Re: [PATCH v2 06/12] x86/sev: Replace occurrences of sev_active() with prot_guest_has()
On Tue, Aug 17, 2021 at 10:26:18AM -0500, Tom Lendacky wrote: > >>/* > >> - * If SME is active we need to be sure that kexec pages are > >> - * not encrypted because when we boot to the new kernel the > >> + * If host memory encryption is active we need to be sure that kexec > >> + * pages are not encrypted because when we boot to the new kernel the > >> * pages won't be accessed encrypted (initially). > >> */ > > > > That hunk belongs logically into the previous patch which removes > > sme_active(). > > I was trying to keep the sev_active() changes separate... so even though > it's an SME thing, I kept it here. But I can move it to the previous > patch, it just might look strange. Oh I meant only the comment because it is a SME-related change. But not too important so whatever. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH v2 06/12] x86/sev: Replace occurrences of sev_active() with prot_guest_has()
On 8/17/21 5:02 AM, Borislav Petkov wrote: > On Fri, Aug 13, 2021 at 11:59:25AM -0500, Tom Lendacky wrote: >> diff --git a/arch/x86/kernel/machine_kexec_64.c >> b/arch/x86/kernel/machine_kexec_64.c >> index 8e7b517ad738..66ff788b79c9 100644 >> --- a/arch/x86/kernel/machine_kexec_64.c >> +++ b/arch/x86/kernel/machine_kexec_64.c >> @@ -167,7 +167,7 @@ static int init_transition_pgtable(struct kimage *image, >> pgd_t *pgd) >> } >> pte = pte_offset_kernel(pmd, vaddr); >> >> -if (sev_active()) >> +if (prot_guest_has(PATTR_GUEST_MEM_ENCRYPT)) >> prot = PAGE_KERNEL_EXEC; >> >> set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, prot)); >> @@ -207,7 +207,7 @@ static int init_pgtable(struct kimage *image, unsigned >> long start_pgtable) >> level4p = (pgd_t *)__va(start_pgtable); >> clear_page(level4p); >> >> -if (sev_active()) { >> +if (prot_guest_has(PATTR_GUEST_MEM_ENCRYPT)) { >> info.page_flag |= _PAGE_ENC; >> info.kernpg_flag |= _PAGE_ENC; >> } >> @@ -570,12 +570,12 @@ void arch_kexec_unprotect_crashkres(void) >> */ >> int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp) >> { >> -if (sev_active()) >> +if (!prot_guest_has(PATTR_HOST_MEM_ENCRYPT)) >> return 0; >> >> /* >> - * If SME is active we need to be sure that kexec pages are >> - * not encrypted because when we boot to the new kernel the >> + * If host memory encryption is active we need to be sure that kexec >> + * pages are not encrypted because when we boot to the new kernel the >> * pages won't be accessed encrypted (initially). >> */ > > That hunk belongs logically into the previous patch which removes > sme_active(). I was trying to keep the sev_active() changes separate... so even though it's an SME thing, I kept it here. But I can move it to the previous patch, it just might look strange. > >> return set_memory_decrypted((unsigned long)vaddr, pages); >> @@ -583,12 +583,12 @@ int arch_kexec_post_alloc_pages(void *vaddr, unsigned >> int pages, gfp_t gfp) >> >> void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages) >> { >> -if (sev_active()) >> +if (!prot_guest_has(PATTR_HOST_MEM_ENCRYPT)) >> return; >> >> /* >> - * If SME is active we need to reset the pages back to being >> - * an encrypted mapping before freeing them. >> + * If host memory encryption is active we need to reset the pages back >> + * to being an encrypted mapping before freeing them. >> */ >> set_memory_encrypted((unsigned long)vaddr, pages); >> } >> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c >> index e8ccab50ebf6..b69f5ac622d5 100644 >> --- a/arch/x86/kvm/svm/svm.c >> +++ b/arch/x86/kvm/svm/svm.c >> @@ -25,6 +25,7 @@ >> #include >> #include >> #include >> +#include >> >> #include >> #include >> @@ -457,7 +458,7 @@ static int has_svm(void) >> return 0; >> } >> >> -if (sev_active()) { >> +if (prot_guest_has(PATTR_SEV)) { >> pr_info("KVM is unsupported when running as an SEV guest\n"); >> return 0; > > Same question as for PATTR_SME. PATTR_GUEST_MEM_ENCRYPT should be enough. Yup, I'll change them all. > >> @@ -373,7 +373,7 @@ int __init early_set_memory_encrypted(unsigned long >> vaddr, unsigned long size) >> * up under SME the trampoline area cannot be encrypted, whereas under SEV >> * the trampoline area must be encrypted. >> */ >> -bool sev_active(void) >> +static bool sev_active(void) >> { >> return sev_status & MSR_AMD64_SEV_ENABLED; >> } >> @@ -382,7 +382,6 @@ static bool sme_active(void) >> { >> return sme_me_mask && !sev_active(); >> } >> -EXPORT_SYMBOL_GPL(sev_active); > > Just get rid of it altogether. Ok. Thanks, Tom > > Thx. >
Re: [PATCH v2 06/12] x86/sev: Replace occurrences of sev_active() with prot_guest_has()
On Fri, Aug 13, 2021 at 11:59:25AM -0500, Tom Lendacky wrote: > diff --git a/arch/x86/kernel/machine_kexec_64.c > b/arch/x86/kernel/machine_kexec_64.c > index 8e7b517ad738..66ff788b79c9 100644 > --- a/arch/x86/kernel/machine_kexec_64.c > +++ b/arch/x86/kernel/machine_kexec_64.c > @@ -167,7 +167,7 @@ static int init_transition_pgtable(struct kimage *image, > pgd_t *pgd) > } > pte = pte_offset_kernel(pmd, vaddr); > > - if (sev_active()) > + if (prot_guest_has(PATTR_GUEST_MEM_ENCRYPT)) > prot = PAGE_KERNEL_EXEC; > > set_pte(pte, pfn_pte(paddr >> PAGE_SHIFT, prot)); > @@ -207,7 +207,7 @@ static int init_pgtable(struct kimage *image, unsigned > long start_pgtable) > level4p = (pgd_t *)__va(start_pgtable); > clear_page(level4p); > > - if (sev_active()) { > + if (prot_guest_has(PATTR_GUEST_MEM_ENCRYPT)) { > info.page_flag |= _PAGE_ENC; > info.kernpg_flag |= _PAGE_ENC; > } > @@ -570,12 +570,12 @@ void arch_kexec_unprotect_crashkres(void) > */ > int arch_kexec_post_alloc_pages(void *vaddr, unsigned int pages, gfp_t gfp) > { > - if (sev_active()) > + if (!prot_guest_has(PATTR_HOST_MEM_ENCRYPT)) > return 0; > > /* > - * If SME is active we need to be sure that kexec pages are > - * not encrypted because when we boot to the new kernel the > + * If host memory encryption is active we need to be sure that kexec > + * pages are not encrypted because when we boot to the new kernel the >* pages won't be accessed encrypted (initially). >*/ That hunk belongs logically into the previous patch which removes sme_active(). > return set_memory_decrypted((unsigned long)vaddr, pages); > @@ -583,12 +583,12 @@ int arch_kexec_post_alloc_pages(void *vaddr, unsigned > int pages, gfp_t gfp) > > void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages) > { > - if (sev_active()) > + if (!prot_guest_has(PATTR_HOST_MEM_ENCRYPT)) > return; > > /* > - * If SME is active we need to reset the pages back to being > - * an encrypted mapping before freeing them. > + * If host memory encryption is active we need to reset the pages back > + * to being an encrypted mapping before freeing them. >*/ > set_memory_encrypted((unsigned long)vaddr, pages); > } > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index e8ccab50ebf6..b69f5ac622d5 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -25,6 +25,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -457,7 +458,7 @@ static int has_svm(void) > return 0; > } > > - if (sev_active()) { > + if (prot_guest_has(PATTR_SEV)) { > pr_info("KVM is unsupported when running as an SEV guest\n"); > return 0; Same question as for PATTR_SME. PATTR_GUEST_MEM_ENCRYPT should be enough. > @@ -373,7 +373,7 @@ int __init early_set_memory_encrypted(unsigned long > vaddr, unsigned long size) > * up under SME the trampoline area cannot be encrypted, whereas under SEV > * the trampoline area must be encrypted. > */ > -bool sev_active(void) > +static bool sev_active(void) > { > return sev_status & MSR_AMD64_SEV_ENABLED; > } > @@ -382,7 +382,6 @@ static bool sme_active(void) > { > return sme_me_mask && !sev_active(); > } > -EXPORT_SYMBOL_GPL(sev_active); Just get rid of it altogether. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette