diff mbox

[RFC,Part1,v3,07/17] x86/mm: Include SEV for encryption memory attribute changes

Message ID 20170724190757.11278-8-brijesh.singh@amd.com (mailing list archive)
State New, archived
Headers show

Commit Message

Brijesh Singh July 24, 2017, 7:07 p.m. UTC 
From: Tom Lendacky <thomas.lendacky@amd.com>

The current code checks only for sme_active() when determining whether
to perform the encryption attribute change.  Include sev_active() in this
check so that memory attribute changes can occur under SME and SEV.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 arch/x86/mm/pageattr.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Borislav Petkov July 27, 2017, 2:58 p.m. UTC | #1 
On Mon, Jul 24, 2017 at 02:07:47PM -0500, Brijesh Singh wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> The current code checks only for sme_active() when determining whether
> to perform the encryption attribute change.  Include sev_active() in this
> check so that memory attribute changes can occur under SME and SEV.
> 
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  arch/x86/mm/pageattr.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
> index dfb7d65..b726b23 100644
> --- a/arch/x86/mm/pageattr.c
> +++ b/arch/x86/mm/pageattr.c
> @@ -1781,8 +1781,8 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
>  	unsigned long start;
>  	int ret;
>  
> -	/* Nothing to do if the SME is not active */
> -	if (!sme_active())
> +	/* Nothing to do if SME and SEV are not active */
> +	if (!sme_active() && !sev_active())

This is the second place which does

	if (!SME && !SEV)

I wonder if, instead of sprinking those, we should have a

	if (mem_enc_active())

or so which unifies all those memory encryption logic tests and makes
the code more straightforward for readers who don't have to pay
attention to SME vs SEV ...

Just a thought.
David Laight July 28, 2017, 8:47 a.m. UTC | #2 
From: Borislav Petkov

> Sent: 27 July 2017 15:59

> On Mon, Jul 24, 2017 at 02:07:47PM -0500, Brijesh Singh wrote:

> > From: Tom Lendacky <thomas.lendacky@amd.com>

> >

> > The current code checks only for sme_active() when determining whether

> > to perform the encryption attribute change.  Include sev_active() in this

> > check so that memory attribute changes can occur under SME and SEV.

> >

> > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>

> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>

> > ---

> >  arch/x86/mm/pageattr.c | 4 ++--

> >  1 file changed, 2 insertions(+), 2 deletions(-)

> >

> > diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c

> > index dfb7d65..b726b23 100644

> > --- a/arch/x86/mm/pageattr.c

> > +++ b/arch/x86/mm/pageattr.c

> > @@ -1781,8 +1781,8 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)

> >  	unsigned long start;

> >  	int ret;

> >

> > -	/* Nothing to do if the SME is not active */

> > -	if (!sme_active())

> > +	/* Nothing to do if SME and SEV are not active */

> > +	if (!sme_active() && !sev_active())

> 

> This is the second place which does

> 

> 	if (!SME && !SEV)

> 

> I wonder if, instead of sprinking those, we should have a

> 

> 	if (mem_enc_active())

> 

> or so which unifies all those memory encryption logic tests and makes

> the code more straightforward for readers who don't have to pay

> attention to SME vs SEV ...


If any of the code paths are 'hot' it would make sense to be checking
a single memory location.

	David
Tom Lendacky Aug. 17, 2017, 6:10 p.m. UTC | #3 
On 7/27/2017 9:58 AM, Borislav Petkov wrote:
> On Mon, Jul 24, 2017 at 02:07:47PM -0500, Brijesh Singh wrote:
>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>
>> The current code checks only for sme_active() when determining whether
>> to perform the encryption attribute change.  Include sev_active() in this
>> check so that memory attribute changes can occur under SME and SEV.
>>
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>> ---
>>   arch/x86/mm/pageattr.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
>> index dfb7d65..b726b23 100644
>> --- a/arch/x86/mm/pageattr.c
>> +++ b/arch/x86/mm/pageattr.c
>> @@ -1781,8 +1781,8 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
>>   	unsigned long start;
>>   	int ret;
>>   
>> -	/* Nothing to do if the SME is not active */
>> -	if (!sme_active())
>> +	/* Nothing to do if SME and SEV are not active */
>> +	if (!sme_active() && !sev_active())
> 
> This is the second place which does
> 
> 	if (!SME && !SEV)
> 
> I wonder if, instead of sprinking those, we should have a
> 
> 	if (mem_enc_active())
> 
> or so which unifies all those memory encryption logic tests and makes
> the code more straightforward for readers who don't have to pay
> attention to SME vs SEV ...

Yup, that will make things look cleaner and easier to understand.

Thanks,
Tom

> 
> Just a thought.
>
Tom Lendacky Aug. 17, 2017, 6:21 p.m. UTC | #4 
On 7/28/2017 3:47 AM, David Laight wrote:
> From: Borislav Petkov
>> Sent: 27 July 2017 15:59
>> On Mon, Jul 24, 2017 at 02:07:47PM -0500, Brijesh Singh wrote:
>>> From: Tom Lendacky <thomas.lendacky@amd.com>
>>>
>>> The current code checks only for sme_active() when determining whether
>>> to perform the encryption attribute change.  Include sev_active() in this
>>> check so that memory attribute changes can occur under SME and SEV.
>>>
>>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>>> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
>>> ---
>>>   arch/x86/mm/pageattr.c | 4 ++--
>>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
>>> index dfb7d65..b726b23 100644
>>> --- a/arch/x86/mm/pageattr.c
>>> +++ b/arch/x86/mm/pageattr.c
>>> @@ -1781,8 +1781,8 @@ static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
>>>   	unsigned long start;
>>>   	int ret;
>>>
>>> -	/* Nothing to do if the SME is not active */
>>> -	if (!sme_active())
>>> +	/* Nothing to do if SME and SEV are not active */
>>> +	if (!sme_active() && !sev_active())
>>
>> This is the second place which does
>>
>> 	if (!SME && !SEV)
>>
>> I wonder if, instead of sprinking those, we should have a
>>
>> 	if (mem_enc_active())
>>
>> or so which unifies all those memory encryption logic tests and makes
>> the code more straightforward for readers who don't have to pay
>> attention to SME vs SEV ...
> 
> If any of the code paths are 'hot' it would make sense to be checking
> a single memory location.

The function would check a single variable/memory location and making it
an inline function would accomplish that.

Thanks,
Tom

> 
> 	David
>
diff mbox

Patch

diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index dfb7d65..b726b23 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -1781,8 +1781,8 @@  static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
 	unsigned long start;
 	int ret;
 
-	/* Nothing to do if the SME is not active */
-	if (!sme_active())
+	/* Nothing to do if SME and SEV are not active */
+	if (!sme_active() && !sev_active())
 		return 0;
 
 	/* Should not be working on unaligned addresses */