From: "Pratik R. Sampat" <prsampat@amd.com>
To: <linux-kernel@vger.kernel.org>, <x86@kernel.org>,
<kvm@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-kselftest@vger.kernel.org>
Cc: <seanjc@google.com>, <pbonzini@redhat.com>,
<thomas.lendacky@amd.com>, <tglx@linutronix.de>,
<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,
<shuah@kernel.org>, <pgonda@google.com>, <ashish.kalra@amd.com>,
<nikunj@amd.com>, <pankaj.gupta@amd.com>, <michael.roth@amd.com>,
<sraithal@amd.com>, <prsampat@amd.com>
Subject: [PATCH v7 01/10] KVM: SEV: Disable SEV-SNP support on initialization failure
Date: Fri, 21 Feb 2025 15:01:51 -0600 [thread overview]
Message-ID: <20250221210200.244405-2-prsampat@amd.com> (raw)
In-Reply-To: <20250221210200.244405-1-prsampat@amd.com>
During platform init, SNP initialization may fail for several reasons,
such as firmware command failures and incompatible versions. However,
the KVM capability may continue to advertise support for it. Export this
information to KVM and withdraw SEV-SNP support if has not been
successfully initialized.
Fixes: 1dfe571c12cf ("KVM: SEV: Add initial SEV-SNP support")
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Pratik R. Sampat <prsampat@amd.com>
---
v6..v7:
* Replace FW version check with sev->snp_initialized (Sean)
---
arch/x86/kvm/svm/sev.c | 4 +++-
drivers/crypto/ccp/sev-dev.c | 8 ++++++++
include/linux/psp-sev.h | 3 +++
3 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 0dbb25442ec1..87b5d63a5817 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3050,7 +3050,9 @@ void __init sev_hardware_setup(void)
sev_es_asid_count = min_sev_asid - 1;
WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));
sev_es_supported = true;
- sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);
+ sev_snp_supported = (sev_snp_enabled &&
+ cc_platform_has(CC_ATTR_HOST_SEV_SNP) &&
+ snp_initialized());
out:
if (boot_cpu_has(X86_FEATURE_SEV))
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 2e87ca0e292a..8d2cf8552bc2 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -1352,6 +1352,14 @@ int sev_platform_init(struct sev_platform_init_args *args)
}
EXPORT_SYMBOL_GPL(sev_platform_init);
+bool snp_initialized(void)
+{
+ struct sev_device *sev = psp_master->sev_data;
+
+ return sev->snp_initialized;
+}
+EXPORT_SYMBOL_GPL(snp_initialized);
+
static int __sev_platform_shutdown_locked(int *error)
{
struct psp_device *psp = psp_master;
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index f3cad182d4ef..d34068c87a28 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -954,6 +954,7 @@ int sev_do_cmd(int cmd, void *data, int *psp_ret);
void *psp_copy_user_blob(u64 uaddr, u32 len);
void *snp_alloc_firmware_page(gfp_t mask);
void snp_free_firmware_page(void *addr);
+bool snp_initialized(void);
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
@@ -988,6 +989,8 @@ static inline void *snp_alloc_firmware_page(gfp_t mask)
static inline void snp_free_firmware_page(void *addr) { }
+static inline bool snp_initialized(void) { return false; }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
--
2.43.0
next prev parent reply other threads:[~2025-02-21 21:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-21 21:01 [PATCH v7 00/10] Basic SEV-SNP Selftests Pratik R. Sampat
2025-02-21 21:01 ` Pratik R. Sampat [this message]
2025-02-24 19:01 ` [PATCH v7 01/10] KVM: SEV: Disable SEV-SNP support on initialization failure Liam Merwick
2025-02-25 16:50 ` Pratik R. Sampat
2025-02-24 21:28 ` Tom Lendacky
2025-02-25 16:41 ` Pratik R. Sampat
2025-02-25 17:45 ` Pratik R. Sampat
2025-02-25 19:09 ` Tom Lendacky
2025-02-25 19:45 ` Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 02/10] KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 03/10] KVM: selftests: Add vmgexit helper Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 04/10] KVM: selftests: Add SMT control state helper Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 05/10] KVM: selftests: Replace assert() with TEST_ASSERT_EQ() Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 06/10] KVM: selftests: Introduce SEV VM type check Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 07/10] KVM: selftests: Add library support for interacting with SNP Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 08/10] KVM: selftests: Force GUEST_MEMFD flag for SNP VM type Pratik R. Sampat
2025-02-21 21:01 ` [PATCH v7 09/10] KVM: selftests: Abstractions for SEV to decouple policy from type Pratik R. Sampat
2025-02-21 21:02 ` [PATCH v7 10/10] KVM: selftests: Add a basic SEV-SNP smoke test Pratik R. Sampat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250221210200.244405-2-prsampat@amd.com \
--to=prsampat@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=sraithal@amd.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox