Commit b65546b1 authored by Tycho Andersen (AMD)'s avatar Tycho Andersen (AMD) Committed by Borislav Petkov (AMD)
Browse files

x86/sev: Create snp_shutdown() 



After SNP_SHUTDOWN, two things should be done:

1. clear the RMP table
2. disable MFDM to prevent the FW_WARN in k8_check_syscfg_dram_mod_en() in
   the event of a kexec

Create and export to the CCP driver a function that does them.

Also change the MFDM helper to allow for disabling the bit, since the SNP x86
shutdown path needs to disable MFDM.

The comment for k8_check_syscfg_dram_mod_en() notes, the "BIOS" is supposed
clear it, or the kernel in the case of module unload and shutdown followed by
kexec.

Signed-off-by: default avatarTycho Andersen (AMD) <tycho@kernel.org>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
Link: https://patch.msgid.link/20260324161301.1353976-4-tycho@kernel.org
parent ca2ca373

arch/x86/include/asm/sev.h

+2 −0
Original line number Diff line number Diff line
@@ -662,6 +662,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int pages) 
	__snp_leak_pages(pfn, pages, true);

}

void snp_prepare(void);

void snp_shutdown(void);

#else

static inline bool snp_probe_rmptable_info(void) { return false; }

static inline int snp_rmptable_init(void) { return -ENOSYS; }
@@ -679,6 +680,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} 
static inline void kdump_sev_callback(void) { }

static inline void snp_fixup_e820_tables(void) {}

static inline void snp_prepare(void) {}

static inline void snp_shutdown(void) {}

#endif



#endif

arch/x86/virt/svm/sev.c

+19 −3
Original line number Diff line number Diff line
@@ -132,12 +132,15 @@ static unsigned long snp_nr_leaked_pages; 
#undef pr_fmt

#define pr_fmt(fmt)	"SEV-SNP: " fmt



static void mfd_enable(void *arg)

static void mfd_reconfigure(void *arg)

{

	if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP))

		return;



	if (arg)

		msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT);

	else

		msr_clear_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT);

}



static void snp_enable(void *arg)
@@ -523,13 +526,26 @@ void snp_prepare(void) 
	 * MtrrFixDramModEn is not shared between threads on a core,

	 * therefore it must be set on all CPUs prior to enabling SNP.

	 */

	on_each_cpu(mfd_enable, NULL, 1);

	on_each_cpu(mfd_reconfigure, (void *)1, 1);

	on_each_cpu(snp_enable, NULL, 1);



	cpus_read_unlock();

}

EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp");



void snp_shutdown(void)

{

	u64 syscfg;



	rdmsrq(MSR_AMD64_SYSCFG, syscfg);

	if (syscfg & MSR_AMD64_SYSCFG_SNP_EN)

		return;



	clear_rmp();

	on_each_cpu(mfd_reconfigure, NULL, 1);

}

EXPORT_SYMBOL_FOR_MODULES(snp_shutdown, "ccp");



/*

 * Do the necessary preparations which are verified by the firmware as

 * described in the SNP_INIT_EX firmware command description in the SNP