On 11/15/2016 9:33 AM, Borislav Petkov wrote: > On Tue, Nov 15, 2016 at 08:40:05AM -0600, Tom Lendacky wrote: >> The feature may be present and enabled even if it is not currently >> active. In other words, the SYS_CFG MSR bit could be set but we aren't >> actually using encryption (sme_me_mask is 0). As long as the SYS_CFG >> MSR bit is set we need to take into account the physical reduction in >> address space. > > But later in the series I see sme_early_mem_enc() which tests exactly > that mask. Yes, but that doesn't relate to the physical address space reduction. Once the SYS_CFG MSR bit for SME is set, even if the encryption bit is never used, there is a physical reduction of the address space. So when checking whether to adjust the physical address bits I can't rely on the sme_me_mask, I have to look at the MSR. But when I'm looking to decide whether to encrypt or decrypt something, I use the sme_me_mask to decide if that is needed. If the sme_me_mask is not set then the encrypt/decrypt op shouldn't be performed. I might not be grasping the point you're trying to make... Thanks, Tom > > And in patch 12 you have: > > + /* > + * If memory encryption is active, the trampoline area will need to > + * be in un-encrypted memory in order to bring up other processors > + * successfully. > + */ > + sme_early_mem_dec(__pa(base), size); > + sme_set_mem_unenc(base, size); > > What's up? > > IOW, it all sounds to me like you want to have an sme_active() helper > and use it everywhere. > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
