Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp99302pxb; Thu, 20 Jan 2022 09:36:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlfeU6aJWsXA18yi+5FMASLNWWG0ddGruGKbio5cu58ef3Arf2fPoK9Nvzgjbzzh2FPj5I X-Received: by 2002:a17:902:a509:b0:143:7eb6:c953 with SMTP id s9-20020a170902a50900b001437eb6c953mr54802plq.4.1642700197542; Thu, 20 Jan 2022 09:36:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642700197; cv=none; d=google.com; s=arc-20160816; b=t38hg5pHGzJQ7LJeIKKGSyJc4ixrg/q+w1DInF+ih8UntwEEK3Jr6KnIPj5fUoe4QQ cHuH0hEFj1/UQ3m7OFIazVRTyxRc5YIEMThUgUoTC7RvVjADAaZlFwAHQg7T0m1xvK6y 4/RIFewFuWF9JRxMQ08lc6DYn/Drj738JczcoSBtL7ZIwmexgqPr30TdvDx26StME14Z CQUqMnna4fRKfBLze6/it8ZXdHW+KTiB74DTq2yPgA9IzhhmWmwJorIg6ytJulx7qXzM fqAlqIzwyeL5xb0PDBsrV8rDHXMn+InbWDroSWovgDMTVPnAdZdUV8CG3iVICmR6781b YqxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xK1Ruqt0Z3LpMS/GeIOUADQcueEO2vAcwQe8tnfengs=; b=D8KvOVkWLGk9t9sqrQj+WJCV276YbD8hCQ3YJPpe5DXWwq8ce/+Zny5wYYa4iR7Kdr K7wjuzKFwd+R0KaeEceKq01B9SFJPXYd2FvzuoEj9uJwICsvrag+y+AjcQknJsFhKXVX gFIFYR5CWBoM9aHW27M3j5OAIMH8I14Qf0daOXeUTRFAOgLXPO/ZIwmvpXN4nH6+OJEd ByV2tkZJpBQr1sgzoDedpZTPgiSgyDxkg9xtPtBaCE1e8rGp28HG+vll35ZHk1OEr4GC HuUTSkteM1hb/w4dS4HZ3+TNpwegpG8Sh3LW/ppGlZkJyQhZhN+paTbdrZVGzwUE7agm YeGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=bIZs6T3e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j64si17002pgd.417.2022.01.20.09.36.23; Thu, 20 Jan 2022 09:36:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=bIZs6T3e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244128AbiARQez (ORCPT + 99 others); Tue, 18 Jan 2022 11:34:55 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243692AbiARQex (ORCPT ); Tue, 18 Jan 2022 11:34:53 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54DE4C061574; Tue, 18 Jan 2022 08:34:53 -0800 (PST) Received: from zn.tnic (dslb-088-067-202-008.088.067.pools.vodafone-ip.de [88.67.202.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id D29021EC056A; Tue, 18 Jan 2022 17:34:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1642523687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=xK1Ruqt0Z3LpMS/GeIOUADQcueEO2vAcwQe8tnfengs=; b=bIZs6T3eRL29/2uilP6w7Rm92gPfcnQp2vi0QmpTHCgNpF01xtADYy6ZJfaiUEkVQxQ7rz tTfqeCf214MnTZxLlL7syAvWgctc20H4w+1cxhqAXyOfZEU72KaDQPbBJ7erwJXEqkWN4y xfQn8rJrSZmZg3PGrtGbOaU4fct01Es= Date: Tue, 18 Jan 2022 17:34:49 +0100 From: Borislav Petkov To: Michael Roth Cc: Brijesh Singh , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers Message-ID: References: <20211210154332.11526-1-brijesh.singh@amd.com> <20211210154332.11526-30-brijesh.singh@amd.com> <20220113163913.phpu4klrmrnedgic@amd.com> <20220118043521.exgma53qrzrbalpd@amd.com> <20220118142345.65wuub2p3alavhpb@amd.com> <20220118143238.lu22npcktxuvadwk@amd.com> <20220118143730.wenhm2bbityq7wwy@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220118143730.wenhm2bbityq7wwy@amd.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 18, 2022 at 08:37:30AM -0600, Michael Roth wrote: > Actually, no, because doing that would provide hypervisor a means to > effectively disable CPUID page for an SNP guest by provided a table with > count == 0, which needs to be guarded against. Err, I'm confused. Isn't that "SEV-SNP guests will be provided the location of special 'secrets' 'CPUID' pages via the Confidential Computing blob..." and the HV has no say in there? Why does the HV provide the CPUID page? And when I read "secrets page" I think, encrypted/signed and given directly to the guest, past the HV which cannot even touch it. Hmmm. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette