Re: [PATCH v15 17/23] x86/kexec: Flush cache of TDX private memory

[Dave Hansen]

On 11/27/23 12:52, Huang, Kai wrote:
> --- a/arch/x86/kernel/machine_kexec_64.c
> +++ b/arch/x86/kernel/machine_kexec_64.c
> @@ -377,7 +377,8 @@ void machine_kexec(struct kimage *image)
>                                        (unsigned long)page_list,
>                                        image->start,
>                                        image->preserve_context,
> -
> cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
> +                                      cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)
> ||
> +                                      platform_tdx_enabled());

Well, something more like the attached would be preferable, but you've
got the right idea logically.

---

 b/arch/x86/coco/core.c               |    1 +
 b/arch/x86/kernel/machine_kexec_64.c |    2 +-
 b/include/linux/cc_platform.h        |   16 ++++++++++++++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff -puN include/linux/cc_platform.h~cc-host-mem-incoherent include/linux/cc_platform.h
--- a/include/linux/cc_platform.h~cc-host-mem-incoherent	2023-11-27 12:20:44.217381008 -0800
+++ b/include/linux/cc_platform.h	2023-11-27 12:25:05.771073193 -0800
@@ -43,6 +43,22 @@ enum cc_attr {
 	CC_ATTR_HOST_MEM_ENCRYPT,
 
 	/**
+	 * @CC_ATTR_HOST_MEM_INCOHERENT: Host memory encryption can be
+	 * incoherent
+	 *
+	 * The platform/OS is running as a bare-metal system or a hypervisor.
+	 * The memory encryption engine might have left non-cache-coherent
+	 * data in the caches that needs to be flushed.
+	 *
+	 * Use this in places where the cache coherency of the memory matters
+	 * but the encryption status does not.
+	 *
+	 * Includes all systems that set CC_ATTR_HOST_MEM_ENCRYPT, but
+	 * aditionally adds TDX hosts.
+	 */
+	CC_ATTR_HOST_MEM_INCOHERENT,
+
+	/**
 	 * @CC_ATTR_GUEST_MEM_ENCRYPT: Guest memory encryption is active
 	 *
 	 * The platform/OS is running as a guest/virtual machine and actively
diff -puN arch/x86/kernel/machine_kexec_64.c~cc-host-mem-incoherent arch/x86/kernel/machine_kexec_64.c
--- a/arch/x86/kernel/machine_kexec_64.c~cc-host-mem-incoherent	2023-11-27 12:25:13.527115260 -0800
+++ b/arch/x86/kernel/machine_kexec_64.c	2023-11-27 13:04:19.732959001 -0800
@@ -361,7 +361,7 @@ void machine_kexec(struct kimage *image)
 				       (unsigned long)page_list,
 				       image->start,
 				       image->preserve_context,
-				       cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT));
+				       cc_platform_has(CC_ATTR_HOST_MEM_INCOHERENT));
 
 #ifdef CONFIG_KEXEC_JUMP
 	if (image->preserve_context)
diff -puN arch/x86/coco/core.c~cc-host-mem-incoherent arch/x86/coco/core.c
--- a/arch/x86/coco/core.c~cc-host-mem-incoherent	2023-11-27 12:26:02.535372377 -0800
+++ b/arch/x86/coco/core.c	2023-11-27 12:26:12.371422241 -0800
@@ -70,6 +70,7 @@ static bool noinstr amd_cc_platform_has(
 		return sme_me_mask;
 
 	case CC_ATTR_HOST_MEM_ENCRYPT:
+	case CC_ATTR_HOST_MEM_INCOHERENT:
 		return sme_me_mask && !(sev_status & MSR_AMD64_SEV_ENABLED);
 
 	case CC_ATTR_GUEST_MEM_ENCRYPT:
_