| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Jul 2021 18:00:26 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: Brijesh Singh <brijesh.singh@....com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
npmccallum@...hat.com, brijesh.ksingh@...il.com
Subject: Re: [PATCH Part2 RFC v4 21/40] KVM: SVM: Add initial SEV-SNP support
On Wed, Jul 07, 2021, Brijesh Singh wrote:
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 411ed72f63af..abca2b9dee83 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -52,9 +52,14 @@ module_param_named(sev, sev_enabled, bool, 0444);
> /* enable/disable SEV-ES support */
> static bool sev_es_enabled = true;
> module_param_named(sev_es, sev_es_enabled, bool, 0444);
> +
> +/* enable/disable SEV-SNP support */
> +static bool sev_snp_enabled = true;
Is it safe to incrementally introduce SNP support? Or should the module param
be hidden until all support is in place? E.g. what will happen when KVM allows
userspace to create SNP guests but doesn't yet have the RMP management added?
> +module_param_named(sev_snp, sev_snp_enabled, bool, 0444);
> #else
> #define sev_enabled false
> #define sev_es_enabled false
> +#define sev_snp_enabled false
> #endif /* CONFIG_KVM_AMD_SEV */
>
> #define AP_RESET_HOLD_NONE 0
> @@ -1825,6 +1830,7 @@ void __init sev_hardware_setup(void)
> {
> #ifdef CONFIG_KVM_AMD_SEV
> unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;
> + bool sev_snp_supported = false;
> bool sev_es_supported = false;
> bool sev_supported = false;
>
> @@ -1888,9 +1894,21 @@ void __init sev_hardware_setup(void)
> pr_info("SEV-ES supported: %u ASIDs\n", sev_es_asid_count);
> sev_es_supported = true;
>
> + /* SEV-SNP support requested? */
> + if (!sev_snp_enabled)
> + goto out;
> +
> + /* Is SEV-SNP enabled? */
> + if (!cpu_feature_enabled(X86_FEATURE_SEV_SNP))
Random question, why use cpu_feature_enabled? Did something change in cpufeatures
that prevents using boot_cpu_has() here?
> + goto out;
> +
> + pr_info("SEV-SNP supported: %u ASIDs\n", min_sev_asid - 1);
Use sev_es_asid_count instead of manually recomputing the same; the latter
obfuscates the fact that ES and SNP share the same ASID pool.
Even better would be to report ES+SNP together, otherwise the user could easily
interpret ES and SNP having separate ASID pools. And IMO the gotos for SNP are
overkill, e.g.
sev_es_supported = true;
sev_snp_supported = sev_snp_enabled &&
cpu_feature_enabled(X86_FEATURE_SEV_SNP);
pr_info("SEV-ES %ssupported: %u ASIDs\n",
sev_snp_supported ? "and SEV-SNP " : "", sev_es_asid_count);
> + sev_snp_supported = true;
> +
> out:
> sev_enabled = sev_supported;
> sev_es_enabled = sev_es_supported;
> + sev_snp_enabled = sev_snp_supported;
> #endif
> }
>
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 1175edb02d33..b9ea99f8579e 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -58,6 +58,7 @@ enum {
> struct kvm_sev_info {
> bool active; /* SEV enabled guest */
> bool es_active; /* SEV-ES enabled guest */
> + bool snp_active; /* SEV-SNP enabled guest */
> unsigned int asid; /* ASID used for this guest */
> unsigned int handle; /* SEV firmware handle */
> int fd; /* SEV device fd */
> @@ -232,6 +233,17 @@ static inline bool sev_es_guest(struct kvm *kvm)
> #endif
> }
>
> +static inline bool sev_snp_guest(struct kvm *kvm)
> +{
> +#ifdef CONFIG_KVM_AMD_SEV
> + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> +
> + return sev_es_guest(kvm) && sev->snp_active;
Can't this be reduced to:
return to_kvm_svm(kvm)->sev_info.snp_active;
KVM should never set snp_active without also setting es_active.
Side topic, I think it would also be worthwhile to add to_sev (or maybe to_kvm_sev)
given the frequency of the "&to_kvm_svm(kvm)->sev_info" pattern.
> +#else
> + return false;
> +#endif
> +}
> +
> static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)
> {
> vmcb->control.clean = 0;
> --
> 2.17.1
>
Powered by blists - more mailing lists