[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170727133927.GC28553@nazgul.tnic>
Date: Thu, 27 Jul 2017 15:39:27 +0200
From: Borislav Petkov <bp@...e.de>
To: Tom Lendacky <thomas.lendacky@....com>
Cc: Brijesh Singh <brijesh.singh@....com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-efi@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
kvm@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H . Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>,
Tony Luck <tony.luck@...el.com>,
Piotr Luc <piotr.luc@...el.com>,
Fenghua Yu <fenghua.yu@...el.com>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Reza Arbab <arbab@...ux.vnet.ibm.com>,
David Howells <dhowells@...hat.com>,
Matt Fleming <matt@...eblueprint.co.uk>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Laura Abbott <labbott@...hat.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Eric Biederman <ebiederm@...ssion.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
Jonathan Corbet <corbet@....net>,
Dave Airlie <airlied@...hat.com>,
Kees Cook <keescook@...omium.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
Christoph Lameter <cl@...ux.com>
Subject: Re: [RFC Part1 PATCH v3 03/17] x86/mm: Secure Encrypted
Virtualization (SEV) support
On Wed, Jul 26, 2017 at 11:47:32AM -0500, Tom Lendacky wrote:
> If it's made static then the sme_active()/sev_active() inline functions
> would need to be turned into functions within the mem_encrypt.c file. So
> there's a trade-off to do that, which is the better one?
Simple: why do we have functions if the variables are exported?
The reasoning for sme_me_mask is more or less obvious but for sev_enabled...
IOW, either make the bool static and unlinine the function - this way
you're free to change how you determine whether SEV is enabled later as
callers will be using the function.
Or, if it doesn't really matter because you can always change callers
later, simply drop sev_active() the function and use a bool sev_active
everywhere.
> The kernel needs to distinguish between running under SME and running
> under SEV. SME and SEV are similar but not the same. The trampoline code
> is a good example. Before paging is activated, SME will access all
> memory as decrypted, but SEV will access all memory as encrypted. So
> when APs are being brought up under SME the trampoline area cannot be
> encrypted, whereas under SEV the trampoline area must be encrypted.
I guess you're sensing by now that we need this clarification in a
comment above it...
:-)
--
Regards/Gruss,
Boris.
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
--
Powered by blists - more mailing lists