From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FE5AC46CD3 for ; Mon, 18 Dec 2023 17:44:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 30BA06B0095; Mon, 18 Dec 2023 12:44:08 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 294DB6B0096; Mon, 18 Dec 2023 12:44:08 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 135656B0098; Mon, 18 Dec 2023 12:44:08 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id EE6B76B0095 for ; Mon, 18 Dec 2023 12:44:07 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id BAE77121274 for ; Mon, 18 Dec 2023 17:44:07 +0000 (UTC) X-FDA: 81580662534.15.11A2321 Received: from mail.alien8.de (mail.alien8.de [65.109.113.108]) by imf30.hostedemail.com (Postfix) with ESMTP id 6EA7680022 for ; Mon, 18 Dec 2023 17:44:04 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b=Up7Ng5oa; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf30.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1702921444; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Z3gLK2hvl7+MxZT0PYqx203zqjrTJn7QqrwGTsrc/p0=; b=EuZ8PDjXZ9yAvpGn70TwrSHfdaqVRyIDns19POPPh9UqXJIAWj7GBC3ovkefa1miFVXlnf 575IXY/Zh1V2iWS1uaIdbMdH/ZlRiweH8QBdY3WtX5Op29QStThilkmxUWqLh3RxUpx/ci YjKBwM7faf1C7pBeCJjwd5CrszlJWFQ= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=alien8.de header.s=alien8 header.b=Up7Ng5oa; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf30.hostedemail.com: domain of bp@alien8.de designates 65.109.113.108 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1702921444; a=rsa-sha256; cv=none; b=PDT9J44nlFgFqMr1+tGbDbPI8kK0zeeGtWOMjpysHjMfDAW/6XCzoqlHqddAPL1EkJHGTf zNJfFiqNozbOPSZ3nRp067orQuThkXHJsnyTM0IcJWfbA8z32swP+4QiQi2RjgXQbVeWme 8NZ5MuTkkQ75OnZ/57xqbmqlT/6NjZw= Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 853C040E00A9; Mon, 18 Dec 2023 17:44:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id m9dl5PpHaaR0; Mon, 18 Dec 2023 17:43:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1702921437; bh=Z3gLK2hvl7+MxZT0PYqx203zqjrTJn7QqrwGTsrc/p0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Up7Ng5oayew1nPDTS0jZMKdUCZRcJGusLwfhWKwuqbsptAuhc8CEsSU+T/NNbADem U9TXTld+nlWGfR3r/Gl8dsDw3L7tUlsWL3E55mpZnfNz0oF/3mIIa8WLoCpZrewYvz 4zHzHJgJsC+ziQexo2dVq1aHs5wTaL1BvC4MotTUFzD6AaSbsITmmDNEVJdbVJZjEI huOu5B5UXtVvxvGiCcSfHdie7WnkrD6XyAws6gQUp6al3cF3K6vcXa/LG8rM0IsHJC 6aK3MDZ+VNwbPWwT/jkclDKCOJW/XKIsGlUXJkN4Rc0r/lfBp6lBIlAjfbOF5WBWio Zjl2o6R8oV8YAsek34ZsWiFyldI3lnEN1BoEdMj/tNDLwaVEo707D+rgOaonrxaK+N 1KW8Vmqn05yPH+i1kKC9N191sEjyEubZPbiVaHtMwTqIYVXPAsvjIyzIFJjqAydhvM eKJSFsiYrYY4PMu7vLOJQcdWL8gBwwxwSTo6P5+NtGl8FjMfdCCGbd9XXXIiNDeEYa 60+s3aYP9FB2hb57qqyWV6PSBaRAqq+2L775+nzV4Sgs5uH23dLGl20KHYSQ8fDHmw 0XDAyTBR1TeVLiOrDj7Nk6H7bwDvIMx74gnIpVFVWBi8m7FUqyic2ZjqodnfPUDl0C jf0z7QWWclQVjf7G/k32LP6U= Received: from zn.tnic (pd95304da.dip0.t-ipconnect.de [217.83.4.218]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 39F9A40E0030; Mon, 18 Dec 2023 17:43:18 +0000 (UTC) Date: Mon, 18 Dec 2023 18:43:11 +0100 From: Borislav Petkov To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Subject: Re: [PATCH v10 24/50] KVM: SEV: Add initial SEV-SNP support Message-ID: <20231218174258.GRZYCEomVKa9J+EvHh@fat_crate.local> References: <20231016132819.1002933-1-michael.roth@amd.com> <20231016132819.1002933-25-michael.roth@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20231016132819.1002933-25-michael.roth@amd.com> X-Rspamd-Queue-Id: 6EA7680022 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: dxfw53rn3m6ai55frswy4rcscz6p94ya X-HE-Tag: 1702921444-44731 X-HE-Meta: U2FsdGVkX1+tsq5Q1oJqDqT7C/bo1CxFo5pRdnEO0P211BPXn/UNLkzzJK5N4T+Rhgcw4QFzsMhZQ1yjVvbJo/ndGlcNBuiajNhKbWiY57TCX0vQpLgXCu78cw3gfec19+C76fLjiHMjBYfFYMwzUGpNstiTxIg3Uydj2ai5xbmfxLmG/trIJ+6uiAHflRIr/ekQZNLHMztXaKnW84CYH2+MAvyOHAtHhDBIjZSft0SoZ46uDRd8g+9W3Lq6DSTMAgna4TtX0dLhHE8j7Z9ML8a3w6H/E48ZEmMeoJPun7vNflPC+U6oFw4sW1cKfMKSnafiEAH03HMh1Rt9TVGPo4eLUqkD1ex3sfjiNU1FCaRVpyVzc5KRdesmRilmIrw8pZYv8ETp2JA6xk+De7BithXG/rne7/COrp9QII8GZVHCjv4ptDwDLj50ZM1ghTZl6uSqIr7iOPZ245n5xJ6D+YGrQCa2WJ1URycnb5sJugEDxuIJt+NNz0a+XweyHjYy2/UdcKHPvoJZx2qBomPjd/inBHPhgolHyP6lIBTu9vnov++qS5QAJGvLYLK+c4qwX9w84Cm7Ri3ceOk76voOpQYGgiK8Iu6dhxcj4QHm7aQeU323Ec/Hp9Dq9U9YXJGBRVNku1ZCM0vmXc/SgheiMo1dxhZEC7uyoKIKIKLajEm3yO2Vs1CFNVBsmv+JRsP2ZyXTzjAaocnFeD3ql856NlNAxV1iNevIcWHDwrX71ZKPcxoobkGHnNhdSDpMBAllsi1NqXciR8SgZh9lgjAN/CtGAyxrJQP5pklFAFQ59oWMoEVrS8nHzHO3XREbDId5hYGqD6miCJ/bUK99uj9EU0ge9jwGIxk84UPtDrkLvFNSbzKIDOnIQLlAzfrMZAEYLG65KEVvhQU2Q00zrOork68vDWEBsyT2rmfMzXdbsOpkRBvr0bMc2g96SPu5lYqc+LiWERnq7zeAWT+dqfy +1zMM8xH p75xAfmzI4ZfXOm31osNBvajDZettHCdsowuyXA7bQ0TG6jqx2k2XrfusQ4M1isvTM3XWxktLkh5E56KcTdhJ2wSeMsXRGDTGJ6GdW/ZBf7cqBuqcEf8ZaB8bqfilaCG4M2XSJ4wf21s1pipJhc2j+HvkAuekKqVxFQupAFNwxSIvDS2bgkjSfFTZddjkC8IT9t55PUU2O8liqQMLBbR0DRWgv6+fxHYwGODj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Oct 16, 2023 at 08:27:53AM -0500, Michael Roth wrote: > From: Brijesh Singh > > The next generation of SEV is called SEV-SNP (Secure Nested Paging). > SEV-SNP builds upon existing SEV and SEV-ES functionality while adding new > hardware based security protection. SEV-SNP adds strong memory encryption > integrity protection to help prevent malicious hypervisor-based attacks > such as data replay, memory re-mapping, and more, to create an isolated > execution environment. > > The SNP feature is added incrementally, the later patches adds a new module > parameters that can be used to enabled SEV-SNP in the KVM. This sentence can simply go to /dev/null. > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > --- > arch/x86/kvm/svm/sev.c | 10 ++++++++++ > arch/x86/kvm/svm/svm.h | 8 ++++++++ > 2 files changed, 18 insertions(+) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 1cfb9232fc74..4eefc168ebb3 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -59,10 +59,14 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); > /* enable/disable SEV-ES DebugSwap support */ > static bool sev_es_debug_swap_enabled = true; > module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444); > + > +/* enable/disable SEV-SNP support */ Useless comment. > +static bool sev_snp_enabled; > #else > #define sev_enabled false > #define sev_es_enabled false > #define sev_es_debug_swap_enabled false > +#define sev_snp_enabled false > #endif /* CONFIG_KVM_AMD_SEV */ > > #define AP_RESET_HOLD_NONE 0 > @@ -2186,6 +2190,7 @@ void __init sev_hardware_setup(void) > { > #ifdef CONFIG_KVM_AMD_SEV > unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count; > + bool sev_snp_supported = false; > bool sev_es_supported = false; > bool sev_supported = false; > > @@ -2261,6 +2266,10 @@ void __init sev_hardware_setup(void) > sev_es_asid_count = min_sev_asid - 1; > WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count)); > sev_es_supported = true; > + sev_snp_supported = sev_snp_enabled && cpu_feature_enabled(X86_FEATURE_SEV_SNP); > + > + pr_info("SEV-ES %ssupported: %u ASIDs\n", > + sev_snp_supported ? "and SEV-SNP " : "", sev_es_asid_count); Why like this? > > out: Here, below the "out:" label you're already dumping SEV and -ES status. Just do SNP exactly the same. > if (boot_cpu_has(X86_FEATURE_SEV)) > @@ -2277,6 +2286,7 @@ void __init sev_hardware_setup(void) > if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) || > !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP)) > sev_es_debug_swap_enabled = false; > + sev_snp_enabled = sev_snp_supported; > #endif > } -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette