Re: [RESEND PATCH v5] x86/boot: Don't return encryption mask from __startup_64()

From: Thomas Gleixner
Date: Mon Jun 30 2025 - 12:42:30 EST

Next message: Benjamin Gaignard: "Re: [PATCH v4 3/5] iommu: Add verisilicon IOMMU driver"
Previous message: Maxime Ripard: "Re: [PATCH v5 1/2] dt-bindings: reserved-memory: Introduce carved-out memory region binding"
In reply to: Khalid Ali: "[RESEND PATCH v5] x86/boot: Don't return encryption mask from __startup_64()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Khalid!

On Wed, Jun 25 2025 at 16:02, Khalid Ali wrote:
> From: Khalid Ali <khaliidcaliy@xxxxxxxxx>
>
> Currently, __startup_64() returns encryption mask to the caller, however
> caller can directly access the encryption.
>
> The C code can access encryption by including
> arch/x86/include/asm/setup.h and calling sme_get_me_mask(). The assembly
> code can access directly via "sme_me_mask" variable.
>
> This patches accounts that, by adjusting __startup_64() to not return

This patch.... I pointed you to the tip tree documentation before ....

> encryption mask, and update startup_64() to access "sme_me_mask" only if
> CONFIG_AMD_MEM_ENCRYPT is set.
>
> This cleans up the function and does seperation of concern.
> __startup_64() should focus on action like encrypting the kernel, and
> let the caller retrieve the mask directly.
>
> CHanges in v5:
> * Improve commit message for better clarity.
> * Fix some issues returned by kernel test robot.
> * Add Huang, Kai Ack tag.

Please put this behind the --- seperator. It's not part of the change
log. That's documented too.

> Signed-off-by: Khalid Ali <khaliidcaliy@xxxxxxxxx>
> Acked-by: Kai Huang <kai.huang@xxxxxxxxx>
> ---
> arch/x86/boot/startup/map_kernel.c | 11 +++--------
> arch/x86/include/asm/setup.h | 2 +-
> arch/x86/kernel/head_64.S | 8 +++-----
> 3 files changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/arch/x86/boot/startup/map_kernel.c b/arch/x86/boot/startup/map_kernel.c
> index 332dbe6688c4..0425d49be16e 100644
> --- a/arch/x86/boot/startup/map_kernel.c
> +++ b/arch/x86/boot/startup/map_kernel.c
> @@ -30,7 +30,7 @@ static inline bool check_la57_support(void)
> return true;
> }
>
> -static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> +static void __head sme_postprocess_startup(struct boot_params *bp,
> pmdval_t *pmd,
> unsigned long p2v_offset)

See documentation about parameter alignment.

> {
> @@ -68,11 +68,6 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> }
> }
>
> - /*
> - * Return the SME encryption mask (if SME is active) to be used as a
> - * modifier for the initial pgdir entry programmed into CR3.
> - */
> - return sme_get_me_mask();
> }
>
> /*
> @@ -84,7 +79,7 @@ static unsigned long __head sme_postprocess_startup(struct boot_params *bp,
> * the 1:1 mapping of memory. Kernel virtual addresses can be determined by
> * subtracting p2v_offset from the RIP-relative address.
> */
> -unsigned long __head __startup_64(unsigned long p2v_offset,
> +void __head __startup_64(unsigned long p2v_offset,
> struct boot_params *bp)

Ditto

> /*
> * Perform pagetable fixups. Additionally, if SME is active, encrypt
> - * the kernel and retrieve the modifier (SME encryption mask if SME
> - * is active) to be added to the initial pgdir entry that will be
> - * programmed into CR3.
> + * the kernel.

Why are you dropping valuable information from that comment, instead of
moving the important information about the SME mask next to the code
which retrieves it?

Thanks,

tglx

Next message: Benjamin Gaignard: "Re: [PATCH v4 3/5] iommu: Add verisilicon IOMMU driver"
Previous message: Maxime Ripard: "Re: [PATCH v5 1/2] dt-bindings: reserved-memory: Introduce carved-out memory region binding"
In reply to: Khalid Ali: "[RESEND PATCH v5] x86/boot: Don't return encryption mask from __startup_64()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]