Re: [PATCH 4/5] Mark e820_entries as crypto capable from EFI memmap

From: Dave Hansen <dave.hansen@intel.com>
To: Martin Fernandez <martin.fernandez@eclypsium.com>,
	linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
	x86@kernel.org, hpa@zytor.com, dave.hansen@linux.intel.com,
	luto@kernel.org, peterz@infradead.org, ardb@kernel.org,
	dvhart@infradead.org, andy@infradead.org,
	gregkh@linuxfoundation.org, rafael@kernel.org,
	daniel.gutson@eclypsium.com, hughsient@gmail.com,
	alison.schofield@intel.com, alex@eclypsium.com
Subject: Re: [PATCH 4/5] Mark e820_entries as crypto capable from EFI memmap
Date: Fri, 5 Nov 2021 17:02:43 -0700	[thread overview]
Message-ID: <1ba3f33b-05ef-60f1-d6dd-375b2d84e597@intel.com> (raw)
In-Reply-To: <20211105212724.2640-5-martin.fernandez@eclypsium.com>

On 11/5/21 2:27 PM, Martin Fernandez wrote:
> Iterate over the EFI memmap finding the contiguous regions that are
> able to do hardware encryption (ie, those who have the
> EFI_MEMORY_CPU_CRYPTO enabled) and mark those in the e820_table.

It would also be nice to remind the reader about the connection between
EFI memory maps and the e820.

...
> +/*
> + * This assumes that there'll be no overlaps in the memory map
> + * (otherwise we'd have a deeper problem going on). It also assumes
> + * that the system DRAM regions are already sorted; in EDK2 based UEFI
> + * firmware the entries covering system DRAM are usually sorted, with
> + * additional MMIO entries appearing unordered. This is because the
> + * UEFI memory map is constructed from the GCD memory map, which is
> + * seeded with the DRAM regions at boot, and allocations are created
> + * by splitting them up.
> + */
> +static void __init efi_mark_e820_regions_as_crypto_capable(void)
> +{
> +	efi_memory_desc_t *md;
> +	struct contiguous_region prev_region;
> +
> +	cr_init(&prev_region);

A little theory of operation for this would be nice.  What's collected
in here?  What does this region mean?  Is the *entire* region in here
crypto-capable system RAM?

> +	for_each_efi_memory_desc(md) {
> +		if (md->attribute & EFI_MEMORY_CPU_CRYPTO) {
> +			struct contiguous_region cur_region;
> +
> +			efi_md_to_cr(md, &cur_region);

FWIW, I think that helper obfuscates more than it helps.  I say, just
open-code it.

> +			if (!cr_merge_regions(&prev_region, &cur_region)) {
> +				cr_mark_e820_as_crypto_capable(&prev_region);
> +				prev_region = cur_region;
> +			} /* else: Merge succeeded, don't mark yet */

That's really unusual CodingStyle.  Could you try to move those to a
more normal place: below or above the if() entirely.

> +		} else if (!cr_is_empty(&prev_region)) {
> +			cr_mark_e820_as_crypto_capable(&prev_region);
> +			cr_init(&prev_region);
> +		} /* else: All previous regions are already marked */

There are much nicer ways to write this.  For instance, I'd much prefer:

		/* Bail on empty regions: */
		if (cr_is_empty(&prev_region))
			continue;

		/* Mark the region: */
		cr_mark_e820_as_crypto_capable(&prev_region);
		cr_init(&prev_region);

That makes the flow much more understandable.  In general, you want to
keep the "main" flow if your code at the lowest indent and the exception
handling as indented.

> +	}
> +
> +	/* Mark last region (if any) */
> +	if (!cr_is_empty(&prev_region))
> +		cr_mark_e820_as_crypto_capable(&prev_region);
> +}
> +
>  void __init efi_init(void)
>  {
>  	if (IS_ENABLED(CONFIG_X86_32) &&
> @@ -494,6 +601,8 @@ void __init efi_init(void)
>  	set_bit(EFI_RUNTIME_SERVICES, &efi.flags);
>  	efi_clean_memmap();
>  
> +	efi_mark_e820_regions_as_crypto_capable();
> +
>  	if (efi_enabled(EFI_DBG))
>  		efi_print_memmap();
>  }
> 