Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp368441lqh; Thu, 28 Mar 2024 04:51:31 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWEKu0NkiB1Bb4NOBFYRq/BCTyHtDUIQbEyOPgHHcgmID6R3uJw/4XAI9HXjuABI3VXdJcwvsLvOKAL3zwemwZw/0NCvM+akxIikwvkmQ== X-Google-Smtp-Source: AGHT+IEH+3mMRmL6HcCdivAyuxtIB9KaWqsllW/edWU6t1eUtEMg43J7GXsc5ArTx9eSD+TUYWog X-Received: by 2002:a0c:e8cb:0:b0:696:b00e:5c34 with SMTP id m11-20020a0ce8cb000000b00696b00e5c34mr2217756qvo.31.1711626691399; Thu, 28 Mar 2024 04:51:31 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711626691; cv=pass; d=google.com; s=arc-20160816; b=iFeyOljRk9LnKMJtyF/6GjdZxW8i1qS5S2KPOHegMP9t1AEJ5+0sPwnrDWJmssdMD5 xWzoy7zkq4YLBvmmX0hF1m36DId0MLfHtitpFCWfva9AuKPy9ogZN42VCmIUxeQG9x7J xoEMJh6Vwz87BZPTp1lVku04P67wOgAp/0R2qGaUH/+dE/KHgcZ4R7YFCeUpuRskBnKk YI11zbqayxFtLbQemqDSlNMLJkuNlp8gw7oMvPgUCqEW5ZsXM0eSKuheDBI8EE44rHFp sCL9XWOXlIowBQwRC/hQhGcU64WMzoPkmbxUrsDv+mrvvyXINyieR+Enb6kKed+mF60X FC8Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=EQj1f3YmM4oHN7Og4pfPO34QJHC8rf9eB1kPh7mDNtY=; fh=hLcxBq3ooeYdiu9lp8DhPm2weyi1Sgq7eKFEbPH9Ytc=; b=GfypwJcSZYU3TGGWnvijVx4St0nGtl/BM2JcoSIPimNbjdbfg3SEjvUYuPghFAcKS0 CO9SegOs4JZz+vI2o3Wr69UIYqEBHuK5r4gWj3FWl3XV1F7uh7vr/YPKxJUKkMAyCfzf OEla6wxACaGO+d6V27uo2dF6OuWfftfG7T+jqMXm6OJ5ENFswZw4M4Cl6RLgPVses/X3 vHuenpuSJlOeZp5dgn8Sknw7vk0zb5I5lglXfytObESLAdv453qo7NT2OEyZw8VZUz5b ZmtipoSf22gaq/BJBjSBzTgZHW6etFFGqBxluiAwGaidlGokzvtDq65gytRmUBTJk8ZD dJAw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=eoPQlc2s; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-122848-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122848-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id du9-20020a05621409a900b006911f7904d3si1234292qvb.587.2024.03.28.04.51.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 04:51:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-122848-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=eoPQlc2s; arc=pass (i=1 spf=pass spfdomain=linux.microsoft.com dkim=pass dkdomain=linux.microsoft.com dmarc=pass fromdomain=linux.microsoft.com); spf=pass (google.com: domain of linux-kernel+bounces-122848-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-122848-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 1542F1C2868B for ; Thu, 28 Mar 2024 11:51:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BF7767E788; Thu, 28 Mar 2024 11:51:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="eoPQlc2s" Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6724652F6D; Thu, 28 Mar 2024 11:51:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711626681; cv=none; b=Pc5wYwz71qY4Jirc+lsHCM8oZX9RU/CjoOXlUyS9yMBGQ8Tpew5RNdVmrXKLhYoM8tbAeJvFVGTlYh9nvjVh/Ke+cNp4osbD/cC58+jKyKigjkbe7ywr78AQ+9t59aOyQ//lt6UMH9bR+xeCrJ/yhbGZI0O9Pu1F6viBigWQqiU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711626681; c=relaxed/simple; bh=VRWpZuzTi9BB9aD9AW0vWrU/mW+SthyAngwyb6SSFYI=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=I7/60LqDRIE0hj4GdKWTMWNBlWKXAu68Zqivk5BLc7lTGl0/BbZqyqXIVbx9txM8nwdEnAWsz2ksbJP27/9eV4ZPhOMVgn99MGBh0S9ZiAnq07iMdc3dDa6IExQJ5UTuRxQpxIJQCazjkaf5gQIYqvnESRqchMtzoFcT9sQb+mk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=eoPQlc2s; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Received: from [100.66.160.44] (unknown [108.143.43.187]) by linux.microsoft.com (Postfix) with ESMTPSA id 2F24D20E65E2; Thu, 28 Mar 2024 04:51:18 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2F24D20E65E2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1711626679; bh=EQj1f3YmM4oHN7Og4pfPO34QJHC8rf9eB1kPh7mDNtY=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=eoPQlc2s2nL3pKGB5SoHSgVaolp+ObpGgJThP7ADHQPROshOuJiM+w5mrfkDUBueq XbmLO/KjRNVCKq9JrZCcDEnN1MX4FBY8xJQgYsfcDcq02ccFZ6fkYQy0kFvQ6iXVEu nmfGEQxAGCq4JNhX+8cnTE64+2XOPVXEdPdd3qYc= Message-ID: Date: Thu, 28 Mar 2024 12:51:17 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH 5/5] x86/CPU/AMD: Track SNP host status with cc_platform_*() To: Borislav Petkov , X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky References: <20240327154317.29909-1-bp@alien8.de> <20240327154317.29909-6-bp@alien8.de> Content-Language: en-CA From: Jeremi Piotrowski In-Reply-To: <20240327154317.29909-6-bp@alien8.de> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 27/03/2024 16:43, Borislav Petkov wrote: > From: "Borislav Petkov (AMD)" > > The host SNP worthiness can determined later, after alternatives have > been patched, in snp_rmptable_init() depending on cmdline options like > iommu=pt which is incompatible with SNP, for example. > > Which means that one cannot use X86_FEATURE_SEV_SNP and will need to > have a special flag for that control. > > Use that newly added CC_ATTR_HOST_SEV_SNP in the appropriate places. > > Move kdump_sev_callback() to its rightfull place, while at it. > > Signed-off-by: Borislav Petkov (AMD) > --- > arch/x86/include/asm/sev.h | 4 ++-- > arch/x86/kernel/cpu/amd.c | 38 ++++++++++++++++++------------ > arch/x86/kernel/cpu/mtrr/generic.c | 2 +- > arch/x86/kernel/sev.c | 10 -------- > arch/x86/kvm/svm/sev.c | 2 +- > arch/x86/virt/svm/sev.c | 26 +++++++++++++------- > drivers/crypto/ccp/sev-dev.c | 2 +- > drivers/iommu/amd/init.c | 4 +++- > 8 files changed, 49 insertions(+), 39 deletions(-) > > diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h > index 9477b4053bce..780182cda3ab 100644 > --- a/arch/x86/include/asm/sev.h > +++ b/arch/x86/include/asm/sev.h > @@ -228,7 +228,6 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn > void snp_accept_memory(phys_addr_t start, phys_addr_t end); > u64 snp_get_unsupported_features(u64 status); > u64 sev_get_status(void); > -void kdump_sev_callback(void); > void sev_show_status(void); > #else > static inline void sev_es_ist_enter(struct pt_regs *regs) { } > @@ -258,7 +257,6 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in > static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } > static inline u64 snp_get_unsupported_features(u64 status) { return 0; } > static inline u64 sev_get_status(void) { return 0; } > -static inline void kdump_sev_callback(void) { } > static inline void sev_show_status(void) { } > #endif > > @@ -270,6 +268,7 @@ int psmash(u64 pfn); > int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); > int rmp_make_shared(u64 pfn, enum pg_level level); > void snp_leak_pages(u64 pfn, unsigned int npages); > +void kdump_sev_callback(void); > #else > static inline bool snp_probe_rmptable_info(void) { return false; } > static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } > @@ -282,6 +281,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as > } > static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } > static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} > +static inline void kdump_sev_callback(void) { } > #endif > > #endif > diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c > index 6d8677e80ddb..9bf17c9c29da 100644 > --- a/arch/x86/kernel/cpu/amd.c > +++ b/arch/x86/kernel/cpu/amd.c > @@ -345,6 +345,28 @@ static void srat_detect_node(struct cpuinfo_x86 *c) > #endif > } > > +static void bsp_determine_snp(struct cpuinfo_x86 *c) > +{ > +#ifdef CONFIG_ARCH_HAS_CC_PLATFORM > + cc_vendor = CC_VENDOR_AMD; Shouldn't this line be inside the cpu_has(c, X86_FEATURE_SEV_SNP) check? > + > + if (cpu_has(c, X86_FEATURE_SEV_SNP)) { > + /* > + * RMP table entry format is not architectural and is defined by the > + * per-processor PPR. Restrict SNP support on the known CPU models > + * for which the RMP table entry format is currently defined for. > + */> + if (!cpu_has(c, X86_FEATURE_HYPERVISOR) && How about turning this into a more specific check: if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP) && Thanks, Jeremi > + c->x86 >= 0x19 && snp_probe_rmptable_info()) { > + cc_platform_set(CC_ATTR_HOST_SEV_SNP); > + } else { > + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); > + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); > + } > + } > +#endif > +} > + > static void bsp_init_amd(struct cpuinfo_x86 *c) > { > if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { > @@ -452,21 +474,7 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) > break; > } > > - if (cpu_has(c, X86_FEATURE_SEV_SNP)) { > - /* > - * RMP table entry format is not architectural and it can vary by processor > - * and is defined by the per-processor PPR. Restrict SNP support on the > - * known CPU model and family for which the RMP table entry format is > - * currently defined for. > - */ > - if (!boot_cpu_has(X86_FEATURE_ZEN3) && > - !boot_cpu_has(X86_FEATURE_ZEN4) && > - !boot_cpu_has(X86_FEATURE_ZEN5)) > - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); > - else if (!snp_probe_rmptable_info()) > - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); > - } > - > + bsp_determine_snp(c); > return; > > warn: