Commit e9df0942 authored by Brijesh Singh's avatar Brijesh Singh

KVM: SVM: Add sev module_param

The module parameter can be used to control the SEV feature support.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
parent ed3cd233
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#include <linux/amd-iommu.h> #include <linux/amd-iommu.h>
#include <linux/hashtable.h> #include <linux/hashtable.h>
#include <linux/frame.h> #include <linux/frame.h>
#include <linux/psp-sev.h>
#include <asm/apic.h> #include <asm/apic.h>
#include <asm/perf_event.h> #include <asm/perf_event.h>
...@@ -284,6 +285,10 @@ module_param(vls, int, 0444); ...@@ -284,6 +285,10 @@ module_param(vls, int, 0444);
static int vgif = true; static int vgif = true;
module_param(vgif, int, 0444); module_param(vgif, int, 0444);
/* enable/disable SEV support */
static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT);
module_param(sev, int, 0444);
static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
static void svm_flush_tlb(struct kvm_vcpu *vcpu); static void svm_flush_tlb(struct kvm_vcpu *vcpu);
static void svm_complete_interrupts(struct vcpu_svm *svm); static void svm_complete_interrupts(struct vcpu_svm *svm);
...@@ -1049,6 +1054,39 @@ static int avic_ga_log_notifier(u32 ga_tag) ...@@ -1049,6 +1054,39 @@ static int avic_ga_log_notifier(u32 ga_tag)
return 0; return 0;
} }
static __init int sev_hardware_setup(void)
{
struct sev_user_data_status *status;
int rc;
/* Maximum number of encrypted guests supported simultaneously */
max_sev_asid = cpuid_ecx(0x8000001F);
if (!max_sev_asid)
return 1;
status = kmalloc(sizeof(*status), GFP_KERNEL);
if (!status)
return 1;
/*
* Check SEV platform status.
*
* PLATFORM_STATUS can be called in any state, if we failed to query
* the PLATFORM status then either PSP firmware does not support SEV
* feature or SEV firmware is dead.
*/
rc = sev_platform_status(status, NULL);
if (rc)
goto err;
pr_info("SEV supported\n");
err:
kfree(status);
return rc;
}
static __init int svm_hardware_setup(void) static __init int svm_hardware_setup(void)
{ {
int cpu; int cpu;
...@@ -1084,6 +1122,17 @@ static __init int svm_hardware_setup(void) ...@@ -1084,6 +1122,17 @@ static __init int svm_hardware_setup(void)
kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE); kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);
} }
if (sev) {
if (boot_cpu_has(X86_FEATURE_SEV) &&
IS_ENABLED(CONFIG_KVM_AMD_SEV)) {
r = sev_hardware_setup();
if (r)
sev = false;
} else {
sev = false;
}
}
for_each_possible_cpu(cpu) { for_each_possible_cpu(cpu) {
r = svm_cpu_init(cpu); r = svm_cpu_init(cpu);
if (r) if (r)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment