAZs6aJxlNtnhtFqsBrZlEuw43GzA/82ADkhfLTo4kER5OBqiZ5+pLc
   uNp23YdV6SaBTfMX77jq8R/Y822nTO5yj8KQ64mwJqn29XpkqCAMNttsp
   JLxAOvrpRVK7LLh2eZlDLX2Y7sgWnspq0VD8wmWJtwCLqLDfqLtQyeYeC
   FLaz3MtNjEDCR5FZVD8A9BiYx22Hza84SO2pvo8XiYMsQHEB1zmpSsGak
   Ikie8n5fDS+xDqHatoYwGwJJgp/KE9m1OUgIdiWDtk8H+0lvza/KgGRZS
   9lmxlKsdlZPi/28W0lE0ZrPDkmNWLbRRwF6r5M4NTLb+vruUE/Cap4qS9
   g==;
X-IronPort-AV: E=McAfee;i="6600,9927,10950"; a="402632012"
X-IronPort-AV: E=Sophos;i="6.04,186,1695711600"; 
   d="scan'208";a="402632012"
Received: from fmviesa002.fm.intel.com ([10.60.135.142])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2024 06:19:47 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.04,186,1695711600"; 
   d="scan'208";a="17055629"
Received: from unknown (HELO [10.125.177.125]) ([10.125.177.125])
  by fmviesa002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2024 06:19:46 -0800
Message-ID: <1a3661d5-3539-4443-88da-003dea920188@linux.intel.com>
Date: Thu, 11 Jan 2024 06:19:46 -0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCHv2] x86/mm: Fix memory encryption features advertisement
Content-Language: en-US
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
 Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>
Cc: x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
 Tom Lendacky <thomas.lendacky@amd.com>, linux-coco@lists.linux.dev,
 linux-kernel@vger.kernel.org, Dexuan Cui <decui@microsoft.com>,
 Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
References: <20240111111224.25289-1-kirill.shutemov@linux.intel.com>
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
In-Reply-To: <20240111111224.25289-1-kirill.shutemov@linux.intel.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit



On 1/11/2024 3:12 AM, Kirill A. Shutemov wrote:
> When memory encryption is enabled, the kernel prints the encryption
> flavor that the system supports.
> 
> The check assumes that everything is AMD SME/SEV if it doesn't have
> the TDX CPU feature set.
> 
> Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest
> on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory
> encryption enabled for I/O without the rest of CoCo enabling.
> 
> To avoid confusion, check the cc_vendor directly.
> 
> Possible alternative is to completely removing the print statement.
> For a regular TDX guest, the kernel already prints a message indicating
> that it is booting on TDX. Similarly, AMD and Hyper-V can also display
> a message during their enumeration process.

With this change, will it print "Intel TDX" for Hyper-V?

IMO, since there is already a debug message for type identification, we
can remove this part. 

> 
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> Cc: Dexuan Cui <decui@microsoft.com>
> Cc: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
> ---
>  arch/x86/mm/mem_encrypt.c | 56 +++++++++++++++++++++------------------
>  1 file changed, 30 insertions(+), 26 deletions(-)
> 
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index c290c55b632b..d035bce3a2b0 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev)
>  
>  static void print_mem_encrypt_feature_info(void)
>  {
> -	pr_info("Memory Encryption Features active:");
> +	pr_info("Memory Encryption Features active: ");
>  
> -	if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
> -		pr_cont(" Intel TDX\n");
> -		return;
> -	}
> +	switch (cc_vendor) {
> +	case CC_VENDOR_INTEL:
> +		pr_cont("Intel TDX\n");
> +		break;
> +	case CC_VENDOR_AMD:
> +		pr_cont("AMD");
>  
> -	pr_cont(" AMD");
> -
> -	/* Secure Memory Encryption */
> -	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
> +		/* Secure Memory Encryption */
> +		if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
>  		/*
>  		 * SME is mutually exclusive with any of the SEV
>  		 * features below.
> -		 */
> -		pr_cont(" SME\n");
> -		return;
> +		*/
> +			pr_cont(" SME\n");
> +			return;
> +		}
> +
> +		/* Secure Encrypted Virtualization */
> +		if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> +			pr_cont(" SEV");
> +
> +		/* Encrypted Register State */
> +		if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
> +			pr_cont(" SEV-ES");
> +
> +		/* Secure Nested Paging */
> +		if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> +			pr_cont(" SEV-SNP");
> +
> +		pr_cont("\n");
> +		break;
> +	default:
> +		pr_cont("Unknown\n");
>  	}
> -
> -	/* Secure Encrypted Virtualization */
> -	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> -		pr_cont(" SEV");
> -
> -	/* Encrypted Register State */
> -	if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
> -		pr_cont(" SEV-ES");
> -
> -	/* Secure Nested Paging */
> -	if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> -		pr_cont(" SEV-SNP");
> -
> -	pr_cont("\n");
>  }
>  
>  /* Architecture __weak replacement functions */

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer