x86/mm: Fix memory encryption features advertisement

When memory encryption is enabled, the kernel prints the encryption flavor that the system supports. The check assumes that everything is AMD SME/SEV if it doesn't have the TDX CPU feature set. Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory encryption enabled for I/O without the rest of CoCo enabling. To avoid confusion, check the cc_vendor directly. [ bp: Massage commit message. ] Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Kai Huang <kai.huang@intel.com> Link: https://lore.kernel.org/r/20240124140217.533748-1-kirill.shutemov@linux.intel.com

x86/mm: Fix memory encryption features advertisement
When memory encryption is enabled, the kernel prints the encryption flavor that the system supports. The check assumes that everything is AMD SME/SEV if it doesn't have the TDX CPU feature set. Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory encryption enabled for I/O without the rest of CoCo enabling. To avoid confusion, check the cc_vendor directly. [ bp: Massage commit message. ] Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Kai Huang <kai.huang@intel.com> Link: https://lore.kernel.org/r/20240124140217.533748-1-kirill.shutemov@linux.intel.com
4cab62c0 · Kirill A. Shutemov · Borislav Petkov (AMD) · e3ef461a · 4cab62c0
Commit 4cab62c0 authored Jan 24, 2024 by Kirill A. Shutemov Committed by Borislav Petkov (AMD) Jan 29, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 26 deletions

arch/x86/mm/mem_encrypt.c arch/x86/mm/mem_encrypt.c +30 -26

No files found.
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev)

 static void print_mem_encrypt_feature_info(void)
 {
-	pr_info("Memory Encryption Features active:");
+	pr_info("Memory Encryption Features active: ");

-	if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
-		pr_cont(" Intel TDX\n");
-		return;
-	}
-
-	pr_cont(" AMD");
+	switch (cc_vendor) {
+	case CC_VENDOR_INTEL:
+		pr_cont("Intel TDX\n");
+		break;
+	case CC_VENDOR_AMD:
+		pr_cont("AMD");

-	/* Secure Memory Encryption */
-	if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
+		/* Secure Memory Encryption */
+		if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
 		/*
 		 * SME is mutually exclusive with any of the SEV
 		 * features below.
-		 */
-		pr_cont(" SME\n");
-		return;
+		*/
+			pr_cont(" SME\n");
+			return;
+		}
+
+		/* Secure Encrypted Virtualization */
+		if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+			pr_cont(" SEV");
+
+		/* Encrypted Register State */
+		if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
+			pr_cont(" SEV-ES");
+
+		/* Secure Nested Paging */
+		if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
+			pr_cont(" SEV-SNP");
+
+		pr_cont("\n");
+		break;
+	default:
+		pr_cont("Unknown\n");
 	}
-
-	/* Secure Encrypted Virtualization */
-	if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
-		pr_cont(" SEV");
-
-	/* Encrypted Register State */
-	if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
-		pr_cont(" SEV-ES");
-
-	/* Secure Nested Paging */
-	if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
-		pr_cont(" SEV-SNP");
-
-	pr_cont("\n");
 }

 /* Architecture __weak replacement functions */