Re: [PATCH] x86/coco, x86/sev: Use cpu_feature_enabled() to detect SEV guest flavor

From: Kirill A. Shutemov
Date: Tue Dec 05 2023 - 10:00:22 EST

Next message: Steven Rostedt: "Re: [RFC PATCH 47/86] rcu: select PREEMPT_RCU if PREEMPT"
Previous message: kernel test robot: "Re: [PATCH 1/4] kunit: Add APIs for managing devices"
In reply to: Borislav Petkov: "Re: [PATCH] x86/coco, x86/sev: Use cpu_feature_enabled() to detect SEV guest flavor"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/coco, x86/sev: Use cpu_feature_enabled() to detect SEV guest flavor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 05, 2023 at 03:46:19PM +0100, Borislav Petkov wrote:
> On Tue, Dec 05, 2023 at 05:37:38PM +0300, Kirill A. Shutemov wrote:
> > The SEV code uses cc_platform_has() checks to detect the SEV flavor.
> > However, these checks can sometimes produce false positives depending on
> > the context.
> >
> > For example, sev_map_percpu_data() uses CC_ATTR_GUEST_MEM_ENCRYPT to
> > detect SEV guest, but this check will also pass for TDX guests.
>
> Well, a function prefixed with "sev_" should check cc_vendor first...

I don't think cc_platform_has() is the right check. On TDX side we use
X86_FEATURE_TDX_GUEST for this and it works better than stretching
CC_ATTRs beyond their meaning.

--
Kiryl Shutsemau / Kirill A. Shutemov

Next message: Steven Rostedt: "Re: [RFC PATCH 47/86] rcu: select PREEMPT_RCU if PREEMPT"
Previous message: kernel test robot: "Re: [PATCH 1/4] kunit: Add APIs for managing devices"
In reply to: Borislav Petkov: "Re: [PATCH] x86/coco, x86/sev: Use cpu_feature_enabled() to detect SEV guest flavor"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/coco, x86/sev: Use cpu_feature_enabled() to detect SEV guest flavor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]