From: Ashish Kalra <ashish.kalra@xxxxxxx>
SNP initialization is forced during PSP driver probe purely because SNP
can't be initialized if VMs are running. But the only in-tree user of
SEV/SNP functionality is KVM, and KVM depends on PSP driver for the same.
Forcing SEV/SNP initialization because a hypervisor could be running
legacy non-confidential VMs make no sense.
This patch removes SEV/SNP initialization from the PSP driver probe
time and moves the requirement to initialize SEV/SNP functionality
to KVM if it wants to use SEV/SNP.
Remove the psp_init_on_probe parameter as it not used anymore.
Remove the probe field from struct sev_platform_init_args as it is
not used anymore.
Remove _sev_platform_init_locked() as it not used anymore and to
support separate SNP and SEV initialization sev_platform_init() is
now modified to do only SEV initialization and call
__sev_platform_init_locked() directly.
Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
---
drivers/crypto/ccp/sev-dev.c | 55 +-----------------------------------
include/linux/psp-sev.h | 4 ---
2 files changed, 1 insertion(+), 58 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 53c438b2b712..fbae688e4b7d 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -69,10 +69,6 @@ static char *init_ex_path;
module_param(init_ex_path, charp, 0444);
MODULE_PARM_DESC(init_ex_path, " Path for INIT_EX data; if set try INIT_EX");
-static bool psp_init_on_probe = true;
-module_param(psp_init_on_probe, bool, 0444);
-MODULE_PARM_DESC(psp_init_on_probe, " if true, the PSP will be initialized on module init. Else the PSP will be initialized on the first command requiring it");
-
MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */
MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */
MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */
@@ -1329,46 +1325,12 @@ static int __sev_platform_init_locked(int *error)
return rc;
}
-static int _sev_platform_init_locked(struct sev_platform_init_args *args)
-{
- struct sev_device *sev;
- int rc;
-
- if (!psp_master || !psp_master->sev_data)
- return -ENODEV;
-
- sev = psp_master->sev_data;
-
- if (sev->state == SEV_STATE_INIT)
- return 0;
-
- /*
- * Legacy guests cannot be running while SNP_INIT(_EX) is executing,
- * so perform SEV-SNP initialization at probe time.
- */
- rc = __sev_snp_init_locked(&args->error);
- if (rc && rc != -ENODEV) {
- /*
- * Don't abort the probe if SNP INIT failed,
- * continue to initialize the legacy SEV firmware.
- */
- dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n",
- rc, args->error);
- }
-
- /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */
- if (args->probe && !psp_init_on_probe)
- return 0;
-
- return __sev_platform_init_locked(&args->error);
-}
-
int sev_platform_init(struct sev_platform_init_args *args)
{
int rc;
mutex_lock(&sev_cmd_mutex);
- rc = _sev_platform_init_locked(args);
+ rc = __sev_platform_init_locked(&args->error);
mutex_unlock(&sev_cmd_mutex);
return rc;
@@ -2556,9 +2518,7 @@ EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
void sev_pci_init(void)
{
struct sev_device *sev = psp_master->sev_data;
- struct sev_platform_init_args args = {0};
u8 api_major, api_minor, build;
- int rc;
if (!sev)
return;
@@ -2581,16 +2541,6 @@ void sev_pci_init(void)
api_major, api_minor, build,
sev->api_major, sev->api_minor, sev->build);
- /* Initialize the platform */
- args.probe = true;
- rc = sev_platform_init(&args);
- if (rc)
- dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
- args.error, rc);
-
- dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ?
- "-SNP" : "", sev->api_major, sev->api_minor, sev->build);
-
return;
err:
@@ -2605,7 +2555,4 @@ void sev_pci_exit(void)
if (!sev)
return;
-
- sev_firmware_shutdown(sev);
-
}
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index e50643aef8a9..dec89fc0b356 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -794,13 +794,9 @@ struct sev_data_snp_shutdown_ex {
* struct sev_platform_init_args
*
* @error: SEV firmware error code
- * @probe: True if this is being called as part of CCP module probe, which
- * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed
- * unless psp_init_on_probe module param is set
*/
struct sev_platform_init_args {
int error;
- bool probe;
};
/**
--
2.34.1
