| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1738274758.git.ashish.kalra@amd.com>
Date: Fri, 31 Jan 2025 01:08:52 +0000
From: Ashish Kalra <Ashish.Kalra@....com>
To: <seanjc@...gle.com>, <pbonzini@...hat.com>, <tglx@...utronix.de>,
<mingo@...hat.com>, <bp@...en8.de>, <dave.hansen@...ux.intel.com>,
<x86@...nel.org>, <hpa@...or.com>, <thomas.lendacky@....com>,
<john.allen@....com>, <herbert@...dor.apana.org.au>, <davem@...emloft.net>,
<joro@...tes.org>, <suravee.suthikulpanit@....com>, <will@...nel.org>,
<robin.murphy@....com>
CC: <michael.roth@....com>, <dionnaglaze@...gle.com>, <nikunj@....com>,
<ardb@...nel.org>, <kevinloughlin@...gle.com>, <Neeraj.Upadhyay@....com>,
<kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-crypto@...r.kernel.org>, <linux-coco@...ts.linux.dev>,
<iommu@...ts.linux.dev>
Subject: [PATCH v2 0/4] Fix broken SNP support with KVM module built-in
From: Ashish Kalra <ashish.kalra@....com>
This patch-set fixes the current SNP host enabling code and effectively SNP
which is broken with respect to the KVM module being built-in.
Essentially SNP host enabling code should be invoked before KVM
initialization, which is currently not the case when KVM is built-in.
SNP host support is currently enabled in snp_rmptable_init() which is
invoked as a device_initcall(). Here device_initcall() is used as
snp_rmptable_init() expects AMD IOMMU SNP support to be enabled prior
to it and the AMD IOMMU driver enables SNP support after PCI bus enumeration.
This patch-set adds support to call snp_rmptable_init() early and
directly from iommu_snp_enable() (after checking and enabling IOMMU
SNP support) which enables SNP host support before KVM initialization
with kvm_amd module built-in.
Additionally the patch-set adds support to initialize PSP SEV driver
during KVM module probe time.
This patch-set has been tested with the following cases/scenarios:
1). kvm_amd module built-in.
2). kvm_amd module built-in with intremap=off kernel command line.
3). kvm_amd module built-in with iommu=off kernel command line.
4). kvm_amd built as a module.
5). kvm_amd built as module with iommu=off kernel command line.
v2:
- Drop calling iommu_snp_enable() early before enabling IOMMUs as
IOMMU subsystem gets initialized via subsys_initcall() and hence
snp_rmptable_init() cannot be invoked via subsys_initcall().
- Instead add support to call snp_rmptable_init() early and
directly via iommu_snp_enable().
- Fix commit logs.
Fixes: c3b86e61b756 ("x86/cpufeatures: Enable/unmask SEV-SNP CPU feature")
Ashish Kalra (1):
x86/sev: Fix broken SNP support with KVM module built-in
Sean Christopherson (3):
crypto: ccp: Add external API interface for PSP module initialization
KVM: SVM: Ensure PSP module is initialized if KVM module is built-in
iommu/amd: Enable Host SNP support after enabling IOMMU SNP support
arch/x86/include/asm/sev.h | 2 ++
arch/x86/kvm/svm/sev.c | 10 ++++++++++
arch/x86/virt/svm/sev.c | 23 +++++++----------------
drivers/crypto/ccp/sp-dev.c | 14 ++++++++++++++
drivers/iommu/amd/init.c | 18 ++++++++++++++----
include/linux/psp-sev.h | 9 +++++++++
6 files changed, 56 insertions(+), 20 deletions(-)
--
2.34.1
Powered by blists - more mailing lists