From: Sean Christopherson <seanjc@google.com>
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Peter Gonda <pgonda@google.com>,
pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
herbert@gondor.apana.org.au, x86@kernel.org, john.allen@amd.com,
davem@davemloft.net, michael.roth@amd.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v2 3/3] x86/sev: Add SEV-SNP CipherTextHiding support
Date: Fri, 6 Dec 2024 14:30:40 -0800 [thread overview]
Message-ID: <Z1N7ELGfR6eTuO6D@google.com> (raw)
In-Reply-To: <7ea2b3e8-56b7-418f-8551-b905bf10fecb@amd.com>
On Thu, Nov 21, 2024, Ashish Kalra wrote:
> On 11/21/2024 11:42 AM, Sean Christopherson wrote:
> > On Thu, Nov 21, 2024, Tom Lendacky wrote:
> >> On 11/21/24 10:56, Sean Christopherson wrote:
> >>> On Thu, Nov 21, 2024, Ashish Kalra wrote:
> >>> Actually, IMO, the behavior of _sev_platform_init_locked() and pretty much all of
> >>> the APIs that invoke it are flawed, and make all of this way more confusing and
> >>> convoluted than it needs to be.
> >>>
> >>> IIUC, SNP initialization is forced during probe purely because SNP can't be
> >>> initialized if VMs are running. But the only in-tree user of SEV-XXX functionality
> >>> is KVM, and KVM depends on whatever this driver is called. So forcing SNP
> >>> initialization because a hypervisor could be running legacy VMs make no sense.
> >>> Just require KVM to initialize SEV functionality if KVM wants to use SEV+.
> >>
> >> When we say legacy VMs, that also means non-SEV VMs. So you can't have any
> >> VM running within a VMRUN instruction.
> >
> > Yeah, I know. But if KVM initializes the PSP SEV stuff when KVM is loaded, then
> > KVM can't possibly be running VMs of any kind.
> >
> >> Or...
> >>
> >>>
> >>> /*
> >>> * Legacy guests cannot be running while SNP_INIT(_EX) is executing,
> >>> * so perform SEV-SNP initialization at probe time.
> >>> */
> >>> rc = __sev_snp_init_locked(&args->error);
> >>>
> >>> Rather than automatically init SEV+ functionality, can we instead do something
> >>> like the (half-baked pseudo-patch) below? I.e. delete all paths that implicitly
> >>> init the PSP, and force KVM to explicitly initialize the PSP if KVM wants to use
> >>> SEV+. Then we can put the CipherText and SNP ASID params in KVM.
> >>
> >> ... do you mean at module load time (based on the module parameters)? Or
> >> when the first SEV VM is run? I would think the latter, as the parameters
> >> are all true by default. If the latter, that would present a problem of
> >> having to ensure no VMs are active while performing the SNP_INIT.
> >
> > kvm-amd.ko load time.
>
> Ok, so kvm module load will init SEV+ if indicated by it's module parameters.
>
> But, there are additional concerns here.
>
> SNP will still have to be initialized first, because SNP_INIT will fail if
> SEV INIT has been done.
>
> Additionally, to support SEV firmware hotloading (DLFW_EX), SEV can't be
> initialized.
>
> So probably, we will have to retain some PSP style SEV+ initialization here,
> SNP_INIT is always done first and then SEV INIT is skipped if explicitly
> specified by a module param. This allows SEV firmware hotloading to be
> supported.
>
> But, then with SEV firmware hotload support how do we do SEV INIT without
> unloading and reloading KVM module ?
So the above says:
SEV_CMD_SNP_INIT{_ES} cannot be executed if SEV_CMD_INIT{_EX} has been executed.
but the existing comment in _sev_platform_init_locked() says:
/*
* Legacy guests cannot be running while SNP_INIT(_EX) is executing,
* so perform SEV-SNP initialization at probe time.
*/
Which one is correct? I don't think it matters in the end, just trying to wrap my
head around everything.
And IIUC, SEV_CMD_SNP_INIT{_EX} can be executed before firmware hotload, but
SEV_CMD_INIT{_EX} cannot. Is that correct? Because if firmware hotload can't
be done while SEV VMs are _active_, then that's a very different situation.
> This can reuse the current support (in KVM) to do SEV INIT implicitly when
> the first SEV VM is run: sev_guest_init() -> sev_platform_init()
I don't love the implicit behavior, but assuming hotloading firmware can't be done
after SEV_CMD_INIT{_EX}, that does seem like the least awful solution.
To summarize, if the above assumptions hold:
1. Initialize SNP when kvm-amd.ko is loaded.
2. Define CipherTextHiding and ASID params kvm-amd.ko.
3. Initialize SEV+ at first use.
Just to triple check: that will allow firmware hotloading even if kvm-amd.ko is
built-in, correct? I.e. doesn't requires deferring kvm-amd.ko load until after
firmware hotloading.
next prev parent reply other threads:[~2024-12-06 22:30 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-17 20:15 [PATCH v2 0/3] Add SEV-SNP CipherTextHiding feature support Ashish Kalra
2024-09-17 20:16 ` [PATCH v2 1/3] crypto: ccp: New bit-field definitions for SNP_PLATFORM_STATUS command Ashish Kalra
2024-10-01 21:40 ` Peter Gonda
2024-10-02 18:52 ` Tom Lendacky
2024-09-17 20:16 ` [PATCH v2 2/3] crypto: ccp: Add support for SNP_FEATURE_INFO command Ashish Kalra
2024-10-02 21:18 ` Tom Lendacky
2024-10-02 21:19 ` Tom Lendacky
2024-10-02 21:40 ` Kalra, Ashish
2024-10-02 21:49 ` Tom Lendacky
2024-09-17 20:16 ` [PATCH v2 3/3] x86/sev: Add SEV-SNP CipherTextHiding support Ashish Kalra
2024-10-02 14:58 ` Peter Gonda
2024-10-02 18:44 ` Kalra, Ashish
2024-10-03 14:04 ` Peter Gonda
2024-10-03 22:09 ` Ashish Kalra
2024-10-11 16:04 ` Sean Christopherson
2024-11-20 3:14 ` Kalra, Ashish
2024-11-20 21:53 ` Sean Christopherson
2024-11-20 23:43 ` Kalra, Ashish
2024-11-21 14:57 ` Kalra, Ashish
2024-11-21 16:56 ` Sean Christopherson
2024-11-21 17:24 ` Tom Lendacky
2024-11-21 17:42 ` Sean Christopherson
2024-11-21 21:00 ` Kalra, Ashish
2024-12-06 22:30 ` Sean Christopherson [this message]
2024-12-07 5:21 ` Kalra, Ashish
2024-12-10 1:30 ` Sean Christopherson
2024-12-10 21:32 ` Kalra, Ashish
2024-12-10 22:57 ` Sean Christopherson
2024-12-11 0:48 ` Kalra, Ashish
2024-12-11 1:01 ` Kalra, Ashish
2024-12-12 0:02 ` Kalra, Ashish
2024-10-02 21:46 ` Tom Lendacky
2024-10-02 21:52 ` Tom Lendacky
2024-10-11 16:10 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z1N7ELGfR6eTuO6D@google.com \
--to=seanjc@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.