| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2024 15:33:13 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>
Cc: x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
linux-kernel@...r.kernel.org, Dexuan Cui <decui@...rosoft.com>,
Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
Subject: Re: [PATCH] x86/mm: Fix memory encryption features advertisement
On 1/10/24 13:35, Kirill A. Shutemov wrote:
> When memory encryption is enabled, the kernel prints the encryption
> flavor that the system supports.
>
> The check assumes that everything is AMD SME/SEV if it has the TDX CPU
s/if it has/if it doesn't have/
> feature set.
>
> To avoid confusion, check the cc_vendor directly.
Is this because of the setting of cc_vendor in hv_vtom_init() without
setting the TDX feature and so "Intel TDX" isn't printed and instead "AMD"
is printed?
If so, the commit message should really have some info about how this
relates to Hyper-V isolation VMs.
Thanks,
Tom
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> Cc: Dexuan Cui <decui@...rosoft.com>
> Cc: Jeremi Piotrowski <jpiotrowski@...ux.microsoft.com>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> ---
> arch/x86/mm/mem_encrypt.c | 56 +++++++++++++++++++++------------------
> 1 file changed, 30 insertions(+), 26 deletions(-)
>
> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
> index c290c55b632b..d035bce3a2b0 100644
> --- a/arch/x86/mm/mem_encrypt.c
> +++ b/arch/x86/mm/mem_encrypt.c
> @@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev)
>
> static void print_mem_encrypt_feature_info(void)
> {
> - pr_info("Memory Encryption Features active:");
> + pr_info("Memory Encryption Features active: ");
>
> - if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
> - pr_cont(" Intel TDX\n");
> - return;
> - }
> + switch (cc_vendor) {
> + case CC_VENDOR_INTEL:
> + pr_cont("Intel TDX\n");
> + break;
> + case CC_VENDOR_AMD:
> + pr_cont("AMD");
>
> - pr_cont(" AMD");
> -
> - /* Secure Memory Encryption */
> - if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
> + /* Secure Memory Encryption */
> + if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
> /*
> * SME is mutually exclusive with any of the SEV
> * features below.
> - */
> - pr_cont(" SME\n");
> - return;
> + */
> + pr_cont(" SME\n");
> + return;
> + }
> +
> + /* Secure Encrypted Virtualization */
> + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> + pr_cont(" SEV");
> +
> + /* Encrypted Register State */
> + if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
> + pr_cont(" SEV-ES");
> +
> + /* Secure Nested Paging */
> + if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> + pr_cont(" SEV-SNP");
> +
> + pr_cont("\n");
> + break;
> + default:
> + pr_cont("Unknown\n");
> }
> -
> - /* Secure Encrypted Virtualization */
> - if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> - pr_cont(" SEV");
> -
> - /* Encrypted Register State */
> - if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
> - pr_cont(" SEV-ES");
> -
> - /* Secure Nested Paging */
> - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> - pr_cont(" SEV-SNP");
> -
> - pr_cont("\n");
> }
>
> /* Architecture __weak replacement functions */
Powered by blists - more mailing lists