x86/mm: Fix memory encryption features advertisement

When memory encryption is enabled, the kernel prints the encryption
flavor that the system supports.

The check assumes that everything is AMD SME/SEV if it doesn't have
the TDX CPU feature set.

Hyper-V vTOM sets cc_vendor to CC_VENDOR_INTEL when it runs as L2 guest
on top of TDX, but not X86_FEATURE_TDX_GUEST. Hyper-V only needs memory
encryption enabled for I/O without the rest of CoCo enabling.

To avoid confusion, check the cc_vendor directly.

  [ bp: Massage commit message. ]

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/r/20240124140217.533748-1-kirill.shutemov@linux.intel.com

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index c290c55b632bd76e99385831c45748b7c7ada891..d035bce3a2b020ca5a9dbdcc6463addc090ec634 100644 (file)
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -42,38 +42,42 @@ bool force_dma_unencrypted(struct device *dev)
 
 static void print_mem_encrypt_feature_info(void)
 {
-       pr_info("Memory Encryption Features active:");
+       pr_info("Memory Encryption Features active: ");
 
-       if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
-               pr_cont(" Intel TDX\n");
-               return;
-       }
-
-       pr_cont(" AMD");
+       switch (cc_vendor) {
+       case CC_VENDOR_INTEL:
+               pr_cont("Intel TDX\n");
+               break;
+       case CC_VENDOR_AMD:
+               pr_cont("AMD");
 
-       /* Secure Memory Encryption */
-       if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
+               /* Secure Memory Encryption */
+               if (cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT)) {
                /*
                 * SME is mutually exclusive with any of the SEV
                 * features below.
-                */
-               pr_cont(" SME\n");
-               return;
+               */
+                       pr_cont(" SME\n");
+                       return;
+               }
+
+               /* Secure Encrypted Virtualization */
+               if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+                       pr_cont(" SEV");
+
+               /* Encrypted Register State */
+               if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
+                       pr_cont(" SEV-ES");
+
+               /* Secure Nested Paging */
+               if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
+                       pr_cont(" SEV-SNP");
+
+               pr_cont("\n");
+               break;
+       default:
+               pr_cont("Unknown\n");
        }
-
-       /* Secure Encrypted Virtualization */
-       if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
-               pr_cont(" SEV");
-
-       /* Encrypted Register State */
-       if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT))
-               pr_cont(" SEV-ES");
-
-       /* Secure Nested Paging */
-       if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
-               pr_cont(" SEV-SNP");
-
-       pr_cont("\n");
 }
 
 /* Architecture __weak replacement functions */