From: Sean Christopherson <seanjc@google.com>
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
hpa@zytor.com, thomas.lendacky@amd.com, john.allen@amd.com,
herbert@gondor.apana.org.au, michael.roth@amd.com,
dionnaglaze@google.com, nikunj@amd.com, ardb@kernel.org,
kevinloughlin@google.com, Neeraj.Upadhyay@amd.com, aik@amd.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-coco@lists.linux.dev
Subject: Re: [PATCH v5 6/7] KVM: SVM: Add support to initialize SEV/SNP functionality in KVM
Date: Mon, 3 Mar 2025 12:49:47 -0800 [thread overview]
Message-ID: <Z8YV64JanLqzo-DS@google.com> (raw)
In-Reply-To: <8dc83535-a594-4447-a112-22b25aea26f9@amd.com>
On Mon, Mar 03, 2025, Ashish Kalra wrote:
> On 2/28/2025 4:32 PM, Sean Christopherson wrote:
> > On Fri, Feb 28, 2025, Ashish Kalra wrote:
> >> And the other consideration is that runtime setup of especially SEV-ES VMs will not
> >> work if/when first SEV-ES VM is launched, if SEV INIT has not been issued at
> >> KVM setup time.
> >>
> >> This is because qemu has a check for SEV INIT to have been done (via SEV platform
> >> status command) prior to launching SEV-ES VMs via KVM_SEV_INIT2 ioctl.
> >>
> >> So effectively, __sev_guest_init() does not get invoked in case of launching
> >> SEV_ES VMs, if sev_platform_init() has not been done to issue SEV INIT in
> >> sev_hardware_setup().
> >>
> >> In other words the deferred initialization only works for SEV VMs and not SEV-ES VMs.
> >
> > In that case, I vote to kill off deferred initialization entirely, and commit to
> > enabling all of SEV+ when KVM loads (which we should have done from day one).
> > Assuming we can do that in a way that's compatible with the /dev/sev ioctls.
>
> Yes, that's what seems to be the right approach to enabling all SEV+ when KVM loads.
>
> For SEV firmware hotloading we will do implicit SEV Shutdown prior to DLFW_EX
> and SEV (re)INIT after that to ensure that SEV is in UNINIT state before
> DLFW_EX.
>
> We still probably want to keep the deferred initialization for SEV in
> __sev_guest_init() by calling sev_platform_init() to support the SEV INIT_EX
> case.
Refresh me, how does INIT_EX fit into all of this? I.e. why does it need special
casing?
next prev parent reply other threads:[~2025-03-03 20:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 20:59 [PATCH v5 0/7] Move initializing SEV/SNP functionality to KVM Ashish Kalra
2025-02-25 20:59 ` [PATCH v5 1/7] crypto: ccp: Move dev_info/err messages for SEV/SNP init and shutdown Ashish Kalra
2025-03-03 14:38 ` Tom Lendacky
2025-02-25 21:00 ` [PATCH v5 2/7] crypto: ccp: Ensure implicit SEV/SNP init and shutdown in ioctls Ashish Kalra
2025-02-27 18:57 ` kernel test robot
2025-03-03 14:50 ` Tom Lendacky
2025-02-25 21:00 ` [PATCH v5 3/7] crypto: ccp: Reset TMR size at SNP Shutdown Ashish Kalra
2025-02-25 21:00 ` [PATCH v5 4/7] crypto: ccp: Register SNP panic notifier only if SNP is enabled Ashish Kalra
2025-03-03 14:56 ` Tom Lendacky
2025-02-25 21:01 ` [PATCH v5 5/7] crypto: ccp: Add new SEV/SNP platform shutdown API Ashish Kalra
2025-02-25 21:01 ` [PATCH v5 6/7] KVM: SVM: Add support to initialize SEV/SNP functionality in KVM Ashish Kalra
2025-02-28 18:31 ` Sean Christopherson
2025-02-28 20:38 ` Kalra, Ashish
2025-02-28 22:32 ` Sean Christopherson
2025-03-03 18:50 ` Kalra, Ashish
2025-03-03 20:49 ` Sean Christopherson [this message]
2025-03-03 21:39 ` Kalra, Ashish
2025-03-04 21:58 ` Sean Christopherson
2025-03-05 1:58 ` Kalra, Ashish
2025-03-05 22:17 ` Kalra, Ashish
2025-03-12 23:02 ` Kalra, Ashish
2025-02-25 21:02 ` [PATCH v5 7/7] crypto: ccp: Move SEV/SNP Platform initialization to KVM Ashish Kalra
2025-03-03 15:35 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8YV64JanLqzo-DS@google.com \
--to=seanjc@google.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=aik@amd.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kevinloughlin@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.