| Message ID | 20210928191009.32551-1-bp@alien8.de (mailing list archive) |
|---|---|
| Headers | show |
| Series | Implement generic cc_platform_has() helper function | expand |
On 9/28/21 12:10 PM, Borislav Petkov wrote: > From: Borislav Petkov <bp@suse.de> > > Hi all, > > here's v4 of the cc_platform_has() patchset with feedback incorporated. > > I'm going to route this through tip if there are no objections. Intel CC support patch is not included in this series. You want me to address the issue raised by Joerg before merging it? > > Thx. > > Tom Lendacky (8): > x86/ioremap: Selectively build arch override encryption functions > arch/cc: Introduce a function to check for confidential computing > features > x86/sev: Add an x86 version of cc_platform_has() > powerpc/pseries/svm: Add a powerpc version of cc_platform_has() > x86/sme: Replace occurrences of sme_active() with cc_platform_has() > x86/sev: Replace occurrences of sev_active() with cc_platform_has() > x86/sev: Replace occurrences of sev_es_active() with cc_platform_has() > treewide: Replace the use of mem_encrypt_active() with > cc_platform_has() > > arch/Kconfig | 3 + > arch/powerpc/include/asm/mem_encrypt.h | 5 -- > arch/powerpc/platforms/pseries/Kconfig | 1 + > arch/powerpc/platforms/pseries/Makefile | 2 + > arch/powerpc/platforms/pseries/cc_platform.c | 26 ++++++ > arch/powerpc/platforms/pseries/svm.c | 5 +- > arch/s390/include/asm/mem_encrypt.h | 2 - > arch/x86/Kconfig | 1 + > arch/x86/include/asm/io.h | 8 ++ > arch/x86/include/asm/kexec.h | 2 +- > arch/x86/include/asm/mem_encrypt.h | 12 +-- > arch/x86/kernel/Makefile | 6 ++ > arch/x86/kernel/cc_platform.c | 69 +++++++++++++++ > arch/x86/kernel/crash_dump_64.c | 4 +- > arch/x86/kernel/head64.c | 9 +- > arch/x86/kernel/kvm.c | 3 +- > arch/x86/kernel/kvmclock.c | 4 +- > arch/x86/kernel/machine_kexec_64.c | 19 +++-- > arch/x86/kernel/pci-swiotlb.c | 9 +- > arch/x86/kernel/relocate_kernel_64.S | 2 +- > arch/x86/kernel/sev.c | 6 +- > arch/x86/kvm/svm/svm.c | 3 +- > arch/x86/mm/ioremap.c | 18 ++-- > arch/x86/mm/mem_encrypt.c | 55 ++++-------- > arch/x86/mm/mem_encrypt_identity.c | 9 +- > arch/x86/mm/pat/set_memory.c | 3 +- > arch/x86/platform/efi/efi_64.c | 9 +- > arch/x86/realmode/init.c | 8 +- > drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- > drivers/gpu/drm/drm_cache.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- > drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +- > drivers/iommu/amd/init.c | 7 +- > drivers/iommu/amd/iommu.c | 3 +- > drivers/iommu/amd/iommu_v2.c | 3 +- > drivers/iommu/iommu.c | 3 +- > fs/proc/vmcore.c | 6 +- > include/linux/cc_platform.h | 88 ++++++++++++++++++++ > include/linux/mem_encrypt.h | 4 - > kernel/dma/swiotlb.c | 4 +- > 40 files changed, 310 insertions(+), 129 deletions(-) > create mode 100644 arch/powerpc/platforms/pseries/cc_platform.c > create mode 100644 arch/x86/kernel/cc_platform.c > create mode 100644 include/linux/cc_platform.h >
On Tue, Sep 28, 2021 at 12:19:49PM -0700, Kuppuswamy, Sathyanarayanan wrote: > Intel CC support patch is not included in this series. You want me > to address the issue raised by Joerg before merging it? Did you not see my email to you today: https://lkml.kernel.org/r/YVL4ZUGhfsh1QfRX@zn.tnic ?
On 9/28/21 1:31 PM, Borislav Petkov wrote: > On Tue, Sep 28, 2021 at 12:19:49PM -0700, Kuppuswamy, Sathyanarayanan wrote: >> Intel CC support patch is not included in this series. You want me >> to address the issue raised by Joerg before merging it? > > Did you not see my email to you today: > > https://lkml.kernel.org/r/YVL4ZUGhfsh1QfRX@zn.tnic Just read it. If you want to use cpuid_has_tdx_guest() directly in cc_platform_has(), then you want to rename intel_cc_platform_has() to tdx_cc_platform_has()? > > ? >
On Tue, Sep 28, 2021 at 01:48:46PM -0700, Kuppuswamy, Sathyanarayanan wrote: > Just read it. If you want to use cpuid_has_tdx_guest() directly in > cc_platform_has(), then you want to rename intel_cc_platform_has() to > tdx_cc_platform_has()? Why? You simply do: if (cpuid_has_tdx_guest()) intel_cc_platform_has(...); and lemme paste from that mail: " ...you should use cpuid_has_tdx_guest() instead but cache its result so that you don't call CPUID each time the kernel executes cc_platform_has()." Makes sense?
On 9/28/21 1:58 PM, Borislav Petkov wrote: > On Tue, Sep 28, 2021 at 01:48:46PM -0700, Kuppuswamy, Sathyanarayanan wrote: >> Just read it. If you want to use cpuid_has_tdx_guest() directly in >> cc_platform_has(), then you want to rename intel_cc_platform_has() to >> tdx_cc_platform_has()? > > Why? > > You simply do: > > if (cpuid_has_tdx_guest()) > intel_cc_platform_has(...); > > and lemme paste from that mail: " ...you should use > cpuid_has_tdx_guest() instead but cache its result so that you don't > call CPUID each time the kernel executes cc_platform_has()." > > Makes sense? Yes. But, since the check is related to TDX, I just want to confirm whether you are fine with naming the function as intel_*(). Since this patch is going to have dependency on TDX code, I will include this patch in TDX patch set. >
On Tue, Sep 28, 2021 at 02:01:57PM -0700, Kuppuswamy, Sathyanarayanan wrote: > Yes. But, since the check is related to TDX, I just want to confirm whether > you are fine with naming the function as intel_*(). Why is this such a big of a deal?! There's amd_cc_platform_has() and intel_cc_platform_has() will be the corresponding Intel version. > Since this patch is going to have dependency on TDX code, I will include > this patch in TDX patch set. Ok.
From: Borislav Petkov <bp@suse.de> Hi all, here's v4 of the cc_platform_has() patchset with feedback incorporated. I'm going to route this through tip if there are no objections. Thx. Tom Lendacky (8): x86/ioremap: Selectively build arch override encryption functions arch/cc: Introduce a function to check for confidential computing features x86/sev: Add an x86 version of cc_platform_has() powerpc/pseries/svm: Add a powerpc version of cc_platform_has() x86/sme: Replace occurrences of sme_active() with cc_platform_has() x86/sev: Replace occurrences of sev_active() with cc_platform_has() x86/sev: Replace occurrences of sev_es_active() with cc_platform_has() treewide: Replace the use of mem_encrypt_active() with cc_platform_has() arch/Kconfig | 3 + arch/powerpc/include/asm/mem_encrypt.h | 5 -- arch/powerpc/platforms/pseries/Kconfig | 1 + arch/powerpc/platforms/pseries/Makefile | 2 + arch/powerpc/platforms/pseries/cc_platform.c | 26 ++++++ arch/powerpc/platforms/pseries/svm.c | 5 +- arch/s390/include/asm/mem_encrypt.h | 2 - arch/x86/Kconfig | 1 + arch/x86/include/asm/io.h | 8 ++ arch/x86/include/asm/kexec.h | 2 +- arch/x86/include/asm/mem_encrypt.h | 12 +-- arch/x86/kernel/Makefile | 6 ++ arch/x86/kernel/cc_platform.c | 69 +++++++++++++++ arch/x86/kernel/crash_dump_64.c | 4 +- arch/x86/kernel/head64.c | 9 +- arch/x86/kernel/kvm.c | 3 +- arch/x86/kernel/kvmclock.c | 4 +- arch/x86/kernel/machine_kexec_64.c | 19 +++-- arch/x86/kernel/pci-swiotlb.c | 9 +- arch/x86/kernel/relocate_kernel_64.S | 2 +- arch/x86/kernel/sev.c | 6 +- arch/x86/kvm/svm/svm.c | 3 +- arch/x86/mm/ioremap.c | 18 ++-- arch/x86/mm/mem_encrypt.c | 55 ++++-------- arch/x86/mm/mem_encrypt_identity.c | 9 +- arch/x86/mm/pat/set_memory.c | 3 +- arch/x86/platform/efi/efi_64.c | 9 +- arch/x86/realmode/init.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 4 +- drivers/gpu/drm/drm_cache.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 4 +- drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 6 +- drivers/iommu/amd/init.c | 7 +- drivers/iommu/amd/iommu.c | 3 +- drivers/iommu/amd/iommu_v2.c | 3 +- drivers/iommu/iommu.c | 3 +- fs/proc/vmcore.c | 6 +- include/linux/cc_platform.h | 88 ++++++++++++++++++++ include/linux/mem_encrypt.h | 4 - kernel/dma/swiotlb.c | 4 +- 40 files changed, 310 insertions(+), 129 deletions(-) create mode 100644 arch/powerpc/platforms/pseries/cc_platform.c create mode 100644 arch/x86/kernel/cc_platform.c create mode 100644 include/linux/cc_platform.h