Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp916861imi; Fri, 22 Jul 2022 12:30:08 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tAIZe7s8mv7fJojq9u3wptzJZagXZAFfl3qtnq8ivL/ke9CnS9pGobqxqlu7SxysGVPgxH X-Received: by 2002:a17:906:4f:b0:712:af2:29d9 with SMTP id 15-20020a170906004f00b007120af229d9mr1062452ejg.751.1658518207994; Fri, 22 Jul 2022 12:30:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658518207; cv=none; d=google.com; s=arc-20160816; b=wnIO7trHls2RZXmteSTT5AEdMn1uus8m0BGSUy+e6Q9ra3WPkBGmGxfuPUA1e8dFM2 rkTmnMDBqInKsrJLZoXuQzm/Kimr5LBTpJ9WZneXP4krTkZR+MYytei+374ovB9bcRHY 40AaxIzIILCPSmb2G3RAmnHN1kWaWivTnOXWJ5t0MaaRSTmhAe/cbucdKNvhbJDr1iul JvBMJBDQI0FYz4tKhRIxEt+yEkwQnDTVMSknm/G23wCAJMBrE/CZck8DaCfdnJXXCF5m uiWfWoMvIbU/+F0r93X0Lag4Z9NAF3SYVNn22ycL/0+nTPxwPJSl4KM2iKEXUdTfXrF2 7Amw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=nT/WxNPGWSJTO6+kQuM3FOwCYg2A+BIY4xCaAU3c0V8=; b=lOUu40A79Kj8CcAwRfnPAV8G4vbFmCvuOm8QRKprfLNeYxcIqKGmcwl21b7RljhHgv Z8+PjtHLUim0cjqXrq3qSM7z4/F1nSe/OOrB9liTt1E5u5J5pkGr9TiezkmGn9eXIIha 6s5TBezvOW5MUMb5aHSnWnQ+3PFq/E3g9r9rl9xc43rVJXBeekqHn6zdbBxl/WH+PWiZ jfSqvwHjJ9rmIhd8GtweAV+7ySAN0Y50V6g3zzq9u/whKGqsxy3kfylcoH4cKEVQU6MF u5oMbP1A5O6/jZ7VLwC31QwhIXg9Lk8ISRH0uKIMWz/+NIPjQKeQ2+Gs94mZ6qSBNeD1 oIfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=AC06S3LG; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dr18-20020a170907721200b0072b83d4de3asi7634859ejc.608.2022.07.22.12.29.33; Fri, 22 Jul 2022 12:30:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=AC06S3LG; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235931AbiGVTZZ (ORCPT + 99 others); Fri, 22 Jul 2022 15:25:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231784AbiGVTZY (ORCPT ); Fri, 22 Jul 2022 15:25:24 -0400 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C38617AB3; Fri, 22 Jul 2022 12:25:23 -0700 (PDT) Received: from zn.tnic (p200300ea97297665329c23fffea6a903.dip0.t-ipconnect.de [IPv6:2003:ea:9729:7665:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id D2EA11EC0666; Fri, 22 Jul 2022 21:25:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1658517917; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=nT/WxNPGWSJTO6+kQuM3FOwCYg2A+BIY4xCaAU3c0V8=; b=AC06S3LGPe5h73iTbcHpi4ZGg7ColSwTlaajXCs+e2KG0bBZaYA37zBljXeX8xeIuwK+vo N/Dhea004+suCjTz60jAA9AWk2lXFYO7Ag6Vb5jbmotR9u08XqNiDH9vftOXWD/nvlDQtH 9edeomcKPYV/j5sCa5NTw6mjO8PhysQ= Date: Fri, 22 Jul 2022 21:25:17 +0200 From: Borislav Petkov To: Sean Christopherson Cc: "Kalra, Ashish" , Dave Hansen , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" , "linux-mm@kvack.org" , "linux-crypto@vger.kernel.org" , "tglx@linutronix.de" , "mingo@redhat.com" , "jroedel@suse.de" , "Lendacky, Thomas" , "hpa@zytor.com" , "ardb@kernel.org" , "pbonzini@redhat.com" , "vkuznets@redhat.com" , "jmattson@google.com" , "luto@kernel.org" , "dave.hansen@linux.intel.com" , "slp@redhat.com" , "pgonda@google.com" , "peterz@infradead.org" , "srinivas.pandruvada@linux.intel.com" , "rientjes@google.com" , "dovmurik@linux.ibm.com" , "tobin@ibm.com" , "Roth, Michael" , "vbabka@suse.cz" , "kirill@shutemov.name" , "ak@linux.intel.com" , "tony.luck@intel.com" , "marcorr@google.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "alpergun@google.com" , "dgilbert@redhat.com" , "jarkko@kernel.org" Subject: Re: [PATCH Part2 v6 05/49] x86/sev: Add RMP entry lookup helpers Message-ID: References: <681e4e45-eff1-600c-9b81-1fa9bdf24232@intel.com> <99d72d58-a9bb-d75c-93af-79d497dfe176@intel.com> <5db37cc2-4fb1-7a73-c39a-3531260414d0@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Jul 22, 2022 at 07:04:23PM +0000, Sean Christopherson wrote: > I disagree. Running an old kernel on new hardware with a different RMP layout > should refuse to use SNP, not read/write garbage and likely corrupt the RMP and/or > host memory. See my example below. > And IMO, hiding the non-architectural RMP format in SNP-specific code so that we > don't have to churn a bunch of call sites that don't _need_ access to the raw RMP > format is a good idea regardless of whether we want to be optimistic or pessimistic > about future formats. I don't think I ever objected to that. > > This is nothing else but normal CPU enablement work - it should be done > > when it is really needed. > > <--- this here. > > Because the opposite can happen: you can add a model check which > > excludes future model X, future model X comes along but does *not* > > change the RMP format and then you're going to have to relax that model > > check again to fix SNP on the new model X. So constantly adding new models to a list which support a certain version of the RMP format doesn't scale either. If you corrupt the RMP because your kernel is old, you'll crash and burn very visibly so that you'll be forced to have to look for an updated kernel regardless. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette