Received: by 10.223.164.202 with SMTP id h10csp5759825wrb; Tue, 21 Nov 2017 15:20:13 -0800 (PST) X-Google-Smtp-Source: AGs4zMbcwSfBVR7sbgxM/42xgMoO/FdAptLdI09Pu22ZIRP0Fw5PNPSXVzjKL1cDcLLVadQhhwgb X-Received: by 10.99.190.6 with SMTP id l6mr18043991pgf.288.1511306413011; Tue, 21 Nov 2017 15:20:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511306412; cv=none; d=google.com; s=arc-20160816; b=oTRiMv9aTh5Ol5lJediGcu0RX2Bqtj0Rw/AQKNTID7G8CNFxfKGIzwHFunx/37offD QBLF2CRzhJBeyiFJRRKSuAq2ybYBMkx4Xnmta7QK13FARG+fcIXswdFmcKKe+g4sWcHZ wZ7bSkdqpWkSWbUAO0jaNe+bX1TeEEFuz+cgX7hu7RrEfkPZ1Pn3nAwH66OvL+tQZK2D J8Lo5Yc+xS2Rq+MzD3EC3KsegqYspuucdZokBgsDbWRyaTVvvq4hLkJpxeaa/2sWGGxi kqaevcCcO1icfWzEqy9flPmoRBZWl3Z4MwOj+LV4ona+OBPE09WLVEhi+ZW+lExE7Dm0 ST2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=rhRWhtK1mxlrB7LO8vnJGCWxI1s99j9fJm07QaUIRYg=; b=l0IqQQam9408tWvNwCx8TGVMzOm8IfFS/G7fkUAlYemshxmLxzDdbx4sE7DINhXH0H T/rx8xfAQmSHkPdUDj6i9XGhJhXKkbzQ23QyrvvkWYPQ7klM9e/lUvIvjZEJQ0qe/Xj+ TTlbXblQyj4e2TaPaiyh2zWtL+iUezTYXBIco8i8KtJdGPTZNSzHLhQYJlfcO4fYakFA BGbx2w/SOLwk0+W4AsHnIy4/3yJj3/I2feUry6O9LBrSQamEXIvNv/JjYwDng9cBNWvM GHh3I8lBkHbLS+vDSMRnitsW62dh0S8fw7VXA27fu0F3zkpTMv8xq0DcZxBAgLZGwkEz 7fcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=B2PLqa2g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g17si11609792plo.107.2017.11.21.15.20.01; Tue, 21 Nov 2017 15:20:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=B2PLqa2g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751472AbdKUXTZ (ORCPT + 76 others); Tue, 21 Nov 2017 18:19:25 -0500 Received: from mail-it0-f42.google.com ([209.85.214.42]:36940 "EHLO mail-it0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751290AbdKUXTX (ORCPT ); Tue, 21 Nov 2017 18:19:23 -0500 Received: by mail-it0-f42.google.com with SMTP id m191so4114380itg.2 for ; Tue, 21 Nov 2017 15:19:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rhRWhtK1mxlrB7LO8vnJGCWxI1s99j9fJm07QaUIRYg=; b=B2PLqa2gPVMaIMIUSycqEyWK/0hZP02KVGoVj2GO6mk7kPuZX5jGxoufjzgQNJfGFE lmVuRcPtC755RUbBD2RYtqFDvANSsXs+tlM+xVxpSQ7ZNYit0eItL5OOgrnjwyynHJn8 xcefpBfvUw16ZavvcyY5I7PHtYUeAjbgVF5ZSCSrA2NyyWYqr/FMaFS/NWzNAXAM0GKe 7xG28GGEwkOnargQNbjt+VV0qXCbKQde5uFok+UWQvWSIXubfmKEVFZdOs6q4yTDf2CQ LeYcpKvIuFR8co/a1SyJ37+2AeOq97QClVsYYTcPYxOB2EGIHk5q2lR+kzSF/3inoC+Y aUdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rhRWhtK1mxlrB7LO8vnJGCWxI1s99j9fJm07QaUIRYg=; b=d4rS0p+li5F6k3qexsJY/zzo7XLrIhAdmpfAqis5tAVjU8J1w9qIHvwxxIANDUkDm4 PpoIituehmbJsb7shdmi1xdINs2dAKTrZw866k3uIlgwJCMdMofEArOaA5sFQIyvMoL4 wCx1N4UazaYjOMujv1/twM/ICrQ4xMbuuz/bBjxqfFHApdgqFKYMdL/3ATTCM05+i40S KKCk+dDJyg0A5WXrGalL8zrfOVtUFdwSLse1YgwR/OII36sz3NeEUge/OJ0mq9HO8XGf z+Wp1mkjwVLjDGKI1NLfy4RuIQZmb1uAl+mcg4odGysTyVFNilEEmSnzomoN8pGbaeUK 34xw== X-Gm-Message-State: AJaThX5V6YTJVdnvRNd4kblRwJ6+Xr0GDQpcueX7OUYRDc0xXj/aHKed zBiI20IUujiJQ+xfTQimja4uFBD0jW6tXh2aebB08w== X-Received: by 10.36.65.91 with SMTP id x88mr4516469ita.82.1511306362226; Tue, 21 Nov 2017 15:19:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.210.18 with HTTP; Tue, 21 Nov 2017 15:18:41 -0800 (PST) In-Reply-To: References: <20171020143059.3291-1-brijesh.singh@amd.com> <20171116100222.k3zic3ut3ectnaly@pd.tnic> From: Steve Rutherford Date: Tue, 21 Nov 2017 15:18:41 -0800 Message-ID: Subject: Re: [Part1 PATCH v7 00/17] x86: Secure Encrypted Virtualization (AMD) To: Tom Lendacky Cc: Borislav Petkov , Brijesh Singh , x86@kernel.org, KVM list , LKML , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Borislav Petkov , Andy Lutomirski , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LDg+KAnsOCIG3Dg8aSw4LCocOD4oCmw6LigJ7Cog==?= Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 16, 2017 at 6:41 AM, Tom Lendacky wrote: > On 11/16/2017 4:02 AM, Borislav Petkov wrote: >> >> On Wed, Nov 15, 2017 at 03:57:13PM -0800, Steve Rutherford wrote: >>> >>> One piece that seems missing here is the handling of the vmm >>> communication exception. What's the plan for non-automatic exits? In >>> particular, what's the plan for emulated devices that are currently >>> accessed through MMIO (e.g. the IOAPIC)? >> >> >> First of all, please do not top-post. >> >> Then, maybe this would answer some of your questions: >> >> >> http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf >> >> But I'd look in Tom's direction for further comments. > > > I'm not sure what the question really is... > > MMIO works just fine using the data contained in the VMCB on exit > (exit_info_1, exit_info_2, insn_bytes, etc.). > > These patches are for SEV support. If the question is related to SEV-ES > (based on the non-automatic exit comment), that support is not part of > these patches and will require additional changes to be able to both > launch a guest as an SEV-ES guest and run as an SEV-ES guest. I conflated SEV with SEV-ES, which I suspect answers everything here. The reason it doesn't have support for the #VC exception is because it's not supposed to... yet. I'm still interested in the plan for the #VC exception handler, but this thread doesn't seem like the place. > >> >>> Maybe I'm getting ahead of myself: What's the testing story? (since I >>> don't think linux would boot with these patches, I'm curious what you >>> are doing to ensure these pieces work) >> >> >> Seems to boot fine here :) > > > Using these patches we have successfully booted and tested a guest both > with and without SEV enabled. > > Thanks, > Tom > >> > Thanks, Steve From 1584250629492739828@xxx Thu Nov 16 19:05:36 +0000 2017 X-GM-THRID: 1581787886872450890 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread