From: Sean Christopherson <seanjc@google.com>
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
hpa@zytor.com, thomas.lendacky@amd.com, john.allen@amd.com,
herbert@gondor.apana.org.au, michael.roth@amd.com,
dionnaglaze@google.com, nikunj@amd.com, ardb@kernel.org,
kevinloughlin@google.com, Neeraj.Upadhyay@amd.com, aik@amd.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-coco@lists.linux.dev
Subject: Re: [PATCH v5 6/7] KVM: SVM: Add support to initialize SEV/SNP functionality in KVM
Date: Tue, 4 Mar 2025 13:58:44 -0800 [thread overview]
Message-ID: <Z8d3lDKfN1ffZbt5@google.com> (raw)
In-Reply-To: <217bc786-4c81-4a7a-9c66-71f971c2e8fd@amd.com>
On Mon, Mar 03, 2025, Ashish Kalra wrote:
> On 3/3/2025 2:49 PM, Sean Christopherson wrote:
> > On Mon, Mar 03, 2025, Ashish Kalra wrote:
> >> On 2/28/2025 4:32 PM, Sean Christopherson wrote:
> >>> On Fri, Feb 28, 2025, Ashish Kalra wrote:
> >>>> And the other consideration is that runtime setup of especially SEV-ES VMs will not
> >>>> work if/when first SEV-ES VM is launched, if SEV INIT has not been issued at
> >>>> KVM setup time.
> >>>>
> >>>> This is because qemu has a check for SEV INIT to have been done (via SEV platform
> >>>> status command) prior to launching SEV-ES VMs via KVM_SEV_INIT2 ioctl.
> >>>>
> >>>> So effectively, __sev_guest_init() does not get invoked in case of launching
> >>>> SEV_ES VMs, if sev_platform_init() has not been done to issue SEV INIT in
> >>>> sev_hardware_setup().
> >>>>
> >>>> In other words the deferred initialization only works for SEV VMs and not SEV-ES VMs.
> >>>
> >>> In that case, I vote to kill off deferred initialization entirely, and commit to
> >>> enabling all of SEV+ when KVM loads (which we should have done from day one).
> >>> Assuming we can do that in a way that's compatible with the /dev/sev ioctls.
> >>
> >> Yes, that's what seems to be the right approach to enabling all SEV+ when KVM loads.
> >>
> >> For SEV firmware hotloading we will do implicit SEV Shutdown prior to DLFW_EX
> >> and SEV (re)INIT after that to ensure that SEV is in UNINIT state before
> >> DLFW_EX.
> >>
> >> We still probably want to keep the deferred initialization for SEV in
> >> __sev_guest_init() by calling sev_platform_init() to support the SEV INIT_EX
> >> case.
> >
> > Refresh me, how does INIT_EX fit into all of this? I.e. why does it need special
> > casing?
>
> For SEV INIT_EX, we need the filesystem to be up and running as the user-supplied
> SEV related persistent data is read from a regular file and provided to the
> INIT_EX command.
>
> Now, with the modified SEV/SNP init flow, when SEV/SNP initialization is
> performed during KVM module load, then as i believe the filesystem will be
> mounted before KVM module loads, so SEV INIT_EX can be supported without
> any issues.
>
> Therefore, we don't need deferred initialization support for SEV INIT_EX
> in case of KVM being loaded as a module.
>
> But if KVM module is built-in, then filesystem will not be mounted when
> SEV/SNP initialization is done during KVM initialization and in that case
> SEV INIT_EX cannot be supported.
>
> Therefore to support SEV INIT_EX when KVM module is built-in, the following
> will need to be done:
>
> - Boot kernel with psp_init_on_probe=false command line.
> - This ensures that during KVM initialization, only SNP INIT is done.
> - Later at runtime, when filesystem has already been mounted,
> SEV VM launch will trigger deferred SEV (INIT_EX) initialization
> (via the __sev_guest_init() -> sev_platform_init() code path).
>
> NOTE: psp_init_on_probe module parameter and deferred SEV initialization
> during SEV VM launch (__sev_guest_init()->sev_platform_init()) was added
> specifically to support SEV INIT_EX case.
Ugh. That's quite the unworkable mess. sev_hardware_setup() can't determine
if SEV/SEV-ES is fully supported without initializing the platform, but userspace
needs KVM to do initialization so that SEV platform status reads out correctly.
Aha!
Isn't that a Google problem? And one that resolves itself if initialization is
done on kvm-amd.ko load?
A system/kernel _could_ be configured to use a path during initcalls, with the
approproate initramfs magic. So there's no hard requirement that makes init_ex_path
incompatible with CRYPTO_DEV_CCP_DD=y or CONFIG_KVM_AMD=y. Google's environment
simply doesn't jump through those hoops.
But Google _does_ build kvm-amd.ko as a module.
So rather than carry a bunch of hard-to-follow code (and potentially impossible
constraints), always do initialization at kvm-amd.ko load, and require the platform
owner to ensure init_ex_path can be resolved when sev_hardware_setup() runs, i.e.
when kvm-amd.ko is loaded or its initcall runs.
next prev parent reply other threads:[~2025-03-04 21:58 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-25 20:59 [PATCH v5 0/7] Move initializing SEV/SNP functionality to KVM Ashish Kalra
2025-02-25 20:59 ` [PATCH v5 1/7] crypto: ccp: Move dev_info/err messages for SEV/SNP init and shutdown Ashish Kalra
2025-03-03 14:38 ` Tom Lendacky
2025-02-25 21:00 ` [PATCH v5 2/7] crypto: ccp: Ensure implicit SEV/SNP init and shutdown in ioctls Ashish Kalra
2025-02-27 18:57 ` kernel test robot
2025-03-03 14:50 ` Tom Lendacky
2025-02-25 21:00 ` [PATCH v5 3/7] crypto: ccp: Reset TMR size at SNP Shutdown Ashish Kalra
2025-02-25 21:00 ` [PATCH v5 4/7] crypto: ccp: Register SNP panic notifier only if SNP is enabled Ashish Kalra
2025-03-03 14:56 ` Tom Lendacky
2025-02-25 21:01 ` [PATCH v5 5/7] crypto: ccp: Add new SEV/SNP platform shutdown API Ashish Kalra
2025-02-25 21:01 ` [PATCH v5 6/7] KVM: SVM: Add support to initialize SEV/SNP functionality in KVM Ashish Kalra
2025-02-28 18:31 ` Sean Christopherson
2025-02-28 20:38 ` Kalra, Ashish
2025-02-28 22:32 ` Sean Christopherson
2025-03-03 18:50 ` Kalra, Ashish
2025-03-03 20:49 ` Sean Christopherson
2025-03-03 21:39 ` Kalra, Ashish
2025-03-04 21:58 ` Sean Christopherson [this message]
2025-03-05 1:58 ` Kalra, Ashish
2025-03-05 22:17 ` Kalra, Ashish
2025-03-12 23:02 ` Kalra, Ashish
2025-02-25 21:02 ` [PATCH v5 7/7] crypto: ccp: Move SEV/SNP Platform initialization to KVM Ashish Kalra
2025-03-03 15:35 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z8d3lDKfN1ffZbt5@google.com \
--to=seanjc@google.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=aik@amd.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kevinloughlin@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.