Re: [PATCH v7 0/8] Move initializing SEV/SNP functionality to KVM

[Herbert Xu <herbert@gondor.apana.org.au>]

On Mon, Mar 24, 2025 at 09:13:41PM +0000, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@amd.com>
> 
> Remove initializing SEV/SNP functionality from PSP driver and instead add
> support to KVM to explicitly initialize the PSP if KVM wants to use
> SEV/SNP functionality.
> 
> This removes SEV/SNP initialization at PSP module probe time and does
> on-demand SEV/SNP initialization when KVM really wants to use 
> SEV/SNP functionality. This will allow running legacy non-confidential
> VMs without initializating SEV functionality. 
> 
> The patch-set includes the fix to not continue with SEV INIT if SNP
> INIT fails as RMP table must be initialized before calling SEV INIT
> if host SNP support is enabled.
> 
> This will assist in adding SNP CipherTextHiding support and SEV firmware
> hotloading support in KVM without sharing SEV ASID management and SNP
> guest context support between PSP driver and KVM and keeping all that
> support only in KVM.
> 
> To support SEV firmware hotloading, SEV Shutdown will be done explicitly
> prior to DOWNLOAD_FIRMWARE_EX and SEV INIT post it to work with the
> requirement of SEV to be in UNINIT state for DOWNLOAD_FIRMWARE_EX.
> NOTE: SEV firmware hotloading will only be supported if there are no
> active SEV/SEV-ES guests. 
> 
> v7:
> -  Drop the Fixes: tag for patch 01, as continuing with SEV INIT
> after SNP INIT(_EX) failure will still cause SEV INIT to fail,
> we are simply aborting here after SNP INIT(_EX) failure.
> - Fix commit logs.
> - Add additional reviewed-by's.
> 
> v6:
> - Add fix to not continue with SEV INIT if SNP INIT fails as RMP table 
> must be initialized before calling SEV INIT if host SNP support is enabled.
> - Ensure that for SEV IOCTLs requiring SEV to be initialized, 
> _sev_platform_init_locked() is called instead of __sev_platform_init_locked()
> to ensure that both implicit SNP and SEV INIT is done for these ioctls and
> followed by __sev_firmware_shutdown() to do both SEV and SNP shutdown.
> - Refactor doing SEV and SNP INIT implicitly for specific SEV and SNP
> ioctls into sev_move_to_init_state() and snp_move_to_init_state(). 
> - Ensure correct error code is returned from sev_ioctl_do_pdh_export() 
> if platform is not in INIT state.
> - Remove dev_info() from sev_pci_init() because this would have printed
> a duplicate message.
> 
> v5:
> - To maintain 1-to-1 mapping between the ioctl commands and the SEV/SNP commands, 
> handle the implicit INIT in the same way as SHUTDOWN, which is to use a local error
> for INIT and in case of implicit INIT failures, let the error logs from 
> __sev_platform_init_locked() OR __sev_snp_init_locked() be printed and always return
> INVALID_PLATFORM_STATE as error back to the caller.
> - Add better error logging for SEV/SNP INIT and SHUTDOWN commands.
> - Fix commit logs.
> - Add more acked-by's, reviewed-by's, suggested-by's.
> 
> v4:
> - Rebase on linux-next which has the fix for SNP broken with kvm_amd
> module built-in.
> - Fix commit logs.
> - Add explicit SEV/SNP initialization and shutdown error logs instead
> of using a common exit point.
> - Move SEV/SNP shutdown error logs from callers into __sev_platform_shutdown_locked()
> and __sev_snp_shutdown_locked().
> - Make sure that we continue to support both the probe field and psp_init_on_probe
> module parameter for PSP module to support SEV INIT_EX.
> - Add reviewed-by's.
> 
> v3:
> - Move back to do both SNP and SEV platform initialization at KVM module
> load time instead of SEV initialization on demand at SEV/SEV-ES VM launch
> to prevent breaking QEMU which has a check for SEV to be initialized 
> prior to launching SEV/SEV-ES VMs. 
> - As both SNP and SEV platform initialization and shutdown is now done at
> KVM module load and unload time remove patches for separate SEV and SNP
> platform initialization and shutdown.
> 
> v2:
> - Added support for separate SEV and SNP platform initalization, while
> SNP platform initialization is done at KVM module load time, SEV 
> platform initialization is done on demand at SEV/SEV-ES VM launch.
> - Added support for separate SEV and SNP platform shutdown, both 
> SEV and SNP shutdown done at KVM module unload time, only SEV
> shutdown down when all SEV/SEV-ES VMs have been destroyed, this
> allows SEV firmware hotloading support anytime during system lifetime.
> - Updated commit messages for couple of patches in the series with
> reference to the feedback received on v1 patches.
> 
> Ashish Kalra (8):
>   crypto: ccp: Abort doing SEV INIT if SNP INIT fails
>   crypto: ccp: Move dev_info/err messages for SEV/SNP init and shutdown
>   crypto: ccp: Ensure implicit SEV/SNP init and shutdown in ioctls
>   crypto: ccp: Reset TMR size at SNP Shutdown
>   crypto: ccp: Register SNP panic notifier only if SNP is enabled
>   crypto: ccp: Add new SEV/SNP platform shutdown API
>   KVM: SVM: Add support to initialize SEV/SNP functionality in KVM
>   crypto: ccp: Move SEV/SNP Platform initialization to KVM
> 
>  arch/x86/kvm/svm/sev.c       |  12 ++
>  drivers/crypto/ccp/sev-dev.c | 245 +++++++++++++++++++++++++----------
>  include/linux/psp-sev.h      |   3 +
>  3 files changed, 194 insertions(+), 66 deletions(-)
> 
> -- 
> 2.34.1

Patches 7-8 applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt