[RFC Part2 PATCH 09/30] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP

[RFC Part2 PATCH 00/30] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Brijesh Singh <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Brijesh Singh <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Borislav Petkov <bp@alien8.de> · 2021-04-14
Re: [RFC Part2 PATCH 01/30] x86: Add the host SEV-SNP initialization support · Brijesh Singh <hidden> · 2021-04-14
[RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Borislav Petkov <bp@alien8.de> · 2021-04-15
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Brijesh Singh <hidden> · 2021-04-15
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Borislav Petkov <bp@alien8.de> · 2021-04-15
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Brijesh Singh <hidden> · 2021-04-15
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Borislav Petkov <bp@alien8.de> · 2021-04-15
Re: [RFC Part2 PATCH 02/30] x86/sev-snp: add RMP entry lookup helpers · Brijesh Singh <hidden> · 2021-04-15
[RFC Part2 PATCH 03/30] x86: add helper functions for RMPUPDATE and PSMASH instruction · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 03/30] x86: add helper functions for RMPUPDATE and PSMASH instruction · Borislav Petkov <bp@alien8.de> · 2021-04-15
Re: [RFC Part2 PATCH 03/30] x86: add helper functions for RMPUPDATE and PSMASH instruction · Brijesh Singh <hidden> · 2021-04-15
[RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table · Borislav Petkov <bp@alien8.de> · 2021-04-19
Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table · Brijesh Singh <hidden> · 2021-04-19
Re: [RFC Part2 PATCH 04/30] x86/mm: split the physmap when adding the page in RMP table · Borislav Petkov <bp@alien8.de> · 2021-04-19
[RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Dave Hansen <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Brijesh Singh <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Borislav Petkov <bp@alien8.de> · 2021-04-20
Re: [RFC Part2 PATCH 05/30] x86: define RMP violation #PF error code · Brijesh Singh <hidden> · 2021-04-20
[RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Brijesh Singh <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Dave Hansen <hidden> · 2021-03-25
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Vlastimil Babka <hidden> · 2021-04-21
Re: [RFC Part2 PATCH 07/30] mm: add support to split the large THP based on RMP violation · Brijesh Singh <hidden> · 2021-04-21
[RFC Part2 PATCH 06/30] x86/fault: dump the RMP entry on #PF · Brijesh Singh <hidden> · 2021-03-24
Re: [RFC Part2 PATCH 06/30] x86/fault: dump the RMP entry on #PF · Andy Lutomirski <luto@amacapital.net> · 2021-03-24
Re: [RFC Part2 PATCH 06/30] x86/fault: dump the RMP entry on #PF · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 08/30] crypto:ccp: define the SEV-SNP commands · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 10/30] crypto: ccp: shutdown SNP firmware on kexec · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 09/30] crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 11/30] crypto:ccp: provide APIs to issue SEV-SNP commands · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 12/30] crypto ccp: handle the legacy SEV command when SNP is enabled · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 13/30] KVM: SVM: add initial SEV-SNP support · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 15/30] KVM: SVM: define new SEV_FEATURES field in the VMCB Save State Area · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 14/30] KVM: SVM: make AVIC backing, VMSA and VMCB memory allocation SNP safe · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 16/30] KVM: SVM: add KVM_SNP_INIT command · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 17/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_START command · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 18/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_UPDATE command · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 21/30] KVM: X86: Add kvm_x86_ops to get the max page level for the TDP · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 19/30] KVM: SVM: Reclaim the guest pages when SEV-SNP VM terminates · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 20/30] KVM: SVM: add KVM_SEV_SNP_LAUNCH_FINISH command · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 22/30] x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by SEV · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 25/30] KVM: X86: update page-fault trace to log the 64-bit error code · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 24/30] KVM: X86: define new RMP check related #NPF error bits · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 23/30] KVM: X86: Introduce kvm_mmu_get_tdp_walk() for SEV-SNP use · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 26/30] KVM: SVM: add support to handle GHCB GPA register VMGEXIT · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 27/30] KVM: SVM: add support to handle MSR based Page State Change VMGEXIT · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 29/30] KVM: X86: export the kvm_zap_gfn_range() for the SNP use · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 28/30] KVM: SVM: add support to handle Page State Change VMGEXIT · Brijesh Singh <hidden> · 2021-03-24
[RFC Part2 PATCH 30/30] KVM: X86: Add support to handle the RMP nested page fault · Brijesh Singh <hidden> · 2021-03-24

From: Brijesh Singh <hidden>
Date: 2021-03-24 17:06:26
Also in: kvm, lkml
Subsystem: amd cryptographic coprocessor (ccp) driver, amd cryptographic coprocessor (ccp) driver - sev support, crypto api, the rest · Maintainers: Tom Lendacky, John Allen, Ashish Kalra, Herbert Xu, "David S. Miller", Linus Torvalds

Before SNP VMs can be launched, the platform must be appropriately
configured and initialized. Platform initialization is accomplished via
the SNP_INIT command.

Cc: Thomas Gleixner <redacted>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Joerg Roedel <redacted>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Dave Hansen <redacted>
Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Signed-off-by: Brijesh Singh <redacted>
---
 drivers/crypto/ccp/sev-dev.c | 164 ++++++++++++++++++++++++++++++++++-
 drivers/crypto/ccp/sev-dev.h |   2 +
 include/linux/psp-sev.h      |  16 ++++
 3 files changed, 179 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 8a9fd843ad9e..c983a8b040c3 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c

@@ -21,8 +21,10 @@
 #include <linux/ccp.h>
 #include <linux/firmware.h>
 #include <linux/gfp.h>
+#include <linux/mem_encrypt.h>
 
 #include <asm/smp.h>
+#include <asm/sev-snp.h>
 
 #include "psp-dev.h"
 #include "sev-dev.h"

@@ -30,6 +32,7 @@
 #define DEVICE_NAME		"sev"
 #define SEV_FW_FILE		"amd/sev.fw"
 #define SEV_FW_NAME_SIZE	64
+#define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT)
 
 static DEFINE_MUTEX(sev_cmd_mutex);
 static struct sev_misc_dev *misc_dev;

@@ -574,6 +577,93 @@ static int sev_update_firmware(struct device *dev)
 	return ret;
 }
 
+static void snp_set_hsave_pa(void *arg)
+{
+	wrmsrl(MSR_VM_HSAVE_PA, 0);
+}
+
+static int __sev_snp_init_locked(int *error)
+{
+	struct psp_device *psp = psp_master;
+	struct sev_device *sev;
+	int rc = 0;
+
+	if (!psp || !psp->sev_data)
+		return -ENODEV;
+
+	sev = psp->sev_data;
+
+	if (sev->snp_inited && sev->state >= SEV_STATE_INIT)
+		return 0;
+
+	if (!snp_key_active()) {
+		dev_notice(sev->dev, "SNP is not enabled\n");
+		return -ENODEV;
+	}
+
+	/* SNP_INIT requires the MSR_VM_HSAVE_PA must be set to 0h across all cores. */
+	on_each_cpu(snp_set_hsave_pa, NULL, 1);
+
+	/* Prepare for first SEV guest launch after INIT */
+	wbinvd_on_all_cpus();
+
+	/* Issue the SNP_INIT firmware command. */
+	rc = __sev_do_cmd_locked(SEV_CMD_SNP_INIT, NULL, error);
+	if (rc)
+		return rc;
+
+	sev->snp_inited = true;
+	sev->state = SEV_STATE_INIT;
+	dev_dbg(sev->dev, "SEV-SNP firmware initialized\n");
+
+	return rc;
+}
+
+int sev_snp_init(int *error)
+{
+	int rc;
+
+	mutex_lock(&sev_cmd_mutex);
+	rc = __sev_snp_init_locked(error);
+	mutex_unlock(&sev_cmd_mutex);
+
+	return rc;
+}
+EXPORT_SYMBOL_GPL(sev_snp_init);
+
+static int __sev_snp_shutdown_locked(int *error)
+{
+	struct sev_device *sev = psp_master->sev_data;
+	int ret;
+
+	ret = __sev_do_cmd_locked(SEV_CMD_SNP_SHUTDOWN, NULL, error);
+	if (ret)
+		return ret;
+
+	wbinvd_on_all_cpus();
+
+	ret = __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, error);
+	if (ret)
+		dev_err(sev->dev, "SEV-SNP firmware DF_FLUSH failed\n");
+
+	sev->snp_inited = false;
+	sev->state = SEV_STATE_UNINIT;
+	dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n");
+
+	return ret;
+}
+
+static int sev_snp_shutdown(int *error)
+{
+	int rc;
+
+	mutex_lock(&sev_cmd_mutex);
+	rc = __sev_snp_shutdown_locked(NULL);
+	mutex_unlock(&sev_cmd_mutex);
+
+	return rc;
+}
+
 static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
 {
 	struct sev_device *sev = psp_master->sev_data;

@@ -1043,6 +1133,42 @@ int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
 }
 EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
 
+static int sev_snp_firmware_state(void)
+{
+	struct sev_data_snp_platform_status_buf *buf = NULL;
+	struct page *status_page = NULL;
+	int state = SEV_STATE_UNINIT;
+	int rc, error;
+
+	status_page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
+	if (!status_page)
+		return -ENOMEM;
+
+	buf = kzalloc(sizeof(*buf), GFP_KERNEL_ACCOUNT);
+	if (!buf) {
+		__free_page(status_page);
+		return -ENOMEM;
+	}
+
+	buf->status_paddr = __sme_page_pa(status_page);
+	rc = sev_do_cmd(SEV_CMD_SNP_PLATFORM_STATUS, buf, &error);
+
+	/*
+	 * The status buffer is allocated as a hypervisor page. As per the SEV spec,
+	 * if the firmware is in INIT state then status buffer must be either a
+	 * the firmware page or the default page. Since our status buffer is in
+	 * the hypervisor page, so, if firmware is in INIT state then we should
+	 * fail with INVALID_PAGE_STATE.
+	 */
+	if (rc && error == SEV_RET_INVALID_PAGE_STATE)
+		state = SEV_STATE_INIT;
+
+	kfree(buf);
+	__free_page(status_page);
+
+	return state;
+}
+
 void sev_pci_init(void)
 {
 	struct sev_device *sev = psp_master->sev_data;

@@ -1052,8 +1178,20 @@ void sev_pci_init(void)
 	if (!sev)
 		return;
 
+	/* Check if the SEV feature is enabled */
+	if (!boot_cpu_has(X86_FEATURE_SEV)) {
+		dev_err(sev->dev, "SEV: Memory Encryption is disabled by the BIOS\n");
+		return;
+	}
+
 	psp_timeout = psp_probe_timeout;
 
+	/* check if SNP firmware is in INIT state, If so shutdown */
+	if (boot_cpu_has(X86_FEATURE_SEV_SNP)) {
+		if (sev_snp_firmware_state() == SEV_STATE_INIT)
+			sev_snp_shutdown(NULL);
+	}
+
 	if (sev_get_api_version())
 		goto err;

@@ -1086,6 +1224,21 @@ void sev_pci_init(void)
 			 "SEV: TMR allocation failed, SEV-ES support unavailable\n");
 	}
 
+	/*
+	 * If boot CPU supports the SNP, then let first attempt to initialize
+	 * the SNP firmware.
+	 */
+	if (boot_cpu_has(X86_FEATURE_SEV_SNP)) {
+		rc = sev_snp_init(&error);
+		if (rc) {
+			/*
+			 * If we failed to INIT SNP then don't abort the probe.
+			 * Continue to initialize the legacy SEV firmware.
+			 */
+			dev_err(sev->dev, "SEV-SNP: failed to INIT error %#x\n", error);
+		}
+	}
+
 	/* Initialize the platform */
 	rc = sev_platform_init(&error);
 	if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {

@@ -1105,8 +1258,8 @@ void sev_pci_init(void)
 		return;
 	}
 
-	dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
-		 sev->api_minor, sev->build);
+	dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_inited ?
+		"-SNP" : "", sev->api_major, sev->api_minor, sev->build);
 
 	return;

@@ -1119,7 +1272,12 @@ void sev_pci_exit(void)
 	if (!psp_master->sev_data)
 		return;
 
-	sev_platform_shutdown(NULL);
+	if (boot_cpu_has(X86_FEATURE_SEV))
+		sev_platform_shutdown(NULL);
+
+	if (boot_cpu_has(X86_FEATURE_SEV_SNP))
+		sev_snp_shutdown(NULL);
+
 
 	if (sev_es_tmr) {
 		/* The TMR area was encrypted, flush it from the cache */

diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h
index dd5c4fe82914..18b116a817ff 100644
--- a/drivers/crypto/ccp/sev-dev.h
+++ b/drivers/crypto/ccp/sev-dev.h

@@ -52,6 +52,8 @@ struct sev_device {
 	u8 api_major;
 	u8 api_minor;
 	u8 build;
+
+	bool snp_inited;
 };
 
 int sev_dev_init(struct psp_device *psp);

diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index df89f0207099..ec45c18c3b0a 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h

@@ -709,6 +709,20 @@ struct sev_data_snp_guest_request {
  */
 int sev_platform_init(int *error);
 
+/**
+ * sev_snp_init - perform SEV SNP_INIT command
+ *
+ * @error: SEV command return code
+ *
+ * Returns:
+ * 0 if the SEV successfully processed the command
+ * -%ENODEV    if the SEV device is not available
+ * -%ENOTSUPP  if the SEV does not support SEV
+ * -%ETIMEDOUT if the SEV command timed out
+ * -%EIO       if the SEV returned a non-zero return code
+ */
+int sev_snp_init(int *error);
+
 /**
  * sev_platform_status - perform SEV PLATFORM_STATUS command
  *

@@ -816,6 +830,8 @@ sev_platform_status(struct sev_user_data_status *status, int *error) { return -E
 
 static inline int sev_platform_init(int *error) { return -ENODEV; }
 
+static inline int sev_snp_init(int *error) { return -ENODEV; }
+
 static inline int
 sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; }

-- 
2.17.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help