From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A84093D5651; Tue, 24 Mar 2026 16:13:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368802; cv=none; b=MF0uTTwuZnscwc8SYsoXNzWV/yrqfWeFqjqdjAepNHbSkznXEtmW55oXu5/CsPBGhZ1739wRsS8uQfGKGKv38w9i071cyGBbe1SKddX0Yh0wPna7QvPej7QGkY+Dm13mZt3HFDM/qVHdP0nzmKHEWKxY3rIIbEFhis1hGOC64B0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368802; c=relaxed/simple; bh=q3LEwBb48yBUwAP/JStffirx0olu9s+cHwEqdRIrL1A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Jl34BuyZ4aUKIpZL2oNvG8hTUra6RdEJLcYK8KcupMe1emdCy9qTaCjsibSRgAV+EQS34F3h4fbow9eLBUJVxvQXaOlkYBdc+IG5v2hRFt0Rs2ediqCu6KGFcETHECrHCEU+HfDKFYyG/kGVyA/VeJGWKNKwP2FWxZ7vOGUF/Ww= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=CoN99dX6; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="CoN99dX6" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1377DC2BCB4; Tue, 24 Mar 2026 16:13:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368802; bh=q3LEwBb48yBUwAP/JStffirx0olu9s+cHwEqdRIrL1A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CoN99dX61S0MN07uvDxl1PC8tuJRWkSSAD1h/KOqSnQ9XqcFDgrWqW3tsmrr3jqzt Df8ySJrrL9Cx7jABG4fmE8ZyNRigdRMkF5S04OKRdznKiOMcB2h3weIQFjRE7KgRUd VKhE0qpXypxsKKXInRWCTYZMPG60vltLesgaOMHLp1na9fHz5owpTp78xa7a8Rm0Cl FhwxxDI7C9qFbVmOqJhYgJ/TNzV8uKoLhDy5sWavl04ArQBdSmU+Xt6NjpddjVXghD FGuYVh4Gv4Dh/fCbemnOt6buaZTqBf1K0FY6pBQhEkPD8NJT8pDyOr8mkrJ1E9I8w4 OKELOpkOCoVqw== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 1/7] x86/sev: Create a function to clear/zero the RMP Date: Tue, 24 Mar 2026 10:12:55 -0600 Message-ID: <20260324161301.1353976-2-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Tom Lendacky In preparation for delayed SNP initialization and disablement on shutdown, create a function, clear_rmp(), that clears the RMP bookkeeping area and the RMP entries. Signed-off-by: Tom Lendacky Signed-off-by: Tycho Andersen (AMD) --- arch/x86/virt/svm/sev.c | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index e35fac0a8a3d..025606969823 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -242,6 +242,32 @@ void __init snp_fixup_e820_tables(void) } } =20 +static void clear_rmp(void) +{ + unsigned int i; + u64 val; + + if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) + return; + + /* Clearing the RMP while SNP is enabled will cause an exception */ + rdmsrq(MSR_AMD64_SYSCFG, val); + if (WARN_ON_ONCE(val & MSR_AMD64_SYSCFG_SNP_EN)) + return; + + memset(rmp_bookkeeping, 0, RMPTABLE_CPU_BOOKKEEPING_SZ); + + for (i =3D 0; i < rst_max_index; i++) { + struct rmp_segment_desc *desc; + + desc =3D rmp_segment_table[i]; + if (!desc) + continue; + + memset(desc->rmp_entry, 0, desc->size); + } +} + static bool __init alloc_rmp_segment_desc(u64 segment_pa, u64 segment_size= , u64 pa) { u64 rst_index, rmp_segment_size_max; @@ -484,7 +510,6 @@ static bool __init setup_rmptable(void) */ int __init snp_rmptable_init(void) { - unsigned int i; u64 val; =20 if (WARN_ON_ONCE(!cc_platform_has(CC_ATTR_HOST_SEV_SNP))) @@ -504,19 +529,7 @@ int __init snp_rmptable_init(void) if (val & MSR_AMD64_SYSCFG_SNP_EN) goto skip_enable; =20 - /* Zero out the RMP bookkeeping area */ - memset(rmp_bookkeeping, 0, RMPTABLE_CPU_BOOKKEEPING_SZ); - - /* Zero out the RMP entries */ - for (i =3D 0; i < rst_max_index; i++) { - struct rmp_segment_desc *desc; - - desc =3D rmp_segment_table[i]; - if (!desc) - continue; - - memset(desc->rmp_entry, 0, desc->size); - } + clear_rmp(); =20 /* MtrrFixDramModEn must be enabled on all the CPUs prior to enabling SNP= . */ on_each_cpu(mfd_enable, NULL, 1); --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F07103D3331; Tue, 24 Mar 2026 16:13:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368805; cv=none; b=RDxW23E81X+6M6cZRwc4HMw+umgM+gXmUJsezO8NY0eEtFURM2T/8jbqRy90t0veHjY+uxiyKN0xttqKK84NyIRE6Q5uuqionEvz8RTPWWQ9iufsnq+c9dq5ftFsFSahgOIfwaNG7GC/6LqcJ8/GsLLIBboIUZyhz8kHKxYAiXw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368805; c=relaxed/simple; bh=C0cxEGO7pt7MEvBETiZvMxPEovrTI69gUhimZn73XMs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=X2STEepMkR0w/P3Q6uuF8kNVJiyUdcEnGD7aem74/xOP5BjK/ZXkYL+Ek3r+r5dNCqGTxvAzyzVhKcVqI8yr+5rHLFOqc3ybvWTcpQqdJ8TYkuPU+w97xcVwvHgQMGs6BwKpuQPXLiEOdym4whqePk3EEWCzP1l7wJX2irJSeYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jLCTnQNJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jLCTnQNJ" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 91264C19424; Tue, 24 Mar 2026 16:13:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368804; bh=C0cxEGO7pt7MEvBETiZvMxPEovrTI69gUhimZn73XMs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jLCTnQNJPBAOJef4dOdpbbAypmUrud21smWgI0hNoIDyefBNT5v7dR3zfaja5pnGH TIUOlBuA28OFL1qsZn4dqbTVAIb7yFWZ1I489GB28wA7bkZkKJeFQ9uHQ0MhceOdDH UufiSxoP3omqtw4BX1JNRM+kf90dvrGWbHqigJZmtRlanwpmTVysVrXqr79bTPAcbw X7lJqmGMRGUoqCsBb+S887nHNN3JD//2/YNRshwUdsa6MKbr4kZKYvsiVERgasjs1s B37LEe0Zgk/AlKZeEv90Miu52b/8FJ0u804ADGKAbgq+Gz/vgqbXhiOxSFlLl6hrh3 MqyjyMFHRzxYA== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 2/7] x86/sev: Create snp_prepare() Date: Tue, 24 Mar 2026 10:12:56 -0600 Message-ID: <20260324161301.1353976-3-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" In preparation for delayed SNP initialization, create a function snp_prepare() that does the necessary architecture setup. Export this function for the ccp module to allow it to do the setup as necessary. Also move {mfd,snp}_enable out of the __init section, since these will be called later. Signed-off-by: Tycho Andersen (AMD) Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 2 ++ arch/x86/virt/svm/sev.c | 46 ++++++++++++++++++++++---------------- 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 0e6c0940100f..2140e26dec6c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -661,6 +661,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int= pages) { __snp_leak_pages(pfn, pages, true); } +void snp_prepare(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_rmptable_init(void) { return -ENOSYS; } @@ -677,6 +678,7 @@ static inline void __snp_leak_pages(u64 pfn, unsigned i= nt npages, bool dump_rmp) static inline void snp_leak_pages(u64 pfn, unsigned int npages) {} static inline void kdump_sev_callback(void) { } static inline void snp_fixup_e820_tables(void) {} +static inline void snp_prepare(void) {} #endif =20 #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 025606969823..6f4c3f6e2082 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -132,7 +132,7 @@ static unsigned long snp_nr_leaked_pages; #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt =20 -static __init void mfd_enable(void *arg) +static void mfd_enable(void *arg) { if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; @@ -140,7 +140,7 @@ static __init void mfd_enable(void *arg) msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); } =20 -static __init void snp_enable(void *arg) +static void snp_enable(void *arg) { u64 val; =20 @@ -503,6 +503,30 @@ static bool __init setup_rmptable(void) return true; } =20 +void snp_prepare(void) +{ + u64 val; + + /* + * Check if SEV-SNP is already enabled, this can happen in case of + * kexec boot. + */ + rdmsrq(MSR_AMD64_SYSCFG, val); + if (val & MSR_AMD64_SYSCFG_SNP_EN) + return; + + clear_rmp(); + + /* + * MtrrFixDramModEn is not shared between threads on a core, + * therefore it must be set on all CPUs prior to enabling SNP. + */ + on_each_cpu(mfd_enable, NULL, 1); + + on_each_cpu(snp_enable, NULL, 1); +} +EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp"); + /* * Do the necessary preparations which are verified by the firmware as * described in the SNP_INIT_EX firmware command description in the SNP @@ -510,8 +534,6 @@ static bool __init setup_rmptable(void) */ int __init snp_rmptable_init(void) { - u64 val; - if (WARN_ON_ONCE(!cc_platform_has(CC_ATTR_HOST_SEV_SNP))) return -ENOSYS; =20 @@ -521,22 +543,8 @@ int __init snp_rmptable_init(void) if (!setup_rmptable()) return -ENOSYS; =20 - /* - * Check if SEV-SNP is already enabled, this can happen in case of - * kexec boot. - */ - rdmsrq(MSR_AMD64_SYSCFG, val); - if (val & MSR_AMD64_SYSCFG_SNP_EN) - goto skip_enable; - - clear_rmp(); - - /* MtrrFixDramModEn must be enabled on all the CPUs prior to enabling SNP= . */ - on_each_cpu(mfd_enable, NULL, 1); - - on_each_cpu(snp_enable, NULL, 1); + snp_prepare(); =20 -skip_enable: /* * Setting crash_kexec_post_notifiers to 'true' to ensure that SNP panic * notifier is invoked to do SNP IOMMU shutdown before kdump. --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA6EC3D34BE; Tue, 24 Mar 2026 16:13:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368807; cv=none; b=P8ERKg+11JENsvn9eMBkqTM7uHGF0ucY8uZYsyrvY3yXsn0E5X1Qc7L8TFe8zQmB39iHmMn9QcaHWtZCoAFOi/hS7tqclLnNs5ZMPAMG5rJiEb5nKRZagshPPOfp4ufRAHwR2VYWWxpWdh2rYLuaybiQF3yLbTmrTSeIzlYDts0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368807; c=relaxed/simple; bh=vHJr3TpjJlafss0jw4C2GYj0JySugu6/8lYofKlQgx8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=axltA1shxv0iuaQlIUM6AC2c9Df3xtP7JbyFJsl6YFKmUGROieSUAXL4hk634o/1K2FMAFNfqd+T0AHTpoqW0ijE2ahX+oKlGQtUz6af/lHl9ykYhYrzAKM0T4cR12WPj4fVZfOl9EBivGgoneamSsCrtI72gr8cQWb0cBFIjN8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fe+0bNUR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fe+0bNUR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1AE92C2BCB2; Tue, 24 Mar 2026 16:13:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368807; bh=vHJr3TpjJlafss0jw4C2GYj0JySugu6/8lYofKlQgx8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fe+0bNURhAlP8iowaNWL1mjOxv6JxeqYwHk+i/0Bp3tzqMd90aV1Q8fCe45GGqywe +kHCDfA9XQRL5BAR62C0QWRHHOh1VAR2dqesicujB/W5JyBCaLmgduEGY1P6P+QYRG tRkpHRi1BmirYRunx0wDUog8YBAgCujw+WCJwL+laJwN7cMzfuU6zL4zNj7TnCu2fb ctjOzA36uCpV8hw4FeZLKs56NXEC5TgG+rz7Hx8Z5HbAM36fuNR8HWNuG8WZxrTagX Fw3r+TgScP0xuYULH1ecO3ZIwhJDAPJNUNrlsEtf4J2PMPG3faLFKpvIo2J209oMa9 +tFNx/S5lWSug== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 3/7] x86/sev: Create snp_shutdown() Date: Tue, 24 Mar 2026 10:12:57 -0600 Message-ID: <20260324161301.1353976-4-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" After SNP_SHUTDOWN, two things should be done: 1. clear the RMP table 2. disable MFDM to prevent the FW_WARN in k8_check_syscfg_dram_mod_en() in the event of a kexec Create and export to the CCP driver a function that does them. Also change the MFDM helper to allow for disabling the bit, since the SNP x86 shutdown path needs to disable MFDM. The comment for k8_check_syscfg_dram_mod_en() notes, the "BIOS" is supposed clear it, or the kernel in the case of module unload and shutdown followed by kexec. Signed-off-by: Tycho Andersen (AMD) Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 2 ++ arch/x86/virt/svm/sev.c | 22 +++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2140e26dec6c..09e605c85de4 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -662,6 +662,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int= pages) __snp_leak_pages(pfn, pages, true); } void snp_prepare(void); +void snp_shutdown(void); #else static inline bool snp_probe_rmptable_info(void) { return false; } static inline int snp_rmptable_init(void) { return -ENOSYS; } @@ -679,6 +680,7 @@ static inline void snp_leak_pages(u64 pfn, unsigned int= npages) {} static inline void kdump_sev_callback(void) { } static inline void snp_fixup_e820_tables(void) {} static inline void snp_prepare(void) {} +static inline void snp_shutdown(void) {} #endif =20 #endif diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 6f4c3f6e2082..bcb791a56053 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -132,12 +132,15 @@ static unsigned long snp_nr_leaked_pages; #undef pr_fmt #define pr_fmt(fmt) "SEV-SNP: " fmt =20 -static void mfd_enable(void *arg) +static void mfd_reconfigure(void *arg) { if (!cc_platform_has(CC_ATTR_HOST_SEV_SNP)) return; =20 - msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); + if (arg) + msr_set_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); + else + msr_clear_bit(MSR_AMD64_SYSCFG, MSR_AMD64_SYSCFG_MFDM_BIT); } =20 static void snp_enable(void *arg) @@ -521,12 +524,25 @@ void snp_prepare(void) * MtrrFixDramModEn is not shared between threads on a core, * therefore it must be set on all CPUs prior to enabling SNP. */ - on_each_cpu(mfd_enable, NULL, 1); + on_each_cpu(mfd_reconfigure, (void *)1, 1); =20 on_each_cpu(snp_enable, NULL, 1); } EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp"); =20 +void snp_shutdown(void) +{ + u64 syscfg; + + rdmsrq(MSR_AMD64_SYSCFG, syscfg); + if (syscfg & MSR_AMD64_SYSCFG_SNP_EN) + return; + + clear_rmp(); + on_each_cpu(mfd_reconfigure, NULL, 1); +} +EXPORT_SYMBOL_FOR_MODULES(snp_shutdown, "ccp"); + /* * Do the necessary preparations which are verified by the firmware as * described in the SNP_INIT_EX firmware command description in the SNP --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 355543A16B8; Tue, 24 Mar 2026 16:13:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368810; cv=none; b=u7t9F/doL6X9wBecM+YZhiN24/ph+P2QICTd2KoU/XZDGynueW3T82UrHFsYQ2qw0kgAKMA3vZC8wdgLJaSkJdKfDrWc5o9GirbMfXqVVtYs0PQB8O32mj17npm+oEB2HVx9rJBTN0XagIe34iYBUvH7OdYxKJkpu68oeazFCUw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368810; c=relaxed/simple; bh=/DSTUWVnPkfvvVMvjC8FfRHDmY8DNaX4fQM22D2eQE0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qEE4K+tmSEbyL71CB77oTKqH1xvebIBeXBgeX1za+jZ7O0r6sJQgQd88WqkRXPWvjzVH0vnTGcrv2G8i79B/tvhEwF59e0RQ41QBOeKB/2xt+M8FADEY3ZMvepHc19got1VJvTpcTp3LJ/ZJk94lGIJBnb/Rh0G7OMKS45PPZJU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ek7OAuA0; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ek7OAuA0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98099C19424; Tue, 24 Mar 2026 16:13:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368809; bh=/DSTUWVnPkfvvVMvjC8FfRHDmY8DNaX4fQM22D2eQE0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ek7OAuA0lbwD0xbkoCN8LTJzkgUqQBNmCrwGQLrJhH4gnsde9uCwsMCGpPVkt+mhz SsHh1TuGuv/D4GvMtFUeMNPWAK/iAKwqvJpY1WrZuyG5m4pboslNeSjziKy7On64QQ mr8akn0gClVnRFIVNPBtNymE19sXjVJb006lFSnYkVCzgHUr3DgTAii5eSjzesW5jz MkYGZ1oSuFIVKkEQOpaJlq2zJ4XH/FoxYrTUwZuL4n18HGdf3nwQqy0n4Cjen0GOj0 h++uxM25wDd3jUaTsqegVRNBxfev2jQQ1W4xt9DspzTCfFw9WcE3MxH7M/SYyp5jex 8MqzDIcO4exFg== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 4/7] x86/sev, crypto/ccp: Move SNP init to ccp driver Date: Tue, 24 Mar 2026 10:12:58 -0600 Message-ID: <20260324161301.1353976-5-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Use the new snp_prepare() to initialize SNP from the ccp driver instead of at boot time. This means that SNP is not enabled unless it is really going to be used (i.e. kvm_amd loads the ccp driver automatically). Signed-off-by: Tycho Andersen (AMD) Reviewed-by: Tom Lendacky --- arch/x86/virt/svm/sev.c | 2 -- drivers/crypto/ccp/sev-dev.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index bcb791a56053..bf0572c0c16e 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -559,8 +559,6 @@ int __init snp_rmptable_init(void) if (!setup_rmptable()) return -ENOSYS; =20 - snp_prepare(); - /* * Setting crash_kexec_post_notifiers to 'true' to ensure that SNP panic * notifier is invoked to do SNP IOMMU shutdown before kdump. diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index aebf4dad545e..4915b0125e8d 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1373,6 +1373,8 @@ static int __sev_snp_init_locked(int *error, unsigned= int max_snp_asid) return -EOPNOTSUPP; } =20 + snp_prepare(); + /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */ on_each_cpu(snp_set_hsave_pa, NULL, 1); =20 --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A89813F54BB; Tue, 24 Mar 2026 16:13:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368812; cv=none; b=RmXFuVimW2Owp2q2oPMYR3uCIRTPi5a25ZvCQwbsbGXA93etRLjPD4k8jSg2bYwbrVT1SRNozzRkdaiURshxRxkFXjTEPd7MWDDjC/zGSTw+u4IiVhP5TCRKWG7vd8dMbxULPCE4/c7948PTu8H9xhJfoa3lWIzqtIttYXSF8C0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368812; c=relaxed/simple; bh=3cZZYZRvIZviTOAmxWK7qO6OTUuqr5I4PTu25/M18vo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Mm14m32J1mppKa+CwTw7vS3JAPb2CwpbyR1qa7NTU2IY6HfZ8CTT/bmfLAXXIEQw2SUG9Puhv2PHBIffh0j5bRhxgmF5Edbt9jX1a9sOsSibilQvLBQGheWLtU7jtxBW6E/BZ1aVcSyeJHWURQvU/Z9TVaqbEy+naCxtOKR25TQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=paRGGoji; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="paRGGoji" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23609C2BCB3; Tue, 24 Mar 2026 16:13:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368812; bh=3cZZYZRvIZviTOAmxWK7qO6OTUuqr5I4PTu25/M18vo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=paRGGojiKInjStp5ZiQBEvAlqrzdjN7DaviUrXTyt+pmPjr9q8IJofDVPrsg8SDHx SC19cyt1iM50o+En9oQY5FroYG4LlULMvoZhucrM+NtOxTNqEweSF56hbFapbTj2Dq 2secjoCJqsTUe16IPEjYhMx0qMRWSVNP1qIE2TZcyIUOKLm5wcP3wz5MIxciCL7gp5 4qLrd//faAlMlmAH2N4WBf08VUIrQ96dtt9bXvNSjmZabAn8R3+NWC9oRBFxOFbRNm 4ungbO7VidTHoPYICDfAd+ok3Msvj8WU/AI4/esI6ugiJkG1QdUUEpKcQMLuwjdxlc GSsktpch/WJWQ== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 5/7] x86/sev, crypto/ccp: Move HSAVE_PA setup to arch/x86/ Date: Tue, 24 Mar 2026 10:12:59 -0600 Message-ID: <20260324161301.1353976-6-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Now that there is snp_prepare() that indicates when the CCP driver wants to prepare the architecture for SNP_INIT(_EX), move this architecture-specific bit of code to a more sensible place. Signed-off-by: Tycho Andersen (AMD) Reviewed-by: Tom Lendacky --- arch/x86/virt/svm/sev.c | 8 ++++++++ drivers/crypto/ccp/sev-dev.c | 8 -------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index bf0572c0c16e..d9e0eda7993f 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -506,6 +506,11 @@ static bool __init setup_rmptable(void) return true; } =20 +static void clear_hsave_pa(void *arg) +{ + wrmsrq(MSR_VM_HSAVE_PA, 0); +} + void snp_prepare(void) { u64 val; @@ -527,6 +532,9 @@ void snp_prepare(void) on_each_cpu(mfd_reconfigure, (void *)1, 1); =20 on_each_cpu(snp_enable, NULL, 1); + + /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */ + on_each_cpu(clear_hsave_pa, NULL, 1); } EXPORT_SYMBOL_FOR_MODULES(snp_prepare, "ccp"); =20 diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 4915b0125e8d..47cb8fca4e6c 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1076,11 +1076,6 @@ static inline int __sev_do_init_locked(int *psp_ret) return __sev_init_locked(psp_ret); } =20 -static void snp_set_hsave_pa(void *arg) -{ - wrmsrq(MSR_VM_HSAVE_PA, 0); -} - /* Hypervisor Fixed pages API interface */ static void snp_hv_fixed_pages_state_update(struct sev_device *sev, enum snp_hv_fixed_pages_state page_state) @@ -1375,9 +1370,6 @@ static int __sev_snp_init_locked(int *error, unsigned= int max_snp_asid) =20 snp_prepare(); =20 - /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */ - on_each_cpu(snp_set_hsave_pa, NULL, 1); - /* * Starting in SNP firmware v1.52, the SNP_INIT_EX command takes a list * of system physical address ranges to convert into HV-fixed page --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DDF33CEBB8; Tue, 24 Mar 2026 16:13:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368815; cv=none; b=mjQOyAn+PanakPe4MCtt09GrCIG1jsnEDI/vsRfPoF7norGxgYivKbIjFf0oBx2YyCB4LuocPrvjVkjlMsUSgc4UE64TrSTmbBG2Tn0AInTf+GRxpV6IbUiWWESxBJNLJ4RJq0/myzhmdDyh+1J14iUyaZdD/3RHtOaZImqO64w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368815; c=relaxed/simple; bh=EFFPAkfKUBUtv+l4cFHBmfeFlJDbrj3N6cEEBH5VfVQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ikrWkeiWxYMdDrK4FgwY/LABPnNIaDe7X3cigZsGwrcDSwz2W13i1o1CuwAg/KOvzH6u9HFAea/rIKIUTYeVnkfiOSSesRe21iSmE7wHp9/fxfWwKnotOjUdcnq8tclFdQV855I4GXS0bxg8jdPZnw3MvYaIC7ZB+3pfiuL7bjg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Jv36aHef; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Jv36aHef" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0E64C2BCB2; Tue, 24 Mar 2026 16:13:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368814; bh=EFFPAkfKUBUtv+l4cFHBmfeFlJDbrj3N6cEEBH5VfVQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Jv36aHefmib16GGIaKFL/N1FTeUk/ldxvWX+N5fwKo0FxP2TPk9hD/bgQ7GwO/SJe l+2Uh3XiP4/mHgP87j/ISh/ypNs3XViiKem9MA7b0HGg8q4jhtcaEznLvVFT0LPQpX /3HIwai8Gxf/pf15ANIDB1KYOK3xOIry01peiIVoh5ThPWUZWNps/DKt/o4dtHb/9s PduOyoCb2U27R5fZ20Xzpn7n/sUZZbOTfznBkb9VGUoEUsGxc+SbnYJ31ZVuWZYAFW 73KKLvv7xkeRjxejLx1q8G1DvEJzhRTV97wUObWCyzh8AQIohEnoxtlwi1VJCf1IFM PT3oSgSC9ps4g== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 6/7] crypto/ccp: Implement SNP x86 shutdown Date: Tue, 24 Mar 2026 10:13:00 -0600 Message-ID: <20260324161301.1353976-7-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" The SEV firmware has support to disable SNP during an SNP_SHUTDOWN_EX command. Verify that this support is available and set the flag so that SNP is disabled when it is not being used. In cases where SNP is disabled, skip the call to amd_iommu_snp_disable(), as all of the IOMMU pages have already been made shared. Also skip the panic case, since snp_shutdown() does IPIs. Signed-off-by: Tycho Andersen (AMD) Reviewed-by: Tom Lendacky Acked-by: Herbert Xu --- drivers/crypto/ccp/sev-dev.c | 41 +++++++++++++++++++++--------------- include/linux/psp-sev.h | 5 ++++- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 47cb8fca4e6c..366303ff6466 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -2039,6 +2039,8 @@ static int __sev_snp_shutdown_locked(int *error, bool= panic) memset(&data, 0, sizeof(data)); data.len =3D sizeof(data); data.iommu_snp_shutdown =3D 1; + if (sev->snp_feat_info_0.ecx & SNP_X86_SHUTDOWN_SUPPORTED) + data.x86_snp_shutdown =3D 1; =20 /* * If invoked during panic handling, local interrupts are disabled @@ -2072,23 +2074,28 @@ static int __sev_snp_shutdown_locked(int *error, bo= ol panic) return ret; } =20 - /* - * SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP - * enforcement by the IOMMU and also transitions all pages - * associated with the IOMMU to the Reclaim state. - * Firmware was transitioning the IOMMU pages to Hypervisor state - * before version 1.53. But, accounting for the number of assigned - * 4kB pages in a 2M page was done incorrectly by not transitioning - * to the Reclaim state. This resulted in RMP #PF when later accessing - * the 2M page containing those pages during kexec boot. Hence, the - * firmware now transitions these pages to Reclaim state and hypervisor - * needs to transition these pages to shared state. SNP Firmware - * version 1.53 and above are needed for kexec boot. - */ - ret =3D amd_iommu_snp_disable(); - if (ret) { - dev_err(sev->dev, "SNP IOMMU shutdown failed\n"); - return ret; + if (data.x86_snp_shutdown) { + if (!panic) + snp_shutdown(); + } else { + /* + * SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP + * enforcement by the IOMMU and also transitions all pages + * associated with the IOMMU to the Reclaim state. + * Firmware was transitioning the IOMMU pages to Hypervisor state + * before version 1.53. But, accounting for the number of assigned + * 4kB pages in a 2M page was done incorrectly by not transitioning + * to the Reclaim state. This resulted in RMP #PF when later accessing + * the 2M page containing those pages during kexec boot. Hence, the + * firmware now transitions these pages to Reclaim state and hypervisor + * needs to transition these pages to shared state. SNP Firmware + * version 1.53 and above are needed for kexec boot. + */ + ret =3D amd_iommu_snp_disable(); + if (ret) { + dev_err(sev->dev, "SNP IOMMU shutdown failed\n"); + return ret; + } } =20 snp_leak_hv_fixed_pages(); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 69ffa4b4d1fa..d5099a2baca5 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -829,12 +829,14 @@ struct sev_data_range_list { * * @len: length of the command buffer read by the PSP * @iommu_snp_shutdown: Disable enforcement of SNP in the IOMMU + * @x86_snp_shutdown: Disable SNP on all cores * @rsvd1: reserved */ struct sev_data_snp_shutdown_ex { u32 len; u32 iommu_snp_shutdown:1; - u32 rsvd1:31; + u32 x86_snp_shutdown:1; + u32 rsvd1:30; } __packed; =20 /** @@ -891,6 +893,7 @@ struct snp_feature_info { } __packed; =20 /* Feature bits in ECX */ +#define SNP_X86_SHUTDOWN_SUPPORTED BIT(1) #define SNP_RAPL_DISABLE_SUPPORTED BIT(2) #define SNP_CIPHER_TEXT_HIDING_SUPPORTED BIT(3) #define SNP_AES_256_XTS_POLICY_SUPPORTED BIT(4) --=20 2.53.0 From nobody Fri Apr 3 08:34:57 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AFAEB3FADFB; Tue, 24 Mar 2026 16:13:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368817; cv=none; b=sokRnKcBVZSG/96UqqN3oFXwOGOa55BQOZXJ2+TFzefphXniQHaUutLfx2JH1PTehk89oZgnLqhBVj3r+1XwZql6kk6zaoRmPlsRTgFFPsF9G0KczFxVUAFpa2UHboLofarQ7/OObMz6IwjUhuoxL/YezZOaLwUx71+ObZPJFE8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774368817; c=relaxed/simple; bh=mf7bLNEda1Tj+dC56foTRX9C+4x8Hkt0HqdruR97d9g=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=GwL44Vwhxv5WZGqkVcUkunD77gqevaKFhd2P5Ra+QNRLXXJV8Mrm3Sr3q6RAe/OADPECBuh/cKCjTAf8WgVKs+LxmpXs0uRlmM4+eIBSP9VV54Rfr96K9tK0uUo2MxT2YrqkaA1b+ugSmAOvudpuGYC5jiuzk8hhhElj/kgyD2Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kT7udDgR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kT7udDgR" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2AC2CC2BCB4; Tue, 24 Mar 2026 16:13:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774368817; bh=mf7bLNEda1Tj+dC56foTRX9C+4x8Hkt0HqdruR97d9g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kT7udDgR/eIShGgpxF6EuMMi6/OAJ48Y1unf2nmPvkmIdzyplJ3vhRDP1sXTSts/O FPqMbEOs4OfzYbeN2C6L+UxiX8eMZtAYYVXe5k6XEZ4r6FklqTB3OZldJh2etDI2Iq avC/1KlZmj1E03LPKIRmjMNm2xQV9qIAA34TK/y868S7jrb+dQ0HZ1kJasMPXMkNpf hepG5vVNF5/zek/MFBqq0mViDOoP3iyGlZWTeQXfSijz+VcA2qfEXhiae+CYHm/sOs gUyQ6aT/T75PbtSiRnwGwbNX8XOeDT75vElQBSmIzo1swVTa0qi/e2mH4mWydXsYVq DzoMmrsAEYN2g== From: Tycho Andersen To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ard Biesheuvel , Neeraj Upadhyay , Kishon Vijay Abraham I , Alexey Kardashevskiy , Nikunj A Dadhania , "Peter Zijlstra (Intel)" , Kim Phillips , Sean Christopherson Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, "Tycho Andersen (AMD)" Subject: [PATCH v4 7/7] crypto/ccp: Update HV_FIXED page states to allow freeing of memory Date: Tue, 24 Mar 2026 10:13:01 -0600 Message-ID: <20260324161301.1353976-8-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260324161301.1353976-1-tycho@kernel.org> References: <20260324161301.1353976-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Tom Lendacky After SNP is disabled, any pages allocated as HV_FIXED can now be freed. Update the page state of these pages and the snp_leak_hv_fixed_pages() function to free pages on SNP_SHUTDOWN. Signed-off-by: Tom Lendacky Signed-off-by: Tycho Andersen (AMD) Acked-by: Herbert Xu --- drivers/crypto/ccp/sev-dev.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 366303ff6466..939fa8aa155c 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1219,7 +1219,7 @@ static void snp_add_hv_fixed_pages(struct sev_device = *sev, struct sev_data_range =20 static void snp_leak_hv_fixed_pages(void) { - struct snp_hv_fixed_pages_entry *entry; + struct snp_hv_fixed_pages_entry *entry, *nentry; =20 /* List is protected by sev_cmd_mutex */ lockdep_assert_held(&sev_cmd_mutex); @@ -1227,10 +1227,16 @@ static void snp_leak_hv_fixed_pages(void) if (list_empty(&snp_hv_fixed_pages)) return; =20 - list_for_each_entry(entry, &snp_hv_fixed_pages, list) - if (entry->page_state =3D=3D HV_FIXED) + list_for_each_entry_safe(entry, nentry, &snp_hv_fixed_pages, list) { + if (entry->free && entry->page_state !=3D HV_FIXED) + __free_pages(entry->page, entry->order); + else __snp_leak_pages(page_to_pfn(entry->page), 1 << entry->order, false); + + list_del(&entry->list); + kfree(entry); + } } =20 bool sev_is_snp_ciphertext_hiding_supported(void) @@ -2077,6 +2083,7 @@ static int __sev_snp_shutdown_locked(int *error, bool= panic) if (data.x86_snp_shutdown) { if (!panic) snp_shutdown(); + snp_hv_fixed_pages_state_update(sev, ALLOCATED); } else { /* * SNP_SHUTDOWN_EX with IOMMU_SNP_SHUTDOWN set to 1 disables SNP --=20 2.53.0