On 2021/6/2 2:30, Tom Lendacky wrote:
> On 5/26/21 2:24 AM, Pu Wen wrote:
>> The first two bits of the CPUID leaf 0x8000001F EAX indicate whether
>> SEV or SME is supported respectively. It's better to check whether
>> SEV or SME is supported before checking the SEV MSR(0xc0010131) to
>> see whether SEV or SME is enabled.
>>
>> This also avoid the MSR reading failure on the first generation Hygon
>> Dhyana CPU which does not support SEV or SME.
>>
>> Fixes: eab696d8e8b9 ("x86/sev: Do not require Hypervisor CPUID bit for SEV guests")
>> Cc: <stable@xxxxxxxxxxxxxxx> # v5.10+
>> Signed-off-by: Pu Wen <puwen@xxxxxxxx>
>
> I think the commit message needs to be expanded to clarify the situations
> and provide more detail.
Okay.
> This is both a bare-metal issue and a guest/VM issue. Since Hygon doesn't
> support the MSR_AMD64_SEV MSR, reading that MSR results in a #GP - either
> directly from hardware in the bare-metal case or via the hypervisor
> (because the RDMSR is actually intercepted) in the guest/VM case,
> resulting in a failed boot. And since this is very early in the boot
> phase, rdmsrl_safe()/native_read_msr_safe() can't be used.
The description is good, will add this.
> So by checking the CPUID information before attempting the RDMSR, this
> goes back to the behavior before the patch identified in the Fixes: tag.
>
> With an improved commit message:
>
> Acked-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
Thanks, will send patch v2 with improved commit messages.
--
Regards,
Pu Wen
>> ---
>> arch/x86/mm/mem_encrypt_identity.c | 11 ++++++-----
>> 1 file changed, 6 insertions(+), 5 deletions(-)
>>
>> diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
>> index a9639f663d25..470b20208430 100644
>> --- a/arch/x86/mm/mem_encrypt_identity.c
>> +++ b/arch/x86/mm/mem_encrypt_identity.c
>> @@ -504,10 +504,6 @@ void __init sme_enable(struct boot_params *bp)
>> #define AMD_SME_BIT BIT(0)
>> #define AMD_SEV_BIT BIT(1)
>>
>> - /* Check the SEV MSR whether SEV or SME is enabled */
>> - sev_status = __rdmsr(MSR_AMD64_SEV);
>> - feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
>> -
>> /*
>> * Check for the SME/SEV feature:
>> * CPUID Fn8000_001F[EAX]
>> @@ -519,11 +515,16 @@ void __init sme_enable(struct boot_params *bp)
>> eax = 0x8000001f;
>> ecx = 0;
>> native_cpuid(&eax, &ebx, &ecx, &edx);
>> - if (!(eax & feature_mask))
>> + /* Check whether SEV or SME is supported */
>> + if (!(eax & (AMD_SEV_BIT | AMD_SME_BIT)))
>> return;
>>
>> me_mask = 1UL << (ebx & 0x3f);
>>
>> + /* Check the SEV MSR whether SEV or SME is enabled */
>> + sev_status = __rdmsr(MSR_AMD64_SEV);
>> + feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
>> +
>> /* Check if memory encryption is enabled */
>> if (feature_mask == AMD_SME_BIT) {
>> /*
>>
