Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <1cadca0d-c3dc-68ed-075f-f88ccb0ccc0a@amd.com>
Date:   Mon, 13 Jun 2022 23:15:03 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [PATCH Part2 v5 23/45] KVM: SVM: Add KVM_SNP_INIT command
Content-Language: en-US
To:     Alper Gun <alpergun@google.com>,
        Brijesh Singh <brijesh.singh@amd.com>, Ashish.Kalra@amd.com
Cc:     x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        linux-coco@lists.linux.dev, linux-mm@kvack.org,
        linux-crypto@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Borislav Petkov <bp@alien8.de>,
        Michael Roth <michael.roth@amd.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Kirill A . Shutemov" <kirill@shutemov.name>,
        Andi Kleen <ak@linux.intel.com>, tony.luck@intel.com,
        Marc Orr <marcorr@google.com>,
        sathyanarayanan.kuppuswamy@linux.intel.com,
        Pavan Kumar Paluri <papaluri@amd.com>
References: <20210820155918.7518-1-brijesh.singh@amd.com>
 <20210820155918.7518-24-brijesh.singh@amd.com>
 <CABpDEukdrEbXjOF_QuZqUMQndYx=zVM4s2o-oN_wb2L_HCrONg@mail.gmail.com>
From:   Ashish Kalra <ashkalra@amd.com>
In-Reply-To: <CABpDEukdrEbXjOF_QuZqUMQndYx=zVM4s2o-oN_wb2L_HCrONg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?SlZ6aWMyOXUwNHcraU1FKzdSZGc4Ty9vcWl3eENTODMreHpGMGYzbkdPTHFI?=
 =?utf-8?B?NlgrYWs0WDhPR09jZGR0ZUFQMnNJSXNyKzV0Wll0TlVaeThMMmFhN3R5dEJn?=
 =?utf-8?B?U3hLeDl0WCtEdCtVNlJ0U0lOc25rR3lDUnduaDVHVFFyZGdtNzh6ZFFtajJr?=
 =?utf-8?B?eTQ5MU5NcUVwTXkzbVhFZGxrTEV0RFpaYTRTaVFEZmZqWnd3L2pmMTYxOVhp?=
 =?utf-8?B?aHJLaWxCb0xpeFFuSWxDU0xhY1BUaERVK3VSVXNtSGNFQ0pCSHdIM2FFL203?=
 =?utf-8?B?ZUhoUC9MME9ZSm5HbE9yeEF1R0Qxa0JHWHhPWEFTYTNLOWxqRlViVHdaZzV2?=
 =?utf-8?B?L211RkdmZk1yNnpPMlhka081MDgyZmc5eUtBbDBWTGVxdTNxSGtqd0M0YUUx?=
 =?utf-8?B?U2d6R0lxQUowdGVZWVN4b2ovNEpkZFNTNmdOamExandKZG1RRmxQdlEvc3U1?=
 =?utf-8?B?cnFBSGxGaktmUCtOS0FPWnVBekpzdE5nK2licXErUUNBWnJJcGdybFpvTnpx?=
 =?utf-8?B?TzJkaU5CK3ppQVc5UGdkL1BHRHNrb3UwSERPL3lTeDd4ZjRnOFB6dGc2cWN1?=
 =?utf-8?B?OGl0TXZBU1lpMEI2YzFMMDByT1BkQnNsazRqWGc0M0RFalNwVVN3TEFNYzQ3?=
 =?utf-8?B?TmF1QXpVQlZxYmxCbEdESnh2MXd4b25wWVR4azl6b3NMb3RRa0lzOXlUd2V2?=
 =?utf-8?B?RW9KZHM5SHBkbWNTR2tiekpjUzZmdkU5eTZMdkJ1SHZ2TjBNbHh0VTJHY0lL?=
 =?utf-8?B?Z2RyNlorNEFUVzFEMHlxOW5mL0lGOCtHMnlzNkl4WEF6S3prdkhsaGhYSktC?=
 =?utf-8?B?YUttQzdjQmlXTUNmNksxdGtBTVZPanNSU05QWStaaXhqZFdCNlJ3R2NRVnZ0?=
 =?utf-8?B?SXlxRk9uQXJ5aE41RlVkeEo4aDFUUTA2cWd6dGo1cEovYjR5MnordWlWSlo0?=
 =?utf-8?B?MnA4K3o2M2dEMnVuSm9yYTJycEFsQzVieHY0MnN6NUN4eG1NdnFnWWtweW5B?=
 =?utf-8?B?QVliY1kyNjFveUNvOW5QMkN1dGRGQm93NHlXcW0yNnRrZnk5ODFoK0tXeURp?=
 =?utf-8?B?dHhKK0ozMC9GQVZUQVM0NmhpdDJhcnhQWVgwL2FWME5OQkNTNVIyZG5DNmlV?=
 =?utf-8?B?UnZUNHNSWUxXdWJMN0cvK3c5QXZxUjQrY0p4aXB0Q2xnTFo2K3NuSG1ENW45?=
 =?utf-8?B?cWp0RVVUL3JSbkczQ1VMVFNJd0YxTy9NaHpFNnAweFhTbzJNL2dTK0FUL2p5?=
 =?utf-8?B?TzZINjhOb3p6bFNDTTdSNDBZNzJuRnQrSWVsQXhBdWxLZC94NDhmT1RhQzR3?=
 =?utf-8?B?eVFBN2xtNHdnMm1jRGNMeDU1TVRCRjJHN0l1czI4eVhEdDRlV1E5QVJpY2FX?=
 =?utf-8?B?dTBwS2g5S1pZRXc0ZjFFa1p3dUxTcWlTSmp1QXpWcFk1cUdMdytaSGZnaWVq?=
 =?utf-8?B?Nm1RVDRaK0k4WEI0OTgwTmVrMmZ1NW9BU24vSmw2QTl3NUZjRFVlTjhaUVU0?=
 =?utf-8?B?RklhWWFrWWFSNk1yZlFPRDhqOXA0WEdIMmdqaUtNK2NWcmZMK2pYRlNBV0FX?=
 =?utf-8?B?Z0U1V0I0a2lmME9vZHFHT0txMDBtRU1sZTdESStmUjVnQWJtYU5Fc2I3SDF4?=
 =?utf-8?B?dVRiU09qYytNRkFIY00wai9Mdjg0ZzdoOFI2cm9tOE43WC9KMFVjMlVkNVZH?=
 =?utf-8?B?M1c5R1puSmRHYWRvZjdYRGoxQlkxTmJaVTBiTHdxUjhqbmQ4bDRMY3JmSTVK?=
 =?utf-8?B?S01HN3J5MGlnYWRvVlFIMVNzNmRXWmtscDJNK05ZcDJjZ25MckIwNklOdzVq?=
 =?utf-8?B?Y2Z5SGMvWjNjTWVkYjVLUWxTV0lQamtiaXpOWERUTFQzbGhjN2Jhcnk0cWp1?=
 =?utf-8?B?dWx2ZUxUS0xXSkxXMkxUNWptWlBQSFRNYThtN29FM3YyRmFnSlhRaXpFZFVD?=
 =?utf-8?B?K0Yyc2djKzNJdXBKSktqOWVMbFhjVUpodU5zK3pWS0ZjV0pxc2F3enE1a2N5?=
 =?utf-8?B?NmRoVVRCLzBkanBhM25aSzhsZU9LK1loaS9uenJmVWV2OWQyUGVyYVBMN1ZQ?=
 =?utf-8?B?TldCZFBIZFdmWHRkZ3dBZGxwK0NpMFRiMmQrSXg2TE1kUUxDc1FnUFE2YXpD?=
 =?utf-8?B?WXFlQ3hxR2UycUQya3N1Zk5BTFN1VHRQdG92VzE4aTVVSzlMUDBXYzVEWUI4?=
 =?utf-8?B?bHNMNTBYYmZNVnpQRVg3SzM4dEl6Y1pndVFqRjE5U0NTUWxhbkJkdXFsTnhH?=
 =?utf-8?B?MTc5TXdEMFpJZW1zYWkzUC9ja2g5R2NaVjJqSVlldTNGajExQ3RUaUFOSVhR?=
 =?utf-8?B?Z1FOQ0FpMGc2b1poN1FtajAwTUxQT0Z5TFlVajBPMm43OEh0ZlMrdz09?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c437d3c1-02d1-4ea1-8570-08da4d928f19
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jun 2022 23:15:08.9443
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fJKxti27ZlYSgcywgjW20wcBGirhr7M4xeVFETh3qdBukOwZgf35yB++E2PTDAUC6j+wm8FlqWBY2mp6aWmaIw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR12MB3059
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hello Alper,

On 6/13/22 20:58, Alper Gun wrote:
> static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
>>   {
>> +       bool es_active = (argp->id == KVM_SEV_ES_INIT || argp->id == KVM_SEV_SNP_INIT);
>>          struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> -       bool es_active = argp->id == KVM_SEV_ES_INIT;
>> +       bool snp_active = argp->id == KVM_SEV_SNP_INIT;
>>          int asid, ret;
>>
>>          if (kvm->created_vcpus)
>> @@ -249,12 +269,22 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
>>                  return ret;
>>
>>          sev->es_active = es_active;
>> +       sev->snp_active = snp_active;
>>          asid = sev_asid_new(sev);
>>          if (asid < 0)
>>                  goto e_no_asid;
>>          sev->asid = asid;
>>
>> -       ret = sev_platform_init(&argp->error);
>> +       if (snp_active) {
>> +               ret = verify_snp_init_flags(kvm, argp);
>> +               if (ret)
>> +                       goto e_free;
>> +
>> +               ret = sev_snp_init(&argp->error);
>> +       } else {
>> +               ret = sev_platform_init(&argp->error);
> After SEV INIT_EX support patches, SEV may be initialized in the platform late.
> In my tests, if SEV has not been initialized in the platform yet, SNP
> VMs fail with SEV_DF_FLUSH required error. I tried calling
> SEV_DF_FLUSH right after the SNP platform init but this time it failed
> later on the SNP launch update command with SEV_RET_INVALID_PARAM
> error. Looks like there is another dependency on SEV platform
> initialization.
>
> Calling sev_platform_init for SNP VMs fixes the problem in our tests.

Trying to get some more context for this issue.

When you say after SEV_INIT_EX support patches, SEV may be initialized 
in the platform late, do you mean sev_pci_init()->sev_snp_init() ... 
sev_platform_init() code path has still not executed on the host BSP ?

Before launching the first SNP/SEV guest launch after INIT, we need to 
issue SEV_CMD_DF_FLUSH command.

I assume that we will always be initially doing SNP firmware 
initialization with SNP_INIT command followed by sev_platform_init(), if 
SNP is enabled on boot CPU.

Thanks, Ashish