On Fri, Apr 22, 2022 at 10:15:08AM -0500, Tom Lendacky wrote:
> On 4/22/22 08:56, Michael Roth wrote:
> > From: Brijesh Singh <[email protected]>
> >
> > The GHCB specification section 2.7 states that when SEV-SNP is enabled,
> > a hypervisor must provide the AP jump table physical address through
>
> I missed this on the first version. It's not the hypervisor, but the guest
> BIOS that directly provides the AP jump table physical address, in our case
> OVMF sets the address in the SNP secrets page. This allows communication
> between UEFI/BIOS and OS without hypervisor involvement.
How about this wording for the commit message?
The GHCB specification section 2.7 states that when SEV-SNP is enabled,
a guest should not rely on the hypervisor to provide the address of the
AP jump table. Instead, if a guest BIOS wants provide an AP jump table,
it should record the address in the SNP secrets page so the guest
operating system can obtain it directly from there.
Fix this on the guest kernel side by having SNP guests use the AP jump
table address published in the secrets page rather than issuing a GHCB
request to get it.
>
> > the SNP secrets pages.
> >
> > Fixes: 0afb6b660a6b ("x86/sev: Use SEV-SNP AP creation to start secondary CPUs")
> > Signed-off-by: Brijesh Singh <[email protected]>
> > [ mroth: improve error handling when ioremap()/memremap() return NULL ]
> > [ mroth: don't mix function calls with declarations ]
> > [ mroth: add missing __init ]
> > Signed-off-by: Michael Roth <[email protected]>
>
> With the commit message change:
>
> Reviewed-by: Tom Lendacky <[email protected]>
On 4/22/22 10:40, Michael Roth wrote:
> On Fri, Apr 22, 2022 at 10:15:08AM -0500, Tom Lendacky wrote:
>> On 4/22/22 08:56, Michael Roth wrote:
>>> From: Brijesh Singh <[email protected]>
>>>
>>> The GHCB specification section 2.7 states that when SEV-SNP is enabled,
>>> a hypervisor must provide the AP jump table physical address through
>>
>> I missed this on the first version. It's not the hypervisor, but the guest
>> BIOS that directly provides the AP jump table physical address, in our case
>> OVMF sets the address in the SNP secrets page. This allows communication
>> between UEFI/BIOS and OS without hypervisor involvement.
>
> How about this wording for the commit message?
>
> The GHCB specification section 2.7 states that when SEV-SNP is enabled,
> a guest should not rely on the hypervisor to provide the address of the
> AP jump table. Instead, if a guest BIOS wants provide an AP jump table,
> it should record the address in the SNP secrets page so the guest
> operating system can obtain it directly from there.
>
> Fix this on the guest kernel side by having SNP guests use the AP jump
> table address published in the secrets page rather than issuing a GHCB
> request to get it.
That sounds good to me.
Thanks,
Tom
>
>>
>>> the SNP secrets pages.
>>>
>>> Fixes: 0afb6b660a6b ("x86/sev: Use SEV-SNP AP creation to start secondary CPUs")
>>> Signed-off-by: Brijesh Singh <[email protected]>
>>> [ mroth: improve error handling when ioremap()/memremap() return NULL ]
>>> [ mroth: don't mix function calls with declarations ]
>>> [ mroth: add missing __init ]
>>> Signed-off-by: Michael Roth <[email protected]>
>>
>> With the commit message change:
>>
>> Reviewed-by: Tom Lendacky <[email protected]>