| Message ID | 87cz2ija1e.ffs@tglx |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2131003vqr;
Tue, 30 May 2023 05:10:38 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ5Vam0fadDXTZeb7/3A4ivliSytdB2aUpIlCc6vn9c5MLU/drKSBDoPyLCqgG/8oAnvOW0a
X-Received: by 2002:a05:6a20:840c:b0:10b:bad9:1d31 with SMTP id
c12-20020a056a20840c00b0010bbad91d31mr2599625pzd.26.1685448638237;
Tue, 30 May 2023 05:10:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1685448638; cv=none;
d=google.com; s=arc-20160816;
b=B51gTC82qBFG/NMkdopLeUaWGHm4I7MBVoBv07UK+xIgw8GbxzJYsbgChJOJLWGl9s
BV5J/Ub3GRopbLUQH85w2Mdq7gwmmB46Rt3l8ACJOQq+xYKVvzLqX7I9/T7Y1ArBzod5
9Dc09aavRzfZGwmynwgYhYg61lxGWjcgRM18Xyp4frvIq9K+4JFxMCYwHxN4Vfdtkhmq
qxmGNUC2GxTnHWHZSKjf+TzdPjN66wFiOmomyBcK2y/5IIvlPyoevw+DgLNQpys7Vc8s
Ejcx0uGKo9kptlIXWPDm8HX+u8g55NYsfk8l53HLGENYed/FaT0PYSlGT1Cp3YAYpY6Q
raHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
bh=iZKRAQ6PZ8GK4gaM6K1HebRWTpJfBGLswDCJGgLN5o0=;
b=mpJKHDVESbsykkmvb7Ot3dcrus4xrBWinO4xdWeWogkApHEohotxAcGlQTNp0SQX4B
A92LpHAFHgyfcPnRCHn0S1YXGKgff49oN4nJ8LeeRRpaEXeKLXa6cvwLswZWhT3vNlqN
bC8DQm6VN1pTnuLnpNXAODhf9bJ/5NJhlV9V8LVY81XLhqOFQx+CGpzO/KDz84aLse83
/DCVtMZQzskmkSeTXKz+d9oj6HJqFfuV6Nvy4v5sCaonZHF5hC3KqHLp5I9ICHD550Vw
yAK6QNaG15uHZ/i30lw9eavweT7DuWWJpJZGOJN8qstlRpYeB4qsLueOlMhn5gl+SO2q
jdiw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@linutronix.de header.s=2020 header.b=m4WMewK1;
dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
header.b=ePubrlCx;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
d190-20020a621dc7000000b0064f3917aed4si1649285pfd.93.2023.05.30.05.10.24;
Tue, 30 May 2023 05:10:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linutronix.de header.s=2020 header.b=m4WMewK1;
dkim=neutral (no key) header.i=@linutronix.de header.s=2020e
header.b=ePubrlCx;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231612AbjE3MJg (ORCPT <rfc822;andrewvogler123@gmail.com>
+ 99 others); Tue, 30 May 2023 08:09:36 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42282 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230114AbjE3MJe (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 30 May 2023 08:09:34 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 950AD90;
Tue, 30 May 2023 05:09:19 -0700 (PDT)
From: Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
s=2020; t=1685448557;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=iZKRAQ6PZ8GK4gaM6K1HebRWTpJfBGLswDCJGgLN5o0=;
b=m4WMewK162ZNFwFaX5aCd5h4XR9fVfFKlcOKr0XvrKt28u52sp90XWujVFM8gK3h4ofwRI
SOK74XcgObHGkHLKgrJtnZmuimwWXh/wXN5q9j6Dv8gCxwb+AXijmXtlT1aYPYK1KlmCia
BRY4IEuplIYlboTaZlXuZ97GEPZdzEDaxJWuCfBZTFHFXe1n4ZZe6munDRdPajOfnef4JY
B2aRHT8SvnCVu5Z0nVzDGLL0t8nspaFR5wLfetwgGrG6VTVTYbuigWgnfZFxZNY8e+e9jz
fk5DZ/0bhEUcm9JiTR/8v3EDg6m0oY8ot+sN837vZzmjbxzjbsdTnvzWX7grnA==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
s=2020e; t=1685448557;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=iZKRAQ6PZ8GK4gaM6K1HebRWTpJfBGLswDCJGgLN5o0=;
b=ePubrlCxuRaMVoLtUqukHirTYLds6qKP6f4ORS+5dYI6s8wS4PLvyw0YznjLBK3j2Pn/GB
8pWP8hu7tKt0KJDA==
To: "Kirill A. Shutemov" <kirill@shutemov.name>
Cc: LKML <linux-kernel@vger.kernel.org>, x86@kernel.org,
David Woodhouse <dwmw2@infradead.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Brian Gerst <brgerst@gmail.com>,
Arjan van de Veen <arjan@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Paul McKenney <paulmck@kernel.org>,
Tom Lendacky <thomas.lendacky@amd.com>,
Sean Christopherson <seanjc@google.com>,
Oleksandr Natalenko <oleksandr@natalenko.name>,
Paul Menzel <pmenzel@molgen.mpg.de>,
"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
Piotr Gorski <lucjan.lucjanov@gmail.com>,
Usama Arif <usama.arif@bytedance.com>,
Juergen Gross <jgross@suse.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
xen-devel@lists.xenproject.org,
Russell King <linux@armlinux.org.uk>,
Arnd Bergmann <arnd@arndb.de>,
linux-arm-kernel@lists.infradead.org,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Guo Ren <guoren@kernel.org>,
linux-csky@vger.kernel.org,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
linux-mips@vger.kernel.org,
"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
Helge Deller <deller@gmx.de>, linux-parisc@vger.kernel.org,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
linux-riscv@lists.infradead.org,
Mark Rutland <mark.rutland@arm.com>,
Sabin Rapan <sabrapan@amazon.com>,
"Michael Kelley (LINUX)" <mikelley@microsoft.com>,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: [patch] x86/smpboot: Disable parallel bootup if cc_vendor != NONE
In-Reply-To: <87jzwqjeey.ffs@tglx>
References: <20230508181633.089804905@linutronix.de>
<20230508185218.962208640@linutronix.de>
<20230524204818.3tjlwah2euncxzmh@box.shutemov.name> <87y1lbl7r6.ffs@tglx>
<87sfbhlwp9.ffs@tglx> <20230529023939.mc2akptpxcg3eh2f@box.shutemov.name>
<87bki3kkfi.ffs@tglx> <20230529203129.sthnhzgds7ynddxd@box.shutemov.name>
<20230530005428.jyrc2ezx5raohlrt@box.shutemov.name> <87mt1mjhk3.ffs@tglx>
<87jzwqjeey.ffs@tglx>
Date: Tue, 30 May 2023 14:09:17 +0200
Message-ID: <87cz2ija1e.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1767320991474584622?=
X-GMAIL-MSGID: =?utf-8?q?1767320991474584622?=
|
| Series |
x86/smpboot: Disable parallel bootup if cc_vendor != NONE
|
|
Commit Message
Thomas Gleixner
May 30, 2023, 12:09 p.m. UTC
The decision to allow parallel bringup of secondary CPUs checks
CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use
parallel bootup because accessing the local APIC is intercepted and raises
a #VC or #VE, which cannot be handled at that point.
The check works correctly, but only for AMD encrypted guests. TDX does not
set that flag.
Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but
definitely works for both AMD and Intel.
Fixes: 0c7ffa32dbd6 ("x86/smpboot/64: Implement arch_cpuhp_init_parallel_bringup() and enable it")
Reported-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
---
arch/x86/kernel/smpboot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: > The decision to allow parallel bringup of secondary CPUs checks > CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use > parallel bootup because accessing the local APIC is intercepted and raises > a #VC or #VE, which cannot be handled at that point. > > The check works correctly, but only for AMD encrypted guests. TDX does not > set that flag. > > Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but > definitely works for both AMD and Intel. It boots fine with TDX, but I think it is wrong. cc_get_vendor() will report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think we want it.
On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: > On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: >> The decision to allow parallel bringup of secondary CPUs checks >> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use >> parallel bootup because accessing the local APIC is intercepted and raises >> a #VC or #VE, which cannot be handled at that point. >> >> The check works correctly, but only for AMD encrypted guests. TDX does not >> set that flag. >> >> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but >> definitely works for both AMD and Intel. > > It boots fine with TDX, but I think it is wrong. cc_get_vendor() will > report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think > we want it. Right. Did not think about that. But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only SEV-ES traps RDMSR if I'm understandig that maze correctly. Thanks, tglx
On Tue, May 30, 2023, Thomas Gleixner wrote: > On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: > > On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: > >> The decision to allow parallel bringup of secondary CPUs checks > >> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use > >> parallel bootup because accessing the local APIC is intercepted and raises > >> a #VC or #VE, which cannot be handled at that point. > >> > >> The check works correctly, but only for AMD encrypted guests. TDX does not > >> set that flag. > >> > >> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but > >> definitely works for both AMD and Intel. > > > > It boots fine with TDX, but I think it is wrong. cc_get_vendor() will > > report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think > > we want it. > > Right. Did not think about that. > > But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only > SEV-ES traps RDMSR if I'm understandig that maze correctly. Ya, regular SEV doesn't encrypt register state.
On Tue, May 30, 2023 at 06:00:46PM +0200, Thomas Gleixner wrote: > On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: > > On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: > >> The decision to allow parallel bringup of secondary CPUs checks > >> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use > >> parallel bootup because accessing the local APIC is intercepted and raises > >> a #VC or #VE, which cannot be handled at that point. > >> > >> The check works correctly, but only for AMD encrypted guests. TDX does not > >> set that flag. > >> > >> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but > >> definitely works for both AMD and Intel. > > > > It boots fine with TDX, but I think it is wrong. cc_get_vendor() will > > report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think > > we want it. > > Right. Did not think about that. > > But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only > SEV-ES traps RDMSR if I'm understandig that maze correctly. I don't know difference between SEV flavours that well. I see there's that on SEV-SNP access to x2APIC MSR range (MSR 0x800-0x8FF) is intercepted regardless if MSR_AMD64_SNP_ALT_INJ feature is present. But I'm not sure what the state on SEV or SEV-ES. Tom?
On Tue, May 30, 2023, Kirill A. Shutemov wrote: > On Tue, May 30, 2023 at 06:00:46PM +0200, Thomas Gleixner wrote: > > On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: > > > On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: > > >> The decision to allow parallel bringup of secondary CPUs checks > > >> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use > > >> parallel bootup because accessing the local APIC is intercepted and raises > > >> a #VC or #VE, which cannot be handled at that point. > > >> > > >> The check works correctly, but only for AMD encrypted guests. TDX does not > > >> set that flag. > > >> > > >> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but > > >> definitely works for both AMD and Intel. > > > > > > It boots fine with TDX, but I think it is wrong. cc_get_vendor() will > > > report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think > > > we want it. > > > > Right. Did not think about that. > > > > But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only > > SEV-ES traps RDMSR if I'm understandig that maze correctly. > > I don't know difference between SEV flavours that well. > > I see there's that on SEV-SNP access to x2APIC MSR range (MSR 0x800-0x8FF) > is intercepted regardless if MSR_AMD64_SNP_ALT_INJ feature is present. But > I'm not sure what the state on SEV or SEV-ES. With SEV-ES, if the hypervisor intercepts an MSR access, the VM-Exit is instead morphed to a #VC (except for EFER). The guest needs to do an explicit VMGEXIT (i.e. a hypercall) to explicitly request MSR emulation (this *can* be done in the #VC handler, but the guest can also do VMGEXIT directly, e.g. in lieu of a RDMSR). With regular SEV, VM-Exits aren't reflected into the guest. Register state isn't encrypted so the hypervisor can emulate MSR accesses (and other instructions) without needing an explicit hypercall from the guest.
On Tue, May 30 2023 at 09:56, Sean Christopherson wrote: > On Tue, May 30, 2023, Thomas Gleixner wrote: >> On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: >> > On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: >> >> The decision to allow parallel bringup of secondary CPUs checks >> >> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use >> >> parallel bootup because accessing the local APIC is intercepted and raises >> >> a #VC or #VE, which cannot be handled at that point. >> >> >> >> The check works correctly, but only for AMD encrypted guests. TDX does not >> >> set that flag. >> >> >> >> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but >> >> definitely works for both AMD and Intel. >> > >> > It boots fine with TDX, but I think it is wrong. cc_get_vendor() will >> > report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think >> > we want it. >> >> Right. Did not think about that. >> >> But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only >> SEV-ES traps RDMSR if I'm understandig that maze correctly. > > Ya, regular SEV doesn't encrypt register state. That aside. From a semantical POV making this decision about parallel bootup based on some magic CC encryption attribute is questionable. I'm tending to just do the below and make this CC agnostic (except that I couldn't find the right spot for SEV-ES to clear that flag.) Thanks, tglx --- --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -871,5 +871,7 @@ void __init tdx_early_init(void) x86_platform.guest.enc_tlb_flush_required = tdx_tlb_flush_required; x86_platform.guest.enc_status_change_finish = tdx_enc_status_changed; + x86_cpuinit.parallel_bringup = false; + pr_info("Guest detected\n"); } --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -2,6 +2,7 @@ #ifndef _ASM_X86_PLATFORM_H #define _ASM_X86_PLATFORM_H +#include <linux/bits.h> #include <asm/bootparam.h> struct ghcb; @@ -177,11 +178,14 @@ struct x86_init_ops { * struct x86_cpuinit_ops - platform specific cpu hotplug setups * @setup_percpu_clockev: set up the per cpu clock event device * @early_percpu_clock_init: early init of the per cpu clock event device + * @fixup_cpu_id: fixup function for cpuinfo_x86::phys_proc_id + * @parallel_bringup: Parallel bringup control */ struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); void (*early_percpu_clock_init)(void); void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); + bool parallel_bringup; }; struct timespec64; --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -1287,6 +1287,11 @@ bool __init arch_cpuhp_init_parallel_bri return false; } + if (!x86_cpuinit.parallel_bringup) { + pr_info("Parallel CPU startup disabled by the platform\n"); + return false; + } + smpboot_control = STARTUP_READ_APICID; pr_debug("Parallel CPU startup enabled: 0x%08x\n", smpboot_control); return true; --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -126,6 +126,7 @@ struct x86_init_ops x86_init __initdata struct x86_cpuinit_ops x86_cpuinit = { .early_percpu_clock_init = x86_init_noop, .setup_percpu_clockev = setup_secondary_APIC_clock, + .parallel_bringup = true, }; static void default_nmi_init(void) { };
On 5/30/23 14:51, Thomas Gleixner wrote: > On Tue, May 30 2023 at 09:56, Sean Christopherson wrote: >> On Tue, May 30, 2023, Thomas Gleixner wrote: >>> On Tue, May 30 2023 at 15:29, Kirill A. Shutemov wrote: >>>> On Tue, May 30, 2023 at 02:09:17PM +0200, Thomas Gleixner wrote: >>>>> The decision to allow parallel bringup of secondary CPUs checks >>>>> CC_ATTR_GUEST_STATE_ENCRYPT to detect encrypted guests. Those cannot use >>>>> parallel bootup because accessing the local APIC is intercepted and raises >>>>> a #VC or #VE, which cannot be handled at that point. >>>>> >>>>> The check works correctly, but only for AMD encrypted guests. TDX does not >>>>> set that flag. >>>>> >>>>> Check for cc_vendor != CC_VENDOR_NONE instead. That might be overbroad, but >>>>> definitely works for both AMD and Intel. >>>> >>>> It boots fine with TDX, but I think it is wrong. cc_get_vendor() will >>>> report CC_VENDOR_AMD even on bare metal if SME is enabled. I don't think >>>> we want it. >>> >>> Right. Did not think about that. >>> >>> But the same way is CC_ATTR_GUEST_MEM_ENCRYPT overbroad for AMD. Only >>> SEV-ES traps RDMSR if I'm understandig that maze correctly. >> >> Ya, regular SEV doesn't encrypt register state. > > That aside. From a semantical POV making this decision about parallel > bootup based on some magic CC encryption attribute is questionable. > > I'm tending to just do the below and make this CC agnostic (except that > I couldn't find the right spot for SEV-ES to clear that flag.) Maybe in sme_sev_setup_real_mode() in arch/x86/realmode/init.c? You could clear the flag within the CC_ATTR_GUEST_STATE_ENCRYPT check. Thanks, Tom > > Thanks, > > tglx > --- > --- a/arch/x86/coco/tdx/tdx.c > +++ b/arch/x86/coco/tdx/tdx.c > @@ -871,5 +871,7 @@ void __init tdx_early_init(void) > x86_platform.guest.enc_tlb_flush_required = tdx_tlb_flush_required; > x86_platform.guest.enc_status_change_finish = tdx_enc_status_changed; > > + x86_cpuinit.parallel_bringup = false; > + > pr_info("Guest detected\n"); > } > --- a/arch/x86/include/asm/x86_init.h > +++ b/arch/x86/include/asm/x86_init.h > @@ -2,6 +2,7 @@ > #ifndef _ASM_X86_PLATFORM_H > #define _ASM_X86_PLATFORM_H > > +#include <linux/bits.h> > #include <asm/bootparam.h> > > struct ghcb; > @@ -177,11 +178,14 @@ struct x86_init_ops { > * struct x86_cpuinit_ops - platform specific cpu hotplug setups > * @setup_percpu_clockev: set up the per cpu clock event device > * @early_percpu_clock_init: early init of the per cpu clock event device > + * @fixup_cpu_id: fixup function for cpuinfo_x86::phys_proc_id > + * @parallel_bringup: Parallel bringup control > */ > struct x86_cpuinit_ops { > void (*setup_percpu_clockev)(void); > void (*early_percpu_clock_init)(void); > void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); > + bool parallel_bringup; > }; > > struct timespec64; > --- a/arch/x86/kernel/smpboot.c > +++ b/arch/x86/kernel/smpboot.c > @@ -1287,6 +1287,11 @@ bool __init arch_cpuhp_init_parallel_bri > return false; > } > > + if (!x86_cpuinit.parallel_bringup) { > + pr_info("Parallel CPU startup disabled by the platform\n"); > + return false; > + } > + > smpboot_control = STARTUP_READ_APICID; > pr_debug("Parallel CPU startup enabled: 0x%08x\n", smpboot_control); > return true; > --- a/arch/x86/kernel/x86_init.c > +++ b/arch/x86/kernel/x86_init.c > @@ -126,6 +126,7 @@ struct x86_init_ops x86_init __initdata > struct x86_cpuinit_ops x86_cpuinit = { > .early_percpu_clock_init = x86_init_noop, > .setup_percpu_clockev = setup_secondary_APIC_clock, > + .parallel_bringup = true, > }; > > static void default_nmi_init(void) { };
On Tue, May 30 2023 at 15:03, Tom Lendacky wrote: > On 5/30/23 14:51, Thomas Gleixner wrote: >> That aside. From a semantical POV making this decision about parallel >> bootup based on some magic CC encryption attribute is questionable. >> >> I'm tending to just do the below and make this CC agnostic (except that >> I couldn't find the right spot for SEV-ES to clear that flag.) > > Maybe in sme_sev_setup_real_mode() in arch/x86/realmode/init.c? You could > clear the flag within the CC_ATTR_GUEST_STATE_ENCRYPT check. Eeew. Can we please have a AMD SEV-ES init specific place and not hijack some random code which has to check CC_ATTR_GUEST_STATE_ENCRYPT? Thanks, tglx
On 5/30/23 15:39, Thomas Gleixner wrote: > On Tue, May 30 2023 at 15:03, Tom Lendacky wrote: >> On 5/30/23 14:51, Thomas Gleixner wrote: >>> That aside. From a semantical POV making this decision about parallel >>> bootup based on some magic CC encryption attribute is questionable. >>> >>> I'm tending to just do the below and make this CC agnostic (except that >>> I couldn't find the right spot for SEV-ES to clear that flag.) >> >> Maybe in sme_sev_setup_real_mode() in arch/x86/realmode/init.c? You could >> clear the flag within the CC_ATTR_GUEST_STATE_ENCRYPT check. > > Eeew. > > Can we please have a AMD SEV-ES init specific place and not hijack some > random code which has to check CC_ATTR_GUEST_STATE_ENCRYPT? As long as it's not too early, you could try sme_early_init() in arch/x86/mm/mem_encrypt_amd.c. Add a check for sev_status & MSR_AMD64_SEV_ES_ENABLED and clear the flag. Thanks, Tom > > Thanks, > > tglx
--- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -1282,7 +1282,7 @@ bool __init arch_cpuhp_init_parallel_bri * Intel-TDX has a secure RDMSR hypercall, but that needs to be * implemented seperately in the low level startup ASM code. */ - if (cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) { + if (cc_get_vendor() != CC_VENDOR_NONE) { pr_info("Parallel CPU startup disabled due to guest state encryption\n"); return false; }