Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec

From: Tom Lendacky
Date: Mon Feb 19 2024 - 17:10:14 EST

Next message: Barry Song: "Re: [PATCH v4] mm/swap: fix race when skipping swapcache"
Previous message: Jonathan Corbet: "Re: [PATCH v1] docs: new text on bisecting which also covers bug validation"
In reply to: Borislav Petkov: "Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec"
Next in thread: Huang, Kai: "Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/19/24 14:32, Borislav Petkov wrote:

On Mon, Feb 19, 2024 at 01:45:37PM -0600, Tom Lendacky wrote:

This change won't return the correct answer. The check needs to remain
against the sev_status value.

Feel free to explain because this patch is confusing me.

In your previous email, you want to put the CC_ATTR_HOST_MEM_INCOHERENT case statement with the CC_ATTR_MEM_ENCRYPT case which is returning sme_me_mask. That will be zero/false if SME is not active, skipping the WBINVD. But, in reality you still need to perform the WBINVD in case the kexec target is doing mem_encrypt=on.

That's why the '!(sev_status & MSR_AMD64_SEV_ENABLED)' works here. Basically, if you are bare-metal, it will return true. And it will only return true for machines that support SME and have the MSR_AMD64_SYSCFG_MEM_ENCRYPT bit set in SYS_CFG MSR because of where the 'cc_vendor = CC_VENDOR_AMD' assignment is. However, if you move the 'cc_vendor = CC_VENDOR_AMD' to before the if statement, then you will have the WBINVD called for any machine that supports SME, even if SME is not possible because the proper bit in the SYS_CFG MSR hasn't been set.

I know what I'm trying to say, let me know if it is making sense...

So you can't put it before the if - just slap it in both branches. Geez!

I think that will still work because sme_me_mask and sev_status will both be
0 on bare-metal if 'msr & MSR_AMD64_SYSCFG_MEM_ENCRYPT' doesn't evaluate to
true. However, that will cause any platform that hasn't enabled memory
encryption (see SYS_CFG MSR), to also perform the WBINVD.

If it keeps the code simpler I don't mind. That's so not a fast path.

That won't work, because the current system may not have SME active. The
cases that needs to be caught are kexec'ing from a mem_encrypt=off to a
mem_encrypt=on or from a mem_encrypt=on to a mem_encrypt=off.

And I'm saying, we should keep it simple and simply WBINVD on SME
capable machines, regardless of the encryption setting.

In that case, CC_ATTR_HOST_MEM_INCOHERENT needs to be separate from CC_ATTR_MEM_ENCRYPT as the original patch has it. The comment might make more sense as:

* CC_ATTR_HOST_MEM_INCOHERENT represents whether SME is possible
* on the platform, regardless of whether mem_encrypt=on has been
* used to make SME active.

Thanks,
Tom

Any downsides to that which are actually real and noticeable?

Thx.

Next message: Barry Song: "Re: [PATCH v4] mm/swap: fix race when skipping swapcache"
Previous message: Jonathan Corbet: "Re: [PATCH v1] docs: new text on bisecting which also covers bug validation"
In reply to: Borislav Petkov: "Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec"
Next in thread: Huang, Kai: "Re: [PATCH 1/4] x86/coco: Add a new CC attribute to unify cache flush during kexec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]