@@ -3050,7 +3050,9 @@ void __init sev_hardware_setup(void)
sev_es_asid_count = min_sev_asid - 1;
WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));
sev_es_supported = true;
- sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);
+ sev_snp_supported = (sev_snp_enabled &&
+ cc_platform_has(CC_ATTR_HOST_SEV_SNP) &&
+ snp_initialized());
out:
if (boot_cpu_has(X86_FEATURE_SEV))
@@ -1352,6 +1352,14 @@ int sev_platform_init(struct sev_platform_init_args *args)
}
EXPORT_SYMBOL_GPL(sev_platform_init);
+bool snp_initialized(void)
+{
+ struct sev_device *sev = psp_master->sev_data;
+
+ return sev->snp_initialized;
+}
+EXPORT_SYMBOL_GPL(snp_initialized);
+
static int __sev_platform_shutdown_locked(int *error)
{
struct psp_device *psp = psp_master;
@@ -954,6 +954,7 @@ int sev_do_cmd(int cmd, void *data, int *psp_ret);
void *psp_copy_user_blob(u64 uaddr, u32 len);
void *snp_alloc_firmware_page(gfp_t mask);
void snp_free_firmware_page(void *addr);
+bool snp_initialized(void);
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
@@ -988,6 +989,8 @@ static inline void *snp_alloc_firmware_page(gfp_t mask)
static inline void snp_free_firmware_page(void *addr) { }
+static inline bool snp_initialized(void) { return false; }
+
#endif /* CONFIG_CRYPTO_DEV_SP_PSP */
#endif /* __PSP_SEV_H__ */
During platform init, SNP initialization may fail for several reasons, such as firmware command failures and incompatible versions. However, the KVM capability may continue to advertise support for it. Export this information to KVM and withdraw SEV-SNP support if has not been successfully initialized. Fixes: 1dfe571c12cf ("KVM: SEV: Add initial SEV-SNP support") Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Pratik R. Sampat <prsampat@amd.com> --- v6..v7: * Replace FW version check with sev->snp_initialized (Sean) --- arch/x86/kvm/svm/sev.c | 4 +++- drivers/crypto/ccp/sev-dev.c | 8 ++++++++ include/linux/psp-sev.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-)