x86/sev: Replace occurrences of sev_es_active() with cc_platform_has()
authorTom Lendacky <thomas.lendacky@amd.com>
Wed, 8 Sep 2021 22:58:38 +0000 (17:58 -0500)
committerBorislav Petkov <bp@suse.de>
Mon, 4 Oct 2021 09:47:09 +0000 (11:47 +0200)
Replace uses of sev_es_active() with the more generic cc_platform_has()
using CC_ATTR_GUEST_STATE_ENCRYPT. If future support is added for other
memory encyrption techonologies, the use of CC_ATTR_GUEST_STATE_ENCRYPT
can be updated, as required.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210928191009.32551-8-bp@alien8.de
arch/x86/include/asm/mem_encrypt.h
arch/x86/kernel/sev.c
arch/x86/mm/mem_encrypt.c
arch/x86/realmode/init.c

index a5a58ccd1ee395e6230433d78d3f55e3be23b9e8..da14ede311aa88d97e9394d8872fa481d4974c89 100644 (file)
@@ -51,7 +51,6 @@ void __init mem_encrypt_free_decrypted_mem(void);
 void __init mem_encrypt_init(void);
 
 void __init sev_es_init_vc_handling(void);
-bool sev_es_active(void);
 
 #define __bss_decrypted __section(".bss..decrypted")
 
@@ -74,7 +73,6 @@ static inline void __init sme_encrypt_kernel(struct boot_params *bp) { }
 static inline void __init sme_enable(struct boot_params *bp) { }
 
 static inline void sev_es_init_vc_handling(void) { }
-static inline bool sev_es_active(void) { return false; }
 
 static inline int __init
 early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; }
index a6895e440bc35241c3e279b28ccb5685415e954d..53a6837d354b809b8f9b566aa99f5b69363b4014 100644 (file)
@@ -11,7 +11,7 @@
 
 #include <linux/sched/debug.h> /* For show_regs() */
 #include <linux/percpu-defs.h>
-#include <linux/mem_encrypt.h>
+#include <linux/cc_platform.h>
 #include <linux/printk.h>
 #include <linux/mm_types.h>
 #include <linux/set_memory.h>
@@ -615,7 +615,7 @@ int __init sev_es_efi_map_ghcbs(pgd_t *pgd)
        int cpu;
        u64 pfn;
 
-       if (!sev_es_active())
+       if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
                return 0;
 
        pflags = _PAGE_NX | _PAGE_RW;
@@ -774,7 +774,7 @@ void __init sev_es_init_vc_handling(void)
 
        BUILD_BUG_ON(offsetof(struct sev_es_runtime_data, ghcb_page) % PAGE_SIZE);
 
-       if (!sev_es_active())
+       if (!cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
                return;
 
        if (!sev_es_check_cpu_features())
index 932007a6913b61f24ca549114e267694e9e5c771..2d04c39bea1d967a9d5f53299ffc0f3816e1b1b8 100644 (file)
@@ -361,25 +361,6 @@ int __init early_set_memory_encrypted(unsigned long vaddr, unsigned long size)
        return early_set_memory_enc_dec(vaddr, size, true);
 }
 
-/*
- * SME and SEV are very similar but they are not the same, so there are
- * times that the kernel will need to distinguish between SME and SEV. The
- * cc_platform_has() function is used for this.  When a distinction isn't
- * needed, the CC_ATTR_MEM_ENCRYPT attribute can be used.
- *
- * The trampoline code is a good example for this requirement.  Before
- * paging is activated, SME will access all memory as decrypted, but SEV
- * will access all memory as encrypted.  So, when APs are being brought
- * up under SME the trampoline area cannot be encrypted, whereas under SEV
- * the trampoline area must be encrypted.
- */
-
-/* Needs to be called from non-instrumentable code */
-bool noinstr sev_es_active(void)
-{
-       return sev_status & MSR_AMD64_SEV_ES_ENABLED;
-}
-
 /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
 bool force_dma_unencrypted(struct device *dev)
 {
@@ -449,7 +430,7 @@ static void print_mem_encrypt_feature_info(void)
                pr_cont(" SEV");
 
        /* Encrypted Register State */
-       if (sev_es_active())
+       if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
                pr_cont(" SEV-ES");
 
        pr_cont("\n");
@@ -468,7 +449,8 @@ void __init mem_encrypt_init(void)
         * With SEV, we need to unroll the rep string I/O instructions,
         * but SEV-ES supports them through the #VC handler.
         */
-       if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) && !sev_es_active())
+       if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) &&
+           !cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
                static_branch_enable(&sev_enable_key);
 
        print_mem_encrypt_feature_info();
index c878c5ee5a4cd333102f886835698574d6480121..4a3da7592b99c938eed72dd583475bef4ae131a1 100644 (file)
@@ -2,7 +2,6 @@
 #include <linux/io.h>
 #include <linux/slab.h>
 #include <linux/memblock.h>
-#include <linux/mem_encrypt.h>
 #include <linux/cc_platform.h>
 #include <linux/pgtable.h>
 
@@ -48,7 +47,7 @@ static void sme_sev_setup_real_mode(struct trampoline_header *th)
        if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
                th->flags |= TH_FLAGS_SME_ACTIVE;
 
-       if (sev_es_active()) {
+       if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) {
                /*
                 * Skip the call to verify_cpu() in secondary_startup_64 as it
                 * will cause #VC exceptions when the AP can't handle them yet.