Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6508899rwb; Tue, 22 Nov 2022 14:34:58 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Eq9o7TVWR3Iz0Xd7Z65t8fwytmoAcijKGVpl21XJefR+ki1KwHF8Up0yX5Ddq5QAmPcPe X-Received: by 2002:aa7:8608:0:b0:52f:db84:81cf with SMTP id p8-20020aa78608000000b0052fdb8481cfmr6898092pfn.26.1669156498502; Tue, 22 Nov 2022 14:34:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669156498; cv=none; d=google.com; s=arc-20160816; b=g/g2JLKxtLC5kwObR4elLXL9ZCvlxUVZlRSXFZbn5DfcKiJHtoLVCuC9Uf5Kle98ep A8UbIS7e+xElzGcD9RcORnjsBs95h6AVat5D5Hca5ELNL4y/XxYcpvtbm96XBnjZSdk7 bRwqdOL7QRqM/ked1ETmA3kqv0MDg1Dz6nZ0T5+HywV9UFFGh5ptf8VMUmJFeJfuC7ho +ltFwKVdBXFOaBlI+0n7vhikAikvICdcQDMsaf6GioHaM9d2wCjkogKy9jvfll3D3R8I wqZipN1Glf1fc49kHfTvOHNViz9bP2UQwN4WElEGtiz+Ng1WwZNDGz1Nm3SaV6zbcFUz 96Ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=vW0B+TAHUwisjxfaBne/M3qasDBVG7nKJqzQcmiMG10=; b=f+wnTHqJxjlyB0KlT4sTuUCF99lWmRESc4+gsgIjODzzdQmVlXDxYBQ5SXd1Lhm6t5 HuGWN8vBEnQAPnCSt+BmhVletgesVBKsWD1ef0GGNbhK3VQetvjnntMLw6v9K+X8h3Ow WHMu1aFDcdfDweCLzHQ2AqwcsqJ3dHXN3x9R/M85TP+uUpckX3/dfwiEbi4GSeYVMYSM u0A5eALYuqENJJzeHBuVXJC4gdTLjWF1figGDvlzKw1i56pHbsUvIZLVP/xylnvhjJMv doi7tW8uahTkF6Sw/XGR14MbGcSyil145oJaKw5s+fTiho4l9p2S4RDmborsHVjqzTFv yIkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=MFe6z+1K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b7-20020a656687000000b004704322da6fsi13864694pgw.273.2022.11.22.14.34.47; Tue, 22 Nov 2022 14:34:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=MFe6z+1K; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235183AbiKVWS2 (ORCPT + 89 others); Tue, 22 Nov 2022 17:18:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233239AbiKVWS0 (ORCPT ); Tue, 22 Nov 2022 17:18:26 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD8186152F; Tue, 22 Nov 2022 14:18:23 -0800 (PST) Received: from zn.tnic (p200300ea9733e747329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:9733:e747:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 3C0BA1EC064F; Tue, 22 Nov 2022 23:18:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1669155502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=vW0B+TAHUwisjxfaBne/M3qasDBVG7nKJqzQcmiMG10=; b=MFe6z+1Kfz6XbF4ixEsnZwacl3uI2WXTk9DxxQCdQhBv+K/6F/9E0blW+kMZCgQzdMAYwA A/GgxEvERo1EGXqiNoRejymtMKj06+CpGkudbfhEsA+iekLVAVIr19epOSW6cDTRx5gEwa NA2MiaKjV0NXc0/Pm9xqIRQZYW3FNu4= Date: Tue, 22 Nov 2022 23:18:17 +0100 From: Borislav Petkov To: "Michael Kelley (LINUX)" Cc: "hpa@zytor.com" , KY Srinivasan , Haiyang Zhang , "wei.liu@kernel.org" , Dexuan Cui , "luto@kernel.org" , "peterz@infradead.org" , "davem@davemloft.net" , "edumazet@google.com" , "kuba@kernel.org" , "pabeni@redhat.com" , "lpieralisi@kernel.org" , "robh@kernel.org" , "kw@linux.com" , "bhelgaas@google.com" , "arnd@arndb.de" , "hch@infradead.org" , "m.szyprowski@samsung.com" , "robin.murphy@arm.com" , "thomas.lendacky@amd.com" , "brijesh.singh@amd.com" , "tglx@linutronix.de" , "mingo@redhat.com" , "dave.hansen@linux.intel.com" , Tianyu Lan , "kirill.shutemov@linux.intel.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "ak@linux.intel.com" , "isaku.yamahata@intel.com" , "Williams, Dan J" , "jane.chu@oracle.com" , "seanjc@google.com" , "tony.luck@intel.com" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "linux-hyperv@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-pci@vger.kernel.org" , "linux-arch@vger.kernel.org" , "iommu@lists.linux.dev" Subject: Re: [Patch v3 07/14] x86/hyperv: Change vTOM handling to use standard coco mechanisms Message-ID: References: <1668624097-14884-1-git-send-email-mikelley@microsoft.com> <1668624097-14884-8-git-send-email-mikelley@microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22, 2022 at 06:22:46PM +0000, Michael Kelley (LINUX) wrote: > I think the core problem here is the naming and meaning of > CC_VENDOR_HYPERV. The name was created originally when the > Hyper-V vTOM handling code was a lot of special cases. With the > changes in this patch series that make the vTOM functionality more > mainstream, the name would be better as CC_VENDOR_AMD_VTOM. No, if CC_VENDOR_HYPERV means different things depending on what kind of guests you're doing, then you should not use a CC_VENDOR at all. > vTOM is part of the AMD SEV-SNP spec, and it's a different way of > doing the encryption from the "C-bit" based approach. As much as > possible, I'm trying to not make it be Hyper-V specific, though > currently we have N=1 for hypervisors that offer the vTOM option, so > it's a little hard to generalize. Actually, it is very simple to generalize: vTOM and the paravisor and VMPL are all part of the effort to support unenlightened, unmodified guests with SNP. So, if KVM wants to run Windows NT 4.0 guests as SNP guests, then it probably would need the same contraptions. > With the thinking oriented that way, a Linux guest on Hyper-V using > TDX will run with CC_VENDOR_INTEL. A Linux guest on Hyper-V that > is fully enlightened to use the "C-bit" will run with CC_VENDOR_AMD. Right. > Dexuan Cui just posted a patch set for initial TDX support on Hyper-V, > and I think that runs with CC_VENDOR_INTEL (Dexuan -- correct me if > I'm wrong about that -- I haven't reviewed your patches yet). Tianyu Lan > has a patch set out for Hyper-V guests using the "C-bit". That patch set > still uses CC_VENDOR_HYPERV. Tianyu and I need to work through > whether his patch set can run with CC_VENDOR_AMD like everyone > else using the "C-bit" approach. So I'm not sure the vendor is the right approach here. I guess we need to specify the *type* of guest being supported. > Yes, the polarity of the AMD vTOM bit matches the polarity of the > TDX GPA.SHARED bit, and is the opposite polarity of the AMD "C-bit". > I'll add a comment to that effect. > > Anyway, that's where I think this should go. Does it make sense? > Other thoughts? I think all that polarity doesn't matter as long as we abstract it away with, "mark encrypted" and "mark decrypted". But it is late now and I could be wrong - I'll look at the rest tomorrow-ish. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette