Re: [PATCH 2/2] x86/cpu: clear SME/SEV/SEV_ES features when not in use
From: Limonciello, Mario
Date: Fri Feb 11 2022 - 14:43:19 EST
On 2/11/2022 02:31, Borislav Petkov wrote:
On Thu, Feb 10, 2022 at 11:36:52PM -0600, Mario Limonciello wrote:
Currently SME/SEV/SEV_ES features are reflective of whether the CPU
supports the features but not whether they have been activated by the
kernel.
Change this around to clear the features if the kernel is not using
them so userspace can determine if they are available and in use
from `/proc/cpuinfo`.
Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxx>
---
arch/x86/kernel/cpu/amd.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 4edb6f0f628c..4a7d4801fa0b 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -611,12 +611,20 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
if (!(msr & MSR_K7_HWCR_SMMLOCK))
goto clear_sev;
+ if (!cc_platform_has(CC_ATTR_MEM_ENCRYPT))
+ goto clear_all;
+ if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+ goto clear_sev;
+ if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
+ goto clear_sev_es;
The cc_platform stuff is to be used in generic code - I think you can
safely read MSR_AMD64_SEV here and look at the bits, just like the rest
of this code does.
Yeah I was just looking to avoid the code duplication in multiple parts
of the kernel. If it's preferable to just duplicate the logic that
cc_platform_has here for the AMD platform, I'll do that instead.
Also, why is this a separate patch? I.e., one single patch should be
just fine.
Very well, will squash them.