]> git.baikalelectronics.ru Git - kernel.git/commit
x86/sev: Add SEV-SNP guest feature negotiation support
authorNikunj A Dadhania <nikunj@amd.com>
Wed, 18 Jan 2023 06:19:43 +0000 (11:49 +0530)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 1 Feb 2023 07:34:50 +0000 (08:34 +0100)
commit9bd3f2617f099de7956720c36a02056a711d152a
treef93ce1ded2aaca4e213934c0a851f76c7e201ae3
parentfd244f2902f329a262efd6ffe72a147c9f8c430d
x86/sev: Add SEV-SNP guest feature negotiation support

commit 8c29f016540532582721cec1dbf6d144873433ba upstream.

The hypervisor can enable various new features (SEV_FEATURES[1:63]) and start a
SNP guest. Some of these features need guest side implementation. If any of
these features are enabled without it, the behavior of the SNP guest will be
undefined.  It may fail booting in a non-obvious way making it difficult to
debug.

Instead of allowing the guest to continue and have it fail randomly later,
detect this early and fail gracefully.

The SEV_STATUS MSR indicates features which the hypervisor has enabled.  While
booting, SNP guests should ascertain that all the enabled features have guest
side implementation. In case a feature is not implemented in the guest, the
guest terminates booting with GHCB protocol Non-Automatic Exit(NAE) termination
request event, see "SEV-ES Guest-Hypervisor Communication Block Standardization"
document (currently at https://developer.amd.com/wp-content/resources/56421.pdf),
section "Termination Request".

Populate SW_EXITINFO2 with mask of unsupported features that the hypervisor can
easily report to the user.

More details in the AMD64 APM Vol 2, Section "SEV_STATUS MSR".

  [ bp:
    - Massage.
    - Move snp_check_features() call to C code.
    Note: the CC:stable@ aspect here is to be able to protect older, stable
    kernels when running on newer hypervisors. Or not "running" but fail
    reliably and in a well-defined manner instead of randomly. ]

Fixes: f0492060dc1b ("x86/sev: Check SEV-SNP features support")
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20230118061943.534309-1-nikunj@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation/x86/amd-memory-encryption.rst
arch/x86/boot/compressed/ident_map_64.c
arch/x86/boot/compressed/misc.h
arch/x86/boot/compressed/sev.c
arch/x86/include/asm/msr-index.h
arch/x86/include/uapi/asm/svm.h