Re: [PATCH v10 06/50] x86/sev: Add the host SEV-SNP initialization support

[Kalra, Ashish]

On 11/8/2023 12:14 AM, Borislav Petkov wrote:
> On Tue, Nov 07, 2023 at 04:33:41PM -0600, Kalra, Ashish wrote:
> > We will still need some method to tell the IOMMU driver if SNP
> > support/feature is disabled by this function, for example, when CPU family
> > and model is not supported by SNP and we jump to no_snp label.
>
> See below.
>
> > The reliable way for this to work is to ensure snp_rmptable_init() is called
> > before IOMMU initialization and then IOMMU initialization depends on SNP
> > feature flag setup by snp_rmptable_init() to enable SNP support on IOMMU or
> > not.
>
> Yes, this whole SNP initialization needs to be reworked and split this
> way:
>
> - early detection work which needs to be done once goes to
>    bsp_init_amd(): that's basically your early_detect_mem_encrypt() stuff
>    which needs to happen exactly only once and early.
>
> - Any work like:
>
> 	 c->x86_phys_bits -= (cpuid_ebx(0x8000001f) >> 6) & 0x3f;
>
>    and the like which needs to happen on each AP, gets put in a function
>    which gets called by init_amd().
>
> By the time IOMMU gets to init, you already know whether it should
> enable SNP and check X86_FEATURE_SEV_SNP.
>
> Finally, you call __snp_rmptable_init() which does the *per-CPU* init
> work which is still pending. >
> Ok?	

Yes, will need to rework the SNP initialization stuff, the important 
point is that we want to do snp_rmptable_init() stuff before IOMMU 
initialization as for things like RMP table not correctly setup, etc., 
we don't want IOMMU initialization to enable SNP on the IOMMUs.

Thanks,
Ashish