bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 14:53:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'x86_sev_for_v7.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Browse Source 
Pull x86 SEV updates from Borislav Petkov:

 - Change the SEV host code handling of when SNP gets enabled in order
   to allow the machine to claim SNP-related resources only when SNP
   guests are really going to be launched. The user requests this by
   loading the ccp module and thus it controls when SNP initialization
   is done

   So export an API which module code can call and do the necessary SNP
   setup only when really needed

 - Drop an unnecessary write-back and invalidate operation that was
   being performed too early, since the ccp driver already issues its
   own at the correct point in the initialization sequence

 - Drop the hotplug callbacks for enabling SNP on newly onlined CPUs,
   which were both architecturally unsound (the firmware rejects
   initialization if any CPU lacks the required configuration) and buggy
   (the MFDM SYSCFG MSR bit was not being set)

 - Code refactoring and cleanups to accomplish the above

* tag 'x86_sev_for_v7.1_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  crypto/ccp: Update HV_FIXED page states to allow freeing of memory
  crypto/ccp: Implement SNP x86 shutdown
  x86/sev, crypto/ccp: Move HSAVE_PA setup to arch/x86/
  x86/sev, crypto/ccp: Move SNP init to ccp driver
  x86/sev: Create snp_shutdown()
  x86/sev: Create snp_prepare()
  x86/sev: Create a function to clear/zero the RMP
  x86/sev: Rename SNP_FEATURES_PRESENT to SNP_FEATURES_IMPL
  x86/virt/sev: Keep the RMP table bookkeeping area mapped
  x86/virt/sev: Drop WBINVD before setting MSR_AMD64_SYSCFG_SNP_EN
  x86/virt/sev: Drop support for SNP hotplug
This commit is contained in:
Linus Torvalds
2026-04-14 15:20:54 -07:00
parent 970216e023 c3aa64ab6a
commit 60b8d4d492
5 changed files with 144 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
drivers/crypto/ccp/sev-dev.c
View File

@@ -1076,11 +1076,6 @@ static inline int __sev_do_init_locked(int *psp_ret)
return __sev_init_locked(psp_ret);
}
static void snp_set_hsave_pa(void *arg)
{
wrmsrq(MSR_VM_HSAVE_PA, 0);
}
/* Hypervisor Fixed pages API interface */
static void snp_hv_fixed_pages_state_update(struct sev_device *sev,
enum snp_hv_fixed_pages_state page_state)
@@ -1224,7 +1219,7 @@ static void snp_add_hv_fixed_pages(struct sev_device *sev, struct sev_data_range
static void snp_leak_hv_fixed_pages(void)
{
struct snp_hv_fixed_pages_entry *entry;
struct snp_hv_fixed_pages_entry *entry, *nentry;
/* List is protected by sev_cmd_mutex */
lockdep_assert_held(&sev_cmd_mutex);
@@ -1232,10 +1227,16 @@ static void snp_leak_hv_fixed_pages(void)
if (list_empty(&snp_hv_fixed_pages))
return;
list_for_each_entry(entry, &snp_hv_fixed_pages, list)
if (entry->page_state == HV_FIXED)
list_for_each_entry_safe(entry, nentry, &snp_hv_fixed_pages, list) {
if (entry->free && entry->page_state != HV_FIXED)
__free_pages(entry->page, entry->order);
else
__snp_leak_pages(page_to_pfn(entry->page),
1 << entry->order, false);
list_del(&entry->list);
kfree(entry);
}
}
bool sev_is_snp_ciphertext_hiding_supported(void)
@@ -1373,8 +1374,7 @@ static int __sev_snp_init_locked(int *error, unsigned int max_snp_asid)
return -EOPNOTSUPP;
}
/* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */
on_each_cpu(snp_set_hsave_pa, NULL, 1);
snp_prepare();
/*
* Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list
@@ -2045,6 +2045,8 @@ static int __sev_snp_shutdown_locked(int *error, bool panic)
memset(&data, 0, sizeof(data));
data.len = sizeof(data);
data.iommu_snp_shutdown = 1;
if (sev->snp_feat_info_0.ecx & SNP_X86_SHUTDOWN_SUPPORTED)
data.x86_snp_shutdown = 1;
/*
* If invoked during panic handling, local interrupts are disabled
@@ -2078,23 +2080,29 @@ static int __sev_snp_shutdown_locked(int *error, bool panic)
return ret;
}
/*
* SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP
* enforcement by the IOMMU and also transitions all pages
* associated with the IOMMU to the Reclaim state.
* Firmware was transitioning the IOMMU pages to Hypervisor state
* before version 1.53. But, accounting for the number of assigned
* 4kB pages in a 2M page was done incorrectly by not transitioning
* to the Reclaim state. This resulted in RMP #PF when later accessing
* the 2M page containing those pages during kexec boot. Hence, the
* firmware now transitions these pages to Reclaim state and hypervisor
* needs to transition these pages to shared state. SNP Firmware
* version 1.53 and above are needed for kexec boot.
*/
ret = amd_iommu_snp_disable();
if (ret) {
dev_err(sev->dev, "SNP IOMMU shutdown failed\n");
return ret;
if (data.x86_snp_shutdown) {
if (!panic)
snp_shutdown();
snp_hv_fixed_pages_state_update(sev, ALLOCATED);
} else {
/*
* SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP
* enforcement by the IOMMU and also transitions all pages
* associated with the IOMMU to the Reclaim state.
* Firmware was transitioning the IOMMU pages to Hypervisor state
* before version 1.53. But, accounting for the number of assigned
* 4kB pages in a 2M page was done incorrectly by not transitioning
* to the Reclaim state. This resulted in RMP #PF when later accessing
* the 2M page containing those pages during kexec boot. Hence, the
* firmware now transitions these pages to Reclaim state and hypervisor
* needs to transition these pages to shared state. SNP Firmware
* version 1.53 and above are needed for kexec boot.
*/
ret = amd_iommu_snp_disable();
if (ret) {
dev_err(sev->dev, "SNP IOMMU shutdown failed\n");
return ret;
}
}
snp_leak_hv_fixed_pages();