From patchwork Wed Jan 22 01:00:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 859267 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2067.outbound.protection.outlook.com [40.107.223.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA1042837A; Wed, 22 Jan 2025 01:00:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737507645; cv=fail; b=F1T7PqnFlaJsKwmHNYLlr7PK5r3P0dbUZu15OGciKYk+NYC9V3cvYKLyLtamicKfktz0TIbLabM+aPo3FSzAIQY5rJb1HQQaTLsYo9jMTjoc64kDszKVNsq2aj4lc7mQOdyBdmD/IlAPkRwcwVgng/DHNBscUqy9uV1uTqhPlLo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737507645; c=relaxed/simple; bh=uXsFTuES+8ingRjtHVEoJ3pUaV+TENZ1V8HMOODdOt8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=t9CeSVOuYab2YatdKitszswvB9JqLabJ6g/wAIyu0CMXgetRp08GWLMCzXPDOU0t8n2SenSpdb8w10S6w6zTCVpsaV6/4octFn4hN2fyFhhyycsYohmu211Q0jH67Qe2j1Dvr5lm9edmX/kE/eOuUn3dc650hiB0YWiMnBXqzSE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tPUS4XPm; arc=fail smtp.client-ip=40.107.223.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tPUS4XPm" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=i+For89ixYXGXAHwvePcVVwSlyIwnSO7Z/rd7dgAI8fgsjUMfKLQXCNDK7C3RWCktgaB1PRzprJLpgoLAxc728aoCh9VDIDUsU5amWHpzaDw3qyzAtw3/QxfclSMmdvojth4tLI82fFDKEeN/ejLMrpVrv80NrZa+dU0yF9Rap7IevWNW9Pn4bxahc4geqVg763mKb986bA//Y03pxz808KgxSv9VzZPPq9Fb5fshlkOAt0LRIu6jAbz/3/w6/lroWmM2CyQJVRDsLUMSId9F7jQ0Zat7L/GjS0cnSHzn1LrL9DyeFcPcwjBIsgL8zeealLItj/wB9nxEd6QNiRJxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ffeobm4egWo4WTBHI/ac6X+oNEaZXhObhnrlY3MAKtk=; b=Ir7lHZ0hVVJoz7apQ8sUzvmqEqWgvmecV30jLvv2MlkKCsXB15knDzKTM+qQbJFkARSQfBGv6BlAOsjY2QV0QHhBwuR6Z8vuHnT/qne6mw0RGAqm9kwCjHW6l+deU7WC+Y0AlCu+x/UdRFN+lhcanhek+OM2Fi5TOFw9tRCdBMA55v4JUgN84z/ur8umVrAd7lIxJfwqnhLqFjZW7yjqExw6+Vdi7qVDxVfNZ90NhtE0j2p3I1y5MdB6UiOOcYKDwXd9/DJrh8E6sh9aRFhqhQB/4Lhzcep1jERUyNFmrCBieky4ElX9y88jrUS/qC518BDpBMjF1pT4oLXYFztdSg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ffeobm4egWo4WTBHI/ac6X+oNEaZXhObhnrlY3MAKtk=; b=tPUS4XPmCOVC36zBOtbqlkaacqqruyw1kHuN8OmVv+Yc3MdUS+JVCBNQXQ9F2iYx1Y5bpBgHHxDzs0OWLLW0s2ziZ8W2AecTihbzea5DbiFYskF9bms2nYfHx+ODfnP/b1JmbPHIeJlRbx3J1+Vg8MrONj/uLXDl0v6GvAZQro8= Received: from SJ0PR05CA0099.namprd05.prod.outlook.com (2603:10b6:a03:334::14) by DM6PR12MB4042.namprd12.prod.outlook.com (2603:10b6:5:215::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.22; Wed, 22 Jan 2025 01:00:35 +0000 Received: from SJ5PEPF000001F2.namprd05.prod.outlook.com (2603:10b6:a03:334:cafe::1a) by SJ0PR05CA0099.outlook.office365.com (2603:10b6:a03:334::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.13 via Frontend Transport; Wed, 22 Jan 2025 01:00:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001F2.mail.protection.outlook.com (10.167.242.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Wed, 22 Jan 2025 01:00:35 +0000 Received: from ethanolx7e2ehost.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 21 Jan 2025 19:00:33 -0600 From: Ashish Kalra To: , , , , , , , , , , , , , , , CC: , , , , , , , Subject: [PATCH 2/4] crypto: ccp: Add external API interface for PSP module initialization Date: Wed, 22 Jan 2025 01:00:22 +0000 Message-ID: <2a2c2b55c2b137b777ef5beab8e2a814f0c268a7.1737505394.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001F2:EE_|DM6PR12MB4042:EE_ X-MS-Office365-Filtering-Correlation-Id: 784859f2-81b1-4eac-a3f5-08dd3a802dd3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|36860700013|82310400026|1800799024|7416014|376014|7053199007|921020; X-Microsoft-Antispam-Message-Info: c8t+iIh3ruOG1+u4rQiYUvps8GspKg24fEHwuCqm1hYcIdFaGS7T4PuKbxi1ktwDRl++v3mg3UKYpRIP+n06qH59ZYUM19M6p1qODYqtCE7aTCKDjyqMSlRGn8kD9rweVpZifo1t/uWbdSt6v7J32bgGcDoW+F1vYAe6oWatGcuX5aPZ2rRh9xBHlN6Q+5MCDZqqVZTp9fgaKvJzIVVX8BGN4ZcXEDJyep66whZPodXc8DRYAjEkTym2TJBbvWJaCqONXFY4OopDfcK0aXrlzVRmV5vjB7ON+Br42tvAQHCI/wQHImny/iMxNpRTXWNR4NDJAfryvaFnEC6eXMsyh4T1/JPwtiTv1F2gZ2cy/Yk+sr+KDTNafALNnZ/e2/e6o/KHK23bmax6EgxCIuJ7YdCBBe6pL0Dl+q611fusg31wQwr1FKowgFwzdtvwkWh7hgsH6yjEbKi2m25lSqiVE4q1LY10xG12IHxf3UET0Rz9OSsgLLkN6P8mMiUOCyrZC0bg+OYrnM96V3onNancCHB8Zno/7b8M7R6tb0tEdkB+mRBEp9tWo0Z8bgQb6/E8D0kN7F8SWC+Y3+253SkJ19lvf3kiIPxmr5TbfLyhqiWTS6GueFfBvA/NvXcmBx+ILdT1yyTQEUXA4SA0x4M5FV6dhEs1uJEtmctBJt7PJ3dDZxvQs211cr6yjchFp/Kj751eeqOlqRafxWuU7rJUJqsxAvB+bdJSy6cbqbP7ZIeSye7kZvqnr/KC18kTfaEWfIkCdhkubRpVo0+K37DIGtgBynVpeyrKe/+JNyWOhEGbIUtrZmKUEriPh8o2MbAi6bcoPuBTH5NKCEaeGCo6+qfenpUysGJ8QVwFIOslscgnYGvFBU/2+x8stHaWmAPwiR1lnWOxXX4lKCLl5P9D0frI5JtKAmEgqVyPcmwl/EzfsbRXP36XAYgcs1ReQg04jGs8PYVo9h1IkBLDDHtXkbBc917/uhR59P5Ajgbqjwa3lWuaNx/jjxw4yBV/KoFzCtLyeZyg9m82qI2txe0l4CMQQzF+qpuu4zyowDVUQS8uGW5gyDRfcI/oQPr5TmXz2/AClIBPtoC4qffDAXiEqfkK5aEP/BzkEWcyZ4E1iacq/eqUEFh7anGa/0iRgwpoLif4JSjDWocGtX6bVgp8cWokjW2dxjGlDxPzglGJgvNyuAoqZIRPjNGPNIKoRpnT2mlOnApwq8q0XmIZ1R1oGMYhP8jtSBcxiVBk0cWvVdTd2gkfe29dqziZd94MAmrLffqaYJ2I8MAvuX855mSzJfKEydYYaDYwz0ZjFOWT7qt8GTTyOFJwK3HYASFqlCwCmUyUMgWTEdY2ECfBGE3LJJJTqCyJID15Kl5O0xurpMA4oyybXAt4tastVJJLeP0fGaYQMoF1lhki6cn/ikCiKXiBklXszgKWpJuESEHiR77HMJdUIADh2cdM9IW6vf28D+6tXiW3kQlI2EILYPfQHEis1o/hJLqErT+DxUO8X1I= X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(36860700013)(82310400026)(1800799024)(7416014)(376014)(7053199007)(921020); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jan 2025 01:00:35.3829 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 784859f2-81b1-4eac-a3f5-08dd3a802dd3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001F2.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4042 From: Sean Christopherson Add a new external API interface for PSP module initialization which allows PSP SEV driver to be initialized explicitly before proceeding with SEV/SNP initialization with KVM if KVM is built-in as the dependency between modules is not supported/handled by the initcall infrastructure and the dependent PSP module is not implicitly loaded before KVM module if KVM module is built-in. Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Sean Christopherson --- drivers/crypto/ccp/sp-dev.c | 12 ++++++++++++ drivers/crypto/ccp/sp-dev.h | 1 + include/linux/psp-sev.h | 11 +++++++++++ 3 files changed, 24 insertions(+) diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c index 7eb3e4668286..a0cdc03984cb 100644 --- a/drivers/crypto/ccp/sp-dev.c +++ b/drivers/crypto/ccp/sp-dev.c @@ -253,8 +253,12 @@ struct sp_device *sp_get_psp_master_device(void) static int __init sp_mod_init(void) { #ifdef CONFIG_X86 + static bool initialized; int ret; + if (initialized) + return 0; + ret = sp_pci_init(); if (ret) return ret; @@ -263,6 +267,7 @@ static int __init sp_mod_init(void) psp_pci_init(); #endif + initialized = true; return 0; #endif @@ -279,6 +284,13 @@ static int __init sp_mod_init(void) return -ENODEV; } +#if IS_BUILTIN(CONFIG_KVM_AMD) && IS_ENABLED(CONFIG_KVM_AMD_SEV) +int __init sev_module_init(void) +{ + return sp_mod_init(); +} +#endif + static void __exit sp_mod_exit(void) { #ifdef CONFIG_X86 diff --git a/drivers/crypto/ccp/sp-dev.h b/drivers/crypto/ccp/sp-dev.h index 6f9d7063257d..3f5f7491bec1 100644 --- a/drivers/crypto/ccp/sp-dev.h +++ b/drivers/crypto/ccp/sp-dev.h @@ -148,6 +148,7 @@ int sp_request_psp_irq(struct sp_device *sp, irq_handler_t handler, const char *name, void *data); void sp_free_psp_irq(struct sp_device *sp, void *data); struct sp_device *sp_get_psp_master_device(void); +int __init sev_module_init(void); #ifdef CONFIG_CRYPTO_DEV_SP_CCP diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea8585..1cf197fca93d 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -814,6 +814,15 @@ struct sev_data_snp_commit { #ifdef CONFIG_CRYPTO_DEV_SP_PSP +/** + * sev_module_init - perform PSP module initialization + * + * Returns: + * 0 if the PSP module is successfully initialized + * -%ENODEV if the PSP module initialization fails + */ +int __init sev_module_init(void); + /** * sev_platform_init - perform SEV INIT command * @@ -948,6 +957,8 @@ void snp_free_firmware_page(void *addr); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ +static inline int __init sev_module_init(void) { return -ENODEV } + static inline int sev_platform_status(struct sev_user_data_status *status, int *error) { return -ENODEV; } From patchwork Wed Jan 22 01:00:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kalra, Ashish" X-Patchwork-Id: 859266 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2088.outbound.protection.outlook.com [40.107.95.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 862AD136347; Wed, 22 Jan 2025 01:01:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737507676; cv=fail; b=BLm2fIu/kAa/ndXqtFRgLNk7jy6rtythg+yIdrXPENevvYq3vtEfoJlYsZahwN4y3fOhMQvmP2VzXtjZXqfgXi2SGimF8ZkhSVpc2smNF37f6HR9Ao016TlEpxZkbAaFzN3GnDJUSmycuqSTdAXQfnQAZG8N77s5uVVS4oHiW7U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737507676; c=relaxed/simple; bh=zpGaR6EHG5fQfxBeXMMpbMsE069zeSMeHAjT9DdqQO8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WTlFhTHlZAibqBuBZPXwFEYCsIqdYs9wEsGgDHhQeebB1nvUUvQ4DscD03z8Rdoa2EiUYLC/KSIr+5xEAKfx4Rtjf+vld+oQkCKmyu1ZEkP7ra9w+V1q/On0fQIzm00B+UZhow3NHo4C7FDWCbKc7AfvtVT+gJ+uJQwibdwd+hw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=FvFoqwRY; arc=fail smtp.client-ip=40.107.95.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="FvFoqwRY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AN2KOpahZxx/nhlnuMLWsmaXDq+Snq0kZ+cmV5pWGWR4+UQ+b+EoaAyh0XwCrbdPxwrVxDjOSPtl0DH424X3YPkOxpdCSwgh+U9hjTjXEhlHluZ95BUUOcaIVD7SirEEfdE4OunjmZCysSWsgBmJlpQUUA4UVTL4y0tF4182HvkkIKIhtUaF/Xx/oukbo4I3gd7G4AaK3GPRtUQ6cAVcdybhHBi5pg4Wz0ULVvQRQWXaIIX7rl4nIJxxZ1Lh0KEE7olInbUFXVyPofnOT68VE/Z5LAWbq772rNurFKTefL9Ars0TailTYp8/UKm3wB6mHA2pAfEYXoXR2MACNp5ioA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cAzKFq3HueqHWIEXHbd93DcO2eDTOy88QFga8E6xVa4=; b=BMSB+eK/7F6Sk4kiDROEn85X6J1QB3vIz4KVN4qUszxkMML4Vi2of4WtC1hzTJ5nXCCRCmambMWH9qBgM1RyQreyUqahcC0pril+UTkwYLlMmvkCCQhf+1PbSiBE0+ToMS6PwpOzghKecj8kCsqyjkpyzUUeWfh0H/oVwBiBoPShB+UHqqivLVykq0h4uqRREcU3ZVPd8ZJyZJzBjBqqYVrKXXwQf43fbPns7q1EWwsSPgHAMMR6Nwk06Y9MvODNw06ZUZhhUT9j00Q03HPMsEPRsv0WhZtycVI0YyNeMfcb1YpilrzYkM6RDI+E9JC4RUeYJCNdLGFwlgxka2O9kA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cAzKFq3HueqHWIEXHbd93DcO2eDTOy88QFga8E6xVa4=; b=FvFoqwRYECzfdREcwHBuyO09hAxuVaXLspc48enoC/nm9O+JyHaIh/lPtJc2HaTqN8F70gbERSLxWRaOp9/LxID4/lvlKVcp0q0MGA3hFqDi4bdeZmqfalGkqr4l0SJsyoZ2iLWIVAIMz+wRsM2hU6CFDUyvChiDqitHwPdHAUA= Received: from BYAPR11CA0084.namprd11.prod.outlook.com (2603:10b6:a03:f4::25) by MN2PR12MB4237.namprd12.prod.outlook.com (2603:10b6:208:1d6::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8356.22; Wed, 22 Jan 2025 01:01:09 +0000 Received: from SJ5PEPF000001F6.namprd05.prod.outlook.com (2603:10b6:a03:f4:cafe::4f) by BYAPR11CA0084.outlook.office365.com (2603:10b6:a03:f4::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8377.14 via Frontend Transport; Wed, 22 Jan 2025 01:01:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001F6.mail.protection.outlook.com (10.167.242.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8377.8 via Frontend Transport; Wed, 22 Jan 2025 01:01:08 +0000 Received: from ethanolx7e2ehost.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 21 Jan 2025 19:01:07 -0600 From: Ashish Kalra To: , , , , , , , , , , , , , , , CC: , , , , , , , Subject: [PATCH 4/4] x86/sev: Fix broken SNP support with KVM module built-in Date: Wed, 22 Jan 2025 01:00:56 +0000 Message-ID: <6fc4cd0f07f884da4345951670aebff8815270b7.1737505394.git.ashish.kalra@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001F6:EE_|MN2PR12MB4237:EE_ X-MS-Office365-Filtering-Correlation-Id: 0d72c32d-c011-471c-e510-08dd3a8041c8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|82310400026|7416014|376014|36860700013|1800799024|921020; X-Microsoft-Antispam-Message-Info: KHjy4RQ3ZGjUzyExy0ly/U0NfG844+5XBXGYVYWXhQc7R4djDNAbuPzBmW1KfAOfgUYEHt2xMlz1m0LjIySX9jQ8DZjVxbS6Vl5GIq9SbAHawXa25zJw1VPIzyMqU3hka2ajbtIFIIkYJUN4zLTcLBxO4sTpQuI0jfQw4eRR0SVyd+WEvDV2xcTVqSi9xL89kchcB22leashJDr1pJ+XYHgJ7VJMxrQOFZxuzY0PJyuzsh9ooV8x3bXRHMIvDvb8PpKvt96itsuogML913f9/zmt8J1j++gCQGAQfkuNlU6TdvVS0HD8mxbTPRNTno5XbN6qh0LK4FXwyNmCP7mBIf/+ez6nzxl7zAUM3mrr8cCwKUQim0EkwthxtM5sZNVmnCO1f42cfJcbdWG9FXUMKbFQPFPMNtQaAQNIF1+vYS2Mvf6bBsaN/whPkClj8GN7DtXWSHzSTJQ0X4WkTK/BTH7ZB8TIWPDpvWkfZDfUMdqBmtePRVqxYSspCPQ9xEeDo4dIGfmXzclhnBkQTxPSdQ2A4X4hRJkEwg+sYvQF7LVNxvXOdXChc3Cs8QqItJLbg+2Q5g98Laj2RBnYtt+L+ijrGcms1ZIwymzdKYp6i68Xwk+F+o/VnFHlxwn8qhJa/1HbzBjpJEHrJjrf05mxteN7TEBAUYZZIgOFRKeogrxRGsLriO8hq/1X+2nwhk/wLwYzvBfXeBgVS8t1THm8WZ84NV9OsJe4Y9u/xiK4uxjCBfRgrEijLp0ZSvg7BGHir9Br5jPmOiAgL0LrYbWkodmFt64dF2SCbQKqkw8wLjfuRalNOfiYwZ2vx4hMFZ9C1HbLVhpVdSes048FUq7H3RZP1o4bLwNgJgce8PURZ9lWdgp/x/4lqDxP7HDVnOhQM33FcFy0HrTje7OEoZdv2Ok/3V7WgdWWL5KK0kf62sIPBSn8YOjU9H6CwJnROz1NrONzps6g9B9XLLp4LsFNf23rHwldRlasulbANsGUzd/Vj3zN0IH0HmjO4kbWJBb2HCfX3rbsW5RJq40a2KTzi8xKmUk4e2TSBYN22TYuqrJAIkOM+mJ//3f8tget5hu35i35/Ku+TULrmhIdpfsoV2fAyPiNEE/3XJ2JTE+4SfArINfIsUiwlugtwsKYhyDpIUnOkwD0poxJH2f4n1yc2RbDDCnlOWd+o/CCMzpz+ujPvShkzs2RjRNbVTMhCIrVuLXoXPD7BbwqQM5EqBcyAK6xmbLnf0yDtKiTGlrQgayKCV8WOGWa756rWZrR164+Loc7/Mfg/ro4mzEvQ+DykLsu7MyT7Ve9vR+IFIfQm+sDuAhZm9RL2EslU5MV/LnKzuqzbPELMwttmIJ6RX9YYDF/P6NyxWMiDLSHSbxDD0hIYpnZmjEYyIGZrXBqXgdC8crbrfgrOWsZIujpIM4mhHYPycS5nAP54A9V84Sx8RWD9hgXGBz+M59/kMe+P31TYUGXL6KcqfQte4gYA8s+0Ap+m0JNiYG5eKAJ2p8mAdfgVOf4VKCApM8FdXcCNw2J X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:SATLEXMB04.amd.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(82310400026)(7416014)(376014)(36860700013)(1800799024)(921020); DIR:OUT; SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jan 2025 01:01:08.8669 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0d72c32d-c011-471c-e510-08dd3a8041c8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17]; Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001F6.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4237 From: Ashish Kalra This patch fixes issues with enabling SNP host support and effectively SNP support which is broken with respect to the KVM module being built-in. SNP host support is enabled in snp_rmptable_init() which is invoked as a device_initcall(). Here device_initcall() is used as snp_rmptable_init() expects AMD IOMMU SNP support to be enabled prior to it and the AMD IOMMU driver enables SNP support after PCI bus enumeration. Now, if kvm_amd module is built-in, it gets initialized before SNP host support is enabled in snp_rmptable_init() : [ 10.131811] kvm_amd: TSC scaling supported [ 10.136384] kvm_amd: Nested Virtualization enabled [ 10.141734] kvm_amd: Nested Paging enabled [ 10.146304] kvm_amd: LBR virtualization supported [ 10.151557] kvm_amd: SEV enabled (ASIDs 100 - 509) [ 10.156905] kvm_amd: SEV-ES enabled (ASIDs 1 - 99) [ 10.162256] kvm_amd: SEV-SNP enabled (ASIDs 1 - 99) [ 10.171508] kvm_amd: Virtual VMLOAD VMSAVE supported [ 10.177052] kvm_amd: Virtual GIF supported ... ... [ 10.201648] kvm_amd: in svm_enable_virtualization_cpu And then svm_x86_ops->enable_virtualization_cpu() (svm_enable_virtualization_cpu) programs MSR_VM_HSAVE_PA as following: wrmsrl(MSR_VM_HSAVE_PA, sd->save_area_pa); So VM_HSAVE_PA is non-zero before SNP support is enabled on all CPUs. snp_rmptable_init() gets invoked after svm_enable_virtualization_cpu() as following : ... [ 11.256138] kvm_amd: in svm_enable_virtualization_cpu ... [ 11.264918] SEV-SNP: in snp_rmptable_init This triggers a #GP exception in snp_rmptable_init() when snp_enable() is invoked to set SNP_EN in SYSCFG MSR: [ 11.294289] unchecked MSR access error: WRMSR to 0xc0010010 (tried to write 0x0000000003fc0000) at rIP: 0xffffffffaf5d5c28 (native_write_msr+0x8/0x30) ... [ 11.294404] Call Trace: [ 11.294482] [ 11.294513] ? show_stack_regs+0x26/0x30 [ 11.294522] ? ex_handler_msr+0x10f/0x180 [ 11.294529] ? search_extable+0x2b/0x40 [ 11.294538] ? fixup_exception+0x2dd/0x340 [ 11.294542] ? exc_general_protection+0x14f/0x440 [ 11.294550] ? asm_exc_general_protection+0x2b/0x30 [ 11.294557] ? __pfx_snp_enable+0x10/0x10 [ 11.294567] ? native_write_msr+0x8/0x30 [ 11.294570] ? __snp_enable+0x5d/0x70 [ 11.294575] snp_enable+0x19/0x20 [ 11.294578] __flush_smp_call_function_queue+0x9c/0x3a0 [ 11.294586] generic_smp_call_function_single_interrupt+0x17/0x20 [ 11.294589] __sysvec_call_function+0x20/0x90 [ 11.294596] sysvec_call_function+0x80/0xb0 [ 11.294601] [ 11.294603] [ 11.294605] asm_sysvec_call_function+0x1f/0x30 ... [ 11.294631] arch_cpu_idle+0xd/0x20 [ 11.294633] default_idle_call+0x34/0xd0 [ 11.294636] do_idle+0x1f1/0x230 [ 11.294643] ? complete+0x71/0x80 [ 11.294649] cpu_startup_entry+0x30/0x40 [ 11.294652] start_secondary+0x12d/0x160 [ 11.294655] common_startup_64+0x13e/0x141 [ 11.294662] This #GP exception is getting triggered due to the following errata for AMD family 19h Models 10h-1Fh Processors: Processor may generate spurious #GP(0) Exception on WRMSR instruction: Description: The Processor will generate a spurious #GP(0) Exception on a WRMSR instruction if the following conditions are all met: - the target of the WRMSR is a SYSCFG register. - the write changes the value of SYSCFG.SNPEn from 0 to 1. - One of the threads that share the physical core has a non-zero value in the VM_HSAVE_PA MSR. The document being referred to above: https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/revision-guides/57095-PUB_1_01.pdf To summarize, with kvm_amd module being built-in, KVM/SVM initialization happens before host SNP is enabled and this SVM initialization sets VM_HSAVE_PA to non-zero, which then triggers a #GP when SYSCFG.SNPEn is being set and this will subsequently cause SNP_INIT(_EX) to fail with INVALID_CONFIG error as SYSCFG[SnpEn] is not set on all CPUs. This patch fixes the current SNP host enabling code and effectively SNP which is broken with respect to the KVM module being built-in. Essentially SNP host enabling code should be invoked before KVM initialization, which is currently not the case when KVM is built-in. With the AMD IOMMU driver patch applied which moves SNP enable check before enabling IOMMUs, snp_rmptable_init() can now be called early with subsys_initcall() which enables SNP host support before KVM initialization with kvm_amd module built-in. Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature") Signed-off-by: Ashish Kalra --- arch/x86/virt/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 1dcc027ec77e..d5dc4889c445 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -571,7 +571,7 @@ static int __init snp_rmptable_init(void) /* * This must be called after the IOMMU has been initialized. */ -device_initcall(snp_rmptable_init); +subsys_initcall(snp_rmptable_init); static void set_rmp_segment_info(unsigned int segment_shift) {