[PATCH 0/2] "nosnp" sev command line support

Pavan Kumar Paluri posted 2 patches 2 months, 4 weeks ago
.../arch/x86/x86_64/boot-options.rst          |  3 ++
arch/x86/coco/sev/core.c                      | 44 -------------------
arch/x86/include/asm/sev-common.h             | 27 ++++++++++++
arch/x86/virt/svm/Makefile                    |  1 +
arch/x86/virt/svm/cmdline.c                   | 38 ++++++++++++++++
5 files changed, 69 insertions(+), 44 deletions(-)
create mode 100644 arch/x86/virt/svm/cmdline.c
[PATCH 0/2] "nosnp" sev command line support
Posted by Pavan Kumar Paluri 2 months, 4 weeks ago
Provide "nosnp" boot option via "sev=nosnp" kernel command line to
prevent SNP-capable host kernel from enabling SEV-SNP and initializing
RMP table.

On providing sev=nosnp via kernel command line:
cat /sys/module/kvm_amd/parameters/sev_snp should be "N".

This patchset is based on tip/master.

Any feedback is much appreciated.

	Pavan
---
Pavan Kumar Paluri (2):
  x86, KVM:SVM: Move sev specific parsing into arch/x86/virt/svm
  x86 KVM:SVM: Provide "nosnp" boot option for sev kernel command line

 .../arch/x86/x86_64/boot-options.rst          |  3 ++
 arch/x86/coco/sev/core.c                      | 44 -------------------
 arch/x86/include/asm/sev-common.h             | 27 ++++++++++++
 arch/x86/virt/svm/Makefile                    |  1 +
 arch/x86/virt/svm/cmdline.c                   | 38 ++++++++++++++++
 5 files changed, 69 insertions(+), 44 deletions(-)
 create mode 100644 arch/x86/virt/svm/cmdline.c


base-commit: 6d9b02543ea85fcef2595e0a7a63a336ea2ac5e1
-- 
2.34.1
Re: [PATCH 0/2] "nosnp" sev command line support
Posted by Matthew Wilcox 2 months, 4 weeks ago
On Thu, Aug 01, 2024 at 03:56:36PM -0500, Pavan Kumar Paluri wrote:
> Provide "nosnp" boot option via "sev=nosnp" kernel command line to
> prevent SNP-capable host kernel from enabling SEV-SNP and initializing
> RMP table.

Congratulations on using three acronyms multiple times and defining none
of them.
Re: [PATCH 0/2] "nosnp" sev command line support
Posted by Paluri, PavanKumar 2 months, 4 weeks ago
Hi Matthew,

On 8/1/2024 3:58 PM, Matthew Wilcox wrote:
> On Thu, Aug 01, 2024 at 03:56:36PM -0500, Pavan Kumar Paluri wrote:
>> Provide "nosnp" boot option via "sev=nosnp" kernel command line to
>> prevent SNP-capable host kernel from enabling SEV-SNP and initializing
>> RMP table.
> 
> Congratulations on using three acronyms multiple times and defining none
> of them.

I apologize for not defining the acronyms, I had wrongly assumed they
were well understood by the reviewers/maintainers. I can fix that up
going forward. In the meantime:

RMP: Reverse Map Table
SEV: Secure Encrypted Virtualization
SNP: Secure Nested Paging

These definitions are also available in AMD-APM vol 2: Chapter 15 [1]

[1]:
https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf

Thanks,
Pavan
Re: [PATCH 0/2] "nosnp" sev command line support
Posted by Matthew Wilcox 2 months, 4 weeks ago
On Thu, Aug 01, 2024 at 05:23:29PM -0500, Paluri, PavanKumar wrote:
> Hi Matthew,
> 
> On 8/1/2024 3:58 PM, Matthew Wilcox wrote:
> > On Thu, Aug 01, 2024 at 03:56:36PM -0500, Pavan Kumar Paluri wrote:
> >> Provide "nosnp" boot option via "sev=nosnp" kernel command line to
> >> prevent SNP-capable host kernel from enabling SEV-SNP and initializing
> >> RMP table.
> > 
> > Congratulations on using three acronyms multiple times and defining none
> > of them.
> 
> I apologize for not defining the acronyms, I had wrongly assumed they
> were well understood by the reviewers/maintainers. I can fix that up
> going forward. In the meantime:

You cc'd linux-doc.  That's going to people who have no idea what
specialist part of the kernel you're working on.

> RMP: Reverse Map Table
> SEV: Secure Encrypted Virtualization
> SNP: Secure Nested Paging
> 
> These definitions are also available in AMD-APM vol 2: Chapter 15 [1]
> 
> [1]:
> https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf
> 
> Thanks,
> Pavan