Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp3305042pxb;
        Mon, 18 Oct 2021 12:20:31 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwGVjaHFAfrljXn0nXdzOuTLJqL0rWLxdl9stxcSYwQnLgwCq83Bb2jFMVuOkaiydG4T+Va
X-Received: by 2002:a17:907:1c29:: with SMTP id nc41mr27410627ejc.135.1634584830817;
        Mon, 18 Oct 2021 12:20:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634584830; cv=none;
        d=google.com; s=arc-20160816;
        b=aVS88po1bdnIEulcGmVTE+OhtzkJ7mVlFu/EG4FgBxHQt8M3yn6TYZtJCS/8CN/7GV
         HnSoY+VC2ddsK/jLB1ZPsdseBDsITsLf1opvVN17ZIZ2nLU8bCF+YOHqou9tVopp8b+V
         +xx8nOUKZqThYj+X+u+8tEJQVeT4ziqEiQ0gmPfG5Z0kUuOB7YkZX79Qbrhle85MB/7W
         +rKToXc5iT1WYPVFm9wQuSPYhEFQD++epBy7dVJq5AvrtaVnVI+9j+AtXZIa3QqAbiqW
         707WcZZjV4r0OlVeV4NoPf9o8oTJJov9/kqapSOlT/hIO9MTP+BCo21iIZENGJAzGp8w
         EVjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=H0D9fMYiemWaywKhrFeRx22doUmAUI5poz1BHecVEck=;
        b=rFf1n5GpDpt1cg1d3K0WDdbj7/bRUaRRoyMdhuwzbIZmxFFob/MU0TUYk+VuS7gJo4
         kZhHt5hNqcsRAR0j8gxo8s7YDFIZ7Bdgyedv0hc/qNawH886/rxHyuqIm79UeaueaWgl
         R7n6KO95j6a/2Sr27pE30R4H7KQqxuO/DLu8rgpI5FFSrNoTWZp9NHnrPrutLwBOqxXd
         LDEQD6FuopxUNc4Fb5hLYz7WYwHzDHH8UaX58EWgZdY5lVVwgUc5RvUEr782IK2NTZER
         C0v6WSTDw8/ihEL9tC/u1OUbNga1ewmFdZllr6OER36nUgIJB2ueu8CYlZFjLJ5KqY/B
         Y2dA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b=aaPBSilQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id qw15si30174700ejc.112.2021.10.18.12.20.02;
        Mon, 18 Oct 2021 12:20:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@alien8.de header.s=dkim header.b=aaPBSilQ;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232759AbhJRTU1 (ORCPT <rfc822;luizmacielfranco@gmail.com>
        + 99 others); Mon, 18 Oct 2021 15:20:27 -0400
Received: from mail.skyhub.de ([5.9.137.197]:36098 "EHLO mail.skyhub.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S230159AbhJRTU0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Oct 2021 15:20:26 -0400
Received: from zn.tnic (p200300ec2f085700af6a7a3215758573.dip0.t-ipconnect.de [IPv6:2003:ec:2f08:5700:af6a:7a32:1575:8573])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id CA2981EC04A9;
        Mon, 18 Oct 2021 21:18:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim;
        t=1634584693;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:in-reply-to:in-reply-to:  references:references;
        bh=H0D9fMYiemWaywKhrFeRx22doUmAUI5poz1BHecVEck=;
        b=aaPBSilQLVoxx5ZYTymlL1LpcFbbTPdvT1VQjLz4BWf9YVHrCwCMueZkzHVjXeysrg0/eo
        EpZ0n8bosyKFGw3HgTiyge1sVQRj2H/scBFwyVzUsSGSBApNBZPU/wVXSMAAfNGzdpIW8A
        e30476Q54MX2AXNg4o+ioUpfa98cro8=
Date:   Mon, 18 Oct 2021 21:18:13 +0200
From:   Borislav Petkov <bp@alien8.de>
To:     Michael Roth <michael.roth@amd.com>
Cc:     Brijesh Singh <brijesh.singh@amd.com>, x86@kernel.org,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org,
        linux-coco@lists.linux.dev, linux-mm@kvack.org,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Kirill A . Shutemov" <kirill@shutemov.name>,
        Andi Kleen <ak@linux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        tony.luck@intel.com, marcorr@google.com,
        sathyanarayanan.kuppuswamy@linux.intel.com
Subject: Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features
 within #VC handler
Message-ID: <YW3IdfMs61191qnU@zn.tnic>
References: <20211008180453.462291-1-brijesh.singh@amd.com>
 <20211008180453.462291-9-brijesh.singh@amd.com>
 <YW2EsxcqBucuyoal@zn.tnic>
 <20211018184003.3ob2uxcpd2rpee3s@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20211018184003.3ob2uxcpd2rpee3s@amd.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Oct 18, 2021 at 01:40:03PM -0500, Michael Roth wrote:
> If CPUID has lied, that would result in a #GP, rather than a controlled
> termination in the various checkers/callers. The latter is easier to
> debug.
> 
> Additionally, #VC is arguably a better indicator of SEV MSR availability
> for SEV-ES/SEV-SNP guests, since it is only generated by ES/SNP hardware
> and doesn't rely directly on hypervisor/EFI-provided CPUID values. It
> doesn't work for SEV guests, but I don't think it's a bad idea to allow
> SEV-ES/SEV-SNP guests to initialize sev_status in #VC handler to make
> use of the added assurance.

Ok, let's take a step back and analyze what we're trying to solve first.
So I'm looking at sme_enable():

1. Code checks SME/SEV support leaf. HV lies and says there's none. So
guest doesn't boot encrypted. Oh well, not a big deal, the cloud vendor
won't be able to give confidentiality to its users => users go away or
do unencrypted like now.

Problem is solved by political and economical pressure.

2. Check SEV and SME bit. HV lies here. Oh well, same as the above.

3. HV lies about 1. and 2. but says that SME/SEV is supported.

Guest attempts to read the MSR Guest explodes due to the #GP. The same
political/economical pressure thing happens.

If the MSR is really there, we've landed at the place where we read the
SEV MSR. Moment of truth - SEV/SNP guests have a communication protocol
which is independent from the HV and all good.

Now, which case am I missing here which justifies the need to do those
acrobatics of causing #VCs just to detect the SEV MSR?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette