From: Tom Lendacky <thomas.lendacky@amd.com>
To: <linux-kernel@vger.kernel.org>, <x86@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
Dan Williams <dan.j.williams@intel.com>,
Michael Roth <michael.roth@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>
Subject: [PATCH v2 14/14] x86/sev: Allow non-VMPL0 execution when an SVSM is present
Date: Fri, 8 Mar 2024 12:35:29 -0600 [thread overview]
Message-ID: <9e38551422f563831476aeb8ca82643fdf3e6cc2.1709922929.git.thomas.lendacky@amd.com> (raw)
In-Reply-To: <cover.1709922929.git.thomas.lendacky@amd.com>
To allow execution at a level other than VMPL0, an SVSM must be present.
Allow the SEV-SNP guest to continue booting if an SVSM is detected and
the hypervisor supports the SVSM feature as indicated in the GHCB
hypervisor features bitmap.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
arch/x86/boot/compressed/sev.c | 11 +++++++++--
arch/x86/include/asm/sev-common.h | 1 +
arch/x86/kernel/sev.c | 20 +++++++++++++++++---
3 files changed, 27 insertions(+), 5 deletions(-)
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 89143f0aedb6..0f9c6f41caf1 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -619,10 +619,17 @@ void sev_enable(struct boot_params *bp)
* features.
*/
if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) {
- if (!(get_hv_features() & GHCB_HV_FT_SNP))
+ u64 hv_features = get_hv_features();
+
+ if (!(hv_features & GHCB_HV_FT_SNP))
sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
- if (!running_at_vmpl0(&boot_ghcb_page))
+ /*
+ * VMPL0 is not required if an SVSM is present and the hypervisor
+ * supports the required SVSM GHCB events.
+ */
+ if (!running_at_vmpl0(&boot_ghcb_page) &&
+ !(vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)))
sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
}
diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h
index 71db5ba020b9..3de377a4e981 100644
--- a/arch/x86/include/asm/sev-common.h
+++ b/arch/x86/include/asm/sev-common.h
@@ -118,6 +118,7 @@ enum psc_op {
#define GHCB_HV_FT_SNP BIT_ULL(0)
#define GHCB_HV_FT_SNP_AP_CREATION BIT_ULL(1)
+#define GHCB_HV_FT_SNP_MULTI_VMPL BIT_ULL(5)
/*
* SNP Page State Change NAE event
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 4e460d9eba77..8ae962127989 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -2368,22 +2368,36 @@ static void dump_cpuid_table(void)
* sort of indicator, and there's not really any other good place to do it,
* so do it here.
*/
-static int __init report_cpuid_table(void)
+static void __init report_cpuid_table(void)
{
const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
if (!cpuid_table->count)
- return 0;
+ return;
pr_info("Using SNP CPUID table, %d entries present.\n",
cpuid_table->count);
if (sev_cfg.debug)
dump_cpuid_table();
+}
+
+static void __init report_vmpl_level(void)
+{
+ if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
+ return;
+
+ pr_info("SNP running at VMPL%u.\n", vmpl);
+}
+
+static int __init report_snp_info(void)
+{
+ report_vmpl_level();
+ report_cpuid_table();
return 0;
}
-arch_initcall(report_cpuid_table);
+arch_initcall(report_snp_info);
static int __init init_sev_config(char *str)
{
--
2.43.2
prev parent reply other threads:[~2024-03-08 18:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-08 18:35 [PATCH v2 00/14] Provide SEV-SNP support for running under an SVSM Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 01/14] x86/sev: Rename snp_init() in the boot/compressed/sev.c file Tom Lendacky
2024-03-10 21:25 ` Borislav Petkov
2024-03-11 16:16 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 02/14] x86/sev: Make the VMPL0 checking function more generic Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 03/14] x86/sev: Check for the presence of an SVSM in the SNP Secrets page Tom Lendacky
2024-03-09 0:33 ` Dionna Amalie Glaze
2024-03-11 14:50 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 04/14] x86/sev: Use kernel provided SVSM Calling Areas Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 05/14] x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0 Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 06/14] x86/sev: Use the SVSM to create a vCPU when not in VMPL0 Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 07/14] x86/sev: Provide SVSM discovery support Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 08/14] x86/sev: Provide guest VMPL level to userspace Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 09/14] virt: sev-guest: Choose the VMPCK key based on executing VMPL Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 10/14] configfs-tsm: Allow the privlevel_floor attribute to be updated Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 11/14] x86/sev: Extend the config-fs attestation support for an SVSM Tom Lendacky
2024-03-10 6:06 ` Kuppuswamy, Sathyanarayanan
2024-03-11 16:16 ` Tom Lendacky
2024-03-12 5:57 ` Kuppuswamy Sathyanarayanan
2024-03-12 13:29 ` Tom Lendacky
2024-03-08 18:35 ` [PATCH v2 12/14] fs/configfs: Add a callback to determine attribute visibility Tom Lendacky
2024-03-11 19:58 ` Tom Lendacky
2024-03-13 21:37 ` Joel Becker
2024-03-14 14:23 ` Tom Lendacky
2024-03-21 2:40 ` Dan Williams
2024-03-08 18:35 ` [PATCH v2 13/14] x86/sev: Hide SVSM attestation entries if not running under an SVSM Tom Lendacky
2024-03-23 17:24 ` Kuppuswamy, Sathyanarayanan
2024-03-25 14:05 ` Tom Lendacky
2024-03-26 1:10 ` Kuppuswamy Sathyanarayanan
2024-03-08 18:35 ` Tom Lendacky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e38551422f563831476aeb8ca82643fdf3e6cc2.1709922929.git.thomas.lendacky@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.