[PATCH v2 4/4] x86/cpu: clear SEV/SEV_ES features when not in use

From: Mario Limonciello
Date: Fri Feb 11 2022 - 16:06:25 EST

Next message: Jason A. Donenfeld: "[PATCH RFC v0] random: block in /dev/urandom"
Previous message: Mario Limonciello: "[PATCH v2 2/4] KVM: SVM: Use cc_platform_has instead of CPU feature flags"
In reply to: Mario Limonciello: "[PATCH v2 2/4] KVM: SVM: Use cc_platform_has instead of CPU feature flags"
Next in thread: Tom Lendacky: "Re: [PATCH v2 0/4] Only export SME/SEV/SEV_ES features when activated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As there are no consumers for these feature flags in the kernel,
don't export these flags to userspace unless the feature has been
enabled by the guest.

Signed-off-by: Mario Limonciello <mario.limonciello@xxxxxxx>
---
arch/x86/kernel/cpu/amd.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index 9cea774344cb..6623a4995df1 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -614,12 +614,19 @@ static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
if (!(msr & MSR_K7_HWCR_SMMLOCK))
goto clear_sev;

+ if (!(sev_status & MSR_AMD64_SEV_ENABLED))
+ goto clear_sev;
+
+ if (!(sev_status & MSR_AMD64_SEV_ES_ENABLED))
+ goto clear_sev_es;
+
return;

clear_all:
setup_clear_cpu_cap(X86_FEATURE_SME);
clear_sev:
setup_clear_cpu_cap(X86_FEATURE_SEV);
+clear_sev_es:
setup_clear_cpu_cap(X86_FEATURE_SEV_ES);
}
}
--
2.34.1

Next message: Jason A. Donenfeld: "[PATCH RFC v0] random: block in /dev/urandom"
Previous message: Mario Limonciello: "[PATCH v2 2/4] KVM: SVM: Use cc_platform_has instead of CPU feature flags"
In reply to: Mario Limonciello: "[PATCH v2 2/4] KVM: SVM: Use cc_platform_has instead of CPU feature flags"
Next in thread: Tom Lendacky: "Re: [PATCH v2 0/4] Only export SME/SEV/SEV_ES features when activated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]