Received-SPF: pass (google.com: domain of linux-kernel+bounces-197351-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Message-ID: <6e597167-7e29-175d-4e69-0ccf74dedf3e@amd.com>
Date: Fri, 31 May 2024 14:16:20 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.15.1
Subject: Re: [PATCH v4 15/15] x86/sev: Allow non-VMPL0 execution when an SVSM
 is present
Content-Language: en-US
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
 svsm-devel@coconut-svsm.dev, Thomas Gleixner <tglx@linutronix.de>,
 Ingo Molnar <mingo@redhat.com>, Dave Hansen <dave.hansen@linux.intel.com>,
 "H. Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>,
 Peter Zijlstra <peterz@infradead.org>,
 Dan Williams <dan.j.williams@intel.com>, Michael Roth
 <michael.roth@amd.com>, Ashish Kalra <ashish.kalra@amd.com>
References: <cover.1713974291.git.thomas.lendacky@amd.com>
 <e377d148acac799f6905fc544fbb8bf2ed76e078.1713974291.git.thomas.lendacky@amd.com>
 <20240531145423.GLZlnkn4JHSyh4-G8P@fat_crate.local>
From: Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20240531145423.GLZlnkn4JHSyh4-G8P@fat_crate.local>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
	=?utf-8?B?S1VNczlndW9zUjNPL3NjbkI3akxkVlVuRTNjWmd3MjllWUxiMmlIK3ZreHJk?=
 =?utf-8?B?cko5YXc3QWZySW5ZRHkzYjFMV2JDMnU2bmFFZHprQW9Nb3dZcGVFOElybXB1?=
 =?utf-8?B?WXJPaWRKSUduRk1tVGU1Mlgvc3NIWTFYeVpIc01EekdEdzR4Yk9iZjE0L0V2?=
 =?utf-8?B?M3JSVGRoU25yaGhhR0NNL0NvRDZPZFB5bzAwaFNzY01sejFCbER1OFZWR25J?=
 =?utf-8?B?blpqTlZMYytKU21RMmdxbzlMZDZheVE4cTBrQlRRVXh0a0JBK2pnakJ0VE85?=
 =?utf-8?B?a2cra3Fxc3RsTUs5d1k2NGlpWEJOQWNBMTdYZGFhWCtLVHBpT292QWNkWkxB?=
 =?utf-8?B?K1R1VXRBQUlGM2M0RnFHVWhMZEJrVWFVNVowNXpLL3BrRjhFdCs3R1U4Z3F5?=
 =?utf-8?B?SU0wSW5uZkxrZXR5RExHWk5FMnpKbDBORkkrc1cyU0hqNXVrd1d6UEVqNzFq?=
 =?utf-8?B?OFNwVndNYytwUlQ1V1VBcVFON0phcXdLUy8vVkxQWnEwcjNpS0YrQ052NjVC?=
 =?utf-8?B?bGtyN3hQL1JxME9TcXlzdGl0S1V4Vk9PNTJyYTRkeVNaZEcvYkhBOEVwV2Ru?=
 =?utf-8?B?Z2t6RGp0U3B6VHo1WlJXY2JQb0UxRTRXZThBbEh6Si82RUFaWWFkWnBJMnVL?=
 =?utf-8?B?YnFad3BDekhTY0phTnV1aG1tNUNDdHFvdGFHRndyUC9VR0EyZi9wbkxNSWxP?=
 =?utf-8?B?MkVDb2xWUTlIeXllMGhrQXhwVWtTN3Uyd1laMUlFUVlkaENxNktGRk0zZzk0?=
 =?utf-8?B?Ynp5WTFiRU83QUlOYXY5dENRU2M5WmNNK3BuNWVDQllWY2lXOFNjTy9ldTU3?=
 =?utf-8?B?VVB1N2hEMHJRN2ZxQWd5K0IvUnIybFVyTlJYL3cxV2lUSWhwd1A4N0gwNWtO?=
 =?utf-8?B?aVlCZTZhT0VFaUIxaWxXdDduVlhGLzJmZ09Ba0pYSk5SZ3d5d2pON1Y0UGhm?=
 =?utf-8?B?dERYSStreUJJNkw4b0cyZFFtd0hvRXZKNDFHTzd5TDhMUk8rbFNzbEJ2UWJ3?=
 =?utf-8?B?Vk1kUVYyeWkydG1wT2ZpbVJ0T2hDTXlweHMxSWtodElzSHlDdWgwWE8wMUJ2?=
 =?utf-8?B?TGtOYVp3T1JBa2QvbE8weHZuTmxEY1lHTTZFcDRhNTBNZFdoT2pwWVFCRjFQ?=
 =?utf-8?B?VFE2TWIxUU9QaEd4Z3FoTzlTNGNQbXVVRXpmaEZ0Q2x5UFAwVEIzVDhpbWZr?=
 =?utf-8?B?QVBjOEpwUVQ2UmZvcHZoOWFEaXpJS2VlQXFhMGkzdkNTT1FrMFVwMXJFRGZZ?=
 =?utf-8?B?aVRjRE5TbUhpMlJKR1puOXlWaWt3K25SZWtUWVMyQjRaL0YxMlkxa2xGL2U2?=
 =?utf-8?B?UUJDdVRVdlRBMnBUTHFxRXNuUEV3dEhsVjFYTEEyd21SaHRadzFPM2VkTjVX?=
 =?utf-8?B?c0pVTW9XUGZUQy9kdU1QTXJSRnphMWc1Nkc4Tzk3Tkg0YWU3K00xTk1nTXFG?=
 =?utf-8?B?azNiKzJ1TlRkeGhnVm04Nk1NY2J6OWV2dWZDMElEblFUVTJzWGNlSVI4Q2Vr?=
 =?utf-8?B?VjB0QTRPRDFURlQxbW5LbCtFNmtzdTFYK1hNRmRKMTdBZFpudjJ0M3E0cFBy?=
 =?utf-8?B?dTJpVWdXcXg4TGJaNkE3Ry95WCtyS1JaNUJQOGJjYksvdjQ3bnpnZXAybVov?=
 =?utf-8?B?NzdER0pheCs3b2FzeUZmQ3NyazhDZG4rVmp6bmJ5Ky9vZGFKOEtnOUhHRXJr?=
 =?utf-8?B?Qmx4L1crajJReGFnVUpIQ1lSNU42SjIyY3MxR3hqZjFkZnczb1c1U3hwRDdq?=
 =?utf-8?B?TjQ2eS9CWStXM05rTTRUQVU1SVRGZmpXR0thVy9ydGptbG53bWpuZll0K2Nv?=
 =?utf-8?B?Rkl6NDF6cGJzRXZ2d3V4U0hIc21HRnpKNGRtQVFTMFE2eFNYTVZYZzE3a0VY?=
 =?utf-8?B?dUgvYndmSDIwTzNVb3VzTENTNlQwd3ArakpYZ3NaVEZxb1laZ0RjbVgzUmd5?=
 =?utf-8?B?Unk3NmxBZEl1NUlCei9ack1nK1FTbXVyVkVHY3R5L2xhWWIvY2QxM2RQZ0N0?=
 =?utf-8?B?U3BIZUt5anlZeDRJNFVYLzVmRXlwSGpORTlJejdxMURhUVdSVW1PTnNWRHRG?=
 =?utf-8?B?SGE0aWlXcS8wMGZKR04yN2hoYkRlUzkvYkxOL2ZsUnRGekJyTDBEQXlLMXVW?=
 =?utf-8?Q?0Cf8cY+Qf3k4ffHShz7fVcdBi?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2034b25f-63ee-4e86-8d6f-08dc81a628c1
X-MS-Exchange-CrossTenant-AuthSource: BL1PR12MB5732.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2024 19:16:22.9314
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 9RBI/haEewjvOD88yqRQGsSjgw9TbKrhmVAyApEzDgepxLK8WM++26KEAB1ZiUuJdDVspmyjPYKxFUmUFJD5/Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7287

On 5/31/24 09:54, Borislav Petkov wrote:
> On Wed, Apr 24, 2024 at 10:58:11AM -0500, Tom Lendacky wrote:
>> @@ -624,8 +626,12 @@ void sev_enable(struct boot_params *bp)
>>   		 * modifies permission bits, it is still ok to do so currently because Linux
>>   		 * SNP guests running at VMPL0 only run at VMPL0, so VMPL1 or higher
>>   		 * permission mask changes are a don't-care.
>> +		 *
>> +		 * Running at VMPL0 is not required if an SVSM is present and the hypervisor
>> +		 * supports the required SVSM GHCB events.
>>   		 */
>> -		if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1))
>> +		if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1) &&
>> +		    !(vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)))
>>   			sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
>>   	}
> 
> Let's make that more readable:

Will do.

> 
> diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
> index fb1e60165cd1..157f749faba0 100644
> --- a/arch/x86/boot/compressed/sev.c
> +++ b/arch/x86/boot/compressed/sev.c
> @@ -610,8 +610,10 @@ void sev_enable(struct boot_params *bp)
>   	 * features.
>   	 */
>   	if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) {
> -		u64 hv_features = get_hv_features();
> +		u64 hv_features;
> +		int rmpadj_ret;

But I'll probably just call this 'ret'.

>   
> +		hv_features = get_hv_features();
>   		if (!(hv_features & GHCB_HV_FT_SNP))
>   			sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
>   
> @@ -626,11 +628,15 @@ void sev_enable(struct boot_params *bp)
>   		 * modifies permission bits, it is still ok to do so currently because Linux
>   		 * SNP guests running at VMPL0 only run at VMPL0, so VMPL1 or higher
>   		 * permission mask changes are a don't-care.
> -		 *
> +		 */
> +		rmpadj_ret = rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1);
> +
> +		/*
>   		 * Running at VMPL0 is not required if an SVSM is present and the hypervisor
>   		 * supports the required SVSM GHCB events.
>   		 */
> -		if (rmpadjust((unsigned long)&boot_ghcb_page, RMP_PG_SIZE_4K, 1) &&
> +
> +		if (rmpadj_ret &&
>   		    !(vmpl && (hv_features & GHCB_HV_FT_SNP_MULTI_VMPL)))
>   			sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_NOT_VMPL0);
>   	}
> 
>> -static int __init report_cpuid_table(void)
>> +static void __init report_cpuid_table(void)
>>   {
>>   	const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
>>   
>>   	if (!cpuid_table->count)
>> -		return 0;
>> +		return;
>>   
>>   	pr_info("Using SNP CPUID table, %d entries present.\n",
>>   		cpuid_table->count);
>>   
>>   	if (sev_cfg.debug)
>>   		dump_cpuid_table();
>> +}
>> +
>> +static void __init report_vmpl_level(void)
>> +{
>> +	if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
>> +		return;
>> +
>> +	pr_info("SNP running at VMPL%u.\n", vmpl);
>> +}
>> +
>> +static int __init report_snp_info(void)
>> +{
>> +	report_vmpl_level();
>> +	report_cpuid_table();
>>   
>>   	return 0;
>>   }
>> -arch_initcall(report_cpuid_table);
>> +arch_initcall(report_snp_info);
> 
> Zap one more silly helper:
> 
> diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
> index 7955c024d5d7..ff5a32b0b21c 100644
> --- a/arch/x86/kernel/sev.c
> +++ b/arch/x86/kernel/sev.c
> @@ -2356,32 +2356,23 @@ static void dump_cpuid_table(void)
>    * sort of indicator, and there's not really any other good place to do it,
>    * so do it here.
>    */
> -static void __init report_cpuid_table(void)
> +static int __init report_snp_info(void)
>   {
>   	const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
>   
>   	if (!cpuid_table->count)
> -		return;
> +		return 0;

Well you can't return in this case, just not report/dump the CPUID info. 
So I'll remove the helpers and adjust accordingly.

Thanks,
Tom

>   
>   	pr_info("Using SNP CPUID table, %d entries present.\n",
>   		cpuid_table->count);
>   
>   	if (sev_cfg.debug)
>   		dump_cpuid_table();
> -}
>   
> -static void __init report_vmpl_level(void)
> -{
>   	if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
> -		return;
> +		return 0;
>   
>   	pr_info("SNP running at VMPL%u.\n", vmpl);
> -}
> -
> -static int __init report_snp_info(void)
> -{
> -	report_vmpl_level();
> -	report_cpuid_table();
>   
>   	return 0;
>   }
>