Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Cc:     brijesh.singh@amd.com, x86@kernel.org,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org,
        linux-coco@lists.linux.dev, linux-mm@kvack.org,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ard Biesheuvel <ardb@kernel.org>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Sergio Lopez <slp@redhat.com>, Peter Gonda <pgonda@google.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>,
        David Rientjes <rientjes@google.com>,
        Dov Murik <dovmurik@linux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@ibm.com>,
        Michael Roth <michael.roth@amd.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        "Kirill A . Shutemov" <kirill@shutemov.name>,
        Andi Kleen <ak@linux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@redhat.com>,
        tony.luck@intel.com, marcorr@google.com,
        sathyanarayanan.kuppuswamy@linux.intel.com
Subject: Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is
 active
To:     Borislav Petkov <bp@alien8.de>
References: <20211008180453.462291-1-brijesh.singh@amd.com>
 <20211008180453.462291-15-brijesh.singh@amd.com> <YYFs+5UUMfyDgh/a@zn.tnic>
From:   Brijesh Singh <brijesh.singh@amd.com>
Message-ID: <aea0e0c8-7f03-b9db-3084-f487a233c50b@amd.com>
Date:   Tue, 2 Nov 2021 13:24:01 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
In-Reply-To: <YYFs+5UUMfyDgh/a@zn.tnic>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?R1RTcWVrK0VKNGpXY1BFd1F3QjRvL256a05pYiszekh0UWJzM29UY3JJcUpr?=
 =?utf-8?B?RGVFNm9oUU5tM29Id0hFV25JTElmUDA4WUFZcWV6dzNXYjR5anNMcHJBeWpT?=
 =?utf-8?B?TkdvUFJTaGM5NzlhaGQrTXUvWXk3QVI1c3VQSlVjcitkSlI4SHN5RFpQT3J6?=
 =?utf-8?B?U1NndWRlTnBUTjlWemZrVXA0UG1ZczkxZnJ2ZktUZXlmbFUwaFZPZzRoZkVh?=
 =?utf-8?B?bWlObU45ZmFvWFNPeW53eTZLdXgydUQ3VGxqeGNvZ2Zhb0UvUXJNS0tLd2Vx?=
 =?utf-8?B?WTN2bWoxSitqczBFcGpud2VGUUswNW15ajI2WW5va3FCS2JJOXVqYXdWWXNj?=
 =?utf-8?B?T0lHYmltODNOZkVMWVdqemlsNXljbmYvNklMWEhzRTRkQzBNNFlFd2N4WjhW?=
 =?utf-8?B?YW14cEYwVEZCczA2N0lYazVDR2x5Qzgyb3l1NU16UHVwdHlLV2hLUFNYQTVP?=
 =?utf-8?B?MVFyaGR1OXFMMTVyNnppMm1qR0xMUmsvMU05djVSMVlZa1FLcVZaRU1BYVpk?=
 =?utf-8?B?SWU4WGdSTUVVeWg3YzFiZE16VGs0eXZDdlVaVHliZmJvT1hGQXUwOVF3UWNW?=
 =?utf-8?B?R0Y4NTNDVDZnd2xsUlVoRzQwNXJNRnh3VTJKS2tsaTNpTnA2aldtNjdITmcx?=
 =?utf-8?B?Z0FTN1k1MVlZR29IUlNFZmNoODV1UVZXUkRFaGN0WEpSZVlSbnNmOVU0OVN1?=
 =?utf-8?B?UXFyMVhveEFqeEFjSk1LcjRucFdJWWxFY3gvQytLMlVPdnpUK0tONU1SaWcy?=
 =?utf-8?B?WTFjNloyalJyTFM1bVZVVFUxK0N6Z05xSEV6RkViL0FpSE91K3dvbWFScitj?=
 =?utf-8?B?R0xoOGFTMXBJSU5GUld4RUtvcVlObDRVUmxObkFucmJNOUpzaFN3UGwxcEJG?=
 =?utf-8?B?a01sY29WVGxXZldZOS9WdHhRUjVCeC9BL1d3MllhYUZodzNweU9jdStwL1JN?=
 =?utf-8?B?YUpoYnVUUG9DODVqenVOUnRKOWJNZU1EY3lRWW9sMHM5UDg1NVExaVMrTXRR?=
 =?utf-8?B?NGcxY2xyT09MTDdQTlFodVcrYlZqMFVqQWVGZ1ZGSFNUakJkK2xSRFBCWElQ?=
 =?utf-8?B?N09FU2FTQTVES052SlJ6MERaSW8zOFFkRk5FclpITlhFTTQ2dzFaLzB5RlFI?=
 =?utf-8?B?WTBNcGtwMkVzdGYramV3RG9RZy8yN1ozQk0zUUFkb0xCL2QzY3Fobm5UNU1o?=
 =?utf-8?B?a1lOZ040Uy9zSlNTSS9ybFRydVJ3Tm43OWhNdUZLWlptMzFFcTdmZ1B5SmY1?=
 =?utf-8?B?am5xR051ZDV1ZXFLK3FyWHB4aTVCZ3RHdXVxOGJJZnJSeFQyb0NNYXFnT1FO?=
 =?utf-8?B?b0laQ0pUQm0yMFFWQlliak92V3F0Y1BjNjZ2aU5YZG1PYkx1bndRUmZ2Nmps?=
 =?utf-8?B?RUZYNU85MStNVGJ0d3c5ZHJPYUcyTUtnRXV0a0I1WS9UeXJrend4YnNGVjJs?=
 =?utf-8?B?bExQUVV2aEd0K2pRSEg4bEJsRFNITzF0V0ZDREl5bC9VTUNoRDk3VEQrdUww?=
 =?utf-8?B?RnNNRW1zd3VBZXZ5VC8vdFBVZmpEK0xDMTVzVEU3UWJFNEtMem5LbktVeExH?=
 =?utf-8?B?R2VtUVZyNW42YU9JQi9qRlVScHlXaVVPazQ5RlYzVWw4QUZvemlLNGVGZzY5?=
 =?utf-8?B?Ym41Z1pkaFdGQW5PejdLeEZ2SSsvUVh3N1hpM3pRRStaYkRVVnJVMGVEVGtS?=
 =?utf-8?B?SHZ3K1pUbHJ1QUhCeFo4QUVEdTFXcDQxa2ZZdFVyNTJ4a2JEQmtaU2NzdUh6?=
 =?utf-8?B?QUlrQWovRWZ5OCtZaGVvRmp0YUM1S0NsenZrQUU5aEZEWDByV3M5aWFXQ1Ew?=
 =?utf-8?B?TnNrZ25RbmduQU9mQ3hpdFJrNGFyS2R2RUszYkI0K2J1OG9GcTkyZFF4UmRy?=
 =?utf-8?B?NUR2dzcxSzZoQm1LLzJvL3IwUE1iS0l1Vml3QmRNczJ1bC9JRTBOZTBYRjh2?=
 =?utf-8?B?Y3l4R2VSSFpnbkdmbEFIS0xWTjNYbXpmWkU0NlV6Tnd3RG5jbkV1cUZ6MmxZ?=
 =?utf-8?B?QmFkL2lpcEtLSDBzMkZXckE3ZEhEUWxlajdoY3lRMmlBc1BMMVFRaWZ3Q2Zw?=
 =?utf-8?B?REF1eWJKZWhXTGlFQnovYm5IbythYXV2Y2RJRmhmWlIvWlZZaHlZQTkzNlhO?=
 =?utf-8?B?VmVBWmVLa3B5UVlCVEg4ZXlTZ0hwVWhCOXFBcDRlNnYyNGpsQTJLSUtGa0hR?=
 =?utf-8?Q?93S3gbk8JhT4RIeaUR9j9K4=3D?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8ce1e88a-187b-48cc-5049-08d99e2df8ad
X-MS-Exchange-CrossTenant-AuthSource: SN6PR12MB2718.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2021 18:24:13.4779
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: gLM/zMCC+k/w33HZHB61531EQxU9SXQuCBr4LkUyR64cVYgFAaJZvXztjXgo8mog8ta/h78A828nN60oLUxgkQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4573
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Boris,


On 11/2/21 11:53 AM, Borislav Petkov wrote:
> On Fri, Oct 08, 2021 at 01:04:25PM -0500, Brijesh Singh wrote:
>> +	/* SEV-SNP guest requires that GHCB must be registered. */
>> +	if (cc_platform_has(CC_ATTR_SEV_SNP))
>> +		snp_register_ghcb(data, __pa(ghcb));
> 
> This looks like more of that "let's register a GHCB at the time the
> first #VC fires".
> 

There are two #VC handlers:

1) early exception handler [do_vc_no_ghcb()]. The handler uses the MSR 
protocol based VMGEXIT.

https://elixir.bootlin.com/linux/latest/source/arch/x86/kernel/sev-shared.c#L147


2) exception handler setup during the idt bringup 
[handle_vc_boot_ghcb()]. The handler uses the full GHCB.
https://elixir.bootlin.com/linux/latest/source/arch/x86/kernel/sev.c#L1472

To answer your question, GHCB is registered at the time of first #VC 
handling by the second exception handler. Mike can correct me, the CPUID 
page check is going to happen on first #VC handling inside the early 
exception handler (i.e case 1). The early exception handler uses the MSR 
protocol, so, there is no need to register the GHCB page. Before 
registering the page we need to map it unencrypted.


> And there already is setup_ghcb() which is called in the #VC handler.
> And that thing registers a GHCB GPA.
> 

There are two cases that need to be covered 1) BSP GHCB page and 2) APs 
GHCB page. The setup_ghcb() is called for the BSP. Later on, per-cpu 
GHCB page is used by the APs. APs need to register their GHCB page 
before using it.

> But then you have to do it here again.
> 
> I think this should be changed together with the CPUID page detection
> stuff we talked about earlier, where, after you've established that this
> is an SNP guest, you call setup_ghcb() *once* and after that you have
> everything set up, including the GHCB GPA. And then the #VC exceptions
> can come.

See if my above explanation make sense. Based on it, I don't think it 
makes sense to register the GHCB during the CPUID page detection. The 
CPUID page detection will occur in early VC handling.

> Right?
> 
> Or is there a chicken-and-an-egg issue here which I'm not thinking
> about?
>