On 3/25/21 9:58 AM, Dave Hansen wrote: >> +static int __init mem_encrypt_snp_init(void) >> +{ >> + if (!boot_cpu_has(X86_FEATURE_SEV_SNP)) >> + return 1; >> + >> + if (rmptable_init()) { >> + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); >> + return 1; >> + } >> + >> + static_branch_enable(&snp_enable_key); >> + >> + return 0; >> +} > Could you explain a bit why 'snp_enable_key' is needed in addition to > X86_FEATURE_SEV_SNP?
The X86_FEATURE_SEV_SNP indicates that hardware supports the feature -- this does not necessary means that SEV-SNP is enabled in the host. The snp_enabled_key() helper is later used by kernel and drivers to check whether SEV-SNP is enabled. e.g. when a driver calls the RMPUPDATE instruction, the rmpupdate helper routine checks whether the SNP is enabled. If SEV-SNP is not enabled then instruction will cause a #UD. > > For a lot of features, we just use cpu_feature_enabled(), which does > both compile-time and static_cpu_has(). This whole series seems to lack > compile-time disables for the code that it adds, like the code it adds > to arch/x86/mm/fault.c or even mm/memory.c. Noted, I will add the #ifdef to make sure that its compiled out when the config does not have the AMD_MEM_ENCRYPTION enabled. >