lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YUTI5Vy/fLT/q/Lh@zn.tnic>
Date:   Fri, 17 Sep 2021 18:57:09 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
        Paolo Bonzini <pbonzini@...hat.com>,
        Juergen Gross <jgross@...e.com>, Deep Shah <sdeep@...are.com>,
        VMware Inc <pv-drivers@...are.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Wanpeng Li <wanpengli@...cent.com>,
        Jim Mattson <jmattson@...gle.com>,
        Joerg Roedel <joro@...tes.org>, Peter H Anvin <hpa@...or.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Tony Luck <tony.luck@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v7 01/12] x86/tdx: Add Intel ARCH support to
 cc_platform_has()

On Thu, Sep 16, 2021 at 11:35:39AM -0700, Kuppuswamy Sathyanarayanan wrote:
> cc_platform_has() can be used to check for specific active confidential
> computing attributes, like memory encryption. For Intel platform like
> Trusted Domain eXtensions (TDX) guest has need for using this function
> to protect the TDX specific changes made in generic drivers.
> 
> So, extend cc_platform_has() and add support for Intel architecture
> variant (intel_cc_platform_has())
> 
> This is a preparatory commit needed before adding TDX guest support
> to intel_cc_platform_has().
> 
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
> ---
>  arch/x86/include/asm/intel_cc_platform.h | 15 +++++++++++++++
>  arch/x86/kernel/cc_platform.c            |  5 +++++
>  arch/x86/kernel/cpu/intel.c              |  9 +++++++++
>  3 files changed, 29 insertions(+)
>  create mode 100644 arch/x86/include/asm/intel_cc_platform.h

I did the below. Will queue the whole pile once -rc2 is out.

Thx.

---
>From c2aa317bba1b4e623075139a19b35118de3234b7 Mon Sep 17 00:00:00 2001
From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
Date: Fri, 17 Sep 2021 11:32:22 +0200
Subject: [PATCH] x86/tdx: Add the Intel version for cc_platform_has()

cc_platform_has() can be used to check for specific active confidential
computing attributes, like memory encryption. For Intel platform like
Trusted Domain eXtensions (TDX) the guest uses this function to protect
the TDX-specific changes made in generic drivers.

So, extend cc_platform_has() and add support for Intel architecture
variant.

 [ bp: Rip out the separate header and the export. ]

Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
Signed-off-by: Borislav Petkov <bp@...e.de>
Link: https://lkml.kernel.org/r/20210916183550.15349-2-sathyanarayanan.kuppuswamy@linux.intel.com
---
 arch/x86/include/asm/mem_encrypt.h | 6 ++++++
 arch/x86/kernel/cc_platform.c      | 2 ++
 arch/x86/kernel/cpu/intel.c        | 7 +++++++
 3 files changed, 15 insertions(+)

diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
index ed954aa5c448..a73712b6ee0e 100644
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -103,6 +103,12 @@ static inline u64 sme_get_me_mask(void)
 	return sme_me_mask;
 }
 
+#if defined(CONFIG_CPU_SUP_INTEL) && defined(CONFIG_ARCH_HAS_CC_PLATFORM)
+bool intel_cc_platform_has(enum cc_attr attr);
+#else
+static inline bool intel_cc_platform_has(enum cc_attr attr) { return false; }
+#endif
+
 #endif	/* __ASSEMBLY__ */
 
 #endif	/* __X86_MEM_ENCRYPT_H__ */
diff --git a/arch/x86/kernel/cc_platform.c b/arch/x86/kernel/cc_platform.c
index b43bacdc40da..6037201c8437 100644
--- a/arch/x86/kernel/cc_platform.c
+++ b/arch/x86/kernel/cc_platform.c
@@ -18,6 +18,8 @@ bool cc_platform_has(enum cc_attr attr)
 	if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD ||
 	    boot_cpu_data.x86_vendor == X86_VENDOR_HYGON)
 		return amd_cc_platform_has(attr);
+	else if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL)
+		return intel_cc_platform_has(attr);
 
 	return false;
 }
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 8321c43554a1..53756ff12295 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -60,6 +60,13 @@ static u64 msr_test_ctrl_cache __ro_after_init;
  */
 static bool cpu_model_supports_sld __ro_after_init;
 
+#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
+bool intel_cc_platform_has(enum cc_attr attr)
+{
+	return false;
+}
+#endif
+
 /*
  * Processors which have self-snooping capability can handle conflicting
  * memory type across CPUs by snooping its own cache. However, there exists
-- 
2.29.2


-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ