Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstractionn
From: Tom Lendacky
Date: Fri Jun 04 2021 - 18:01:38 EST
On 6/3/21 1:15 PM, Borislav Petkov wrote:
> From f1e9f051c86b09fe660f49b0307bc7c6cec5e6f4 Mon Sep 17 00:00:00 2001
> From: Borislav Petkov <bp@xxxxxxx>
> Date: Thu, 3 Jun 2021 20:03:31 +0200
> Subject: Convert sme_active()
>
> */
> - if (sme_active())
> + if (protected_guest_has(VM_HOST_MEM_ENCRYPT))
> swiotlb = 1;
I still feel this is confusing. SME is a host/bare-metal technology, so
calling protected_guest_has() seems odd and using VM_HOST_MEM_ENCRYPT,
where I assume VM is short for virtual machine, also seems odd.
How about just protected_os_has()? Then you could have
- HOST_MEM_ENCRYPT for host memory encryption
- GUEST_MEM_ENCRYPT for guest memory encryption
- MEM_ENCRYPT for either host or guest memory encryption.
The first is analogous to sme_active(), the second to sev_active() and the
third to mem_encrypt_active(). Just my opinion, though...
>
> return swiotlb;
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index 01a224fdb897..3aa2658ced52 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -1409,6 +1409,11 @@ bool sev_protected_guest_has(unsigned long flag)
> case VM_MEM_ENCRYPT:
> case VM_MEM_ENCRYPT_ACTIVE:
> return true;
> + case VM_HOST_MEM_ENCRYPT:
> + return sme_me_mask && !sev_active();
> + default:
> + WARN_ON_ONCE(1);
> + return false;
I don't think you want a WARN_ON_ONCE() here. The code will be written to
work with either SEV or TDX, so we shouldn't warn on a check for a TDX
supported feature when running on AMD (or vice-versa).
Thanks,
Tom