Message ID | 20220307213356.2797205-41-brijesh.singh@amd.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Guest Support | expand |
On Mon, Mar 07, 2022 at 03:33:50PM -0600, Brijesh Singh wrote: > From: Michael Roth <michael.roth@amd.com> > > For debugging purposes it is very useful to have a way to see the full > contents of the SNP CPUID table provided to a guest. Add an sev=debug > kernel command-line option to do so. > > Also introduce some infrastructure so that additional options can be > specified via sev=option1[,option2] over time in a consistent manner. > > Suggested-by: Borislav Petkov <bp@alien8.de> > Signed-off-by: Michael Roth <michael.roth@amd.com> > --- > .../admin-guide/kernel-parameters.txt | 2 + > Documentation/x86/x86_64/boot-options.rst | 14 +++++ > arch/x86/kernel/sev.c | 58 +++++++++++++++++++ > 3 files changed, 74 insertions(+) I simplified the string parsing: --- From: Michael Roth <michael.roth@amd.com> Date: Mon, 7 Mar 2022 15:33:50 -0600 Subject: [PATCH] x86/sev: Add a sev= cmdline option For debugging purposes it is very useful to have a way to see the full contents of the SNP CPUID table provided to a guest. Add an sev=debug kernel command-line option to do so. Also introduce some infrastructure so that additional options can be specified via sev=option1[,option2] over time in a consistent manner. [ bp: Massage, simplify string parsing. ] Suggested-by: Borislav Petkov <bp@alien8.de> Signed-off-by: Michael Roth <michael.roth@amd.com> Signed-off-by: Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20220307213356.2797205-41-brijesh.singh@amd.com --- .../admin-guide/kernel-parameters.txt | 2 + Documentation/x86/x86_64/boot-options.rst | 14 ++++++ arch/x86/kernel/sev.c | 44 +++++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 7123524a86b8..5f7fa7c141dc 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -5229,6 +5229,8 @@ serialnumber [BUGS=X86-32] + sev=option[,option...] [X86-64] See Documentation/x86/x86_64/boot-options.rst + shapers= [NET] Maximal number of shapers. diff --git a/Documentation/x86/x86_64/boot-options.rst b/Documentation/x86/x86_64/boot-options.rst index ccb7e86bf8d9..eaecb5d89167 100644 --- a/Documentation/x86/x86_64/boot-options.rst +++ b/Documentation/x86/x86_64/boot-options.rst @@ -317,3 +317,17 @@ Miscellaneous Do not use GB pages for kernel direct mappings. gbpages Use GB pages for kernel direct mappings. + + +AMD SEV (Secure Encrypted Virtualization) +========================================= +Options relating to AMD SEV, specified via the following format: + +:: + + sev=option1[,option2] + +The available options are: + + debug + Enable debug messages. diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c8733725d8bf..70ecc6e2f251 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -112,6 +112,13 @@ DEFINE_STATIC_KEY_FALSE(sev_es_enable_key); static DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); +struct sev_config { + __u64 debug : 1, + __reserved : 63; +}; + +static struct sev_config sev_cfg __read_mostly; + static __always_inline bool on_vc_stack(struct pt_regs *regs) { unsigned long sp = regs->sp; @@ -2042,6 +2049,23 @@ void __init snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +static void dump_cpuid_table(void) +{ + const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); + int i = 0; + + pr_info("count=%d reserved=0x%x reserved2=0x%llx\n", + cpuid_table->count, cpuid_table->__reserved1, cpuid_table->__reserved2); + + for (i = 0; i < SNP_CPUID_COUNT_MAX; i++) { + const struct snp_cpuid_fn *fn = &cpuid_table->fn[i]; + + pr_info("index=%3d fn=0x%08x subfn=0x%08x: eax=0x%08x ebx=0x%08x ecx=0x%08x edx=0x%08x xcr0_in=0x%016llx xss_in=0x%016llx reserved=0x%016llx\n", + i, fn->eax_in, fn->ecx_in, fn->eax, fn->ebx, fn->ecx, + fn->edx, fn->xcr0_in, fn->xss_in, fn->__reserved); + } +} + /* * It is useful from an auditing/testing perspective to provide an easy way * for the guest owner to know that the CPUID table has been initialized as @@ -2059,6 +2083,26 @@ static int __init report_cpuid_table(void) pr_info("Using SNP CPUID table, %d entries present.\n", cpuid_table->count); + if (sev_cfg.debug) + dump_cpuid_table(); + return 0; } arch_initcall(report_cpuid_table); + +static int __init init_sev_config(char *str) +{ + char *s; + + while ((s = strsep(&str, ","))) { + if (!strcmp(s, "debug")) { + sev_cfg.debug = true; + continue; + } + + pr_info("SEV command-line option '%s' was not recognized\n", s); + } + + return 1; +} +__setup("sev=", init_sev_config);
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f5a27f067db9..809e8adc9bb2 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -5229,6 +5229,8 @@ serialnumber [BUGS=X86-32] + sev=option[,option...] [X86-64] See Documentation/x86/x86_64/boot-options.rst + shapers= [NET] Maximal number of shapers. diff --git a/Documentation/x86/x86_64/boot-options.rst b/Documentation/x86/x86_64/boot-options.rst index 07aa0007f346..66c970117f0e 100644 --- a/Documentation/x86/x86_64/boot-options.rst +++ b/Documentation/x86/x86_64/boot-options.rst @@ -310,3 +310,17 @@ Miscellaneous Do not use GB pages for kernel direct mappings. gbpages Use GB pages for kernel direct mappings. + + +AMD SEV (Secure Encrypted Virtualization) +========================================= +Options relating to AMD SEV, specified via the following format: + +:: + + sev=option1[,option2] + +The available options are: + + debug + Enable verbose debug messages. diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c6b2e0c58255..0b70ebb6df1d 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -112,6 +112,13 @@ DEFINE_STATIC_KEY_FALSE(sev_es_enable_key); static DEFINE_PER_CPU(struct sev_es_save_area *, sev_vmsa); +struct sev_config { + __u64 debug : 1, + __reserved : 63; +}; + +static struct sev_config sev_cfg __read_mostly; + static __always_inline bool on_vc_stack(struct pt_regs *regs) { unsigned long sp = regs->sp; @@ -2045,6 +2052,23 @@ void __init snp_abort(void) sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); } +static void dump_cpuid_table(void) +{ + const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table(); + int i = 0; + + pr_info("count=%d reserved=0x%x reserved2=0x%llx\n", + cpuid_table->count, cpuid_table->__reserved1, cpuid_table->__reserved2); + + for (i = 0; i < SNP_CPUID_COUNT_MAX; i++) { + const struct snp_cpuid_fn *fn = &cpuid_table->fn[i]; + + pr_info("index=%3d fn=0x%08x subfn=0x%08x: eax=0x%08x ebx=0x%08x ecx=0x%08x edx=0x%08x xcr0_in=0x%016llx xss_in=0x%016llx reserved=0x%016llx\n", + i, fn->eax_in, fn->ecx_in, fn->eax, fn->ebx, fn->ecx, + fn->edx, fn->xcr0_in, fn->xss_in, fn->__reserved); + } +} + /* * It is useful from an auditing/testing perspective to provide an easy way * for the guest owner to know that the CPUID table has been initialized as @@ -2062,6 +2086,40 @@ static int __init report_cpuid_table(void) pr_info("Using SNP CPUID table, %d entries present.\n", cpuid_table->count); + if (sev_cfg.debug) + dump_cpuid_table(); + return 0; } arch_initcall(report_cpuid_table); + +static bool matches_option(const char *option, const char *arg, int arg_len) +{ + return strncmp(option, arg, max(arg_len, (int)strlen(option))) == 0; +} + +static int __init init_sev_config(char *str) +{ + if ((*str) == '=') + str++; + + while (*str) { + char *arg = str; + int arg_len; + + while (*str && *str != ',') + str++; + + arg_len = str - arg; + if (*str == ',') + str++; + + if (matches_option("debug", arg, arg_len)) + sev_cfg.debug = true; + else + pr_info("SEV command-line option '%.*s' was not recognized\n", arg_len, arg); + } + + return 1; +} +__setup("sev", init_sev_config);