Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21989040ybl; Mon, 6 Jan 2020 15:39:40 -0800 (PST) X-Google-Smtp-Source: APXvYqyEOZjJfSFX+rrb9C6i2gDtY4AzVzGfiq6t8dKxi69twIQ+27cfc1IPnKV7k7qjh042jyF2 X-Received: by 2002:aca:f555:: with SMTP id t82mr6829988oih.103.1578353979890; Mon, 06 Jan 2020 15:39:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578353979; cv=none; d=google.com; s=arc-20160816; b=nGdyOo5Givo9Dj2huKWkPNzxwW9IibFrZFKiKoFAZccvnYWxLObA6buiOEv9a3PRRN RigFz/VlQzE7Qfb7K2nLv/OUf9wxypUXSJqc2GUoukLcrKDWD7XnVy91zoX21T40eeEl RngdSl9y9IFjLF9DgMPsORaWgKTNnRKC6FlFE1X6vZmv83OIe6pFIgHUXgpTExuNB/pi 2Z27uO4KHssOCIrU7bOwGYofY9ypFJEAeS3AKpdACG+qsQ2jN4zTyiJ/A5xxwPbB+tx2 SHceBs5+g0kiC4fi3M2rPLjjhYpGF3ac9vbtFrj4uRs0+Z0dYW1pO8QoTbBNM5qdrJfJ SuXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=OF/v9ucloNI6HxhhvnbBLxD+szA9xPluwS1xqH31COo=; b=C8e7b/CS2g2iIirerRzHt/YJZrKXFRze0LwFM1+KO3YzyE3Ry9l0ig0+tziz0FlcwX 3gyR0/LxxQcTZpcWr5Xv2E/zeOukGfNFNCpwPrmCfSgZtTQDUwpr7E3NsSyoEWxjFDkR rqZsBbz0Fiz0orI2IsGiaU+1bGgCCijlF899v7GzPSR84OJQ7kRHtTcisTuld7pqxDeK RqGypFsg8ywZ5B68Yf4vXeNz6YK6EKerLV91QWa4SuijKQUHByXYiH3E8ZqgfbYQD4Q1 G0njURx4CaIitROuKy+gg1Gzr3jRcJe9wHT94nzwy+vtbR3bfhaOIbMaJTCZjWuudR7k YQhw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5si33268480oic.72.2020.01.06.15.39.27; Mon, 06 Jan 2020 15:39:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727250AbgAFXir (ORCPT + 99 others); Mon, 6 Jan 2020 18:38:47 -0500 Received: from mga06.intel.com ([134.134.136.31]:29283 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726735AbgAFXiq (ORCPT ); Mon, 6 Jan 2020 18:38:46 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Jan 2020 15:38:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,404,1571727600"; d="scan'208";a="395171038" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.202]) by orsmga005.jf.intel.com with ESMTP; 06 Jan 2020 15:38:46 -0800 Date: Mon, 6 Jan 2020 15:38:46 -0800 From: Sean Christopherson To: Tom Lendacky Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Brijesh Singh Subject: Re: [PATCH v2] KVM: SVM: Override default MMIO mask if memory encryption is enabled Message-ID: <20200106233846.GC12879@linux.intel.com> References: <20200106224931.GB12879@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 06, 2020 at 05:14:04PM -0600, Tom Lendacky wrote: > On 1/6/20 4:49 PM, Sean Christopherson wrote: > > This doesn't handle the case where x86_phys_bits _isn't_ reduced by SME/SEV > > on a future processor, i.e. x86_phys_bits==52. > > Not sure I follow. If MSR_K8_SYSCFG_MEM_ENCRYPT is set then there will > always be a reduction in physical addressing (so I'm told). Hmm, I'm going off APM Vol 2, which states, or at least strongly implies, that reducing the PA space is optional. Section 7.10.2 is especially clear on this: In implementations where the physical address size of the processor is reduced when memory encryption features are enabled, software must ensure it is executing from addresses where these upper physical address bits are 0 prior to setting SYSCFG[MemEncryptionModEn]. But, hopefully the other approach I have in mind actually works, as it's significantly less special-case code and would naturally handle either case, i.e. make this a moot point. Entry on SYSCFG: 3.2.1 System Configuration Register (SYSCFG) ... MemEncryptionMode. Bit 23. Setting this bit to 1 enables the SME and SEV memory encryption features. The SME entry the above links to says: 7.10.1 Determining Support for Secure Memory Encryption ... Additionally, in some implementations, the physical address size of the processor may be reduced when memory encryption features are enabled, for example from 48 to 43 bits. In this case the upper physical address bits are treated as reserved when the feature is enabled except where otherwise indicated. When memory encryption is supported in an implementation, CPUID Fn8000_001F[EBX] reports any physical address size reduction present. Bits reserved in this mode are treated the same as other page table reserved bits, and will generate a page fault if found to be non-zero when used for address translation. ... 7.10.2 Enabling Memory Encryption Extensions Prior to using SME, memory encryption features must be enabled by setting SYSCFG MSR bit 23 (MemEncryptionModEn) to 1. In implementations where the physical address size of the processor is reduced when memory encryption features are enabled, software must ensure it is executing from addresses where these upper physical address bits are 0 prior to setting SYSCFG[MemEncryptionModEn]. Memory encryption is then further controlled via the page tables.