From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2F07EB64D7 for ; Wed, 21 Jun 2023 19:16:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 51CF38D0005; Wed, 21 Jun 2023 15:16:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4CB608D0002; Wed, 21 Jun 2023 15:16:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 36BE98D0005; Wed, 21 Jun 2023 15:16:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 257DE8D0002 for ; Wed, 21 Jun 2023 15:16:10 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DF0E0C081F for ; Wed, 21 Jun 2023 19:16:09 +0000 (UTC) X-FDA: 80927710458.14.2D7D3C1 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2087.outbound.protection.outlook.com [40.107.223.87]) by imf06.hostedemail.com (Postfix) with ESMTP id 7AB4818001B for ; Wed, 21 Jun 2023 19:16:06 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="mh/TR7xi"; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf06.hostedemail.com: domain of Ashish.Kalra@amd.com designates 40.107.223.87 as permitted sender) smtp.mailfrom=Ashish.Kalra@amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687374966; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=n1H8lK2pRbt8W7Gi+X5hdaax+tbrfENpsVxM/BExCho=; b=3V+h36O4iReUtrPAfDNngSq3zUc6jmcL+vmUiUxiVBLhdmuVY6UQUAxkveCuMt25PiklAB EMJ+6IgmX5Uis9wwJ2DPXZLq17c+i20hjjbS7J1BVTL0lHKmczF+rOJD0gplCNJuXA/WM1 PiPxA39K7vJ57G5/niCDWLKl+Li2PGk= ARC-Authentication-Results: i=2; imf06.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="mh/TR7xi"; dmarc=pass (policy=quarantine) header.from=amd.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf06.hostedemail.com: domain of Ashish.Kalra@amd.com designates 40.107.223.87 as permitted sender) smtp.mailfrom=Ashish.Kalra@amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1687374966; a=rsa-sha256; cv=pass; b=ntCbfnCRlY7C2NdLHEud82MOm8tYDmGYCYlXYQy6OfMtsEdM+7AmqVpPf042f2kWMIKggO xD6Tq/OFnTscmUZNBjg6caTcqY339QAYzBwP7ECzh2UMkoAFuiYf/YYfXQh9UN3xVs/71t fbs36kY88eCrcZjBBStd1b/xwQIMX+8= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CKp3UoBy7m7JSNB4wKKORwQUkw8SMKq6CUYvYwoufGEQDqh7GbG1gvNrD6GvaBwNVx33pTq0htOZ+Wr69YSvIUsbxyB+8oxBxIBkhN9wGwOUF1isA/Uc1vo3/3mtFLF8NTwA5NM7oe7N3HkZiKdH40oa8X2SKLLQEIeEhY17KFuELPj5YoZ1Tg6zFOJRwmd5KpN4Zf735sd+d6tOwzm57j4erkyazPYSKoft+axtusWnSRGxo8OpP012Ne2Ry7njIYn1OwbX3SIh9tFQSKVKuNxS4AjrxjblXLenopW1Ba+c7Rn4PwIlQzJPtsm/a7bFW2QM1MLgzjQ1hGCi1uD2uA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n1H8lK2pRbt8W7Gi+X5hdaax+tbrfENpsVxM/BExCho=; b=Nl19nX/8yJaWoBD0di4LS4iGUF/FWdwqEgEoqnbmZ8iJpQPcgldNLT7Br1JK4Yt7caisohGFDyay598BqtUL+CFopbFC1zPtTjpgEA6kBM5I4ndGudMCYcpR1qDavKuBXGJC2fex5X01fSAktTrorC9skN3dBMUzSEsc8TwD+cOZWcdNQfvTQXSFDj6acNmzmSxyBH3OqYQNQD1gemIggbGF7kYUeaZ8+Y7OsPrGlhOv72o918CP+xKgs0hzKxhSe+rUE9irug0y/+8vJOWdNCPUpvnSM42iadTaZapKaMOZ7jbfIh0VUw4kuXJMJhwFS2Oi83SPn1N+o9FCVZVvzw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n1H8lK2pRbt8W7Gi+X5hdaax+tbrfENpsVxM/BExCho=; b=mh/TR7xi2MPyMXgASTicC6wVHMrz3/MqTEwHUKaa10+xpDsN3a9Zci1njqGWW2lvwSTmgCVAvFsivfjIkemR7zLy71DgEz0DRRFo9bcH5p7CyRd91oUwcaXQCoU0UwxWw0CPhFzVAbjX5ofuLhMet/FV27pkqya0yxZnRrbvzSo= Received: from SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) by CO6PR12MB5412.namprd12.prod.outlook.com (2603:10b6:5:35e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.23; Wed, 21 Jun 2023 19:16:02 +0000 Received: from SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::3a3:dcda:be6b:c6fe]) by SN6PR12MB2767.namprd12.prod.outlook.com ([fe80::3a3:dcda:be6b:c6fe%7]) with mapi id 15.20.6521.020; Wed, 21 Jun 2023 19:16:02 +0000 Message-ID: <34e2d332-5daa-f479-25db-a71bf98536d2@amd.com> Date: Wed, 21 Jun 2023 14:15:58 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.1 Subject: Re: [PATCH RFC v9 07/51] x86/sev: Add the host SEV-SNP initialization support Content-Language: en-US To: Borislav Petkov , Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, nikunj.dadhania@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh References: <20230612042559.375660-1-michael.roth@amd.com> <20230612042559.375660-8-michael.roth@amd.com> <20230621094236.GZZJLGDAicp1guNPvD@fat_crate.local> From: "Kalra, Ashish" In-Reply-To: <20230621094236.GZZJLGDAicp1guNPvD@fat_crate.local> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: DS0PR17CA0019.namprd17.prod.outlook.com (2603:10b6:8:191::8) To SN6PR12MB2767.namprd12.prod.outlook.com (2603:10b6:805:75::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN6PR12MB2767:EE_|CO6PR12MB5412:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b6d1bc7-96c4-4cd4-7470-08db728bf3be X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7Oc6T2W9Bs3G6DJfM+2P+5l2QQFETSchwg4BlMr92KCE0mchozuck9UOMNF9uufBsSuL4aF6V3FzU4e4LExEdXDzVK/6uw5MDxNmYJwjk/efsCTKK3mGr65Mw4nscOWusfa844lVJCZaONS+F+5eBmbFWIvkcn+qygumxcaDtcPKuVHXikygqLHYLGwZNPd4UORv937uFIuML5pf4zK1j1swQAoWRRLIg81NFumWlKu+DN4DCCVd2NYrckOnVsCCjJvH7LxAe7mqXKzsgXyJ9zFTuMu8FEjILIzCLTwBcvAPGiILaKEaPmmrTT40pjj2kJfCGdaIhKreGCFhE5Ghr8Vf4u830uOuneq8pP0LyuqQPPShWW88f+nlQabkr21NXiSflGqjdqvq6AawM4uxZl/ZUOTIJcJk5OFTYzc9Yoau+UW9U/EkwhTVPH+7Ek5Xjbva8A0ByKw7ypIpq+x41viWSasSt+rQkIWL1TXErF9fEdVq5ifCUwzNVaLGUYPLGGLTsb+IWVpk/h77fYIsCZTwxRmmQw2UcESKpMb3EDNKmYZk9ikRls1jGBFGTT29grNf/WScePdduLBxJn41OW19fKT1qvYnf/Lh3rIOe5nS95luakBP7Ln8vU/3/st/e2xom3tBhDzJyWZO1jb/zw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR12MB2767.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(366004)(136003)(39860400002)(396003)(346002)(376002)(451199021)(36756003)(38100700002)(86362001)(31686004)(31696002)(6486002)(41300700001)(8676002)(5660300002)(7406005)(7416002)(26005)(966005)(8936002)(6506007)(53546011)(186003)(2616005)(478600001)(83380400001)(2906002)(316002)(6666004)(4326008)(110136005)(66946007)(6636002)(6512007)(66476007)(66556008)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?d1JYMWJQa282dDBDWnFCYVU0TEUyR2pVKzFFY0dtMVZlclBDUEV1RmZTSDJ1?= =?utf-8?B?R2V6QTd5eEYvV014cy95ZmxjTkRhZndndnlwRHJENHZTMlVIem5PQUt5c2lC?= =?utf-8?B?ckRFREZldVZ5VnAzd3dGTndnRTNaWTRZenNnVVFHVFpya2J3L2xDYnFwMk5x?= =?utf-8?B?ekFDNW1ORE1NSmN4My84Q3doTGVFZWFqV3ZRYjlxdWEyOE0yVDNwOWR5YnNB?= =?utf-8?B?MUpOb3B2S2xKOXZ3a0w2SHpuZHhncG9HS0F4NFFQWDI2bHBDOG5GcThRYVUr?= =?utf-8?B?R2xFVW81a1F3VHh0OC95NmhEaDdZTHl2UmVKc2hzRjFOV0I2VkFmTEFBS0NI?= =?utf-8?B?eXpGUDhWeWJ5NDNpUHZhb2pEeTR1cWZoQ2N3OWptTElaQzFFa1ZTRjRpTlVZ?= =?utf-8?B?anBlcGlFdjZQMDNBZEtTWXdJUzdOSmxPbFlNd3BDM3d1Q1l4WVc4YzVJMVY4?= =?utf-8?B?ZWJOK1cvN0lqbjdrV05TV2JPNUtsVmh2b0h0T2hMaG1VcU50bXFXSjJQdkRF?= =?utf-8?B?L0NqZ0JhS0JzeFRNZHR5Znp6S3ZDVE9pVXFGR3dXcDg3Rk9EbWdjc3dHeWx0?= =?utf-8?B?S2JBOHlxYk5ZWlZ4cEdUOU1QYkY1eXg4clFidWd6Q2g3ZXpmbWFjc0txd0ZG?= =?utf-8?B?blJRellEKzFnRHhJNlcvNDJiMGhuUE5yVUNjeTh1dEpEY21xbU93UUVqVkdR?= =?utf-8?B?UGVhVitCald0VEtSbzl0MnVQWWZHQjVDb3RsN2FxbDNnNmJic1NvZHNObVJQ?= =?utf-8?B?ODNTUnYrN1gwWUg1SE1lcmRIZkxqWUxKdnVuMDZCYW9iT055ZFArZVVuVGU4?= =?utf-8?B?NzZqUWZyeUZzWGdNWWxDNVk2MkdDaHhSSEZDeFZRQ2JaWmErTXZwTXBYc0Iw?= =?utf-8?B?Q3U4MFkxUUZnNVlTV0p4YzE4SHg5ZG80Uk43WGx2eVFVcDEvRFhFcDBCb3Vt?= =?utf-8?B?L1VsYk9sVERMZGVKK0RsQmQwVGlNRWxFeGw4ZWFCOWlCNVc5TzhBY1EzUjV5?= =?utf-8?B?c1BDbzV0WEd3OUhrTFlVS01PdElLVDIrRWFZY1pialhXTEFOekJrOEZnd1JS?= =?utf-8?B?cDNVSVJZZm5tZXhnQzlMOW8raDBJUHRpY215eWJFUEZPUklIeEd1WDgzVzh6?= =?utf-8?B?Ylo3WXBNejB3a3FkR1N3YmZCTFJ3SEM2WUE3QTQ0MnFRWHZFNDF6ZHQ1Uzdt?= =?utf-8?B?czdtQk42OUNQY25zR3FSY0NheE9lWm5QUEhUUUY4ejVHVDZkK0orcmdjbW9P?= =?utf-8?B?WG8rd2xxSFIvbEJBUDBPRUFvSXJFcUtZc014bXVvNmR5YkVFallzWnQyMVdY?= =?utf-8?B?ZyszYlpxUzAvMWx3UEdlYmVNVXNvSVY3ZjVqQldZSWhPWkZuNXl1MitqdXkz?= =?utf-8?B?UGNYdFU4VVQ0OUZQUnVsYUREMktCZzA0L3cxcmJ4WHRkbE10WDFOWkZTS0Vh?= =?utf-8?B?TDlOUHFmT1FidHI4Ukx4NXNVbU8rMFQ1Rnk4L281MzFhNzEwR2FpRlQybWNR?= =?utf-8?B?UnR3bzRDSy9IRUZQbllBVTBySmtqa1ZTREpLZmlIRDBLd1dFZzY5b3cxc2xm?= =?utf-8?B?TU5GTkkwOGZwMkxubjBVRjFHUlAxcGg4R0VDeWMwS2ZmSDlMWmdTUCt4elBr?= =?utf-8?B?R0ZCNmxHZURBZ1NnMy9Hd3ZCM1BtVVNlVEZ5aXhZY3ZGbWFoeWUvTXVraXlm?= =?utf-8?B?K09TQW8wRUhVMHhuSzVnUUlIRytiSXNDZCtWTjdHSE5UZXNzVHptSWFNSjF5?= =?utf-8?B?U3RMSnkyLzhtVFhKSyttVmh5eVU1WVlNWjFhdUpMK2gzdFNRL0tWRUJYU0hS?= =?utf-8?B?dkhiM1E3czJGakZLbVQ0YXpBamxxaFIxZTRVeDRnZURQdC9QclRRa1RuMVYr?= =?utf-8?B?QldoYldMbms2aTNTU1N2RTFGbWxTbmlyTEwwUCs1aEkxWEYyOGJESDhNNXVC?= =?utf-8?B?Q1RQTEpRZXNlZGlKeGo1NlprTGZ6dHFwbmQxbE9vY2xvRUFueHhzU2lxZk9V?= =?utf-8?B?NW9Xc3FOSnZzeFgzcW5neXN0NzBIc09OUFF6WlJiUmkvRVpzUjVJYlloTEky?= =?utf-8?B?M1E0em44UTU0Rm5VVllTMGpHdmhEYXdJZ2x3Mm1yRFMxazZMQkhPa2RSQVR3?= =?utf-8?Q?dmv27mFPK8H1RFnzU0ZSGHY7M?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1b6d1bc7-96c4-4cd4-7470-08db728bf3be X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2767.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2023 19:16:02.1212 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +aaL4Mqes33Dy9UqpvBmgeSHStrDnif9de8LoLKoWObA81NCZ0HbyB3ySc7qwXoswgkrodp85a53cGgfDNoZ0g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR12MB5412 X-Rspam-User: X-Stat-Signature: 694yje8k41x56xuzyg9zjes78mh5siyr X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 7AB4818001B X-HE-Tag: 1687374966-927478 X-HE-Meta: U2FsdGVkX1+FBiCXMgJaGmvM4bq5XHrTuwrdaF28K9t4BTcMlq7iO4Vmi/wIK7ZXkC8Ho+P/9ZBYQ9y3nfGyVkW+xgDcBf0EG8LiifMeV4l3VXS5wZLjX62XrWfR4tfuifG487vTgFAPgl8nTfOzm0Qn8A6pc62tnbtz/0pibzeWMU1g2o6YRFwMd/ZBNtxklyW05GYsND1NQ6RDSnMjlYx03cbgm3nx07jqq6amYsz7cTsy+04Y/+YqOulCDEMC3sigedrUpjAXuoI2wT2fl/cWtLxppgBy1KQPCTW/s/zXWNN/XpK66H3B/9DxqPymsu59zeyoceGs766gRL3tzWZqBWClmc/B13kgXsm4nuyD2p099BB6QBfPTE3wFnQ32uirCyitilQXhNbdxabRAP+DxxO8JO0kdQTQc8p5KfzlpMdDjGszfN27C6y3XZpLYy5/oRQZGwtMP2IIlWNGIpLF3JHhsvSLk12qwKY5zjpD0yVR/9+zab3gA+JMlLYVffwlpSwKJVifPjqN3egdu4mjmCL4FGa4rIXUDj6+8gitg4kZEL/TwHIzOfZaBe85r+JNBYjt/mbAHPxRvwn2iEQqPKW38zyutWy0zZ51lNzI9g+UtHaBz7MJPaWlB2unRUamrpEH8Xhy2aqO4fiXy17vVJtptU98o0ZV+j5DP0Prgxc+E4srtCqYT+/Crayv/3sY+vMjZZXDGx1akxw7JVu56mRlUWJP/4GOUTqGD8Ll4bW9e/17k6KUft5TWl+UQZ5BZbeIhzw7CZtbENUkDDCvcnzs2wJl5tXMvo1wCb4HlmAOSFGjyq4vD5tLXM6HAZq04Rvfd9Y+NjWfFT14aoUC3rAmKAuxS0o95dVdC+kkHqvsCyuuB32X9NmCUHxTpN5SdhkKLy4a/GJnfOkYlR1UdS1sU7CDHHlj5XEdIT33TaIL4SgLmEYkJ7JexUKDAt78CEP5g4xQd9IHP6A T89fDOwp xAH7EbBQZv5snnyJyASySAav3I0ao3UwdguIXY3maYvm1K26r7O73BzqS78unDnLIsaxFE6Sr3YQ1w3tOHzLB+e0W+H5/zpfWqfk9+iCB1FSHT8aoL2CmEGj1TqaydKHSuLqLksUJo005MsEYCgun8bRNsY1gvhQhYsFwCKJui2gzmda/lsmclNudTpMGCRYFfiGUTaI8AvmuS9UT6Izp6BCX4/CkUUGQ4OXc+/CPv1HNdCr8udL0lTPl5LD2JHFA5u3Z5FDtcAn4Fjm6YsJX675Yc2CcNFWt21Us X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hello Boris, On 6/21/2023 4:42 AM, Borislav Petkov wrote: > On Sun, Jun 11, 2023 at 11:25:15PM -0500, Michael Roth wrote: >> From: Brijesh Singh >> >> The memory integrity guarantees of SEV-SNP are enforced through a new >> structure called the Reverse Map Table (RMP). The RMP is a single data >> structure shared across the system that contains one entry for every 4K >> page of DRAM that may be used by SEV-SNP VMs. APM2 section 15.36 details > > Rather say 'APM v2, section "Secure Nested Paging (SEV-SNP)"' because > the numbering is more likely to change than the name in the future. With > the name, people can find it faster. > >> a number of steps needed to detect/enable SEV-SNP and RMP table support >> on the host: >> >> - Detect SEV-SNP support based on CPUID bit >> - Initialize the RMP table memory reported by the RMP base/end MSR >> registers and configure IOMMU to be compatible with RMP access >> restrictions >> - Set the MtrrFixDramModEn bit in SYSCFG MSR >> - Set the SecureNestedPagingEn and VMPLEn bits in the SYSCFG MSR >> - Configure IOMMU >> >> RMP table entry format is non-architectural and it can vary by >> processor. It is defined by the PPR. Restrict SNP support to CPU >> models/families which are compatible with the current RMP table entry >> format to guard against any undefined behavior when running on other >> system types. Future models/support will handle this through an >> architectural mechanism to allow for broader compatibility. > > I'm guessing this is all for live migration between SNP hosts. If so, > then there will have to be a guest API to handle the differences. This is basically for the RMP table entry format/structure definition in arch/x86/coco/sev/host.c, as this is non-architectural it is defined in a .c file instead of a header file, so that the structure remains private (and restricted to that file) to the SNP host code and not exposed to the rest of the kernel. As mentioned in the comments above, future CPU models may support RMP table accesses in an architectural way. > >> SNP host code depends on CONFIG_KVM_AMD_SEV config flag, which may be >> enabled even when CONFIG_AMD_MEM_ENCRYPT isn't set, so update the >> SNP-specific IOMMU helpers used here to rely on CONFIG_KVM_AMD_SEV >> instead of CONFIG_AMD_MEM_ENCRYPT. > > Does that mean that even on CONFIG_AMD_MEM_ENCRYPT=n kernels, host SNP > can function? > Yes, host SNP is supposed to function with CONFIG_AMD_MEM_ENCRYPT=n. CONFIG_AMD_MEM_ENCRYPT=y is needed for SNP guest. > Do we even want that? > > I'd expect that a host SNP kernel should have SME enabled too even > though it is not absolutely necessary. Yes, we typically test host SNP kernel with SME enabled. Thanks, Ashish > >> Co-developed-by: Ashish Kalra >> Signed-off-by: Ashish Kalra >> Co-developed-by: Tom Lendacky >> Signed-off-by: Tom Lendacky >> Signed-off-by: Brijesh Singh >> [mdr: rework commit message to be clearer about what patch does, squash >> in early_rmptable_check() handling from Tom] >> Signed-off-by: Michael Roth >> --- >> arch/x86/coco/Makefile | 1 + >> arch/x86/coco/sev/Makefile | 3 + >> arch/x86/coco/sev/host.c | 212 +++++++++++++++++++++++ >> arch/x86/include/asm/disabled-features.h | 8 +- >> arch/x86/include/asm/msr-index.h | 11 +- >> arch/x86/include/asm/sev.h | 2 + >> arch/x86/kernel/cpu/amd.c | 19 ++ >> drivers/iommu/amd/init.c | 2 +- >> include/linux/amd-iommu.h | 2 +- >> 9 files changed, 256 insertions(+), 4 deletions(-) >> create mode 100644 arch/x86/coco/sev/Makefile >> create mode 100644 arch/x86/coco/sev/host.c > > Ignored review comments here: > > https://lore.kernel.org/r/Y9ubi0i4Z750gdMm@zn.tnic > > Ignoring this one for now too. >