Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2925556rwd;
        Mon, 22 May 2023 06:25:19 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ4mYZsw69QLVTXPuzIf9J6aZlj6pbvbZSmKl0QbV4VqhYZUZqJ0gzxAdoUxN6Z6TjazZtCX
X-Received: by 2002:a05:6a00:99c:b0:63d:5de3:b3f2 with SMTP id u28-20020a056a00099c00b0063d5de3b3f2mr15660331pfg.18.1684761919007;
        Mon, 22 May 2023 06:25:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684761918; cv=none;
        d=google.com; s=arc-20160816;
        b=Jizn+Rz9R97GSL1iyvbzsfPVU22t21/Dy+rupITZfxSQwJaxK3PJDb2uOakBAU9Z9g
         yLmVYqhW19GYpdWl4PZVel5aUwiVDCjrPD52e0GFYuXnigfWwF3B7CJXul797WNuBvOl
         FTUbM/8vgT74QlmcEIHdh10F1cOZL9paw131Eazt6orpa3MhLvHz5r9stxk3+axOvHJj
         WjwNn3M+10aAF0YJaOyp9r/4qqS/nVQV8vlIL20iisC8SqdGwR0M+QJWCGkZtzss7kwT
         S152yf/OhaoMg9cz4fN3maJefY76VOxKTIhcWhgkzdoofJ6/5Pk/YUg0SqlH92zoY40J
         bxXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature
         :dkim-signature;
        bh=lEvi79Gxxvx/sIBVBrhlm6IyM6SGPlhsdaMWWu+eBGw=;
        b=P8Kq/AKb6DQinnK49rQijABJuClM07zr+QhvrpJgYG6s9l2z2zzwTi7tH+daa++jJQ
         y6j4FRfh+eTeVpHksCXs8aA4WWlelnMWcbdXhy2fiASjMM48auDJwoEw0lKvqFHwCSGE
         qM38CsEHLYoAkiGM3A9JVo7NrSHDAQ8tpjUka5itmQKrLJfa/gl9BFe5L8MvKmREP82I
         Q8ai3bCfQfDG8Q7gawh/h2df8FRdU+ga+ob171403dmzX/KL7QOBi0rPhnNrY7XyCAf/
         iNUn/hvCbv35ZSXSDR4d6sOzATl/R9gUV/MOJ1l/jyro21Z7YuWYToKpnazovz0Ja/C/
         ybug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=j5n2JGLl;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v27-20020a637a1b000000b00534876e123dsi4840410pgc.144.2023.05.22.06.25.04;
        Mon, 22 May 2023 06:25:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=j5n2JGLl;
       dkim=neutral (no key) header.i=@suse.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233420AbjEVMtB (ORCPT <rfc822;4ak.abc@gmail.com> + 99 others);
        Mon, 22 May 2023 08:49:01 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50696 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231547AbjEVMs7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 May 2023 08:48:59 -0400
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B5DFAA;
        Mon, 22 May 2023 05:48:47 -0700 (PDT)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 392E31FEE4;
        Mon, 22 May 2023 12:48:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1684759726; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=lEvi79Gxxvx/sIBVBrhlm6IyM6SGPlhsdaMWWu+eBGw=;
        b=j5n2JGLl2PokKhR7aCRJKHIjtIlTZ2AExnbbXGFj6BAI7B2aJa2Pwd9TYM5znONq5vf7Y8
        YJKv+8P3luHLpKEQigD/Pk4oS/zNRmO8syCZwUcbfxtoPBARcNFrsFd2noo/0jX4M3fpse
        XywmrAl58ETlkzBpDeo902xCLk2fggw=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1684759726;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=lEvi79Gxxvx/sIBVBrhlm6IyM6SGPlhsdaMWWu+eBGw=;
        b=2zvpZoK09aSf2WjE+Bxc8gE4PdywUgtYSUO+KYGuOBjxI2EZGVjWKCKVOoIJacsCFyGcji
        jROBhmgFLOx7fUDA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id A315D13776;
        Mon, 22 May 2023 12:48:45 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id 2vlZJq1ka2QJZAAAMHmgww
        (envelope-from <jroedel@suse.de>); Mon, 22 May 2023 12:48:45 +0000
Date:   Mon, 22 May 2023 14:48:44 +0200
From:   Joerg Roedel <jroedel@suse.de>
To:     Tom Lendacky <thomas.lendacky@amd.com>
Cc:     Ard Biesheuvel <ardb@kernel.org>, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org, Evgeniy Baskov <baskov@ispras.ru>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Ingo Molnar <mingo@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Alexey Khoroshilov <khoroshilov@ispras.ru>,
        Peter Jones <pjones@redhat.com>,
        Gerd Hoffmann <kraxel@redhat.com>,
        Dave Young <dyoung@redhat.com>,
        Mario Limonciello <mario.limonciello@amd.com>,
        Kees Cook <keescook@chromium.org>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH v2 17/20] x86: efistub: Check SEV/SNP support while
 running in the firmware
Message-ID: <ZGtkrKhxqUiTlXY0@suse.de>
References: <20230508070330.582131-1-ardb@kernel.org>
 <20230508070330.582131-18-ardb@kernel.org>
 <ca76ed3b-5835-9f1b-7e10-dd417249b7bd@amd.com>
 <CAMj1kXE+7SKVZN3p2_NXg5VeH+hbwnqwaGTj6HLE1a89QGtraw@mail.gmail.com>
 <b6192de1-26a4-a7a7-63bf-76c36f55a8ff@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b6192de1-26a4-a7a7-63bf-76c36f55a8ff@amd.com>
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, May 19, 2023 at 09:04:46AM -0500, Tom Lendacky wrote:
> Deferring the checks is probably the safest thing to do, since that would
> match the way things are done today and known to work. I'm not sure what
> other things might pop up if we stay with this approach, for example, page
> state change calls using the GHCB MSR protocol that also don't save/restore
> the MSR value.
> 
> It is possible to audit these areas and stay with this approach, but I'm
> wondering if that wouldn't be better done as a separate patch series.
> 
> Adding @Joerg for any additional thoughts he might have around this area, too.

If I got it correctly the patch actually moves two things before
ExitBootServices:

	1) SEV features check

	2) SEV initialization

I think it makes a lot of sense to have 1) before ExitBootServices. It
allows to soft-fail in case the kernel does not support all required
SEV-SNP features and move on to a kernel which does. This check also only
needs the SEV_STATUS MSR and not any GHCB calls.

The problem is the GHCB protocol negotiation with the HV, but the GHCB
protocol is downward-compatible, so an older kernel can work with a
newer HV.

But 2) needs to stay after ExitBootServices, as it needs resources owned
by UEFI, e.g. the GHCB MSR and potentially the configured GHCB itself.
Fiddling around with the GHCB MSR while it is still owned by UEFI will
bite us in one or the other way (e.g. UEFI, before ExitBootServices, is
free to take IRQs with handlers that rely on the GHCB MSR content).

Regards,

	Joerg