From nobody Thu Apr 2 06:10:56 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96F5D2D97B7; Mon, 30 Mar 2026 10:46:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774867566; cv=none; b=DKNWoq9Ylno6UJQ+R5lu+IRDOUgui6czB0l42ItFO7VDiWFM/sNbcK9ghUvera7MN2xdYh7/i2inSBG4+wzW/IXPN5QwpngB2cYnEcOgZW+wMt2w4+MpsaBlxaGCw2cII7kqA1nKWWBoyDn99r+W1XarIsDQ8qRMOEI/8FH7+wU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774867566; c=relaxed/simple; bh=bsJHZEcbtICURpRedYRm1TwS40LH9tRuqh8bAehS6JU=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=r/Pp0jGls45LRyN9aYN7/Lgf1gDi6DZAwhzyVUOcv+CWBLzh1395X60BF8NfcO2FAuvqjgO4fOMtbZC9u44I0QOP9x+Ixkl1TF0DLdYadksNzyaOjG4HLy5TdYGE+q/WBq1Zc0yTMwMyUnycVO7qtNv96ALuFy8MCVlHMINrJ1c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=Cfcr4kpZ; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=zYqOhVmu; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="Cfcr4kpZ"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="zYqOhVmu" Date: Mon, 30 Mar 2026 10:46:01 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1774867563; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HSbVOWzBg76r6KSA3hHUEhX6yfUKs/yq2YGdX9c1axo=; b=Cfcr4kpZ8Dbe/rlvd29E230qdQW+aHzn3NoJi6FyKBEwgd4lqFy7EILpRkRRw2g7tGMaS8 MKSmhUA/iBrLMbmdiHoKMI6c8xT4HNUZMNBmo8m6fYdrgDb44M1fKNUnhzurOT8pq7h6hD ngle/XZJkqjAxGik72ImnxytzK95Ajk1wkPZmMg4W2WUbNgdXjgewyyY3RIPY62zpTv/cM 213UfZvZ6QRWmD7wx7OE1wLIM/VS91TMwBP8LNl4/plUrloHMbrWlL3wrH9IqWizdEqtyT mJA4q3ZRXtP14dF9+YWNSLIkJvLnDjXsFX3cNHRTzwje41gj4/hr0oN5KoHrcg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1774867563; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HSbVOWzBg76r6KSA3hHUEhX6yfUKs/yq2YGdX9c1axo=; b=zYqOhVmuG/nJWGQtTa12hfZtoGcj9oV6iKMkh7SCx0GrOKS/ZQfD4YtB1bBh4/nSkgxfKf Oq8+CalUjyogDuAg== From: "tip-bot2 for Tycho Andersen (AMD)" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/sev] x86/sev: Create snp_prepare() Cc: "Tycho Andersen (AMD)" , "Borislav Petkov (AMD)" , Tom Lendacky , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20260326161110.1764303-3-tycho@kernel.org> References: <20260326161110.1764303-3-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <177486756164.1647592.16343037630498935560.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/sev branch of tip: Commit-ID: ca2ca373ec854d203c74e6ac1c4e08a70e8d2509 Gitweb: https://git.kernel.org/tip/ca2ca373ec854d203c74e6ac1c4e08a70= e8d2509 Author: Tycho Andersen (AMD) AuthorDate: Thu, 26 Mar 2026 10:11:05 -06:00 Committer: Borislav Petkov (AMD) CommitterDate: Sat, 28 Mar 2026 22:16:03 +01:00 x86/sev: Create snp_prepare() In preparation for delayed SNP initialization, create a function snp_prepar= e() that does the necessary architecture setup. Export this function for the c= cp module to allow it to do the setup as necessary. Introduce a cpu_read_lock/unlock() wrapper around the MFDM and SNP enable. While CPU hotplug is not supported, this makes sure that the bit setting happens on the same set of CPUs in both cases. This improvement was suggested by Sashiko: https://sashiko.dev/#/patchset/20260324161301.1353976-1-tycho%40kernel.org Also move {mfd,snp}_enable() out of the __init section, since these will be called later. Signed-off-by: Tycho Andersen (AMD) Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Tom Lendacky Link: https://patch.msgid.link/20260326161110.1764303-3-tycho@kernel.org --- arch/x86/include/asm/sev.h | 2 ++- arch/x86/virt/svm/sev.c | 49 ++++++++++++++++++++++--------------- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 0e6c094..2140e26 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -661,6 +661,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int= pages) { __snp_leak_pages(pfn, pages, true); } +void snp_prepare(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_rmptable_init(void) { return -ENOSYS; } @@ -677,6 +678,7 @@ static inline void __snp_leak_pages(u64 pfn, unsigned i= nt npages, bool dump_rmp) static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} static inline void kdump_sev_callback(void) { } static inline void snp_fixup_e820_tables(void) {} +static inline void snp_prepare(void) {} #endif =20 #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 0256069..ccec529 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -132,7 +132,7 @@ static unsigned long snp_nr_leaked_pages; #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt =20 -static __init void mfd_enable(void *arg) +static void mfd_enable(void *arg) { if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; @@ -140,7 +140,7 @@ static __init void mfd_enable(void *arg) msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); } =20 -static __init void snp_enable(void *arg) +static void snp_enable(void *arg) { u64 val; =20 @@ -503,6 +503,33 @@ static bool __init setup_rmptable(void) return true; } =20 +void snp_prepare(void) +{ + u64 val; + + /* + * Check if SEV-SNP is already enabled, this can happen in case of + * kexec boot. + */ + rdmsrq(MSR_AMD64_SYSCFG, val); + if (val & MSR_AMD64_SYSCFG_SNP_EN) + return; + + clear_rmp(); + + cpus_read_lock(); + + /* + * MtrrFixDramModEn is not shared between threads on a core, + * therefore it must be set on all CPUs prior to enabling SNP. + */ + on_each_cpu(mfd_enable, NULL, 1); + on_each_cpu(snp_enable, NULL, 1); + + cpus_read_unlock(); +} +EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp"); + /* * Do the necessary preparations which are verified by the firmware as * described in the SNP_INIT_EX firmware command description in the SNP @@ -510,8 +537,6 @@ static bool __init setup_rmptable(void) */ int __init snp_rmptable_init(void) { - u64 val; - if (WARN_ON_ONCE(!cc_platform_has(CC_ATTR_HOST_SEV_SNP))) return -ENOSYS; =20 @@ -521,22 +546,8 @@ int __init snp_rmptable_init(void) if (!setup_rmptable()) return -ENOSYS; =20 - /* - * Check if SEV-SNP is already enabled, this can happen in case of - * kexec boot. - */ - rdmsrq(MSR_AMD64_SYSCFG, val); - if (val & MSR_AMD64_SYSCFG_SNP_EN) - goto skip_enable; - - clear_rmp(); - - /* MtrrFixDramModEn must be enabled on all the CPUs prior to enabling SNP= . */ - on_each_cpu(mfd_enable, NULL, 1); - - on_each_cpu(snp_enable, NULL, 1); + snp_prepare(); =20 -skip_enable: /* * Setting crash_kexec_post_notifiers to 'true' to ensure that SNP panic * notifier is invoked to do SNP IOMMU shutdown before kdump.