From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 58883CD128A
	for <linux-mm@archiver.kernel.org>; Mon,  1 Apr 2024 23:17:59 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C6B976B0088; Mon,  1 Apr 2024 19:17:58 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C1BC26B008A; Mon,  1 Apr 2024 19:17:58 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id ABBD06B008C; Mon,  1 Apr 2024 19:17:58 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 8E9806B0088
	for <linux-mm@kvack.org>; Mon,  1 Apr 2024 19:17:58 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 1554FC0633
	for <linux-mm@kvack.org>; Mon,  1 Apr 2024 23:17:58 +0000 (UTC)
X-FDA: 81962527836.28.5215FA6
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2042.outbound.protection.outlook.com [40.107.94.42])
	by imf09.hostedemail.com (Postfix) with ESMTP id 92D6114001C
	for <linux-mm@kvack.org>; Mon,  1 Apr 2024 23:17:54 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=mhKAi9LL;
	spf=pass (imf09.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.94.42 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=quarantine) header.from=amd.com
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1712013474;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=JLYAJJ4tsw0f/Qw28CdWImlMCEVMjV5TcDIPF0Bjsr4=;
	b=oK3dJazL4q5a7xGYgvw8w+Chp7PQ85QDn7YLJVYBMUOv/f+ITtidp4Vuy7X/UBdJhVsvX+
	ecQ00QUNFKG4ztaVc3Ag5fRMDqzgeLP6/VIaksb7wCq2pQdVPHrc4UzwjUtdF/IE2s5dbE
	zgcmmH26rbipkUdFQDJ0nshe+PJ0laI=
ARC-Authentication-Results: i=2;
	imf09.hostedemail.com;
	dkim=pass header.d=amd.com header.s=selector1 header.b=mhKAi9LL;
	spf=pass (imf09.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.94.42 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com;
	arc=pass ("microsoft.com:s=arcselector9901:i=1");
	dmarc=pass (policy=quarantine) header.from=amd.com
ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1712013474; a=rsa-sha256;
	cv=pass;
	b=x5Room6TPvL3QnX63guukdh4+a50T6ugLPgu5mL7TrltsglJ3DFtT4IxEdEGUtXKwRVSPe
	eiH+j1eAx1uFyqWxSOhvC5kbva/iq8PhfrikJNa3gq1Q1lsFUcRStJF86m/CuMhWltrBcz
	4+WGQvyeD1NsP8oagTJ04JgYSG9NL5c=
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=c4RAYT3ECo6+vnjlIiBg6SAqID5B6UYdl3isqKEgXBugoJxVHb3Po1FrEZ5cggogW/ncEYRLSysJmLGS1ktT1gQFy8IrKMhz4K2PC8YY8SGiqlSfvOcLUfOBoHZsDAPU2kFU+z91cpgoG3Vk5zptoDwYoUYGU3BKII6URILBW5+PD/LS9kTAyZHYuAyj5YenyhaJEg2c5uEIajqT8Vihf+sPXpI5gr2D85ygR+Vay5brPLeU4Qk64JxfPiE2lVXZi7J4Lol+yrS0VlrMtaVjDzAuHUAKPGjN73puy1rNobzaQPPsH5EMmw82kQW1f33MuuKwMf+z73k1PHqS/MMVfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=JLYAJJ4tsw0f/Qw28CdWImlMCEVMjV5TcDIPF0Bjsr4=;
 b=Z7LzpzV6KmcbOVMyiRNE8JH3+QjO6UafMyXSaydFcNK0dhkW1LGC+bp9SRydF7tNjErFy6IW7Vewqwplrzyay2W/GpC3YImAoJGAS9tp2iypFMIKmg4ahy2s/B3HGbul2k+xVFUIvf52KaA+4L0oNlOOSXiaxN2KMuvZP9LzyhGbrKTi4HqQQaSXqcvPnqsFPaQ9xCcBUF5GQPut+b9gIqeZx8k2Hfne8CGWUXZ0iDA0QD+JVb7FL3KWV4TMi4h2YKxabMUIWufIP5e9NjdY+MvY6QPIVUVLDq8ZbnF51P+UddiK2nmWdT17mE4cuEXlemvUwnBCQozyxzvdR8tHxA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=redhat.com smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=JLYAJJ4tsw0f/Qw28CdWImlMCEVMjV5TcDIPF0Bjsr4=;
 b=mhKAi9LL1fdKTnN1yMM0VpgMO+N0wjUhIQQmh7ASKsuf72cr4LRAMweaq/dTHbj0KEQPaGolovF6W9+tLP94Iw0sdiim++bzgJTa6FXdCoyltf+f4E3Au+VOu0xRaKTz9KnZC0NvnipC7DAHPpTpR2BqnSLhgtBvS+SzfeFUj+c=
Received: from CH2PR08CA0011.namprd08.prod.outlook.com (2603:10b6:610:5a::21)
 by PH7PR12MB6740.namprd12.prod.outlook.com (2603:10b6:510:1ab::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 1 Apr
 2024 23:17:48 +0000
Received: from DS3PEPF000099D9.namprd04.prod.outlook.com
 (2603:10b6:610:5a:cafe::b3) by CH2PR08CA0011.outlook.office365.com
 (2603:10b6:610:5a::21) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46 via Frontend
 Transport; Mon, 1 Apr 2024 23:17:48 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
 DS3PEPF000099D9.mail.protection.outlook.com (10.167.17.10) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.7452.22 via Frontend Transport; Mon, 1 Apr 2024 23:17:48 +0000
Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com
 (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 1 Apr
 2024 18:17:47 -0500
Date: Mon, 1 Apr 2024 18:17:31 -0500
From: Michael Roth <michael.roth@amd.com>
To: Paolo Bonzini <pbonzini@redhat.com>
CC: <kvm@vger.kernel.org>, <linux-coco@lists.linux.dev>, <linux-mm@kvack.org>,
	<linux-crypto@vger.kernel.org>, <x86@kernel.org>,
	<linux-kernel@vger.kernel.org>, <tglx@linutronix.de>, <mingo@redhat.com>,
	<jroedel@suse.de>, <thomas.lendacky@amd.com>, <hpa@zytor.com>,
	<ardb@kernel.org>, <seanjc@google.com>, <vkuznets@redhat.com>,
	<jmattson@google.com>, <luto@kernel.org>, <dave.hansen@linux.intel.com>,
	<slp@redhat.com>, <pgonda@google.com>, <peterz@infradead.org>,
	<srinivas.pandruvada@linux.intel.com>, <rientjes@google.com>,
	<dovmurik@linux.ibm.com>, <tobin@ibm.com>, <bp@alien8.de>, <vbabka@suse.cz>,
	<kirill@shutemov.name>, <ak@linux.intel.com>, <tony.luck@intel.com>,
	<sathyanarayanan.kuppuswamy@linux.intel.com>, <alpergun@google.com>,
	<jarkko@kernel.org>, <ashish.kalra@amd.com>, <nikunj.dadhania@amd.com>,
	<pankaj.gupta@amd.com>, <liam.merwick@oracle.com>, Brijesh Singh
	<brijesh.singh@amd.com>, Harald Hoyer <harald@profian.com>
Subject: Re: [PATCH v12 12/29] KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command
Message-ID: <20240401231731.kjvse7m7oqni7uyg@amd.com>
References: <20240329225835.400662-1-michael.roth@amd.com>
 <20240329225835.400662-13-michael.roth@amd.com>
 <40382494-7253-442b-91a8-e80c38fb4f2c@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <40382494-7253-442b-91a8-e80c38fb4f2c@redhat.com>
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com
 (10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS3PEPF000099D9:EE_|PH7PR12MB6740:EE_
X-MS-Office365-Filtering-Correlation-Id: b09a6e0b-d136-43aa-2f94-08dc52a1f1e7
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
	tqhk+885Ya1I0c4Q/QDz0FOIY9cplYaBhd3HQCXjCZG8GTjuvgcWlBMOewP6CYx6iirQfhlatVrXe40dNqKLJTZnS78FrJkM5DglNn2n/Eb1FLXktPjZkfk8XDeuEjxjIXuCio+3xPcJSLmjvEwLWffpdNFyjAY7A7wlm7oso5nfSD6K5f3zvjMvje95oJiptXafYRWkBFkVlVCI+nKJqCQ5HvYH8ZUSaUDfft7nKYObA9pY0AgJYaGQMAnil5nHM/KRGvH1vTbqaJpg6CO3las9iq0iS9QTojNi+SY8b9C3he3bqTkO9vy4yAb3EUDm8D3bCsZVO78DMgQeINW6esEjIYMKhkPtJcsVqqCj9phAi7Wkc806v8LkDE7kd4W7mwgtyAff3X4Ce9ItECZ1sz8ig476kJgBSOBK9okQ6vTR9DxNuIJCqJuv1EmmUcHYjqMUkMYM+dUx/J08RMhF/+8iuGTVIlOfWLceQjz/d0u3foqyCcLVmcrw3Pyg7AzYrIedXDNZbA4OunowR/laSq/rPpkb2BkCWQJyUnja0c7985s53c5Wl9+YbU1h/JhS0BVa7I+ZQtvPKupSvprI3Xxx6k5Jhzz56DLSHRDvdFjJKEJERG5y41TMWoghfJbErvjkoJCVxBfJ13ojCQ+sIorBVdZU2/evMEZYLszojEuH/h3MR4c84AkzTDnLZik0Pr44NPUQuHAlu/cwFKwfo5lNkslqkeBCQJ4OD+seQPJW7IXhWEel4wZwvQPtHcGA
X-Forefront-Antispam-Report:
	CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(7416005)(1800799015)(376005);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2024 23:17:48.0658
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: b09a6e0b-d136-43aa-2f94-08dc52a1f1e7
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
	DS3PEPF000099D9.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6740
X-Rspamd-Queue-Id: 92D6114001C
X-Rspam-User: 
X-Stat-Signature: mawbq3ry9n1yci96owi1h36frwg15h7q
X-Rspamd-Server: rspam01
X-HE-Tag: 1712013474-207499
X-HE-Meta: U2FsdGVkX18ZVwItYvSvOvKKp6oXCBDcS3gg5e1Y1sk7N6GK0eVbvDb8HJsi+F4bQe4pjgQ0h1CD3Ac877aMYr8G6g5ZFUgA4HFw1+/tJIFpym+6EVsNMOp8pT3tdDBC+ebmD6cN9dH2CrNc61vtJQCUlQsBl7wfYxesEcilNlB2JdBoxV/e1//H7hN6luEjuYMp6LPtbBoZ47KytvfnH85wtXXI6GEdg+6mXP2gwIu6cFu2X/U6MAxq79L1j6hhVU/rRAGB1BhV/CJ95DtMHrxceeekAT7tEKUpyy0O2OBsOaSpAvRYGoMeC7ynNo8nyeAcWSqKEJ4T8b5Z34hZd6ElsogPYfWiOVFCasmLj17GEy14/S8cbdN9TZFQaCeBm14Zem2To1iHgg1lbRWWS4Q9AZqyBtioPt5EWVmDUH5cImlKFJeZiBiOAvCtZlAg/mUvQ3C2lYeASf/wUkThzdb/oLDcgt42PZqonqKAbFMtm/CTl693ypAKRl689XZNs0iZL5vMyvQYcIX1zqOO3KTs/E08eitpooaLzqnKdB3fR1RC6p9VRc0lAcOKye1P1+ywr+643uEnpRU/6EozmcV71PUmL3qiKd9A2uUmndIKDCpBSw0oQ+mD+9UlozXOOmT5BdYQo0dvEHV5SfHeQVOrJFOXIb7JEooGDu6sAD7hsu1gNPj5PWHUyAxUD4duYnf72z6w1it3WoVGzH/sEb0PyEjVrR02cNxPF35u7+9UTUhoYCsmGR83hwDl7SbkHLp9PI3of4md+7DtMwIOiQNP4XBNaKpQl9w+M1mrhlR7H1ZQB4jVfElJam+MVakIs+mVeEOb/00Hbaxs0A+3eDTCyFRHemvJP20gg0Mj4wYNRAvbAXnosaGmw5E6XagbFLes3BCjVMz5NoVBLrmSxH0POuMG4LsyPEQaFL5QFgWPiXDwQfYaAaX+klHSF1wCxGXN/1Xfmo4HesS0PCD
 zC2r9Ldf
 JF7PpDn52rJk2zpNYDH+XgTpF8wNW8kaHLDc9c9ObBQmlQ2jDsnwaTc2xNn0GJCzNVL6H27BPAaJ9dCRgUaTp+7lkivx5WBOxpbbGxe8SiX4RkXLbtYlXHq4wgo9AXYrMYFRlMj2EkTClCGA+YKly5DsaQV+q1RtYOOL22KYhZTn84ToEOFo2sPtGZYKrKWRZr8JQvjOMyVZ51mhg34j3ZIE1dtQ/EN75qpbBvspV5owSxv0XKR1NmdA0c7qmgP2udS5ZNkFMuY6OSP82ooHdddAIybm8kqv/1GY2epnyIO2Yn7PWBGTlkprGAaKePwq82QaKtl+Jsk/z7pIfzp5xZ9w2IjjPOHFe3AGv6OxgFR1Y45yREd9s3nz4lm+i9Jn+uzvRcwiI3/EyyjVIkKxllUZLfA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Sat, Mar 30, 2024 at 09:41:30PM +0100, Paolo Bonzini wrote:
> On 3/29/24 23:58, Michael Roth wrote:
> > 
> > +		/* Handle boot vCPU first to ensure consistent measurement of initial state. */
> > +		if (!boot_vcpu_handled && vcpu->vcpu_id != 0)
> > +			continue;
> > +
> > +		if (boot_vcpu_handled && vcpu->vcpu_id == 0)
> > +			continue;
> 
> Why was this not necessary for KVM_SEV_LAUNCH_UPDATE_VMSA?  Do we need it
> now?

I tried to find the original discussion for more context, but can't seem to
locate it. But AIUI, there are cases where a VMM may create AP vCPUs earlier
than it does the BSP, in which case kvm_for_each_vcpu() might return an AP
as it's first entry and cause that VMSA to get measured before, leading
to a different measurement depending on the creation ordering.

Measuring the BSP first ensures consistent measurement, since the
initial AP contents are all identical so their ordering doesn't matter.

For SNP, it makes sense to take the more consistent approach right off
the bat. But for SEV-ES, it's possible that there are VMMs/userspaces
out there that have already accounted for this in their measurement
calculations, so it could cause issues if we should the behavior for all
SEV-ES. We could however limit the change to KVM_X86_SEV_ES_VM and
document that as part of KVM_SEV_INIT2, since there is similarly chance
for measurement changes their WRT to the new FPU/XSAVE sync'ing that was
added.


> 
> > +See SEV-SNP specification [snp-fw-abi]_ for SNP_LAUNCH_FINISH further details
> > +on launch finish input parameters.
> 
> See SNP_LAUNCH_FINISH in the SEV-SNP specification [snp-fw-abi]_ for further
> details on the input parameters in ``struct kvm_sev_snp_launch_finish``.

Will make similar changes for the others as well. Thanks!

-Mike

> 
> Paolo
> 
>