Message ID | 20231230161954.569267-4-michael.roth@amd.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Initialization Support | expand |
On Sat, Dec 30, 2023 at 10:19:31AM -0600, Michael Roth wrote: > +static void iommu_snp_enable(void) > +{ > +#ifdef CONFIG_KVM_AMD_SEV > + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) > + return; > + /* > + * The SNP support requires that IOMMU must be enabled, and is > + * not configured in the passthrough mode. > + */ > + if (no_iommu || iommu_default_passthrough()) { > + pr_err("SNP: IOMMU is disabled or configured in passthrough mode, SNP cannot be supported.\n"); > + return; > + } > + > + amd_iommu_snp_en = check_feature(FEATURE_SNP); > + if (!amd_iommu_snp_en) { > + pr_err("SNP: IOMMU SNP feature is not enabled, SNP cannot be supported.\n"); > + return; > + } > + > + pr_info("IOMMU SNP support is enabled.\n"); > + > + /* Enforce IOMMU v1 pagetable when SNP is enabled. */ > + if (amd_iommu_pgtable != AMD_IOMMU_V1) { > + pr_warn("Forcing use of AMD IOMMU v1 page table due to SNP.\n"); > + amd_iommu_pgtable = AMD_IOMMU_V1; > + } Kernel code usually says simple "<bla> enabled" not "<bla> is enabled". Other than that, LGTM. --- diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index 1ed2ef22a0fb..2f1517acaba0 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3231,17 +3231,17 @@ static void iommu_snp_enable(void) * not configured in the passthrough mode. */ if (no_iommu || iommu_default_passthrough()) { - pr_err("SNP: IOMMU is disabled or configured in passthrough mode, SNP cannot be supported.\n"); + pr_err("SNP: IOMMU disabled or configured in passthrough mode, SNP cannot be supported.\n"); return; } amd_iommu_snp_en = check_feature(FEATURE_SNP); if (!amd_iommu_snp_en) { - pr_err("SNP: IOMMU SNP feature is not enabled, SNP cannot be supported.\n"); + pr_err("SNP: IOMMU SNP feature not enabled, SNP cannot be supported.\n"); return; } - pr_info("IOMMU SNP support is enabled.\n"); + pr_info("IOMMU SNP support enabled.\n"); /* Enforce IOMMU v1 pagetable when SNP is enabled. */ if (amd_iommu_pgtable != AMD_IOMMU_V1) {
On Sat, Dec 30, 2023 at 10:19:31AM -0600, Michael Roth wrote: > From: Ashish Kalra <ashish.kalra@amd.com> > > Currently the expectation is that the kernel will call > amd_iommu_snp_enable() to perform various checks and set the > amd_iommu_snp_en flag that the IOMMU uses to adjust its setup routines > to account for additional requirements on hosts where SNP is enabled. > > This is somewhat fragile as it relies on this call being done prior to > IOMMU setup. It is more robust to just do this automatically as part of > IOMMU initialization, so rework the code accordingly. > > There is still a need to export information about whether or not the > IOMMU is configured in a manner compatible with SNP, so relocate the > existing amd_iommu_snp_en flag so it can be used to convey that > information in place of the return code that was previously provided by > calls to amd_iommu_snp_enable(). > > While here, also adjust the kernel messages related to IOMMU SNP > enablement for consistency/grammar/clarity. > > Suggested-by: Borislav Petkov (AMD) <bp@alien8.de> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > Co-developed-by: Michael Roth <michael.roth@amd.com> > Signed-off-by: Michael Roth <michael.roth@amd.com> Acked-by: Joerg Roedel <jroedel@suse.de>
diff --git a/arch/x86/include/asm/iommu.h b/arch/x86/include/asm/iommu.h index 2fd52b65deac..3be2451e7bc8 100644 --- a/arch/x86/include/asm/iommu.h +++ b/arch/x86/include/asm/iommu.h @@ -10,6 +10,7 @@ extern int force_iommu, no_iommu; extern int iommu_detected; extern int iommu_merge; extern int panic_on_overflow; +extern bool amd_iommu_snp_en; #ifdef CONFIG_SWIOTLB extern bool x86_swiotlb_enable; diff --git a/drivers/iommu/amd/amd_iommu.h b/drivers/iommu/amd/amd_iommu.h index 8b3601f285fd..c970eae2313d 100644 --- a/drivers/iommu/amd/amd_iommu.h +++ b/drivers/iommu/amd/amd_iommu.h @@ -164,5 +164,4 @@ void amd_iommu_domain_set_pgtable(struct protection_domain *domain, u64 *root, int mode); struct dev_table_entry *get_dev_table(struct amd_iommu *iommu); -extern bool amd_iommu_snp_en; #endif diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index c83bd0c2a1c9..96a1a7fed470 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3221,6 +3221,36 @@ static bool __init detect_ivrs(void) return true; } +static void iommu_snp_enable(void) +{ +#ifdef CONFIG_KVM_AMD_SEV + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + return; + /* + * The SNP support requires that IOMMU must be enabled, and is + * not configured in the passthrough mode. + */ + if (no_iommu || iommu_default_passthrough()) { + pr_err("SNP: IOMMU is disabled or configured in passthrough mode, SNP cannot be supported.\n"); + return; + } + + amd_iommu_snp_en = check_feature(FEATURE_SNP); + if (!amd_iommu_snp_en) { + pr_err("SNP: IOMMU SNP feature is not enabled, SNP cannot be supported.\n"); + return; + } + + pr_info("IOMMU SNP support is enabled.\n"); + + /* Enforce IOMMU v1 pagetable when SNP is enabled. */ + if (amd_iommu_pgtable != AMD_IOMMU_V1) { + pr_warn("Forcing use of AMD IOMMU v1 page table due to SNP.\n"); + amd_iommu_pgtable = AMD_IOMMU_V1; + } +#endif +} + /**************************************************************************** * * AMD IOMMU Initialization State Machine @@ -3256,6 +3286,7 @@ static int __init state_next(void) break; case IOMMU_ENABLED: register_syscore_ops(&amd_iommu_syscore_ops); + iommu_snp_enable(); ret = amd_iommu_init_pci(); init_state = ret ? IOMMU_INIT_ERROR : IOMMU_PCI_INIT; break; @@ -3766,41 +3797,3 @@ int amd_iommu_pc_set_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 return iommu_pc_get_set_reg(iommu, bank, cntr, fxn, value, true); } - -#ifdef CONFIG_AMD_MEM_ENCRYPT -int amd_iommu_snp_enable(void) -{ - /* - * The SNP support requires that IOMMU must be enabled, and is - * not configured in the passthrough mode. - */ - if (no_iommu || iommu_default_passthrough()) { - pr_err("SNP: IOMMU is disabled or configured in passthrough mode, SNP cannot be supported"); - return -EINVAL; - } - - /* - * Prevent enabling SNP after IOMMU_ENABLED state because this process - * affect how IOMMU driver sets up data structures and configures - * IOMMU hardware. - */ - if (init_state > IOMMU_ENABLED) { - pr_err("SNP: Too late to enable SNP for IOMMU.\n"); - return -EINVAL; - } - - amd_iommu_snp_en = check_feature(FEATURE_SNP); - if (!amd_iommu_snp_en) - return -EINVAL; - - pr_info("SNP enabled\n"); - - /* Enforce IOMMU v1 pagetable when SNP is enabled. */ - if (amd_iommu_pgtable != AMD_IOMMU_V1) { - pr_warn("Force to using AMD IOMMU v1 page table due to SNP\n"); - amd_iommu_pgtable = AMD_IOMMU_V1; - } - - return 0; -} -#endif diff --git a/include/linux/amd-iommu.h b/include/linux/amd-iommu.h index dc7ed2f46886..7365be00a795 100644 --- a/include/linux/amd-iommu.h +++ b/include/linux/amd-iommu.h @@ -85,8 +85,4 @@ int amd_iommu_pc_get_reg(struct amd_iommu *iommu, u8 bank, u8 cntr, u8 fxn, u64 *value); struct amd_iommu *get_amd_iommu(unsigned int idx); -#ifdef CONFIG_AMD_MEM_ENCRYPT -int amd_iommu_snp_enable(void); -#endif - #endif /* _ASM_X86_AMD_IOMMU_H */