[v2,0/4] Fix broken SNP support with KVM module built-in

Message ID	cover.1738274758.git.ashish.kalra@amd.com (mailing list archive)
Headers	show Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2058.outbound.protection.outlook.com [40.107.102.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AD371DFE1; Fri, 31 Jan 2025 01:09:06 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Ashish Kalra <Ashish.Kalra@amd.com> To: <seanjc@google.com>, <pbonzini@redhat.com>, <tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>, <x86@kernel.org>, <hpa@zytor.com>, <thomas.lendacky@amd.com>, <john.allen@amd.com>, <herbert@gondor.apana.org.au>, <davem@davemloft.net>, <joro@8bytes.org>, <suravee.suthikulpanit@amd.com>, <will@kernel.org>, <robin.murphy@arm.com> CC: <michael.roth@amd.com>, <dionnaglaze@google.com>, <nikunj@amd.com>, <ardb@kernel.org>, <kevinloughlin@google.com>, <Neeraj.Upadhyay@amd.com>, <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>, <linux-coco@lists.linux.dev>, <iommu@lists.linux.dev> Subject: [PATCH v2 0/4] Fix broken SNP support with KVM module built-in Date: Fri, 31 Jan 2025 01:08:52 +0000 Message-ID: <cover.1738274758.git.ashish.kalra@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Fix broken SNP support with KVM module built-in \| expand [v2,0/4] Fix broken SNP support with KVM module built-in [v2,1/4] crypto: ccp: Add external API interface for PSP module initialization [v2,2/4] KVM: SVM: Ensure PSP module is initialized if KVM module is built-in [v2,3/4] x86/sev: Fix broken SNP support with KVM module built-in [v2,4/4] iommu/amd: Enable Host SNP support after enabling IOMMU SNP support

Message ID

cover.1738274758.git.ashish.kalra@amd.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Ashish Kalra <Ashish.Kalra@amd.com>
To: <seanjc@google.com>, <pbonzini@redhat.com>, <tglx@linutronix.de>,
	<mingo@redhat.com>, <bp@alien8.de>, <dave.hansen@linux.intel.com>,
	<x86@kernel.org>, <hpa@zytor.com>, <thomas.lendacky@amd.com>,
	<john.allen@amd.com>, <herbert@gondor.apana.org.au>, <davem@davemloft.net>,
	<joro@8bytes.org>, <suravee.suthikulpanit@amd.com>, <will@kernel.org>,
	<robin.murphy@arm.com>
CC: <michael.roth@amd.com>, <dionnaglaze@google.com>, <nikunj@amd.com>,
	<ardb@kernel.org>, <kevinloughlin@google.com>, <Neeraj.Upadhyay@amd.com>,
	<kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<linux-crypto@vger.kernel.org>, <linux-coco@lists.linux.dev>,
	<iommu@lists.linux.dev>
Subject: [PATCH v2 0/4] Fix broken SNP support with KVM module built-in
Date: Fri, 31 Jan 2025 01:08:52 +0000
Message-ID: <cover.1738274758.git.ashish.kalra@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jan 2025 01:09:03.0227
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2b0be6d6-fd83-40a5-6586-08dd4193da0e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BL6PEPF0002256F.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8741

Series

Fix broken SNP support with KVM module built-in | expand

Message

Kalra, Ashish Jan. 31, 2025, 1:08 a.m. UTC

From: Ashish Kalra <ashish.kalra@amd.com>

This patch-set fixes the current SNP host enabling code and effectively SNP
which is broken with respect to the KVM module being built-in.

Essentially SNP host enabling code should be invoked before KVM
initialization, which is currently not the case when KVM is built-in.

SNP host support is currently enabled in snp_rmptable_init() which is
invoked as a device_initcall(). Here device_initcall() is used as
snp_rmptable_init() expects AMD IOMMU SNP support to be enabled prior
to it and the AMD IOMMU driver enables SNP support after PCI bus enumeration.

This patch-set adds support to call snp_rmptable_init() early and
directly from iommu_snp_enable() (after checking and enabling IOMMU
SNP support) which enables SNP host support before KVM initialization
with kvm_amd module built-in.

Additionally the patch-set adds support to initialize PSP SEV driver
during KVM module probe time.

This patch-set has been tested with the following cases/scenarios:
1). kvm_amd module built-in.
2). kvm_amd module built-in with intremap=off kernel command line.
3). kvm_amd module built-in with iommu=off kernel command line.
4). kvm_amd built as a module.
5). kvm_amd built as module with iommu=off kernel command line.

v2:
- Drop calling iommu_snp_enable() early before enabling IOMMUs as
IOMMU subsystem gets initialized via subsys_initcall() and hence
snp_rmptable_init() cannot be invoked via subsys_initcall().
- Instead add support to call snp_rmptable_init() early and
directly via iommu_snp_enable().
- Fix commit logs.

Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature")

Ashish Kalra (1):
  x86/sev: Fix broken SNP support with KVM module built-in

Sean Christopherson (3):
  crypto: ccp: Add external API interface for PSP module initialization
  KVM: SVM: Ensure PSP module is initialized if KVM module is built-in
  iommu/amd: Enable Host SNP support after enabling IOMMU SNP support

 arch/x86/include/asm/sev.h  |  2 ++
 arch/x86/kvm/svm/sev.c      | 10 ++++++++++
 arch/x86/virt/svm/sev.c     | 23 +++++++----------------
 drivers/crypto/ccp/sp-dev.c | 14 ++++++++++++++
 drivers/iommu/amd/init.c    | 18 ++++++++++++++----
 include/linux/psp-sev.h     |  9 +++++++++
 6 files changed, 56 insertions(+), 20 deletions(-)