lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <d9638984-0d75-4887-8378-97807f6af2bd@amd.com>
Date: Wed, 16 Jul 2025 17:03:06 -0500
From: "Kalra, Ashish" <ashish.kalra@....com>
To: Vasant Hegde <vasant.hegde@....com>, joro@...tes.org,
 suravee.suthikulpanit@....com, thomas.lendacky@....com,
 Sairaj.ArunKodilkar@....com, herbert@...dor.apana.org.au
Cc: seanjc@...gle.com, pbonzini@...hat.com, will@...nel.org,
 robin.murphy@....com, john.allen@....com, davem@...emloft.net, bp@...en8.de,
 michael.roth@....com, iommu@...ts.linux.dev, linux-kernel@...r.kernel.org,
 linux-crypto@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH v3 3/4] crypto: ccp: Skip SNP INIT for kdump boot

Hello Vasant,

On 7/16/2025 4:20 AM, Vasant Hegde wrote:
> 
> 
> On 7/16/2025 12:57 AM, Ashish Kalra wrote:
>> From: Ashish Kalra <ashish.kalra@....com>
>>
>> If SNP is enabled and initialized in the previous kernel then SNP is
>> already initialized for kdump boot and attempting SNP INIT again
>> during kdump boot causes SNP INIT failure and eventually leads to
>> IOMMU failures.
>>
>> Skip SNP INIT if doing kdump boot.
> 
> Just double checking, do we need check for snp_rmptable_init()?
> 

Do you mean adding this check in snp_rmptable_init() ?

We already have a check there for kexec boot: 

snp_rmptable_init()
{
...
...
	/*
         * Check if SEV-SNP is already enabled, this can happen in case of
         * kexec boot.
         */
        rdmsrq(MSR_AMD64_SYSCFG, val);
        if (val & MSR_AMD64_SYSCFG_SNP_EN)
                goto skip_enable;

And we still have to map the RMP table in the kernel as SNP is still enabled
and initialized in this case for kdump boot, so that is still required as
part of snp_rmptable_init().

Additionally, for this patch i also have to skip SEV INIT similar to what we
are doing for SNP INIT as we get SEV INIT failure warnings as SEV is also
initialized during this kdump boot similar to SNP.

So will be moving this check and skip to _sev_platform_init_locked() to handle
both SEV and SNP INIT cases.

Thanks,
Ashish

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ