Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp697938pxy; Thu, 22 Apr 2021 11:12:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwrWffJSpeOm629hHdDUJqBIA3ulDT8GFoLifh3eFbooxPnWfD9uNLAUdOj7nfEg/Vf3Pzw X-Received: by 2002:a62:3201:0:b029:211:3dcc:c9ca with SMTP id y1-20020a6232010000b02902113dccc9camr4707659pfy.46.1619115167924; Thu, 22 Apr 2021 11:12:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619115167; cv=none; d=google.com; s=arc-20160816; b=Jv55lhl7qoqINHcS8Maxei3rPW+a8owmMU7hhbtdK4izLfpV96WaEU9Jg86PKTUwWG Ghn6drgHEPSqmjXkkW64SkWgu1HAFXM3PDUA/5sgIjroYwTFfOR/rj5Fchj00Yf7bUqa cQdzIT1io0PXgylDMLpwZSinnocXVkeqSQvfpOjbGoXIxxOf5IJHLUEH407cpI+gT+OX lbPYKzBiMDB4Q3e0tuDOwPlOM5K4lZHQAaQW6lT7H1Rpcd+w9rz15UN9E9/kfYv2RHoU sT2JkNmmoa5WyWOvvH/Mcvjq5/3ESSVMLwVVnpgTNttqmNp4upryLkgVDQ/z2o5lpkDw sz2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=zOMECuegHtcnsOJsS2wVXJn/DWHnBqjlDGsQSl/szUM=; b=K+a9v7W+alfcrB/KGJPuv6sRMLFGhAvI3rMbYJESKpZ9AWK0uKVRkO+FXPSylXryV8 VMYw964NVEO2yN6qW4a7gSdqXWTmfvVPNsZ6EInO/6nEKAZ+SB9YxdYPjCHdgm3wcFBA vkIfJ1tVRhw94IwBZEH23B++9XaxfQ6aq+fuLiQrUZO4ylQKs/bGR7oohQPxEL5x9uJM HuNO86NftZ+4FRiBUYta+MVeUxw5DKm7at4B/I8aQA5O6IoVerrbOaFf06/eyLapZL+s NplIXg8prW5f+kaCoQY/nrRECRP88Zcz9UCE6KYEGUd/UcCX3ho1GPgaOX9a+fYNMweL 4yeQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ZM5n2Aq3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m24si6697108pjq.172.2021.04.22.11.12.34; Thu, 22 Apr 2021 11:12:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ZM5n2Aq3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236832AbhDVSMb (ORCPT + 99 others); Thu, 22 Apr 2021 14:12:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236459AbhDVSM1 (ORCPT ); Thu, 22 Apr 2021 14:12:27 -0400 Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A236DC061756 for ; Thu, 22 Apr 2021 11:11:51 -0700 (PDT) Received: by mail-pg1-x529.google.com with SMTP id p2so17948738pgh.4 for ; Thu, 22 Apr 2021 11:11:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=zOMECuegHtcnsOJsS2wVXJn/DWHnBqjlDGsQSl/szUM=; b=ZM5n2Aq3FEeQFiME92sJqLFtyDxwACpCOvO7R+riBUfsI6FF2pOovYWEL8rUf7yu+z b5PSN28LpI1YNx4znYaoZoxlw7qST4AAkqHlLQ4elw+XqqMsIsOSUieIImXevuj/iRMf J+NMeG4xkE3cZHBEhlxrJ4Zg1IiYyFf88FBIy1OyRs7wi8n1aTh6jkQC8hWpldOsusQd mY9Z3G1sSWAizF9/IOVLWqw7z5AW99XOoEl7Y5GcMPrtBsAUncVmMox2Ch0CmKPKNDDB dm5DLcYK2bQUTX936PQRzo4uBsYYroypNX1B5oYNRpH23r3cQtN+SGMERQ6HsbwrNq4r wcvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=zOMECuegHtcnsOJsS2wVXJn/DWHnBqjlDGsQSl/szUM=; b=hacF6D2LV4oZja/972nXXuLBzb+dWhnWS41HQmsA7gZxlpCm6y0SuVTUgAMCY78HO6 P4PNwKjiCASFF0erU7gK/8I+twue7LIyhgDIQslQ7Rtpiigc0E6GnGULkuim+prowwtb OmmReL3MtDos784xGg9WJ2o4C+PJiZ8KVBg2qGBxVPUI17td6qerSSFA8aQCyk66Fit0 fIbX8dDteb31zOpzMgyD+6HX3EzoaqWQfr7P7+Yi6w53GaS2cRn4sjfOgo1EdVv2fXuf NeBV+9MNULa6fkV1DipVWm3cqo3JSdUEAIEeKTFtB/TMX0+9iPZCsWLin/JE/ObXvlMZ rorw== X-Gm-Message-State: AOAM533xPCyeZMP7JQORLD6LKRC4LWWrQM+nxHmVef3RQd60ZTTdBCpk /RWcGzrCYCMaQK4b/pHyQoYsGg== X-Received: by 2002:aa7:800a:0:b029:250:c8c5:64b3 with SMTP id j10-20020aa7800a0000b0290250c8c564b3mr4432744pfi.23.1619115111014; Thu, 22 Apr 2021 11:11:51 -0700 (PDT) Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240]) by smtp.gmail.com with ESMTPSA id ft3sm5556349pjb.54.2021.04.22.11.11.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Apr 2021 11:11:50 -0700 (PDT) Date: Thu, 22 Apr 2021 18:11:46 +0000 From: Sean Christopherson To: Paolo Bonzini Cc: Dave Hansen , Andy Lutomirski , Peter Zijlstra , Wei Huang , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Tom Lendacky , Brijesh Singh Subject: Re: [PATCH v5 03/15] KVM: SVM: Disable SEV/SEV-ES if NPT is disabled Message-ID: References: <20210422021125.3417167-1-seanjc@google.com> <20210422021125.3417167-4-seanjc@google.com> <5e8a2d7d-67de-eef4-ab19-33294920f50c@redhat.com> <882d8bb4-8d40-1b4d-0742-4a4f2c307e5b@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <882d8bb4-8d40-1b4d-0742-4a4f2c307e5b@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 22, 2021, Paolo Bonzini wrote: > On 22/04/21 18:15, Sean Christopherson wrote: > > > Support for 5-level page tables on NPT is not hard to fix and could be > > > tested by patching QEMU. However, the !NPT case would also have to be fixed > > > by extending the PDP and PML4 stacking trick to a PML5. > > Isn't that backwards? It's the nested NPT case that requires the stacking trick. > > When !NPT is disabled in L0 KVM, 32-bit guests are run with PAE paging. Maybe > > I'm misunderstanding what you're suggesting. > > Yes, you're right. NPT is easy but we would have to guess what the spec > would say about MAXPHYADDR, while nNPT would require the stacking of a PML5. > Either way, blocking KVM is the easiest thing todo. How about I fold that into the s/lm_root/pml4_root rename[*]? I.e. make the blocking of PML5 a functional change, and the rename an opportunistic change? [*] https://lkml.kernel.org/r/20210318201131.3242619-1-seanjc@google.com