| Message ID | cover.1739226950.git.ashish.kalra@amd.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Fix broken SNP support with KVM module built-in | expand |
On Mon, Feb 10, 2025, Ashish Kalra wrote: > Ashish Kalra (1): > x86/sev: Fix broken SNP support with KVM module built-in > > Sean Christopherson (2): > crypto: ccp: Add external API interface for PSP module initialization > KVM: SVM: Ensure PSP module is initialized if KVM module is built-in Unless I've overlooked a dependency, patch 3 (IOMMU vs. RMP) is entirely independent of patches 1 and 2 (PSP vs. KVM). If no one objects, I'll take the first two patches through the kvm-x86 tree, and let the tip/iommu maintainers sort out the last patch. > arch/x86/include/asm/sev.h | 2 ++ > arch/x86/kvm/svm/sev.c | 10 ++++++++++ > arch/x86/virt/svm/sev.c | 23 +++++++---------------- > drivers/crypto/ccp/sp-dev.c | 14 ++++++++++++++ > drivers/iommu/amd/init.c | 34 ++++++++++++++++++++++++++++++---- > include/linux/psp-sev.h | 9 +++++++++ > 6 files changed, 72 insertions(+), 20 deletions(-) > > -- > 2.34.1 >
On 2/11/25 22:31, Sean Christopherson wrote: > On Mon, Feb 10, 2025, Ashish Kalra wrote: >> Ashish Kalra (1): >> x86/sev: Fix broken SNP support with KVM module built-in >> >> Sean Christopherson (2): >> crypto: ccp: Add external API interface for PSP module initialization >> KVM: SVM: Ensure PSP module is initialized if KVM module is built-in > > Unless I've overlooked a dependency, patch 3 (IOMMU vs. RMP) is entirely > independent of patches 1 and 2 (PSP vs. KVM). If no one objects, I'll take the > first two patches through the kvm-x86 tree, and let the tip/iommu maintainers > sort out the last patch. I'll queue them myself (yes I still exist...) since I have a largish PR from Marc anyway. Paolo
From: Ashish Kalra <ashish.kalra@amd.com> This patch-set fixes the current SNP host enabling code and effectively SNP which is broken with respect to the KVM module being built-in. Essentially SNP host enabling code should be invoked before KVM initialization, which is currently not the case when KVM is built-in. SNP host support is currently enabled in snp_rmptable_init() which is invoked as a device_initcall(). Here device_initcall() is used as snp_rmptable_init() expects AMD IOMMU SNP support to be enabled prior to it and the AMD IOMMU driver enables SNP support after PCI bus enumeration. This patch-set adds support to call snp_rmptable_init() early and directly from iommu_snp_enable() (after checking and enabling IOMMU SNP support) which enables SNP host support before KVM initialization with kvm_amd module built-in. Additionally the patch-set adds support to initialize PSP SEV driver during KVM module probe time. This patch-set has been tested with the following cases/scenarios: 1). kvm_amd module and PSP driver built-in. 2). kvm_amd module built-in with intremap=off kernel command line. 3). kvm_amd module built-in with iommu=off kernel command line. 4). kvm_amd and PSP driver built as modules. 5). kvm_amd built as module with iommu=off kernel command line. 6). kvm_amd module as built-in and PSP driver as module. 7). kvm_amd build as a module and PSP driver as built-in. v4: - Add warning if SNP support has been checked on IOMMUs and host SNP support has been enabled but late IOMMU initialization fails subsequently. - Add reviewed-by's. v3: - Ensure that dropping the device_initcall() happens in the same patch that wires up the IOMMU code to invoke snp_rmptable_init() which then makes sure that snp_rmptable_init() is still getting called and also merge patches 3 & 4. - Fix commit logs. v2: - Drop calling iommu_snp_enable() early before enabling IOMMUs as IOMMU subsystem gets initialized via subsys_initcall() and hence snp_rmptable_init() cannot be invoked via subsys_initcall(). - Instead add support to call snp_rmptable_init() early and directly via iommu_snp_enable(). - Fix commit logs. Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature") Ashish Kalra (1): x86/sev: Fix broken SNP support with KVM module built-in Sean Christopherson (2): crypto: ccp: Add external API interface for PSP module initialization KVM: SVM: Ensure PSP module is initialized if KVM module is built-in arch/x86/include/asm/sev.h | 2 ++ arch/x86/kvm/svm/sev.c | 10 ++++++++++ arch/x86/virt/svm/sev.c | 23 +++++++---------------- drivers/crypto/ccp/sp-dev.c | 14 ++++++++++++++ drivers/iommu/amd/init.c | 34 ++++++++++++++++++++++++++++++---- include/linux/psp-sev.h | 9 +++++++++ 6 files changed, 72 insertions(+), 20 deletions(-)