From patchwork Wed Mar 27 15:43:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 13606860 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A09BC12FF93; Wed, 27 Mar 2024 15:43:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554235; cv=none; b=StM7r2492W5zZ3ckVxJdrY+1GynNv40RAcWUj+kwEtUHmcC2z0ePeazbrxsTlWwfh8Qso51S/DHwvxrnXjkr4oEjdwbMKlFZeL/dNvUwqwrIbrsIaCGzQ6kXh27sC6O60+XScm0s6VFlfqtOfU2xi+miIu4vMe2cLUqg03pbp6w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554235; c=relaxed/simple; bh=KPfUWJQyZW2bCdqaMrNIY6ngoo0Dhq6iciPb0rjmCPE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=vEVjjPU1HyJlz20FUEbMmKMSWWSmNMXBj6icXs56lofNy5gZKnj8V3lEwv3FXgyUB+YBHKR3prk2MOqhbOvL/CzbZ6vTU835r8k1366g4G/Sji0gh0gaQBwFWSQ6qAXgywXbJSZhknrqijrZCqX9bEvH0Cu1Zz/7QI8rZ5toppY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=fail (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=jc59lUDr reason="signature verification failed"; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="jc59lUDr" Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 622A340E02A6; Wed, 27 Mar 2024 15:43:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SvYh-JZ9w_kP; Wed, 27 Mar 2024 15:43:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1711554221; bh=9+bM4s99ZaYsSepq5xH3Z7iP2Cx0eYjP06s88fa4x+k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jc59lUDrfs3r1+A8xZDGG1/saR8DBogIHOpKjcAukHqKnHSSmGTGI6r30cOEu6sIO 8C307fQkklozrD7EZacEYdUkKGHyw8KluBXsEZVY1dG84FKtXEpvYgjwkoRNREkd+a dIWVBs6zdedScc+rtGMqwoT2eMrUKeoEDeglqJl3Pl7Xd7mmPdCsxeR8FNvu0P//uz XBT8zGsUX2rG3aJw9Olo2i1gICLr+ue+vbTLe/yicYx8A5P0XjdZHj+9ezPciZa91H EgORf09oQtsfesv3v6sDHIss1p/KfCCEvfEarBUZJNlB27bIE69eUhFJo9D6z/0C07 /SeykjpdAFyJvT7UmSqq5d/nB9wpR3xiHDYJgFmIFSeMFJlCK0WGSh7iWNl6lmQduA FoqOL9M17TbvswUuiJ3zUBqF/14iAU9+4Ng4E7wduijdpo9E/zAmscbzNNF8PKkv8P QkGS1zrkLiDj1ocmkTepCeWAFbex1cOrh/ZMAS5IS0t7HuWDlTUxXLRPjTHZkNLONb xMCiVRvr9xezbbBvDVGTQgyBR44cUy3JOKqR3Q+ljPxqfn2UHB0w7nbYB0/7xFkwww WS2fP5CJdl0roSTXVVTmf7dZ/6PkaFqaDsHuYr1QkGrbIoiXBk612McOAUWmXTHf02 uPo1Jwb802Zwel4jvqDFZ8oA= Received: from zn.tnic (p5de8ecf7.dip0.t-ipconnect.de [93.232.236.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C90A540E0028; Wed, 27 Mar 2024 15:43:34 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky Subject: [PATCH 1/5] x86/alternatives: Remove a superfluous newline in _static_cpu_has() Date: Wed, 27 Mar 2024 16:43:13 +0100 Message-ID: <20240327154317.29909-2-bp@alien8.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240327154317.29909-1-bp@alien8.de> References: <20240327154317.29909-1-bp@alien8.de> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Borislav Petkov (AMD)" No functional changes. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/include/asm/cpufeature.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h index a1273698fc43..1ef620d508f4 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -168,8 +168,7 @@ extern void clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit); */ static __always_inline bool _static_cpu_has(u16 bit) { - asm goto( - ALTERNATIVE_TERNARY("jmp 6f", %P[feature], "", "jmp %l[t_no]") + asm goto(ALTERNATIVE_TERNARY("jmp 6f", %P[feature], "", "jmp %l[t_no]") ".pushsection .altinstr_aux,\"ax\"\n" "6:\n" " testb %[bitnum]," _ASM_RIP(%P[cap_byte]) "\n" From patchwork Wed Mar 27 15:43:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 13606861 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1DD913118D; Wed, 27 Mar 2024 15:43:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554240; cv=none; b=gyUSWLWQefh49LsO62RZ4aTLWBHV0uLIdkNDc7bHYcuCcLFpJN9LnSwUBZwwxWSqeX47va+SHabPrSoG4ZQuu0DeTGxtpBb8KBBLowSC3RHw6kB67a/a9F9uRLDmFh42JZegp4542D0hYoYY8i6ge3KRWkBA+2TN5PHnoiqY7fI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554240; c=relaxed/simple; bh=TBvqd4ujGjrA+OEG0n+syO68Cgjq1l9a/go8qjYx8ks=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uUvXglZ1OpqdgtoX+gp5Qej+UUImQn0IiDJtuymjuxCHWhZsI0Nc0rNpY3onnctv0ZRojmXaKEY0gWCdrlv47GRJotoVyAS/m9iURodE3Q8+SKR5K+Cz3hdj+WHwKI1ri4RDQth479yzfBK2qPYgoszo4r4Ev/kahA4BHp3XMic= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=fail (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=NW/3Jlhd reason="signature verification failed"; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="NW/3Jlhd" Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id DA3DB40E02A8; Wed, 27 Mar 2024 15:43:55 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EGYJW5CSriZ3; Wed, 27 Mar 2024 15:43:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1711554231; bh=bYojYaz3Qt0yOaxbHdC8/dOtftdqSFONlreqd9GBVqE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NW/3JlhdOPRTaKedcmBt9i6WTUS1ebSXGGgQOxu7MNK0FuJ7mujCBXPO/Sr3mhaHJ dBucxNkc5Xz7x/Qys/A4C4n2HSUEnhM/P0niLZDzyGq2/DcSlxe2XH0V+qoTs6trgh nxw+WEOOiR99SnMYXAyu2xfpinVuNaN3A4UPUYqnoKo2cmU1NI+y2Ck/ycL8QHDxnp TkEzsANFpxzclstlURZOV7Itn6ACnvKROY4kXdHJgWercHldVLmiE2FJNytrrULj87 a04Z/tGOqW55PwihKqDIq8dKSwOObD6/ilABk61PRIhEmQ0q256dvOTus4Yyyf5wA1 95bXmLW/393EwMJZOeT+uncG7W28mn+lEx6OvNQU7NnVIyB1WAwhjETAC+W1uzQypK 7Ensy5qVEH7Ui6vKG72O4h4lUIWmXSu7Vvl6VPiCdrotc+AlG7cgr1EWfqCb+ybzZg Li7GxDEY8upYKCABAphGi7ncNVrU5dPrbiZgeSnNaW3iSl4Ih8LUPZP2J2P9tDbFDY F6flNCDFxBtOgpDoe17dXJOl/6WtNWwJKulRRvm1TYyltdrwhYj1FffgE9u7j+TKME Fun30Wl3JTe08Bl+PzOqwdChj9G8APGu26fo4EtGGwFubIDPMNghqBhExHcLIt0Zhk unWwzKhm3wT0+EXw2bHaj2FI= Received: from zn.tnic (p5de8ecf7.dip0.t-ipconnect.de [93.232.236.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id DFE5540E02A5; Wed, 27 Mar 2024 15:43:43 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky Subject: [PATCH 2/5] x86/alternatives: Catch late X86_FEATURE modifiers Date: Wed, 27 Mar 2024 16:43:14 +0100 Message-ID: <20240327154317.29909-3-bp@alien8.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240327154317.29909-1-bp@alien8.de> References: <20240327154317.29909-1-bp@alien8.de> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Borislav Petkov (AMD)" After alternatives have been patched, changes to the X86_FEATURE flags won't take effect and could potentially even be wrong. Warn about it. This is something which has been long overdue. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/include/asm/cpufeature.h | 8 ++++++-- arch/x86/kernel/cpu/cpuid-deps.c | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h index 1ef620d508f4..d0b9c411144b 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h @@ -146,8 +146,12 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; extern void setup_clear_cpu_cap(unsigned int bit); extern void clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int bit); -#define setup_force_cpu_cap(bit) do { \ - set_cpu_cap(&boot_cpu_data, bit); \ +#define setup_force_cpu_cap(bit) do { \ + \ + if (!boot_cpu_has(bit)) \ + WARN_ON(alternatives_patched); \ + \ + set_cpu_cap(&boot_cpu_data, bit); \ set_bit(bit, (unsigned long *)cpu_caps_set); \ } while (0) diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c index b7174209d855..5dd427c6feb2 100644 --- a/arch/x86/kernel/cpu/cpuid-deps.c +++ b/arch/x86/kernel/cpu/cpuid-deps.c @@ -114,6 +114,9 @@ static void do_clear_cpu_cap(struct cpuinfo_x86 *c, unsigned int feature) if (WARN_ON(feature >= MAX_FEATURE_BITS)) return; + if (boot_cpu_has(feature)) + WARN_ON(alternatives_patched); + clear_feature(c, feature); /* Collect all features to disable, handling dependencies */ From patchwork Wed Mar 27 15:43:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 13606862 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F3C5131BA0; Wed, 27 Mar 2024 15:44:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554247; cv=none; b=MclVkbK91WUb92cOeNkWaHTi2wVM0t1zk3UfxLRiTkfRtmX31P5eToY0d/om3yX+yhtdSzQLNNgX31tJVbni31ZkZGauHuQCq5e6gkBA658nwsC+IHQFowre/nHee2YxB24OXUnk4lJnBRMPsNtjwcFr1qA3JjVWslHdPyOdoyI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554247; c=relaxed/simple; bh=D6+E5uoJQ6G7TKgRsAZMZJr80d9n1W6yZjC95dfWkNk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GI6wjYnkEK87i/HSurIIdQer6lN9sjFCrb8FJORXFAiYFsD3UF7osL/yIQIvaHsASix+L6XY8cK5OXW+grN9VUHAHg7wEvSqSnQj0AkeQX7T3/2VabAKSdjhuCsAn7b2mEl/Ms9jdOF4ZYeRR7iP5IKAItZA3ld5pFoUfWTW/HI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=fail (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=ENKyI+AX reason="signature verification failed"; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="ENKyI+AX" Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 1DBA740E02A9; Wed, 27 Mar 2024 15:44:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3w9bjIk7266G; Wed, 27 Mar 2024 15:44:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1711554239; bh=jmK0cjraSrwkY9e375az1GRBwh22aHXiWu6RP3/ODdQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ENKyI+AXk+a1wYEWMCqFdvXEWkqNUgbzfLZ/p5UPHOld29ytRqDKuuqryPIBDCYq5 m2JzEPSF+IIrlejpRcIhUThBUc4IpIIv09bRFwdoF6GLiwklzC4xEB2s+hpgG6KkxB CjR259QW1ZX6GWRskXHhKNpmHUdAjRszprfpjuu5E/kmqvSChH0mXjU7d0/XUuWdPH lX3bxmv2G0noZw/Y12i4T6rhwdNPY14BgsWeZH8AhIh8HD0jkYYLucjiNOFJcJ6DU0 EcCL5q+0hSSJ5aLn6+sL5+CfE49TFJOqwMdTaxy4GyeTO4TbZVrbx3MQ3qX9MiMXDu ExmxVfMKFpVDQUMk73dE9w8cPfFwhAc7j9DlhE90wQ7ixw6VgICNHV9StxEe0JQYYw NUypYpz4PfJT3ra3oP8DCQmecGFCSi0QRzUTeBcEnT66aCOUCTYJF0YGJLKnlsQL1q kLbCkuJet8tpTYzLBUokjmIhuwN/D6cnc5tL2swxEATPtyuugMk/MxE9XCUJGSCSwC U5y7fjObOjVMkbGrQadYDxflbdqWvys/Yfhovh2mRcQEsVfDvA4I4OG4F1XN8RqfWG zAoRAme/vOMUbm6u20BsBYvWB+H1m55H6BZBLuB6vew30d1eLb4YdxAju8hkO0tDAR Wb59weSD6O1W1fnUKmGIlXhE= Received: from zn.tnic (p5de8ecf7.dip0.t-ipconnect.de [93.232.236.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id A430C40E0028; Wed, 27 Mar 2024 15:43:52 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky Subject: [PATCH 3/5] x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM Date: Wed, 27 Mar 2024 16:43:15 +0100 Message-ID: <20240327154317.29909-4-bp@alien8.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240327154317.29909-1-bp@alien8.de> References: <20240327154317.29909-1-bp@alien8.de> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Borislav Petkov (AMD)" The functionality to load SEV-SNP guests by the host will soon rely on cc_platform* helpers because the cpu_feature* API with the early patching is insufficient when SNP support needs to be disabled late. Therefore, pull that functionality in. Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky --- arch/x86/kvm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 3aaf7e86a859..0ebdd088f28b 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -122,6 +122,7 @@ config KVM_AMD_SEV default y depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) + select ARCH_HAS_CC_PLATFORM help Provides support for launching Encrypted VMs (SEV) and Encrypted VMs with Encrypted State (SEV-ES) on AMD processors. From patchwork Wed Mar 27 15:43:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 13606863 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBD8112F585; Wed, 27 Mar 2024 15:44:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554259; cv=none; b=YrvanGZIuh+UHPZNZAC8KNSC+DLh4HsBWPvOPX2Gzo/kXGfBCwwxFFvlQwrRQ7kJSSPKzyAS+XhcMbl43mx6R6lXgGYQNLyU3yikdC/BZ9DhnoJ7TOqQVZss0gp4fts+V8vUMvkmew1SRlNsmSGHx3+guU/wKBVhqYw9gWO8o38= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554259; c=relaxed/simple; bh=ZxZNx0li9LS3G3bW+6eHBjaTe5W1YfdN/sBHLSDr8fg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=LqBGVXaqPgzBn7eS7UqaKh5dRXkJZsSidGoqvFNknwUY3MfwNWkyaGJOr/Wo+8IF77JC8QcroWz4i3bD9UO6xIHNDQ/MAxldw81mYYBV/cV2QRQc/ILonh34rsHShnVkptX5w3lFOk9dmE6xK4R23bOBtsHH1fH1Y/3XDGLm2jc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=fail (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=CZ5TWtpZ reason="signature verification failed"; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="CZ5TWtpZ" Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id E463240E0028; Wed, 27 Mar 2024 15:44:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ENC606ywPq6q; Wed, 27 Mar 2024 15:44:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1711554248; bh=DAolyB0vvY5i1XxPWdJrJ5aenCeS8iAhZUbtkvPczFM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CZ5TWtpZy0z5LwLElXLjFjtPyYkQ7Y+4/ykZ1o3xS8a1SvhOKoElEeBcw2FYH8FJt uVr6p+6CDHHkzfER8xBjAQ20m183nna+dRoLqNsqXeSaHbf60bn0ksvsmWGbvgKK0M /pOyJ2bo4H8Y7vbC3pAVuR9NENKgvo6j54MmHXuWj+mmrNQzxm0UIlPi2ch6xjechj 8B2Phodz8czukHhy0RNmmamNDYtKAzK/ore0o88PJtfIe7JX/wbSXn1m1m+Wy9/lJ/ DHrJVpwd4eOAcivsZ6Yl3E6AsgB3kz3ZUUhDw2CXfAdqn7djEBAgsrua2ZUxJdBlRd WeoNyx/I13cj5dRdqhGZl/dMRhyRd08qbyeNYriKBLwkck4Uz8bcPXUO3GSla6NFSr mvectRCPxlQRmocSFmQTL81S300dyq93JR+1recwmxrW2g6Nsj0iLbB6GBUQP1zZjA 9l0ZMUrTB0u8IfGZp0P96vqL2AAJHAIJQjWGe7JN8QARDvy59qXvxbfMWkTag7TiIi Uvc0Wd3KhwXp7I/bSGiO1mMqEkBUm1uOV3FSldDenY7+HGf0ZaKZnt2QSk5QMveJzA I3b8gP0MFIKWoglmkjr8SF6KlzEkAGbvfTanD8e+K8ubule/ostJs2O32JZ+bP6TMs KvN2JYcfx6ky4zbt36+xM8hc= Received: from zn.tnic (p5de8ecf7.dip0.t-ipconnect.de [93.232.236.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 79CF040E02A5; Wed, 27 Mar 2024 15:44:01 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky Subject: [PATCH 4/5] x86/cc: Add cc_platform_set/_clear() helpers Date: Wed, 27 Mar 2024 16:43:16 +0100 Message-ID: <20240327154317.29909-5-bp@alien8.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240327154317.29909-1-bp@alien8.de> References: <20240327154317.29909-1-bp@alien8.de> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Borislav Petkov (AMD)" Add functionality to set and/or clear different attributes of the machine as a confidential computing platform. Add the first one too: whether the machine is running as a host for SEV-SNP guests. Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky --- arch/x86/coco/core.c | 52 +++++++++++++++++++++++++++++++++++++ include/linux/cc_platform.h | 12 +++++++++ 2 files changed, 64 insertions(+) diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index d07be9d05cd0..8c3fae23d3c6 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -16,6 +16,11 @@ enum cc_vendor cc_vendor __ro_after_init = CC_VENDOR_NONE; u64 cc_mask __ro_after_init; +static struct cc_attr_flags { + __u64 host_sev_snp : 1, + __resv : 63; +} cc_flags; + static bool noinstr intel_cc_platform_has(enum cc_attr attr) { switch (attr) { @@ -89,6 +94,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_GUEST_SEV_SNP: return sev_status & MSR_AMD64_SEV_SNP_ENABLED; + case CC_ATTR_HOST_SEV_SNP: + return cc_flags.host_sev_snp; + default: return false; } @@ -148,3 +156,47 @@ u64 cc_mkdec(u64 val) } } EXPORT_SYMBOL_GPL(cc_mkdec); + +static void amd_cc_platform_clear(enum cc_attr attr) +{ + switch (attr) { + case CC_ATTR_HOST_SEV_SNP: + cc_flags.host_sev_snp = 0; + break; + default: + break; + } +} + +void cc_platform_clear(enum cc_attr attr) +{ + switch (cc_vendor) { + case CC_VENDOR_AMD: + amd_cc_platform_clear(attr); + break; + default: + break; + } +} + +static void amd_cc_platform_set(enum cc_attr attr) +{ + switch (attr) { + case CC_ATTR_HOST_SEV_SNP: + cc_flags.host_sev_snp = 1; + break; + default: + break; + } +} + +void cc_platform_set(enum cc_attr attr) +{ + switch (cc_vendor) { + case CC_VENDOR_AMD: + amd_cc_platform_set(attr); + break; + default: + break; + } +} diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index cb0d6cd1c12f..60693a145894 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -90,6 +90,14 @@ enum cc_attr { * Examples include TDX Guest. */ CC_ATTR_HOTPLUG_DISABLED, + + /** + * @CC_ATTR_HOST_SEV_SNP: AMD SNP enabled on the host. + * + * The host kernel is running with the necessary features + * enabled to run SEV-SNP guests. + */ + CC_ATTR_HOST_SEV_SNP, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM @@ -107,10 +115,14 @@ enum cc_attr { * * FALSE - Specified Confidential Computing attribute is not active */ bool cc_platform_has(enum cc_attr attr); +void cc_platform_set(enum cc_attr attr); +void cc_platform_clear(enum cc_attr attr); #else /* !CONFIG_ARCH_HAS_CC_PLATFORM */ static inline bool cc_platform_has(enum cc_attr attr) { return false; } +static inline void cc_platform_set(enum cc_attr attr) { } +static inline void cc_platform_clear(enum cc_attr attr) { } #endif /* CONFIG_ARCH_HAS_CC_PLATFORM */ From patchwork Wed Mar 27 15:43:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 13606864 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E2FD131730; Wed, 27 Mar 2024 15:44:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=65.109.113.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554272; cv=none; b=iKS0zm/kB9/VekjfkWtrNVS4bFDjGmVjjR88KML9lW5HY7XrqY/rZf7Z/bjNe8b46J1fcuHPocR11mUGJ4PRO/ZbXa2i000Qrh7mtZhTCo8h4NVc4JPY4UhOHwm7hbLue90V9otK9iuG0jaDdADyxWDtETxapnYcUZwe4OTTH+I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711554272; c=relaxed/simple; bh=Wx0ozuSqCZdhKVcTLTPlAfKFUjCzYb/1CBAldxIQAtc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=nt/aUtN87dhpN1yamQ0RHqfL9k7hxlh6u36KkqrOcbdbQWh1o0NO/MMvY3NUQ83L/Zh1JSNVpHv3ik/bQNTvYElCEosgB7GkJMY+0EHtnsKK+miZXP0JtURImfPf+RKp0nSEROUvUaGrAYwX2HLgtvnhIJSPenZFlG2zIjz/Fck= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de; spf=pass smtp.mailfrom=alien8.de; dkim=fail (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b=U2FxG29B reason="signature verification failed"; arc=none smtp.client-ip=65.109.113.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=alien8.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=alien8.de Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (4096-bit key) header.d=alien8.de header.i=@alien8.de header.b="U2FxG29B" Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 42CD940E00B2; Wed, 27 Mar 2024 15:44:28 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id omt3RGbrf7jW; Wed, 27 Mar 2024 15:44:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1711554257; bh=+dUCHK6EmPQVx3RpLkLvAlHJ4HZZHk3L6k/wPzC3lHs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=U2FxG29B0c/3uTEneZkK9xvQMo+dYLHTLzVpjEs2/ZYgFDHb/GaKHOjR3KzfMV27B doKKMlm+zjRm6+IbHlCmxU6bP8MCYGi5LysLnwl2Atz4FtVN5GLgT4nbpM2syavueH kd6+ad7pvuxKEITLYhPHhD1xcok2BAnNDIYCKBxT8ixtMFuErkwsTQFVstAgWpYjFJ 02iKk46RRvPJsqanI9gBcuiV5f1tAfbzKDv0VG4jGtMEdyMkSYcQXqYaODPQk8gX6D cRzIO1aZ3bPu0xMW0iDRIAHVbMw/I9LxQiYD3Bpe+Kos5NIXagQZa97C8ESrMAmucv 05IEHJN8AYu6ltZ7ZWey8Qm+KC7xPYNg/ZYXzBba+n55GmpBxHYJM4quhsE39uIDtA /YEB4+Bd+0or7ZEgXEl7cpckjoKUQVnFv6UGbON/G/IXsmIT1RYW7vcuiDrv4v08Ow MrqstGL7R6zGhe/p2Vb1OVG6F+VzA/qIigybooDr0Dd97LD6cxrJlzSLvXJud+pRiO SeIU0xvZz/461oGeiYajJmi+gFwHzJ0uPBcKV+Vsz2S9NujoNE8vj57Lvyt+inThlc vEJj1fFOtoAKeso0/yUvho8fQ9kDscMXsf1oCnB4hWR/rEMpJcu7Wka/2k0zuf+u9i f5trhH80yg01txbiVBGBf8Qs= Received: from zn.tnic (p5de8ecf7.dip0.t-ipconnect.de [93.232.236.247]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AC41540E02A7; Wed, 27 Mar 2024 15:44:10 +0000 (UTC) From: Borislav Petkov To: X86 ML Cc: LKML , KVM , Ashish Kalra , Joerg Roedel , Michael Roth , Tom Lendacky Subject: [PATCH 5/5] x86/CPU/AMD: Track SNP host status with cc_platform_*() Date: Wed, 27 Mar 2024 16:43:17 +0100 Message-ID: <20240327154317.29909-6-bp@alien8.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240327154317.29909-1-bp@alien8.de> References: <20240327154317.29909-1-bp@alien8.de> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: "Borislav Petkov (AMD)" The host SNP worthiness can determined later, after alternatives have been patched, in snp_rmptable_init() depending on cmdline options like iommu=pt which is incompatible with SNP, for example. Which means that one cannot use X86_FEATURE_SEV_SNP and will need to have a special flag for that control. Use that newly added CC_ATTR_HOST_SEV_SNP in the appropriate places. Move kdump_sev_callback() to its rightfull place, while at it. Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 4 ++-- arch/x86/kernel/cpu/amd.c | 38 ++++++++++++++++++------------ arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/sev.c | 10 -------- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/virt/svm/sev.c | 26 +++++++++++++------- drivers/crypto/ccp/sev-dev.c | 2 +- drivers/iommu/amd/init.c | 4 +++- 8 files changed, 49 insertions(+), 39 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 9477b4053bce..780182cda3ab 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -228,7 +228,6 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); -void kdump_sev_callback(void); void sev_show_status(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } @@ -258,7 +257,6 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } -static inline void kdump_sev_callback(void) { } static inline void sev_show_status(void) { } #endif @@ -270,6 +268,7 @@ int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); void snp_leak_pages(u64 pfn, unsigned int npages); +void kdump_sev_callback(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level) { return -ENODEV; } @@ -282,6 +281,7 @@ static inline int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 as } static inline int rmp_make_shared(u64 pfn, enum pg_level level) { return -ENODEV; } static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} +static inline void kdump_sev_callback(void) { } #endif #endif diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 6d8677e80ddb..9bf17c9c29da 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -345,6 +345,28 @@ static void srat_detect_node(struct cpuinfo_x86 *c) #endif } +static void bsp_determine_snp(struct cpuinfo_x86 *c) +{ +#ifdef CONFIG_ARCH_HAS_CC_PLATFORM + cc_vendor = CC_VENDOR_AMD; + + if (cpu_has(c, X86_FEATURE_SEV_SNP)) { + /* + * RMP table entry format is not architectural and is defined by the + * per-processor PPR. Restrict SNP support on the known CPU models + * for which the RMP table entry format is currently defined for. + */ + if (!cpu_has(c, X86_FEATURE_HYPERVISOR) && + c->x86 >= 0x19 && snp_probe_rmptable_info()) { + cc_platform_set(CC_ATTR_HOST_SEV_SNP); + } else { + setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); + } + } +#endif +} + static void bsp_init_amd(struct cpuinfo_x86 *c) { if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { @@ -452,21 +474,7 @@ static void bsp_init_amd(struct cpuinfo_x86 *c) break; } - if (cpu_has(c, X86_FEATURE_SEV_SNP)) { - /* - * RMP table entry format is not architectural and it can vary by processor - * and is defined by the per-processor PPR. Restrict SNP support on the - * known CPU model and family for which the RMP table entry format is - * currently defined for. - */ - if (!boot_cpu_has(X86_FEATURE_ZEN3) && - !boot_cpu_has(X86_FEATURE_ZEN4) && - !boot_cpu_has(X86_FEATURE_ZEN5)) - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); - else if (!snp_probe_rmptable_info()) - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); - } - + bsp_determine_snp(c); return; warn: diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c index 422a4ddc2ab7..7b29ebda024f 100644 --- a/arch/x86/kernel/cpu/mtrr/generic.c +++ b/arch/x86/kernel/cpu/mtrr/generic.c @@ -108,7 +108,7 @@ static inline void k8_check_syscfg_dram_mod_en(void) (boot_cpu_data.x86 >= 0x0f))) return; - if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; rdmsr(MSR_AMD64_SYSCFG, lo, hi); diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index b59b09c2f284..1e1a3c3bd1e8 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2287,16 +2287,6 @@ static int __init snp_init_platform_device(void) } device_initcall(snp_init_platform_device); -void kdump_sev_callback(void) -{ - /* - * Do wbinvd() on remote CPUs when SNP is enabled in order to - * safely do SNP_SHUTDOWN on the local CPU. - */ - if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) - wbinvd(); -} - void sev_show_status(void) { int i; diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index ae0ac12382b9..3d310b473e05 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3174,7 +3174,7 @@ struct page *snp_safe_alloc_page(struct kvm_vcpu *vcpu) unsigned long pfn; struct page *p; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO); /* diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index cffe1157a90a..ab0e8448bb6e 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -77,7 +77,7 @@ static int __mfd_enable(unsigned int cpu) { u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; rdmsrl(MSR_AMD64_SYSCFG, val); @@ -98,7 +98,7 @@ static int __snp_enable(unsigned int cpu) { u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; rdmsrl(MSR_AMD64_SYSCFG, val); @@ -174,11 +174,11 @@ static int __init snp_rmptable_init(void) u64 rmptable_size; u64 val; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return 0; if (!amd_iommu_snp_en) - return 0; + goto nosnp; if (!probed_rmp_size) goto nosnp; @@ -225,7 +225,7 @@ static int __init snp_rmptable_init(void) return 0; nosnp: - setup_clear_cpu_cap(X86_FEATURE_SEV_SNP); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return -ENOSYS; } @@ -246,7 +246,7 @@ static struct rmpentry *__snp_lookup_rmpentry(u64 pfn, int *level) { struct rmpentry *large_entry, *entry; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return ERR_PTR(-ENODEV); entry = get_rmpentry(pfn); @@ -363,7 +363,7 @@ int psmash(u64 pfn) unsigned long paddr = pfn << PAGE_SHIFT; int ret; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; if (!pfn_valid(pfn)) @@ -472,7 +472,7 @@ static int rmpupdate(u64 pfn, struct rmp_state *state) unsigned long paddr = pfn << PAGE_SHIFT; int ret, level; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; level = RMP_TO_PG_LEVEL(state->pagesize); @@ -558,3 +558,13 @@ void snp_leak_pages(u64 pfn, unsigned int npages) spin_unlock(&snp_leaked_pages_list_lock); } EXPORT_SYMBOL_GPL(snp_leak_pages); + +void kdump_sev_callback(void) +{ + /* + * Do wbinvd() on remote CPUs when SNP is enabled in order to + * safely do SNP_SHUTDOWN on the local CPU. + */ + if (cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + wbinvd(); +} diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f44efbb89c34..2102377f727b 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1090,7 +1090,7 @@ static int __sev_snp_init_locked(int *error) void *arg = &data; int cmd, rc = 0; - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return -ENODEV; sev = psp->sev_data; diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index e7a44929f0da..33228c1c8980 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3228,7 +3228,7 @@ static bool __init detect_ivrs(void) static void iommu_snp_enable(void) { #ifdef CONFIG_KVM_AMD_SEV - if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; /* * The SNP support requires that IOMMU must be enabled, and is @@ -3236,12 +3236,14 @@ static void iommu_snp_enable(void) */ if (no_iommu || iommu_default_passthrough()) { pr_err("SNP: IOMMU disabled or configured in passthrough mode, SNP cannot be supported.\n"); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return; } amd_iommu_snp_en = check_feature(FEATURE_SNP); if (!amd_iommu_snp_en) { pr_err("SNP: IOMMU SNP feature not enabled, SNP cannot be supported.\n"); + cc_platform_clear(CC_ATTR_HOST_SEV_SNP); return; }