Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e9df0942 authored by Brijesh Singh's avatar Brijesh Singh
Browse files

KVM: SVM: Add sev module_param 



The module parameter can be used to control the SEV feature support.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Reviewed-by: default avatarBorislav Petkov <bp@suse.de>
parent ed3cd233

arch/x86/kvm/svm.c

+49 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ 
#include <linux/amd-iommu.h>

#include <linux/hashtable.h>

#include <linux/frame.h>

#include <linux/psp-sev.h>



#include <asm/apic.h>

#include <asm/perf_event.h>
@@ -284,6 +285,10 @@ module_param(vls, int, 0444); 
static int vgif = true;

module_param(vgif, int, 0444);



/* enable/disable SEV support */

static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT);

module_param(sev, int, 0444);



static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);

static void svm_flush_tlb(struct kvm_vcpu *vcpu);

static void svm_complete_interrupts(struct vcpu_svm *svm);
@@ -1049,6 +1054,39 @@ static int avic_ga_log_notifier(u32 ga_tag) 
	return 0;

}



static __init int sev_hardware_setup(void)

{

	struct sev_user_data_status *status;

	int rc;



	/* Maximum number of encrypted guests supported simultaneously */

	max_sev_asid = cpuid_ecx(0x8000001F);



	if (!max_sev_asid)

		return 1;



	status = kmalloc(sizeof(*status), GFP_KERNEL);

	if (!status)

		return 1;



	/*

	 * Check SEV platform status.

	 *

	 * PLATFORM_STATUS can be called in any state, if we failed to query

	 * the PLATFORM status then either PSP firmware does not support SEV

	 * feature or SEV firmware is dead.

	 */

	rc = sev_platform_status(status, NULL);

	if (rc)

		goto err;



	pr_info("SEV supported\n");



err:

	kfree(status);

	return rc;

}



static __init int svm_hardware_setup(void)

{

	int cpu;
@@ -1084,6 +1122,17 @@ static __init int svm_hardware_setup(void) 
		kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE);

	}



	if (sev) {

		if (boot_cpu_has(X86_FEATURE_SEV) &&

		    IS_ENABLED(CONFIG_KVM_AMD_SEV)) {

			r = sev_hardware_setup();

			if (r)

				sev = false;

		} else {

			sev = false;

		}

	}



	for_each_possible_cpu(cpu) {

		r = svm_cpu_init(cpu);

		if (r)