From: Tom Lendacky <thomas.lendacky@amd.com>
To: Tycho Andersen <tycho@kernel.org>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Ashish Kalra <ashish.kalra@amd.com>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Ard Biesheuvel <ardb@kernel.org>,
Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>,
Kishon Vijay Abraham I <kvijayab@amd.com>,
Alexey Kardashevskiy <aik@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Kim Phillips <kim.phillips@amd.com>,
Sean Christopherson <seanjc@google.com>
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v1 1/2] x86/sev: Do not initialize SNP if missing CPUs
Date: Fri, 3 Apr 2026 08:31:24 -0500 [thread overview]
Message-ID: <70635612-76e5-488a-bb82-e66752dc9857@amd.com> (raw)
In-Reply-To: <20260401143552.3038979-1-tycho@kernel.org>
On 4/1/26 09:35, Tycho Andersen wrote:
> From: "Tycho Andersen (AMD)" <tycho@kernel.org>
>
> The SEV firmware checks that the SNP enable bit is set on each CPU during
> SNP initialization, and will fail if it is not. If there are some CPUs
> offline, they will not run the setup functions, so SNP initialization will
> always fail.
>
> Skip the IPIs in this case and return an error so that the CCP driver can
> skip the SNP_INIT that will fail.
>
> Suggested-by: Borislav Petkov (AMD) <bp@alien8.de>
> Signed-off-by: Tycho Andersen (AMD) <tycho@kernel.org>
> ---
> arch/x86/include/asm/sev.h | 4 ++--
> arch/x86/virt/svm/sev.c | 11 +++++++++--
> 2 files changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 09e605c85de4..594cfa19cbd4 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -661,7 +661,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int pages)
> {
> __snp_leak_pages(pfn, pages, true);
> }
> -void snp_prepare(void);
> +int snp_prepare(void);
> void snp_shutdown(void);
> #else
> static inline bool snp_probe_rmptable_info(void) { return false; }
> @@ -679,7 +679,7 @@ static inline void __snp_leak_pages(u64 pfn, unsigned int npages, bool dump_rmp)
> static inline void snp_leak_pages(u64 pfn, unsigned int npages) {}
> static inline void kdump_sev_callback(void) { }
> static inline void snp_fixup_e820_tables(void) {}
> -static inline void snp_prepare(void) {}
> +static inline int snp_prepare(void) { return -ENODEV; }
> static inline void snp_shutdown(void) {}
> #endif
>
> diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
> index 41f76f15caa1..e9ded15dbe60 100644
> --- a/arch/x86/virt/svm/sev.c
> +++ b/arch/x86/virt/svm/sev.c
> @@ -511,8 +511,9 @@ static void clear_hsave_pa(void *arg)
> wrmsrq(MSR_VM_HSAVE_PA, 0);
> }
>
> -void snp_prepare(void)
> +int snp_prepare(void)
> {
> + int ret = -EOPNOTSUPP;
> u64 val;
>
> /*
> @@ -521,12 +522,15 @@ void snp_prepare(void)
> */
> rdmsrq(MSR_AMD64_SYSCFG, val);
> if (val & MSR_AMD64_SYSCFG_SNP_EN)
> - return;
> + return 0;
>
> clear_rmp();
>
> cpus_read_lock();
>
> + if (!cpumask_equal(cpu_online_mask, cpu_possible_mask))
If CONFIG_INIT_ALL_POSSIBLE is set, won't that set cpu_possible_mask to
include all CPUs up to NR_CPUS? That would result in this always failing.
Not sure if this change is worth it.
Thanks,
Tom
> + goto unlock;
> +
> /*
> * MtrrFixDramModEn is not shared between threads on a core,
> * therefore it must be set on all CPUs prior to enabling SNP.
> @@ -537,7 +541,10 @@ void snp_prepare(void)
> /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */
> on_each_cpu(clear_hsave_pa, NULL, 1);
>
> + ret = 0;
> +unlock:
> cpus_read_unlock();
> + return ret;
> }
> EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp");
>
>
> base-commit: cf112712c193e837225d740ec3e139774f2496f2
next prev parent reply other threads:[~2026-04-03 13:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-01 14:35 [PATCH v1 1/2] x86/sev: Do not initialize SNP if missing CPUs Tycho Andersen
2026-04-01 14:35 ` [PATCH v1 2/2] crypto/ccp: skip SNP_INIT if preparation fails Tycho Andersen
2026-04-01 14:39 ` Tycho Andersen
2026-04-03 13:33 ` Tom Lendacky
2026-04-01 14:35 ` [PATCH v1 2/2] crypto/ccp: Skip " Tycho Andersen
2026-04-03 13:31 ` Tom Lendacky [this message]
2026-04-03 17:18 ` [PATCH v1 1/2] x86/sev: Do not initialize SNP if missing CPUs Borislav Petkov
2026-04-03 17:52 ` Tycho Andersen
2026-04-03 19:53 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70635612-76e5-488a-bb82-e66752dc9857@amd.com \
--to=thomas.lendacky@amd.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=aik@amd.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kim.phillips@amd.com \
--cc=kvijayab@amd.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tycho@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox