| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Aug 2021 13:11:35 -0500
From: Brijesh Singh <brijesh.singh@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: brijesh.singh@....com, x86@...nel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
linux-crypto@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>, tony.luck@...el.com,
npmccallum@...hat.com, brijesh.ksingh@...il.com
Subject: Re: [PATCH Part1 RFC v4 16/36] KVM: SVM: define new SEV_FEATURES
field in the VMCB Save State Area
On 8/17/21 12:54 PM, Borislav Petkov wrote:
> On Wed, Jul 07, 2021 at 01:14:46PM -0500, Brijesh Singh wrote:
>> The hypervisor uses the SEV_FEATURES field (offset 3B0h) in the Save State
>> Area to control the SEV-SNP guest features such as SNPActive, vTOM,
>> ReflectVC etc. An SEV-SNP guest can read the SEV_FEATURES fields through
>> the SEV_STATUS MSR.
>>
>> While at it, update the dump_vmcb() to log the VMPL level.
>>
>> See APM2 Table 15-34 and B-4 for more details.
>>
>> Signed-off-by: Brijesh Singh <brijesh.singh@....com>
>> ---
>> arch/x86/include/asm/svm.h | 15 +++++++++++++--
>> arch/x86/kvm/svm/svm.c | 4 ++--
>> 2 files changed, 15 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
>> index 772e60efe243..ff614cdcf628 100644
>> --- a/arch/x86/include/asm/svm.h
>> +++ b/arch/x86/include/asm/svm.h
>> @@ -212,6 +212,15 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
>> #define SVM_NESTED_CTL_SEV_ENABLE BIT(1)
>> #define SVM_NESTED_CTL_SEV_ES_ENABLE BIT(2)
>>
>> +#define SVM_SEV_FEATURES_SNP_ACTIVE BIT(0)
>> +#define SVM_SEV_FEATURES_VTOM BIT(1)
>> +#define SVM_SEV_FEATURES_REFLECT_VC BIT(2)
>> +#define SVM_SEV_FEATURES_RESTRICTED_INJECTION BIT(3)
>> +#define SVM_SEV_FEATURES_ALTERNATE_INJECTION BIT(4)
>> +#define SVM_SEV_FEATURES_DEBUG_SWAP BIT(5)
>> +#define SVM_SEV_FEATURES_PREVENT_HOST_IBS BIT(6)
>> +#define SVM_SEV_FEATURES_BTB_ISOLATION BIT(7)
>
> Only some of those get used and only later. Please introduce only those
> with the patch that adds usage.
>
Okay.
> Also,
>
> s/SVM_SEV_FEATURES_/SVM_SEV_FEAT_/g
>
I can do that.
> at least.
>
> And by the way, why is this patch and the next 3 part of the guest set?
> They look like they belong into the hypervisor set.
>
This is needed by the AP creation, in SNP the AP creation need to
populate the VMSA page and thus need to use some of macros and fields etc.
Powered by blists - more mailing lists