x86/sev: Dump SEV_STATUS

It is, and will be even more useful in the future, to dump the SEV
features enabled according to SEV_STATUS. Do so:

  [    0.542753] Memory Encryption Features active: AMD SEV SEV-ES SEV-SNP
  [    0.544425] SEV: Status: SEV SEV-ES SEV-SNP DebugSwap

Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Nikunj A Dadhania <nikunj@amd.com>
Link: https://lore.kernel.org/r/20240219094216.GAZdMieDHKiI8aaP3n@fat_crate.local

diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 073291832f44d27096984c0dd236039d0d955cd3..9db630238034fecd0a740af4720d214a637d31ff 100644 (file)
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -369,7 +369,7 @@ static void enforce_vmpl0(void)
                                 MSR_AMD64_SNP_VMPL_SSS |               \
                                 MSR_AMD64_SNP_SECURE_TSC |             \
                                 MSR_AMD64_SNP_VMGEXIT_PARAM |          \
-                                MSR_AMD64_SNP_VMSA_REG_PROTECTION |    \
+                                MSR_AMD64_SNP_VMSA_REG_PROT |          \
                                 MSR_AMD64_SNP_RESERVED_BIT13 |         \
                                 MSR_AMD64_SNP_RESERVED_BIT15 |         \
                                 MSR_AMD64_SNP_RESERVED_MASK)

diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h
index f482bc6a5ae7cbe5878d64554995099ef3c31055..f8c73a549f0859320087848d27c69e79da3376ac 100644 (file)
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -594,36 +594,47 @@
 #define MSR_AMD64_SEV_ES_GHCB          0xc0010130
 #define MSR_AMD64_SEV                  0xc0010131
 #define MSR_AMD64_SEV_ENABLED_BIT      0
-#define MSR_AMD64_SEV_ES_ENABLED_BIT   1
-#define MSR_AMD64_SEV_SNP_ENABLED_BIT  2
 #define MSR_AMD64_SEV_ENABLED          BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
+#define MSR_AMD64_SEV_ES_ENABLED_BIT   1
 #define MSR_AMD64_SEV_ES_ENABLED       BIT_ULL(MSR_AMD64_SEV_ES_ENABLED_BIT)
+#define MSR_AMD64_SEV_SNP_ENABLED_BIT  2
 #define MSR_AMD64_SEV_SNP_ENABLED      BIT_ULL(MSR_AMD64_SEV_SNP_ENABLED_BIT)
-#define MSR_AMD64_RMP_BASE             0xc0010132
-#define MSR_AMD64_RMP_END              0xc0010133
-
-/* SNP feature bits enabled by the hypervisor */
-#define MSR_AMD64_SNP_VTOM                     BIT_ULL(3)
-#define MSR_AMD64_SNP_REFLECT_VC               BIT_ULL(4)
-#define MSR_AMD64_SNP_RESTRICTED_INJ           BIT_ULL(5)
-#define MSR_AMD64_SNP_ALT_INJ                  BIT_ULL(6)
-#define MSR_AMD64_SNP_DEBUG_SWAP               BIT_ULL(7)
-#define MSR_AMD64_SNP_PREVENT_HOST_IBS         BIT_ULL(8)
-#define MSR_AMD64_SNP_BTB_ISOLATION            BIT_ULL(9)
-#define MSR_AMD64_SNP_VMPL_SSS                 BIT_ULL(10)
-#define MSR_AMD64_SNP_SECURE_TSC               BIT_ULL(11)
-#define MSR_AMD64_SNP_VMGEXIT_PARAM            BIT_ULL(12)
-#define MSR_AMD64_SNP_IBS_VIRT                 BIT_ULL(14)
-#define MSR_AMD64_SNP_VMSA_REG_PROTECTION      BIT_ULL(16)
-#define MSR_AMD64_SNP_SMT_PROTECTION           BIT_ULL(17)
-
-/* SNP feature bits reserved for future use. */
-#define MSR_AMD64_SNP_RESERVED_BIT13           BIT_ULL(13)
-#define MSR_AMD64_SNP_RESERVED_BIT15           BIT_ULL(15)
-#define MSR_AMD64_SNP_RESERVED_MASK            GENMASK_ULL(63, 18)
+#define MSR_AMD64_SNP_VTOM_BIT         3
+#define MSR_AMD64_SNP_VTOM             BIT_ULL(MSR_AMD64_SNP_VTOM_BIT)
+#define MSR_AMD64_SNP_REFLECT_VC_BIT   4
+#define MSR_AMD64_SNP_REFLECT_VC       BIT_ULL(MSR_AMD64_SNP_REFLECT_VC_BIT)
+#define MSR_AMD64_SNP_RESTRICTED_INJ_BIT 5
+#define MSR_AMD64_SNP_RESTRICTED_INJ   BIT_ULL(MSR_AMD64_SNP_RESTRICTED_INJ_BIT)
+#define MSR_AMD64_SNP_ALT_INJ_BIT      6
+#define MSR_AMD64_SNP_ALT_INJ          BIT_ULL(MSR_AMD64_SNP_ALT_INJ_BIT)
+#define MSR_AMD64_SNP_DEBUG_SWAP_BIT   7
+#define MSR_AMD64_SNP_DEBUG_SWAP       BIT_ULL(MSR_AMD64_SNP_DEBUG_SWAP_BIT)
+#define MSR_AMD64_SNP_PREVENT_HOST_IBS_BIT 8
+#define MSR_AMD64_SNP_PREVENT_HOST_IBS BIT_ULL(MSR_AMD64_SNP_PREVENT_HOST_IBS_BIT)
+#define MSR_AMD64_SNP_BTB_ISOLATION_BIT        9
+#define MSR_AMD64_SNP_BTB_ISOLATION    BIT_ULL(MSR_AMD64_SNP_BTB_ISOLATION_BIT)
+#define MSR_AMD64_SNP_VMPL_SSS_BIT     10
+#define MSR_AMD64_SNP_VMPL_SSS         BIT_ULL(MSR_AMD64_SNP_VMPL_SSS_BIT)
+#define MSR_AMD64_SNP_SECURE_TSC_BIT   11
+#define MSR_AMD64_SNP_SECURE_TSC       BIT_ULL(MSR_AMD64_SNP_SECURE_TSC_BIT)
+#define MSR_AMD64_SNP_VMGEXIT_PARAM_BIT        12
+#define MSR_AMD64_SNP_VMGEXIT_PARAM    BIT_ULL(MSR_AMD64_SNP_VMGEXIT_PARAM_BIT)
+#define MSR_AMD64_SNP_RESERVED_BIT13   BIT_ULL(13)
+#define MSR_AMD64_SNP_IBS_VIRT_BIT     14
+#define MSR_AMD64_SNP_IBS_VIRT         BIT_ULL(MSR_AMD64_SNP_IBS_VIRT_BIT)
+#define MSR_AMD64_SNP_RESERVED_BIT15   BIT_ULL(15)
+#define MSR_AMD64_SNP_VMSA_REG_PROT_BIT        16
+#define MSR_AMD64_SNP_VMSA_REG_PROT    BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BIT)
+#define MSR_AMD64_SNP_SMT_PROT_BIT     17
+#define MSR_AMD64_SNP_SMT_PROT         BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT)
+#define MSR_AMD64_SNP_RESV_BIT         18
+#define MSR_AMD64_SNP_RESERVED_MASK    GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT)
 
 #define MSR_AMD64_VIRT_SPEC_CTRL       0xc001011f
 
+#define MSR_AMD64_RMP_BASE             0xc0010132
+#define MSR_AMD64_RMP_END              0xc0010133
+
 /* AMD Collaborative Processor Performance Control MSRs */
 #define MSR_AMD_CPPC_CAP1              0xc00102b0
 #define MSR_AMD_CPPC_ENABLE            0xc00102b1

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index bed95e1f4d5262fd173c30abe1cd3a448c792f74..f000635d6061f834b665c37a01e456955a12437a 100644 (file)
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -228,6 +228,7 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end);
 u64 snp_get_unsupported_features(u64 status);
 u64 sev_get_status(void);
 void kdump_sev_callback(void);
+void sev_show_status(void);
 #else
 static inline void sev_es_ist_enter(struct pt_regs *regs) { }
 static inline void sev_es_ist_exit(void) { }
@@ -257,6 +258,7 @@ static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { }
 static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
 static inline u64 sev_get_status(void) { return 0; }
 static inline void kdump_sev_callback(void) { }
+static inline void sev_show_status(void) { }
 #endif
 
 #ifdef CONFIG_KVM_AMD_SEV

diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 1ef7ae806a01be23884b8bd4ec078967fa935549..7d242898852f5ea0c5d76fcb9b926274ae29c009 100644 (file)
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -59,6 +59,25 @@
 #define AP_INIT_CR0_DEFAULT            0x60000010
 #define AP_INIT_MXCSR_DEFAULT          0x1f80
 
+static const char * const sev_status_feat_names[] = {
+       [MSR_AMD64_SEV_ENABLED_BIT]             = "SEV",
+       [MSR_AMD64_SEV_ES_ENABLED_BIT]          = "SEV-ES",
+       [MSR_AMD64_SEV_SNP_ENABLED_BIT]         = "SEV-SNP",
+       [MSR_AMD64_SNP_VTOM_BIT]                = "vTom",
+       [MSR_AMD64_SNP_REFLECT_VC_BIT]          = "ReflectVC",
+       [MSR_AMD64_SNP_RESTRICTED_INJ_BIT]      = "RI",
+       [MSR_AMD64_SNP_ALT_INJ_BIT]             = "AI",
+       [MSR_AMD64_SNP_DEBUG_SWAP_BIT]          = "DebugSwap",
+       [MSR_AMD64_SNP_PREVENT_HOST_IBS_BIT]    = "NoHostIBS",
+       [MSR_AMD64_SNP_BTB_ISOLATION_BIT]       = "BTBIsol",
+       [MSR_AMD64_SNP_VMPL_SSS_BIT]            = "VmplSSS",
+       [MSR_AMD64_SNP_SECURE_TSC_BIT]          = "SecureTSC",
+       [MSR_AMD64_SNP_VMGEXIT_PARAM_BIT]       = "VMGExitParam",
+       [MSR_AMD64_SNP_IBS_VIRT_BIT]            = "IBSVirt",
+       [MSR_AMD64_SNP_VMSA_REG_PROT_BIT]       = "VMSARegProt",
+       [MSR_AMD64_SNP_SMT_PROT_BIT]            = "SMTProt",
+};
+
 /* For early boot hypervisor communication in SEV-ES enabled guests */
 static struct ghcb boot_ghcb_page __bss_decrypted __aligned(PAGE_SIZE);
 
@@ -2275,3 +2294,19 @@ void kdump_sev_callback(void)
        if (cpu_feature_enabled(X86_FEATURE_SEV_SNP))
                wbinvd();
 }
+
+void sev_show_status(void)
+{
+       int i;
+
+       pr_info("Status: ");
+       for (i = 0; i < MSR_AMD64_SNP_RESV_BIT; i++) {
+               if (sev_status & BIT_ULL(i)) {
+                       if (!sev_status_feat_names[i])
+                               continue;
+
+                       pr_cont("%s ", sev_status_feat_names[i]);
+               }
+       }
+       pr_cont("\n");
+}

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index d035bce3a2b020ca5a9dbdcc6463addc090ec634..6f3b3e028718556667c1d86e8f56442eafc78dcc 100644 (file)
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -14,6 +14,8 @@
 #include <linux/mem_encrypt.h>
 #include <linux/virtio_anchor.h>
 
+#include <asm/sev.h>
+
 /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */
 bool force_dma_unencrypted(struct device *dev)
 {
@@ -74,6 +76,9 @@ static void print_mem_encrypt_feature_info(void)
                        pr_cont(" SEV-SNP");
 
                pr_cont("\n");
+
+               sev_show_status();
+
                break;
        default:
                pr_cont("Unknown\n");