diff options
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0068-KVM-SVM-Add-sev-module_param.patch')
| -rw-r--r-- | meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0068-KVM-SVM-Add-sev-module_param.patch | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0068-KVM-SVM-Add-sev-module_param.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0068-KVM-SVM-Add-sev-module_param.patch new file mode 100644 index 00000000..ad28d312 --- /dev/null +++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0068-KVM-SVM-Add-sev-module_param.patch @@ -0,0 +1,112 @@ +From c4db443adf12808cf037cfe61c08dedc360aacee Mon Sep 17 00:00:00 2001 +From: Brijesh Singh <brijesh.singh@amd.com> +Date: Mon, 4 Dec 2017 10:57:33 -0600 +Subject: [PATCH 68/95] KVM: SVM: Add sev module_param +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The module parameter can be used to control the SEV feature support. + +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: Ingo Molnar <mingo@redhat.com> +Cc: "H. Peter Anvin" <hpa@zytor.com> +Cc: Paolo Bonzini <pbonzini@redhat.com> +Cc: "Radim Krčmář" <rkrcmar@redhat.com> +Cc: Joerg Roedel <joro@8bytes.org> +Cc: Borislav Petkov <bp@suse.de> +Cc: Tom Lendacky <thomas.lendacky@amd.com> +Cc: x86@kernel.org +Cc: kvm@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> +Reviewed-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com> +--- + arch/x86/kvm/svm.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c +index 77914701..df8e1e3 100644 +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -37,6 +37,7 @@ + #include <linux/amd-iommu.h> + #include <linux/hashtable.h> + #include <linux/frame.h> ++#include <linux/psp-sev.h> + + #include <asm/apic.h> + #include <asm/perf_event.h> +@@ -298,6 +299,10 @@ module_param(vls, int, 0444); + static int vgif = true; + module_param(vgif, int, 0444); + ++/* enable/disable SEV support */ ++static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT); ++module_param(sev, int, 0444); ++ + static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0); + static void svm_flush_tlb(struct kvm_vcpu *vcpu); + static void svm_complete_interrupts(struct vcpu_svm *svm); +@@ -1086,6 +1091,39 @@ static int avic_ga_log_notifier(u32 ga_tag) + return 0; + } + ++static __init int sev_hardware_setup(void) ++{ ++ struct sev_user_data_status *status; ++ int rc; ++ ++ /* Maximum number of encrypted guests supported simultaneously */ ++ max_sev_asid = cpuid_ecx(0x8000001F); ++ ++ if (!max_sev_asid) ++ return 1; ++ ++ status = kmalloc(sizeof(*status), GFP_KERNEL); ++ if (!status) ++ return 1; ++ ++ /* ++ * Check SEV platform status. ++ * ++ * PLATFORM_STATUS can be called in any state, if we failed to query ++ * the PLATFORM status then either PSP firmware does not support SEV ++ * feature or SEV firmware is dead. ++ */ ++ rc = sev_platform_status(status, NULL); ++ if (rc) ++ goto err; ++ ++ pr_info("SEV supported\n"); ++ ++err: ++ kfree(status); ++ return rc; ++} ++ + static __init int svm_hardware_setup(void) + { + int cpu; +@@ -1121,6 +1159,17 @@ static __init int svm_hardware_setup(void) + kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE); + } + ++ if (sev) { ++ if (boot_cpu_has(X86_FEATURE_SEV) && ++ IS_ENABLED(CONFIG_KVM_AMD_SEV)) { ++ r = sev_hardware_setup(); ++ if (r) ++ sev = false; ++ } else { ++ sev = false; ++ } ++ } ++ + for_each_possible_cpu(cpu) { + r = svm_cpu_init(cpu); + if (r) +-- +2.7.4 + |