x86/sev: Create snp_shutdown() · tjh.dev/kernel@b65546b

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

x86/sev: Create snp_shutdown()

After SNP_SHUTDOWN, two things should be done:

1. clear the RMP table
2. disable MFDM to prevent the FW_WARN in k8_check_syscfg_dram_mod_en() in
the event of a kexec

Create and export to the CCP driver a function that does them.

Also change the MFDM helper to allow for disabling the bit, since the SNP x86
shutdown path needs to disable MFDM.

The comment for k8_check_syscfg_dram_mod_en() notes, the "BIOS" is supposed
clear it, or the kernel in the case of module unload and shutdown followed by
kexec.

Signed-off-by: Tycho Andersen (AMD) <tycho@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://patch.msgid.link/20260324161301.1353976-4-tycho@kernel.org

authored by

Tycho Andersen (AMD) and committed by

Borislav Petkov (AMD) 2 months ago b65546b1 ca2ca373

+21 -3

2 changed files

expand all

arch

x86

include

asm

sev.h

virt

svm

sev.c

arch/x86/include/asm/sev.h

··· 662 662 __snp_leak_pages(pfn, pages, true); 663 663 } 664 664 void snp_prepare(void); 665 + void snp_shutdown(void); 665 666 #else 666 667 static inline bool snp_probe_rmptable_info(void) { return false; } 667 668 static inline int snp_rmptable_init(void) { return -ENOSYS; } ··· 680 679 static inline void kdump_sev_callback(void) { } 681 680 static inline void snp_fixup_e820_tables(void) {} 682 681 static inline void snp_prepare(void) {} 682 + static inline void snp_shutdown(void) {} 683 683 #endif 684 684 685 685 #endif

+19 -3

arch/x86/virt/svm/sev.c

··· 132 132 #undef pr_fmt 133 133 #define pr_fmt(fmt) "SEV-SNP: " fmt 134 134 135 - static void mfd_enable(void *arg) 135 + static void mfd_reconfigure(void *arg) 136 136 { 137 137 if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) 138 138 return; 139 139 140 - msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); 140 + if (arg) 141 + msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); 142 + else 143 + msr_clear_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); 141 144 } 142 145 143 146 static void snp_enable(void *arg) ··· 526 523 * MtrrFixDramModEn is not shared between threads on a core, 527 524 * therefore it must be set on all CPUs prior to enabling SNP. 528 525 */ 529 - on_each_cpu(mfd_enable, NULL, 1); 526 + on_each_cpu(mfd_reconfigure, (void *)1, 1); 530 527 on_each_cpu(snp_enable, NULL, 1); 531 528 532 529 cpus_read_unlock(); 533 530 } 534 531 EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp"); 532 + 533 + void snp_shutdown(void) 534 + { 535 + u64 syscfg; 536 + 537 + rdmsrq(MSR_AMD64_SYSCFG, syscfg); 538 + if (syscfg & MSR_AMD64_SYSCFG_SNP_EN) 539 + return; 540 + 541 + clear_rmp(); 542 + on_each_cpu(mfd_reconfigure, NULL, 1); 543 + } 544 + EXPORT_SYMBOL_FOR_MODULES(snp_shutdown, "ccp"); 535 545 536 546 /* 537 547 * Do the necessary preparations which are verified by the firmware as

Configure Feed

Configure Feed