| Message ID | f7129ef82e622ce52b194ab017fee9b1881b0cc8.1734392473.git.ashish.kalra@amd.com |
|---|---|
| State | New |
| Headers | show |
| Series | Move initializing SEV/SNP functionality to KVM | expand |
On 17/12/24 11:00, Ashish Kalra wrote: > From: Ashish Kalra <ashish.kalra@amd.com> > > SNP initialization is forced during PSP driver probe purely because SNP > can't be initialized if VMs are running. But the only in-tree user of > SEV/SNP functionality is KVM, and KVM depends on PSP driver for the same. > Forcing SEV/SNP initialization because a hypervisor could be running > legacy non-confidential VMs make no sense. > > This patch removes SEV/SNP initialization from the PSP driver probe > time and moves the requirement to initialize SEV/SNP functionality > to KVM if it wants to use SEV/SNP. > > Remove the psp_init_on_probe parameter as it not used anymore. > Remove the probe field from struct sev_platform_init_args as it is > not used anymore. > Remove _sev_platform_init_locked() as it not used anymore and to > support separate SNP and SEV initialization sev_platform_init() is > now modified to do only SEV initialization and call > __sev_platform_init_locked() directly. > > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > --- > drivers/crypto/ccp/sev-dev.c | 55 +----------------------------------- > include/linux/psp-sev.h | 4 --- > 2 files changed, 1 insertion(+), 58 deletions(-) > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > index 53c438b2b712..fbae688e4b7d 100644 > --- a/drivers/crypto/ccp/sev-dev.c > +++ b/drivers/crypto/ccp/sev-dev.c > @@ -69,10 +69,6 @@ static char *init_ex_path; > module_param(init_ex_path, charp, 0444); > MODULE_PARM_DESC(init_ex_path, " Path for INIT_EX data; if set try INIT_EX"); > > -static bool psp_init_on_probe = true; > -module_param(psp_init_on_probe, bool, 0444); > -MODULE_PARM_DESC(psp_init_on_probe, " if true, the PSP will be initialized on module init. Else the PSP will be initialized on the first command requiring it"); > - > MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */ > MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */ > MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */ > @@ -1329,46 +1325,12 @@ static int __sev_platform_init_locked(int *error) > return rc; > } > > -static int _sev_platform_init_locked(struct sev_platform_init_args *args) > -{ > - struct sev_device *sev; > - int rc; > - > - if (!psp_master || !psp_master->sev_data) > - return -ENODEV; > - > - sev = psp_master->sev_data; > - > - if (sev->state == SEV_STATE_INIT) > - return 0; > - > - /* > - * Legacy guests cannot be running while SNP_INIT(_EX) is executing, > - * so perform SEV-SNP initialization at probe time. > - */ > - rc = __sev_snp_init_locked(&args->error); > - if (rc && rc != -ENODEV) { > - /* > - * Don't abort the probe if SNP INIT failed, > - * continue to initialize the legacy SEV firmware. > - */ > - dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n", > - rc, args->error); > - } > - > - /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */ > - if (args->probe && !psp_init_on_probe) > - return 0; > - > - return __sev_platform_init_locked(&args->error); > -} > - > int sev_platform_init(struct sev_platform_init_args *args) > { > int rc; > > mutex_lock(&sev_cmd_mutex); > - rc = _sev_platform_init_locked(args); > + rc = __sev_platform_init_locked(&args->error); > mutex_unlock(&sev_cmd_mutex); > > return rc; > @@ -2556,9 +2518,7 @@ EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); > void sev_pci_init(void) > { > struct sev_device *sev = psp_master->sev_data; > - struct sev_platform_init_args args = {0}; > u8 api_major, api_minor, build; > - int rc; > > if (!sev) > return; > @@ -2581,16 +2541,6 @@ void sev_pci_init(void) > api_major, api_minor, build, > sev->api_major, sev->api_minor, sev->build); > > - /* Initialize the platform */ > - args.probe = true; > - rc = sev_platform_init(&args); > - if (rc) > - dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", > - args.error, rc); > - > - dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ? > - "-SNP" : "", sev->api_major, sev->api_minor, sev->build); > - > return; > > err: > @@ -2605,7 +2555,4 @@ void sev_pci_exit(void) > > if (!sev) > return; Can remove the above 4 lines too. Otherwise Reviewed-by: Alexey Kardashevskiy <aik@amd.com> > - > - sev_firmware_shutdown(sev); > - > } > diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h > index e50643aef8a9..dec89fc0b356 100644 > --- a/include/linux/psp-sev.h > +++ b/include/linux/psp-sev.h > @@ -794,13 +794,9 @@ struct sev_data_snp_shutdown_ex { > * struct sev_platform_init_args > * > * @error: SEV firmware error code > - * @probe: True if this is being called as part of CCP module probe, which > - * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed > - * unless psp_init_on_probe module param is set > */ > struct sev_platform_init_args { > int error; > - bool probe; > }; > > /**
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 53c438b2b712..fbae688e4b7d 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -69,10 +69,6 @@ static char *init_ex_path; module_param(init_ex_path, charp, 0444); MODULE_PARM_DESC(init_ex_path, " Path for INIT_EX data; if set try INIT_EX"); -static bool psp_init_on_probe = true; -module_param(psp_init_on_probe, bool, 0444); -MODULE_PARM_DESC(psp_init_on_probe, " if true, the PSP will be initialized on module init. Else the PSP will be initialized on the first command requiring it"); - MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */ MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */ MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */ @@ -1329,46 +1325,12 @@ static int __sev_platform_init_locked(int *error) return rc; } -static int _sev_platform_init_locked(struct sev_platform_init_args *args) -{ - struct sev_device *sev; - int rc; - - if (!psp_master || !psp_master->sev_data) - return -ENODEV; - - sev = psp_master->sev_data; - - if (sev->state == SEV_STATE_INIT) - return 0; - - /* - * Legacy guests cannot be running while SNP_INIT(_EX) is executing, - * so perform SEV-SNP initialization at probe time. - */ - rc = __sev_snp_init_locked(&args->error); - if (rc && rc != -ENODEV) { - /* - * Don't abort the probe if SNP INIT failed, - * continue to initialize the legacy SEV firmware. - */ - dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n", - rc, args->error); - } - - /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */ - if (args->probe && !psp_init_on_probe) - return 0; - - return __sev_platform_init_locked(&args->error); -} - int sev_platform_init(struct sev_platform_init_args *args) { int rc; mutex_lock(&sev_cmd_mutex); - rc = _sev_platform_init_locked(args); + rc = __sev_platform_init_locked(&args->error); mutex_unlock(&sev_cmd_mutex); return rc; @@ -2556,9 +2518,7 @@ EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); void sev_pci_init(void) { struct sev_device *sev = psp_master->sev_data; - struct sev_platform_init_args args = {0}; u8 api_major, api_minor, build; - int rc; if (!sev) return; @@ -2581,16 +2541,6 @@ void sev_pci_init(void) api_major, api_minor, build, sev->api_major, sev->api_minor, sev->build); - /* Initialize the platform */ - args.probe = true; - rc = sev_platform_init(&args); - if (rc) - dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n", - args.error, rc); - - dev_info(sev->dev, "SEV%s API:%d.%d build:%d\n", sev->snp_initialized ? - "-SNP" : "", sev->api_major, sev->api_minor, sev->build); - return; err: @@ -2605,7 +2555,4 @@ void sev_pci_exit(void) if (!sev) return; - - sev_firmware_shutdown(sev); - } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index e50643aef8a9..dec89fc0b356 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -794,13 +794,9 @@ struct sev_data_snp_shutdown_ex { * struct sev_platform_init_args * * @error: SEV firmware error code - * @probe: True if this is being called as part of CCP module probe, which - * will defer SEV_INIT/SEV_INIT_EX firmware initialization until needed - * unless psp_init_on_probe module param is set */ struct sev_platform_init_args { int error; - bool probe; }; /**