On 11/8/2023 12:14 AM, Borislav Petkov wrote:
On Tue, Nov 07, 2023 at 04:33:41PM -0600, Kalra, Ashish wrote:
We will still need some method to tell the IOMMU driver if SNP
support/feature is disabled by this function, for example, when CPU family
and model is not supported by SNP and we jump to no_snp label.
See below.
The reliable way for this to work is to ensure snp_rmptable_init() is called
before IOMMU initialization and then IOMMU initialization depends on SNP
feature flag setup by snp_rmptable_init() to enable SNP support on IOMMU or
not.
Yes, this whole SNP initialization needs to be reworked and split this
way:
- early detection work which needs to be done once goes to
bsp_init_amd(): that's basically your early_detect_mem_encrypt() stuff
which needs to happen exactly only once and early.
- Any work like:
c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;
and the like which needs to happen on each AP, gets put in a function
which gets called by init_amd().
By the time IOMMU gets to init, you already know whether it should
enable SNP and check X86_FEATURE_SEV_SNP.
Finally, you call __snp_rmptable_init() which does the *per-CPU* init
work which is still pending. >
Ok?
Yes, will need to rework the SNP initialization stuff, the important
point is that we want to do snp_rmptable_init() stuff before IOMMU
initialization as for things like RMP table not correctly setup, etc.,
we don't want IOMMU initialization to enable SNP on the IOMMUs.
Thanks,
Ashish
