Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4425969imw; Tue, 12 Jul 2022 07:46:04 -0700 (PDT) X-Google-Smtp-Source: AGRyM1siBJeZ5QznuHcuhUVvzNgb8ts1w7AIQll/idfoD3pMDLKjaq//9X/wdDRz0IuDy1N83NU5 X-Received: by 2002:a17:90b:4c86:b0:1f0:3255:542e with SMTP id my6-20020a17090b4c8600b001f03255542emr4830733pjb.119.1657637164224; Tue, 12 Jul 2022 07:46:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657637164; cv=none; d=google.com; s=arc-20160816; b=F5rTY+4FxwfGQIq8NyYdB9YuyHCoF574zZYDRDAeTospPR0X4v3X5CeRXE66Mmb0eA AbT5exyKOHnONFrjuag5fpD9QF08fWUUJtYm0xIQcC820Gigdt95kWNspw1LGLhNUNme rxaiQmPvJ7k1qXSl2t9G6mkIHQjk6qE7hrVqBHSBl/W1DDbJ17WfJtZM66TZVH1FUBcb CdWeXxmXacOjENm4CsvAcbVFyls4hhiipe+Pd8slLyBEeUvfeU1pBtDnecsM4g5QDCVt cJdpJYQUhjWHTg9hPpshbRyBf4YFDtECPo1mhYgfF3E41sII66SOL5MyeYJQltcI4gNc TtxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Nsh70CDuTz6nymq/Aq/whTzK7x/oeKxt1w/vVgLpJB8=; b=Q/WLzW5esc6bK/4XyRkt5JXApSa+bMtz43Ttp8pLoaKYwJWsNT/AF8X/okBCYw/ZM+ f5giZi7rQVso1Q7z0QE2fxfwOrwuSTyYt//Z0tGBOuasQzLHFKEjIl/8YdbDIqDY0Fhd EkiTYahjT8kORVicW92seO3PO/PHYKJxa1ED5ZB4HfuPs7R3FEijXux6JC2On+ZjD5cr d+jepQYgE0NluQ+SJns//yh+sJzywQpJU4YT9x4g2oFcckqa33mkrUL3V48yHF/pQ3sc fUQhgnQ4dzAS8AZ1NB4Kyrh8rh5SV0KuMytRYv0Wgif/swxxESWSZXxyc07mplGaFFuH nbfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=d6kJSkKH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y3-20020a17090aa40300b001efabd2e96bsi12372837pjp.73.2022.07.12.07.45.51; Tue, 12 Jul 2022 07:46:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=d6kJSkKH; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233242AbiGLOpl (ORCPT + 99 others); Tue, 12 Jul 2022 10:45:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233698AbiGLOpd (ORCPT ); Tue, 12 Jul 2022 10:45:33 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B971A4D4F0 for ; Tue, 12 Jul 2022 07:45:31 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id n18so12615619lfq.1 for ; Tue, 12 Jul 2022 07:45:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Nsh70CDuTz6nymq/Aq/whTzK7x/oeKxt1w/vVgLpJB8=; b=d6kJSkKHZ1XmZiSD2xZ2+ZUO8U6tly4xce6EUsqYoobWB45jyqSqEgyCzbCCSnK1vx duoNKCMJEExeOkEbElM0SuXLpxcnuQQW84rZu30wZblW9sbFxgtST/rBgQGytP7Lmf37 8Cfdns9+0C1WZdpQ6AXCL+zsjJWfNri8CxS3opAWhkPsQT0KPGVgz0vbXpqr0F56buuC C8IwZ3efp29FWDR3fB8Jjqj/yD3BjHa4acTwHrupwww1Yhyl4veBtTuaSAOaW04+HG1X NpaXfEwQpcLUAVGl0VE7hAGFlfNn0FHtrHwLC8zXjTG7OH4dw1+YlU95m/mbnRd1XPFE XYvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Nsh70CDuTz6nymq/Aq/whTzK7x/oeKxt1w/vVgLpJB8=; b=uZIK5Z2wYlnt9n6ZmwHRdYyRKKjzg0VDX40ecAllCSxYmUEPx6VFTfUE8Gxvl0qF/S ZWpmC7U9cqzNwzCtR4PSyorK5saZd53WhYsojwMYww8MvGxRFxfb4nj4qjDwPqybHAAo qDLfSSVfG6Ell4LoygVekIiCxgPDADj3NYyS10Lgb0Te4zCWfliFnTLzI5D8yTt2VT7B 8NvM+oew4Kkvr/SmduaFxqvEh1wJ+pd1+ACS/VvVZbgNp5JppbKpz1RNUImC0LbB9x0q mK8X0xKfCC/ZrU+fKRAlPRNGtQUqa440cHeCfVLSviPLz1Zx23XaTre/AXP+pTQi+t0u rCzw== X-Gm-Message-State: AJIora/Oc1YCR2HkqxmlTidMMq+X8uwYlzJTOoTSVuPGJ+SP7TpB0RcF m9TEQu/UN/4j122sJ0Mq91EIML3FKWN5cO9ZFQTbZA== X-Received: by 2002:a05:6512:44c:b0:489:f71a:a34e with SMTP id y12-20020a056512044c00b00489f71aa34emr1736044lfk.402.1657637129877; Tue, 12 Jul 2022 07:45:29 -0700 (PDT) MIME-Version: 1.0 References: <6a513cf79bf71c479dbd72165faf1d804d77b3af.1655761627.git.ashish.kalra@amd.com> In-Reply-To: From: Peter Gonda Date: Tue, 12 Jul 2022 08:45:18 -0600 Message-ID: Subject: Re: [PATCH Part2 v6 28/49] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command To: "Kalra, Ashish" Cc: "the arch/x86 maintainers" , LKML , kvm list , "linux-coco@lists.linux.dev" , Linux Memory Management List , Linux Crypto Mailing List , Thomas Gleixner , Ingo Molnar , Joerg Roedel , "Lendacky, Thomas" , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , "Roth, Michael" , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , Tony Luck , Marc Orr , Sathyanarayanan Kuppuswamy , Alper Gun , "Dr. David Alan Gilbert" , "jarkko@kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 11, 2022 at 4:41 PM Kalra, Ashish wrote: > > [AMD Official Use Only - General] > > Hello Peter, > > >> The KVM_SEV_SNP_LAUNCH_FINISH finalize the cryptographic digest and > >> stores it as the measurement of the guest at launch. > >> > >> While finalizing the launch flow, it also issues the LAUNCH_UPDATE > >> command to encrypt the VMSA pages. > > >Given the guest uses the SNP NAE AP boot protocol we were expecting that= there would be some option to add vCPUs to the VM but mark them as "pendin= g AP boot creation protocol" state. This would allow the LaunchDigest of a = VM doesn't change >just because its vCPU count changes. Would it be possibl= e to add a new add an argument to KVM_SNP_LAUNCH_FINISH to tell it which vC= PUs to LAUNCH_UPDATE VMSA pages for or similarly a new argument for KVM_CRE= ATE_VCPU? > > But don't we want/need to measure all vCPUs using LAUNCH_UPDATE_VMSA befo= re we issue SNP_LAUNCH_FINISH command ? > > If we are going to add vCPUs and mark them as "pending AP boot creation" = state then how are we going to do LAUNCH_UPDATE_VMSAs for them after SNP_LA= UNCH_FINISH ? If I understand correctly we don't need or even want the APs to be LAUNCH_UPDATE_VMSA'd. LAUNCH_UPDATEing all the VMSAs causes VMs with different numbers of vCPUs to have different launch digests. Its my understanding the SNP AP Creation protocol was to solve this so that VMs with different vcpu counts have the same launch digest. Looking at patch "[Part2,v6,44/49] KVM: SVM: Support SEV-SNP AP Creation NAE event" and section "4.1.9 SNP AP Creation" of the GHCB spec. There is no need to mark the LAUNCH_UPDATE the AP's VMSA or mark the vCPUs runnable. Instead we can do that only for the BSP. Then in the guest UEFI the BSP can: create new VMSAs from guest pages, RMPADJUST them into the RMP state VMSA, then use the SNP AP Creation NAE to get the hypervisor to mark them runnable. I believe this is all setup in the UEFI patch: https://www.mail-archive.com/devel@edk2.groups.io/msg38460.html.