Message ID | 20210430121616.2295-9-brijesh.singh@amd.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand |
On Fri, Apr 30, 2021 at 07:16:04AM -0500, Brijesh Singh wrote: > The sev_snp_active() helper can be used by the guest to query whether the > SNP - Secure Nested Paging feature is active. > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > arch/x86/include/asm/mem_encrypt.h | 2 ++ > arch/x86/include/asm/msr-index.h | 2 ++ > arch/x86/mm/mem_encrypt.c | 9 +++++++++ > 3 files changed, 13 insertions(+) > > diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h > index 31c4df123aa0..d99aa260d328 100644 > --- a/arch/x86/include/asm/mem_encrypt.h > +++ b/arch/x86/include/asm/mem_encrypt.h > @@ -54,6 +54,7 @@ void __init sev_es_init_vc_handling(void); > bool sme_active(void); > bool sev_active(void); > bool sev_es_active(void); > +bool sev_snp_active(void); > > #define __bss_decrypted __section(".bss..decrypted") > > @@ -79,6 +80,7 @@ static inline void sev_es_init_vc_handling(void) { } > static inline bool sme_active(void) { return false; } > static inline bool sev_active(void) { return false; } > static inline bool sev_es_active(void) { return false; } > +static inline bool sev_snp_active(void) { return false; } Uff, yet another sev-something helper. So I already had this idea: https://lore.kernel.org/kvm/20210421144402.GB5004@zn.tnic/ How about you add the sev_feature_enabled() thing which will return a boolean value depending on which SEV feature has been queried and instead of having yet another helper, do if (sev_feature_enabled(SEV_SNP)) or so? I.e., just add the facility and the SNP bit - we will convert the rest in time. So that we can redesign this cleanly... Thx.
On 5/18/21 1:11 PM, Borislav Petkov wrote: > On Fri, Apr 30, 2021 at 07:16:04AM -0500, Brijesh Singh wrote: >> The sev_snp_active() helper can be used by the guest to query whether the >> SNP - Secure Nested Paging feature is active. >> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> arch/x86/include/asm/mem_encrypt.h | 2 ++ >> arch/x86/include/asm/msr-index.h | 2 ++ >> arch/x86/mm/mem_encrypt.c | 9 +++++++++ >> 3 files changed, 13 insertions(+) >> >> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h >> index 31c4df123aa0..d99aa260d328 100644 >> --- a/arch/x86/include/asm/mem_encrypt.h >> +++ b/arch/x86/include/asm/mem_encrypt.h >> @@ -54,6 +54,7 @@ void __init sev_es_init_vc_handling(void); >> bool sme_active(void); >> bool sev_active(void); >> bool sev_es_active(void); >> +bool sev_snp_active(void); >> >> #define __bss_decrypted __section(".bss..decrypted") >> >> @@ -79,6 +80,7 @@ static inline void sev_es_init_vc_handling(void) { } >> static inline bool sme_active(void) { return false; } >> static inline bool sev_active(void) { return false; } >> static inline bool sev_es_active(void) { return false; } >> +static inline bool sev_snp_active(void) { return false; } > Uff, yet another sev-something helper. So I already had this idea: > > https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flore.kernel.org%2Fkvm%2F20210421144402.GB5004%40zn.tnic%2F&data=04%7C01%7Cbrijesh.singh%40amd.com%7C363870693b07482681da08d91a284ce4%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637569582675957160%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Ebk6MT2jKDfyPwwzYb3D5%2BGopUU3VWudgeAUxcsc74c%3D&reserved=0 > > How about you add the sev_feature_enabled() thing > > which will return a boolean value depending on which SEV feature has > been queried and instead of having yet another helper, do > > if (sev_feature_enabled(SEV_SNP)) > > or so? Sure, I will introduce it in next rev. > I.e., just add the facility and the SNP bit - we will convert the rest > in time. > > So that we can redesign this cleanly... > > Thx. >
diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h index 31c4df123aa0..d99aa260d328 100644 --- a/arch/x86/include/asm/mem_encrypt.h +++ b/arch/x86/include/asm/mem_encrypt.h @@ -54,6 +54,7 @@ void __init sev_es_init_vc_handling(void); bool sme_active(void); bool sev_active(void); bool sev_es_active(void); +bool sev_snp_active(void); #define __bss_decrypted __section(".bss..decrypted") @@ -79,6 +80,7 @@ static inline void sev_es_init_vc_handling(void) { } static inline bool sme_active(void) { return false; } static inline bool sev_active(void) { return false; } static inline bool sev_es_active(void) { return false; } +static inline bool sev_snp_active(void) { return false; } static inline int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size) { return 0; } diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 211ba3375ee9..69ce50fa3565 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -481,8 +481,10 @@ #define MSR_AMD64_SEV 0xc0010131 #define MSR_AMD64_SEV_ENABLED_BIT 0 #define MSR_AMD64_SEV_ES_ENABLED_BIT 1 +#define MSR_AMD64_SEV_SNP_ENABLED_BIT 2 #define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT) #define MSR_AMD64_SEV_ES_ENABLED BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT) +#define MSR_AMD64_SEV_SNP_ENABLED BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT) #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index f633f9e23b8f..076d993acba3 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -391,6 +391,11 @@ bool noinstr sev_es_active(void) return sev_status & MSR_AMD64_SEV_ES_ENABLED; } +bool sev_snp_active(void) +{ + return sev_status & MSR_AMD64_SEV_SNP_ENABLED; +} + /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ bool force_dma_unencrypted(struct device *dev) { @@ -463,6 +468,10 @@ static void print_mem_encrypt_feature_info(void) if (sev_es_active()) pr_cont(" SEV-ES"); + /* Secure Nested Paging */ + if (sev_snp_active()) + pr_cont(" SEV-SNP"); + pr_cont("\n"); }
The sev_snp_active() helper can be used by the guest to query whether the SNP - Secure Nested Paging feature is active. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- arch/x86/include/asm/mem_encrypt.h | 2 ++ arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/mm/mem_encrypt.c | 9 +++++++++ 3 files changed, 13 insertions(+)