lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Nov 2021 16:45:25 -0800
From:   Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        Tom Lendacky <thomas.lendacky@....com>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "H . Peter Anvin" <hpa@...or.com>, Tony Luck <tony.luck@...el.com>,
        Dan Williams <dan.j.williams@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH v1 1/4] x86/sev: Remove sev_enable_key usage in outs##bwl()/ins##bwl()

String I/O instructions (INS/OUTS) can be used to move blocks of
data between I/O ports and memory space. But emulation of these
instructions is not supported in AMD SEV platform. Since these
instructions are obsolete, hypervisors rarely emulate them. So to
support the legacy usage, INS/OUTS are unrolled using IN/OUT
instructions.

Currently, this is implemented by adding a SEV specific static
key check in outs##bwl()/ins##bwl() macros. Since TDX VM guests
also need similar support, the implementation needs to be made
generic using the cc_platform_has() call.

In preparation for adding cc_platform_has() based support, as a
first step remove the sev_enable_key usage and replace it with
direct reference to "sev_status".

Since this patch replaces the static key usage, it might lead to
some performance gap.

Suggested-by: Tom Lendacky <thomas.lendacky@....com>
Reviewed-by: Tony Luck <tony.luck@...el.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@...ux.intel.com>
---
 arch/x86/include/asm/io.h | 15 ++++++++-------
 arch/x86/mm/mem_encrypt.c | 11 +----------
 2 files changed, 9 insertions(+), 17 deletions(-)

diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
index 5c6a4af0b911..69093a610630 100644
--- a/arch/x86/include/asm/io.h
+++ b/arch/x86/include/asm/io.h
@@ -257,17 +257,18 @@ static inline void slow_down_io(void)
 #endif
 
 #ifdef CONFIG_AMD_MEM_ENCRYPT
-#include <linux/jump_label.h>
 
-extern struct static_key_false sev_enable_key;
-static inline bool sev_key_active(void)
+extern u64 sev_status;
+
+static inline bool is_sev_enabled(void)
 {
-	return static_branch_unlikely(&sev_enable_key);
+	return ((sev_status & MSR_AMD64_SEV_ENABLED) &&
+		!(sev_status & MSR_AMD64_SEV_ES_ENABLED));
 }
 
 #else /* !CONFIG_AMD_MEM_ENCRYPT */
 
-static inline bool sev_key_active(void) { return false; }
+static inline bool is_sev_enabled(void) { return false; }
 
 #endif /* CONFIG_AMD_MEM_ENCRYPT */
 
@@ -301,7 +302,7 @@ static inline unsigned type in##bwl##_p(int port)			\
 									\
 static inline void outs##bwl(int port, const void *addr, unsigned long count) \
 {									\
-	if (sev_key_active()) {						\
+	if (is_sev_enabled()) {						\
 		unsigned type *value = (unsigned type *)addr;		\
 		while (count) {						\
 			out##bwl(*value, port);				\
@@ -317,7 +318,7 @@ static inline void outs##bwl(int port, const void *addr, unsigned long count) \
 									\
 static inline void ins##bwl(int port, void *addr, unsigned long count)	\
 {									\
-	if (sev_key_active()) {						\
+	if (is_sev_enabled()) {						\
 		unsigned type *value = (unsigned type *)addr;		\
 		while (count) {						\
 			*value = in##bwl(port);				\
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 35487305d8af..49e5dfc23785 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -43,8 +43,7 @@ u64 sme_me_mask __section(".data") = 0;
 u64 sev_status __section(".data") = 0;
 u64 sev_check_data __section(".data") = 0;
 EXPORT_SYMBOL(sme_me_mask);
-DEFINE_STATIC_KEY_FALSE(sev_enable_key);
-EXPORT_SYMBOL_GPL(sev_enable_key);
+EXPORT_SYMBOL_GPL(sev_status);
 
 /* Buffer used for early in-place encryption by BSP, no locking needed */
 static char sme_early_buffer[PAGE_SIZE] __initdata __aligned(PAGE_SIZE);
@@ -499,14 +498,6 @@ void __init mem_encrypt_init(void)
 	/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
 	swiotlb_update_mem_attributes();
 
-	/*
-	 * With SEV, we need to unroll the rep string I/O instructions,
-	 * but SEV-ES supports them through the #VC handler.
-	 */
-	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) &&
-	    !cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
-		static_branch_enable(&sev_enable_key);
-
 	print_mem_encrypt_feature_info();
 }
 
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ