Re: [PATCH 2/2] KVM: SVM: add some info prints to SEV init

[Zhi Wang <zhi.wang.linux@gmail.com>]

On Tue,  4 Apr 2023 14:26:52 +0200
Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote:

> Let's add a few pr_info's to sev_hardware_setup to make SEV/SEV-ES
> enabling a little bit handier for users. Right now it's too hard
> to guess why SEV/SEV-ES are failing to enable.
> 
> There are a few reasons.
> SEV:
> - npt is disabled (module parameter)
     ^NPT
> - CPU lacks some features (sev, decodeassists)
> - Maximum SEV ASID is 0
> 
> SEV-ES:
> - mmio_caching is disabled (module parameter)
> - CPU lacks sev_es feature
> - Minimum SEV ASID value is 1 (can be adjusted in BIOS/UEFI)
> 
> Cc: Sean Christopherson <seanjc@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Stéphane Graber <stgraber@ubuntu.com>
> Cc: kvm@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
> ---
>  arch/x86/kvm/svm/sev.c | 27 +++++++++++++++++++++------
>  1 file changed, 21 insertions(+), 6 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index a42536a0681a..14cbb8f14c6b 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2168,17 +2168,24 @@ void __init sev_hardware_setup(void)
>  	bool sev_es_supported = false;
>  	bool sev_supported = false;
>  
> -	if (!sev_enabled || !npt_enabled)
> +	if (!sev_enabled)
>  		goto out;
>  
> +	if (!npt_enabled) {
> +		pr_info("Failed to enable AMD SEV as it requires Nested Paging to be enabled\n");
> +		goto out;

Shouldn't we use pr_err() for error message?

> +	}
> +
>  	/*
>  	 * SEV must obviously be supported in hardware.  Sanity check that the
>  	 * CPU supports decode assists, which is mandatory for SEV guests to
>  	 * support instruction emulation.
>  	 */
>  	if (!boot_cpu_has(X86_FEATURE_SEV) ||
> -	    WARN_ON_ONCE(!boot_cpu_has(X86_FEATURE_DECODEASSISTS)))
> +	    WARN_ON_ONCE(!boot_cpu_has(X86_FEATURE_DECODEASSISTS))) {
> +		pr_info("Failed to enable AMD SEV as it requires decodeassists and sev CPU features\n");
>  		goto out;
> +	}
>  
>  	/* Retrieve SEV CPUID information */
>  	cpuid(0x8000001f, &eax, &ebx, &ecx, &edx);
> @@ -2188,8 +2195,10 @@ void __init sev_hardware_setup(void)
>  
>  	/* Maximum number of encrypted guests supported simultaneously */
>  	max_sev_asid = ecx;
> -	if (!max_sev_asid)
> +	if (!max_sev_asid) {
> +		pr_info("Failed to enable SEV as the maximum SEV ASID value is 0.\n");
>  		goto out;
> +	}
>  
>  	/* Minimum ASID value that should be used for SEV guest */
>  	min_sev_asid = edx;
> @@ -2234,16 +2243,22 @@ void __init sev_hardware_setup(void)
>  	 * instead relies on #NPF(RSVD) being reflected into the guest as #VC
>  	 * (the guest can then do a #VMGEXIT to request MMIO emulation).
>  	 */
> -	if (!enable_mmio_caching)
> +	if (!enable_mmio_caching) {
> +		pr_info("Failed to enable SEV-ES as it requires MMIO caching to be enabled\n");
>  		goto out;
> +	}
>  
>  	/* Does the CPU support SEV-ES? */
> -	if (!boot_cpu_has(X86_FEATURE_SEV_ES))
> +	if (!boot_cpu_has(X86_FEATURE_SEV_ES)) {
> +		pr_info("Failed to enable SEV-ES as it requires sev_es CPU feature\n");
>  		goto out;
> +	}
>  
>  	/* Has the system been allocated ASIDs for SEV-ES? */
> -	if (min_sev_asid == 1)
> +	if (min_sev_asid == 1) {
> +		pr_info("Failed to enable SEV-ES as the minimum SEV ASID value is 1.\n");
>  		goto out;
> +	}
>  
>  	sev_es_asid_count = min_sev_asid - 1;
>  	if (misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count))

As this patch is making sev_hardware_setup()more informative, it would be
better to print both ASID range and count (instead of only ASID count in
the current code). I was suspecting there seems a bug of ASID range allocation
in the current code, but I don't have the HW to test yet...