Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1263163rbb; Mon, 26 Feb 2024 04:15:08 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVgsWVU3LPTOpULU4dEz0rauivifmTEAHqMis/r4rgE85Sk5awIIMX2xB5oV+EPasHRH3rzPHkUOWH9tJCOhseNdSlOxQ0qLr64qQTYHQ== X-Google-Smtp-Source: AGHT+IEdSZF4exGqckGAb2KkFHQ4o2LV694jCWRIUXG5ZK0yL8DLu6EPoD1K15r2jCqEZwEo8AgL X-Received: by 2002:a17:906:4e90:b0:a3c:af7e:1660 with SMTP id v16-20020a1709064e9000b00a3caf7e1660mr4442601eju.22.1708949708399; Mon, 26 Feb 2024 04:15:08 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708949708; cv=pass; d=google.com; s=arc-20160816; b=0W80gvAQlmxA1wSSlKK9IGn5Wf3uGKYeIKrkt7FY3sY9VnDvd7g6xOJ3RC2aYXUaNn GdvgeTWTzbLuRhbpi/FPh1iQV5B1l+gzlkdNuyZP6T1pBlfy1npG1/92fvo5Uk6KEmcZ 4s3PMeQmiBP4aHrWR4eIfXH87ufrNAfBvm3EHf2a8UA1A/vuTFfV6e8ooglJnu/RYjPm M496tNlkeBEjRuIhu8hwvS1VkC7QONXy6mLtWYSwfcL2iResFfhMI+kNVqGe08nI6WjV /++DsNhSVSTRWUnAw/lVMdYoMGQtnIohuEjV95yAPjHHyk5aZNdNK49y0gwu4W7WtpfR e7Hw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=g4HiczZ4DPd/1WpcRP+KTML9uZs1MgU6Q6mo/ValD48=; fh=ksX+gVUGrsB2S78nJtiypX46RMzu1yweBpkN1F4c+RU=; b=hA7tCU6UOySgujCoSlxpM6k1DikMPjmg2UJmclEwcBpySGj7AxVylMA5Z7zCc8bxgq tgU5Vsf01jWjmh/5tsQJm1nrTzISsqylxl8rb0onKD7b4RpzjHYXzXkjm+BxlijnZQJO 5Zo9q/JaHxw/3UYwthjY7BCms94y/ld1/C7WTTYhxiVMeUH8Q4u0/DXTwoa+EY5j2gbz XK7En/ZML4lxCRogB6lxr71QyPjkb6f3AutpR/EP2eUyt1RPX1+BFXszFcoLVnMNwoYN GiQiNpY1X4xFKMzTFo7YfCI+MK7riP3sY7OjQ3mAdySmS0f941+fZpAeSY/BtPXv9/3Z ZJ6g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HBfbrPRb; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-81347-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-81347-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id ox3-20020a170907100300b00a3e39a874dasi1994167ejb.889.2024.02.26.04.15.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 04:15:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-81347-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HBfbrPRb; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-81347-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-81347-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 2599C1F25F97 for ; Mon, 26 Feb 2024 12:15:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8AB69604BB; Mon, 26 Feb 2024 12:15:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HBfbrPRb" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DB896027A for ; Mon, 26 Feb 2024 12:14:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708949700; cv=none; b=fc+6wFrTtHHOKk6VWlw8Og2fhntZ4BYv8+yCD/LnD7eiFUCtTu0xzKdhoxtPyQGOpCweON7wI7yglSftI1OQxDHBbCpvIdaurkYnJOqjy3kRYElHQors/bRRd2RnP7Ln+aVzBrSffnhgadfFnfh291uleSzMFwzvi7/gWXlLIXc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708949700; c=relaxed/simple; bh=E8F0ZCmU82aU1vZM9HjGgaP6K8kQAaxKdvncayLIhSY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=fWulbo5ScBYnsFDmyIOr36InMiMswBfsPlZbNCjLrvBEhzGg7mZ5AiIFa2WL47AAS3eei/SrIVWuRSEByskQ3IjaHygjka0fJuk2m+0fud6YhBefm11MorIshHpwgEiamvFPJVm4HePt+l6AckX6edPWdd2ugyYeQKhrOUgidaY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HBfbrPRb; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708949699; x=1740485699; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=E8F0ZCmU82aU1vZM9HjGgaP6K8kQAaxKdvncayLIhSY=; b=HBfbrPRbvbIWIpQNk8Ec/ZVUiFjdquOC2Vu8e4b5WilD8VhrRJmXDLLx 9SfY3ZXhhW3G9SOS4MslcdogAWFh49aizwZgAG6s5e3Js5wIEvJYGLsfw l6Z3VcSNASR4tZzPRJMNjfWjo7shRP7Wq32+dLPpvj1YEEfNhivi7EmHJ fJ3evvqSPqlyOIN74WNuj2AGYS5qcFzbIW9sMJCFEBpIhjVeatGtd3L9J 4uoDsP1Cg8Iw2w0F4h/UdTVH+AbGTFJvxdCHEV/Wbm0lcpyTdOBpq/8r5 0FuSiw59Fj04s/iWK7BPinWy+vq521LpwYF8hoiCLfu1a9dwi9jg83JSq w==; X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="3362749" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="3362749" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 04:14:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="937029957" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="937029957" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 26 Feb 2024 04:14:55 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id 979203C1; Mon, 26 Feb 2024 14:14:54 +0200 (EET) Date: Mon, 26 Feb 2024 14:14:54 +0200 From: "Kirill A. Shutemov" To: Dave Hansen Cc: Dave Hansen , linux-kernel@vger.kernel.org, pbonzini@redhat.com, tglx@linutronix.de, x86@kernel.org, bp@alien8.de Subject: Re: [RFC][PATCH 11/34] x86/cpu/intel: Prepare MKTME for "address configuration" infrastructure Message-ID: References: <20240222183926.517AFCD2@davehans-spike.ostc.intel.com> <20240222183941.7CB634A5@davehans-spike.ostc.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Fri, Feb 23, 2024 at 08:22:16AM -0800, Dave Hansen wrote: > On 2/23/24 03:33, Kirill A. Shutemov wrote: > > On Thu, Feb 22, 2024 at 10:39:41AM -0800, Dave Hansen wrote: > >> From: Dave Hansen > >> > >> Intel also does memory encryption and also fiddles with the physical > >> address bits. This is currently called for *each* CPU, but practically > >> only done on the boot CPU because of 'mktme_status'. > >> > >> Move it from the "each CPU" ->c_init() function to ->c_bsp_init() where > >> the whole thing only gets called once ever. This also necessitates moving > >> detect_tme() and its entourage around in the file. > > The state machine around mktme_state doesn't make sense if we only call it > > on boot CPU, so detect_tme() can be drastically simplified. I can do it on > > top of the patchset. > > That would be great. Looking at it again, the (tme_activate != > tme_activate_cpu0) block is total cruft now. It probably just needs to > get moved to secondary CPU startup. I have never saw the check to be useful. I think it can be just dropped. The patch below makes detect_tme() only enumerate TME and MKTME. And report number of keyid bits. Kernel doesn't care about anything else. Any comments? From 1080535093d21f025d46fd610de5ad788591f4b5 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" Date: Mon, 26 Feb 2024 14:01:01 +0200 Subject: [PATCH] x86/cpu/intel: Simplify detect_tme() The detect_tme() function is now only called by the boot CPU. The logic for cross-checking TME configuration between CPUs is no longer used. It has never identified a real problem and can be safely removed. The kernel does not use MKTME and is not concerned with MKTME policy or encryption algorithms. There is no need to check them. Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/cpu/intel.c | 44 ++----------------------------------- 1 file changed, 2 insertions(+), 42 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 4192aa4576f4..60918b49344c 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -329,55 +329,20 @@ static void early_init_intel(struct cpuinfo_x86 *c) #define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ #define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 -/* Values for mktme_status (SW only construct) */ -#define MKTME_ENABLED 0 -#define MKTME_DISABLED 1 -#define MKTME_UNINITIALIZED 2 -static int mktme_status = MKTME_UNINITIALIZED; - static int detect_tme(struct cpuinfo_x86 *c) { - u64 tme_activate, tme_policy, tme_crypto_algs; - int keyid_bits = 0, nr_keyids = 0; - static u64 tme_activate_cpu0 = 0; + int keyid_bits, nr_keyids; + u64 tme_activate; rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); - if (mktme_status != MKTME_UNINITIALIZED) { - if (tme_activate != tme_activate_cpu0) { - /* Broken BIOS? */ - pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); - pr_err_once("x86/tme: MKTME is not usable\n"); - mktme_status = MKTME_DISABLED; - - /* Proceed. We may need to exclude bits from x86_phys_bits. */ - } - } else { - tme_activate_cpu0 = tme_activate; - } - if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activate)) { pr_info_once("x86/tme: not enabled by BIOS\n"); - mktme_status = MKTME_DISABLED; return 0; } - if (mktme_status != MKTME_UNINITIALIZED) - goto detect_keyid_bits; - pr_info("x86/tme: enabled by BIOS\n"); - tme_policy = TME_ACTIVATE_POLICY(tme_activate); - if (tme_policy != TME_ACTIVATE_POLICY_AES_XTS_128) - pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); - - tme_crypto_algs = TME_ACTIVATE_CRYPTO_ALGS(tme_activate); - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { - pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", - tme_crypto_algs); - mktme_status = MKTME_DISABLED; - } -detect_keyid_bits: keyid_bits = TME_ACTIVATE_KEYID_BITS(tme_activate); nr_keyids = (1UL << keyid_bits) - 1; if (nr_keyids) { @@ -387,11 +352,6 @@ static int detect_tme(struct cpuinfo_x86 *c) pr_info_once("x86/mktme: disabled by BIOS\n"); } - if (mktme_status == MKTME_UNINITIALIZED) { - /* MKTME is usable */ - mktme_status = MKTME_ENABLED; - } - return keyid_bits; } -- Kiryl Shutsemau / Kirill A. Shutemov