From: Sean Christopherson <seanjc@google.com>
To: Ashish Kalra <ashish.kalra@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Peter Gonda <pgonda@google.com>,
pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
herbert@gondor.apana.org.au, x86@kernel.org, john.allen@amd.com,
davem@davemloft.net, michael.roth@amd.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH v2 3/3] x86/sev: Add SEV-SNP CipherTextHiding support
Date: Fri, 6 Dec 2024 14:30:40 -0800 [thread overview]
Message-ID: <Z1N7ELGfR6eTuO6D@google.com> (raw)
In-Reply-To: <7ea2b3e8-56b7-418f-8551-b905bf10fecb@amd.com>
On Thu, Nov 21, 2024, Ashish Kalra wrote:
> On 11/21/2024 11:42 AM, Sean Christopherson wrote:
> > On Thu, Nov 21, 2024, Tom Lendacky wrote:
> >> On 11/21/24 10:56, Sean Christopherson wrote:
> >>> On Thu, Nov 21, 2024, Ashish Kalra wrote:
> >>> Actually, IMO, the behavior of _sev_platform_init_locked() and pretty much all of
> >>> the APIs that invoke it are flawed, and make all of this way more confusing and
> >>> convoluted than it needs to be.
> >>>
> >>> IIUC, SNP initialization is forced during probe purely because SNP can't be
> >>> initialized if VMs are running. But the only in-tree user of SEV-XXX functionality
> >>> is KVM, and KVM depends on whatever this driver is called. So forcing SNP
> >>> initialization because a hypervisor could be running legacy VMs make no sense.
> >>> Just require KVM to initialize SEV functionality if KVM wants to use SEV+.
> >>
> >> When we say legacy VMs, that also means non-SEV VMs. So you can't have any
> >> VM running within a VMRUN instruction.
> >
> > Yeah, I know. But if KVM initializes the PSP SEV stuff when KVM is loaded, then
> > KVM can't possibly be running VMs of any kind.
> >
> >> Or...
> >>
> >>>
> >>> /*
> >>> * Legacy guests cannot be running while SNP_INIT(_EX) is executing,
> >>> * so perform SEV-SNP initialization at probe time.
> >>> */
> >>> rc = __sev_snp_init_locked(&args->error);
> >>>
> >>> Rather than automatically init SEV+ functionality, can we instead do something
> >>> like the (half-baked pseudo-patch) below? I.e. delete all paths that implicitly
> >>> init the PSP, and force KVM to explicitly initialize the PSP if KVM wants to use
> >>> SEV+. Then we can put the CipherText and SNP ASID params in KVM.
> >>
> >> ... do you mean at module load time (based on the module parameters)? Or
> >> when the first SEV VM is run? I would think the latter, as the parameters
> >> are all true by default. If the latter, that would present a problem of
> >> having to ensure no VMs are active while performing the SNP_INIT.
> >
> > kvm-amd.ko load time.
>
> Ok, so kvm module load will init SEV+ if indicated by it's module parameters.
>
> But, there are additional concerns here.
>
> SNP will still have to be initialized first, because SNP_INIT will fail if
> SEV INIT has been done.
>
> Additionally, to support SEV firmware hotloading (DLFW_EX), SEV can't be
> initialized.
>
> So probably, we will have to retain some PSP style SEV+ initialization here,
> SNP_INIT is always done first and then SEV INIT is skipped if explicitly
> specified by a module param. This allows SEV firmware hotloading to be
> supported.
>
> But, then with SEV firmware hotload support how do we do SEV INIT without
> unloading and reloading KVM module ?
So the above says:
SEV_CMD_SNP_INIT{_ES} cannot be executed if SEV_CMD_INIT{_EX} has been executed.
but the existing comment in _sev_platform_init_locked() says:
/*
* Legacy guests cannot be running while SNP_INIT(_EX) is executing,
* so perform SEV-SNP initialization at probe time.
*/
Which one is correct? I don't think it matters in the end, just trying to wrap my
head around everything.
And IIUC, SEV_CMD_SNP_INIT{_EX} can be executed before firmware hotload, but
SEV_CMD_INIT{_EX} cannot. Is that correct? Because if firmware hotload can't
be done while SEV VMs are _active_, then that's a very different situation.
> This can reuse the current support (in KVM) to do SEV INIT implicitly when
> the first SEV VM is run: sev_guest_init() -> sev_platform_init()
I don't love the implicit behavior, but assuming hotloading firmware can't be done
after SEV_CMD_INIT{_EX}, that does seem like the least awful solution.
To summarize, if the above assumptions hold:
1. Initialize SNP when kvm-amd.ko is loaded.
2. Define CipherTextHiding and ASID params kvm-amd.ko.
3. Initialize SEV+ at first use.
Just to triple check: that will allow firmware hotloading even if kvm-amd.ko is
built-in, correct? I.e. doesn't requires deferring kvm-amd.ko load until after
firmware hotloading.
next prev parent reply other threads:[~2024-12-06 22:30 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-17 20:15 [PATCH v2 0/3] Add SEV-SNP CipherTextHiding feature support Ashish Kalra
2024-09-17 20:16 ` [PATCH v2 1/3] crypto: ccp: New bit-field definitions for SNP_PLATFORM_STATUS command Ashish Kalra
2024-10-01 21:40 ` Peter Gonda
2024-10-02 18:52 ` Tom Lendacky
2024-09-17 20:16 ` [PATCH v2 2/3] crypto: ccp: Add support for SNP_FEATURE_INFO command Ashish Kalra
2024-10-02 21:18 ` Tom Lendacky
2024-10-02 21:19 ` Tom Lendacky
2024-10-02 21:40 ` Kalra, Ashish
2024-10-02 21:49 ` Tom Lendacky
2024-09-17 20:16 ` [PATCH v2 3/3] x86/sev: Add SEV-SNP CipherTextHiding support Ashish Kalra
2024-10-02 14:58 ` Peter Gonda
2024-10-02 18:44 ` Kalra, Ashish
2024-10-03 14:04 ` Peter Gonda
2024-10-03 22:09 ` Ashish Kalra
2024-10-11 16:04 ` Sean Christopherson
2024-11-20 3:14 ` Kalra, Ashish
2024-11-20 21:53 ` Sean Christopherson
2024-11-20 23:43 ` Kalra, Ashish
2024-11-21 14:57 ` Kalra, Ashish
2024-11-21 16:56 ` Sean Christopherson
2024-11-21 17:24 ` Tom Lendacky
2024-11-21 17:42 ` Sean Christopherson
2024-11-21 21:00 ` Kalra, Ashish
2024-12-06 22:30 ` Sean Christopherson [this message]
2024-12-07 5:21 ` Kalra, Ashish
2024-12-10 1:30 ` Sean Christopherson
2024-12-10 21:32 ` Kalra, Ashish
2024-12-10 22:57 ` Sean Christopherson
2024-12-11 0:48 ` Kalra, Ashish
2024-12-11 1:01 ` Kalra, Ashish
2024-12-12 0:02 ` Kalra, Ashish
2024-10-02 21:46 ` Tom Lendacky
2024-10-02 21:52 ` Tom Lendacky
2024-10-11 16:10 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z1N7ELGfR6eTuO6D@google.com \
--to=seanjc@google.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).