crypto: ccp - Don't initialize SEV support without the SEV feature
diff mbox series

Message ID c1ea9899e6169bf3a3042866e165a2f90bda3ebd.1614810669.git.thomas.lendacky@amd.com
State Accepted
Commit 1877c73b7c03c9f15c397e4e278ad3f551475ecf
Headers show
Series
  • crypto: ccp - Don't initialize SEV support without the SEV feature
Related show

Commit Message

Tom Lendacky March 3, 2021, 10:31 p.m. UTC
From: Tom Lendacky <thomas.lendacky@amd.com>

If SEV has been disabled (e.g. through BIOS), the driver probe will still
issue SEV firmware commands. The SEV INIT firmware command will return an
error in this situation, but the error code is a general error code that
doesn't highlight the exact reason.

Add a check for X86_FEATURE_SEV in sev_dev_init() and emit a meaningful
message and skip attempting to initialize the SEV firmware if the feature
is not enabled. Since building the SEV code is dependent on X86_64, adding
the check won't cause any build problems.

Cc: John Allen <john.allen@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 drivers/crypto/ccp/sev-dev.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Brijesh Singh March 5, 2021, 12:04 a.m. UTC | #1
On 3/3/21 4:31 PM, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
>
> If SEV has been disabled (e.g. through BIOS), the driver probe will still
> issue SEV firmware commands. The SEV INIT firmware command will return an
> error in this situation, but the error code is a general error code that
> doesn't highlight the exact reason.
>
> Add a check for X86_FEATURE_SEV in sev_dev_init() and emit a meaningful
> message and skip attempting to initialize the SEV firmware if the feature
> is not enabled. Since building the SEV code is dependent on X86_64, adding
> the check won't cause any build problems.
>
> Cc: John Allen <john.allen@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>


Reviewed-By: Brijesh Singh <brijesh.singh@amd.com>

> ---
>  drivers/crypto/ccp/sev-dev.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 476113e12489..b9fc8d7aca73 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -21,6 +21,7 @@
>  #include <linux/ccp.h>
>  #include <linux/firmware.h>
>  #include <linux/gfp.h>
> +#include <linux/cpufeature.h>
>  
>  #include <asm/smp.h>
>  
> @@ -971,6 +972,11 @@ int sev_dev_init(struct psp_device *psp)
>  	struct sev_device *sev;
>  	int ret = -ENOMEM;
>  
> +	if (!boot_cpu_has(X86_FEATURE_SEV)) {
> +		dev_info_once(dev, "SEV: memory encryption not enabled by BIOS\n");
> +		return 0;
> +	}
> +
>  	sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
>  	if (!sev)
>  		goto e_err;
Herbert Xu March 12, 2021, 1:12 p.m. UTC | #2
On Wed, Mar 03, 2021 at 04:31:09PM -0600, Tom Lendacky wrote:
> From: Tom Lendacky <thomas.lendacky@amd.com>
> 
> If SEV has been disabled (e.g. through BIOS), the driver probe will still
> issue SEV firmware commands. The SEV INIT firmware command will return an
> error in this situation, but the error code is a general error code that
> doesn't highlight the exact reason.
> 
> Add a check for X86_FEATURE_SEV in sev_dev_init() and emit a meaningful
> message and skip attempting to initialize the SEV firmware if the feature
> is not enabled. Since building the SEV code is dependent on X86_64, adding
> the check won't cause any build problems.
> 
> Cc: John Allen <john.allen@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
>  drivers/crypto/ccp/sev-dev.c | 6 ++++++
>  1 file changed, 6 insertions(+)

Patch applied.  Thanks.

Patch
diff mbox series

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 476113e12489..b9fc8d7aca73 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -21,6 +21,7 @@ 
 #include <linux/ccp.h>
 #include <linux/firmware.h>
 #include <linux/gfp.h>
+#include <linux/cpufeature.h>
 
 #include <asm/smp.h>
 
@@ -971,6 +972,11 @@  int sev_dev_init(struct psp_device *psp)
 	struct sev_device *sev;
 	int ret = -ENOMEM;
 
+	if (!boot_cpu_has(X86_FEATURE_SEV)) {
+		dev_info_once(dev, "SEV: memory encryption not enabled by BIOS\n");
+		return 0;
+	}
+
 	sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
 	if (!sev)
 		goto e_err;