Re: [PATCH v10 06/50] x86/sev: Add the host SEV-SNP initialization support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/8/2023 12:14 AM, Borislav Petkov wrote:
On Tue, Nov 07, 2023 at 04:33:41PM -0600, Kalra, Ashish wrote:
We will still need some method to tell the IOMMU driver if SNP
support/feature is disabled by this function, for example, when CPU family
and model is not supported by SNP and we jump to no_snp label.

See below.

The reliable way for this to work is to ensure snp_rmptable_init() is called
before IOMMU initialization and then IOMMU initialization depends on SNP
feature flag setup by snp_rmptable_init() to enable SNP support on IOMMU or
not.

Yes, this whole SNP initialization needs to be reworked and split this
way:

- early detection work which needs to be done once goes to
   bsp_init_amd(): that's basically your early_detect_mem_encrypt() stuff
   which needs to happen exactly only once and early.

- Any work like:

	 c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;

   and the like which needs to happen on each AP, gets put in a function
   which gets called by init_amd().

By the time IOMMU gets to init, you already know whether it should
enable SNP and check X86_FEATURE_SEV_SNP.

Finally, you call __snp_rmptable_init() which does the *per-CPU* init
work which is still pending. >
Ok?	

Yes, will need to rework the SNP initialization stuff, the important point is that we want to do snp_rmptable_init() stuff before IOMMU initialization as for things like RMP table not correctly setup, etc., we don't want IOMMU initialization to enable SNP on the IOMMUs.

Thanks,
Ashish





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux