Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp272886rdd; Tue, 9 Jan 2024 03:57:05 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8Rs7h5Hppd3zBo0hz7T0YinQynb1xh3y1NNh6H8XjKS+vLtJILsFToEqz5cxBDEBQNyxZ X-Received: by 2002:a05:620a:572:b0:783:174a:ea0e with SMTP id p18-20020a05620a057200b00783174aea0emr4465781qkp.89.1704801425085; Tue, 09 Jan 2024 03:57:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704801425; cv=none; d=google.com; s=arc-20160816; b=gKLzQ8rsM4A5LhPEaCNRxyboJ1CAManVPDNNYwUmzjBgYDk3LK8qMzTyNbvjwk63Nx 0d7CR7YjHBZhrGrPC+xZs7HLtV5HJETWMzwOiph1dS06uWhnSluWydxq9MHneOdey6fT 6CBymeHeJsZ7o/L3+0HcAdR7nrqORRmQH+zDNGh9cBql0mZ4uV+ERxNkfhvYb3dAnsxE 0fX7xCD8wnacIfjLv9HBnyLtsUF2zNiKUK/fbt8eXpttOgQZKEmmVaXnq0Qm5P47ikGq uw9vid3xvTEMk7ao5AJpijbqw+2nkRPsaq4U0PCbHteF40GLjsqQkUG9Jb+MNbLTASMo Txcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=qTrKm5gfDaGVKWMebrVJloyB8rgSl281DiQxs9lsdz4=; fh=V/u8IYJDsMnv5ttFdYBfLlwxlH7DBoSftE0G1EpIGAQ=; b=W0/FFrXTedJDXfd8BOBgo2UyTyYClskuBxL4ZLeeNYp6P8yfsdRVJ+gkEmvtbvTNFP eFDdO7hBpR4OKzyK0lpXB2i/X0ZShFXkOCjlgYle9okr97DyxdPQXhb0a9GH5cNnaLL/ Q1exVLQmbvMP7DU16DjnUFfLvA2rxwohlTiuRBHVQ9leGywtRkx3Rt/WArvZMtKcmbmT g+j6NFc8lDXaOSmbAfZSrxA+3PQXJDy4z44XRuCN4avNhC1LsPaw0a+Uf+pLsOrwLwm7 GVg0dXYNSnWXgAueB2lTk6MOtZILUstsovklRBT1MdqMniJhdnViB2L1g2QmlgjudSyT fABg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=leEnvgxm; spf=pass (google.com: domain of linux-crypto+bounces-1302-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1302-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id m10-20020ae9e70a000000b0077f129f0a08si1761628qka.784.2024.01.09.03.57.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 03:57:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto+bounces-1302-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=leEnvgxm; spf=pass (google.com: domain of linux-crypto+bounces-1302-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-1302-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D28241C23BCD for ; Tue, 9 Jan 2024 11:57:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 05E15374DA; Tue, 9 Jan 2024 11:56:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="leEnvgxm" X-Original-To: linux-crypto@vger.kernel.org Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8952938DD8; Tue, 9 Jan 2024 11:56:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Received: from [192.168.1.210] (181-28-144-85.ftth.glasoperator.nl [85.144.28.181]) by linux.microsoft.com (Postfix) with ESMTPSA id 5DA60209AF69; Tue, 9 Jan 2024 03:56:19 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5DA60209AF69 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1704801386; bh=qTrKm5gfDaGVKWMebrVJloyB8rgSl281DiQxs9lsdz4=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=leEnvgxmqMyQcS71Cg/lDkkVYOlAo1MdVzP4smUzAvnnaHz4jrz2ndUmu4HVjlYiQ pQ9ufr8kiXyrTyy7o8s4h6REGjMhslEU9OG1i/Gy8bxqDNExlO0wS6czjMnGF8TyoQ P4TKIMEclkSk/uRWSxMfgue1qpFPR6T4Eu81gM/Y= Message-ID: Date: Tue, 9 Jan 2024 12:56:17 +0100 Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support Content-Language: en-US To: Borislav Petkov Cc: Michael Roth , x86@kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, tobin@ibm.com, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh References: <20231230161954.569267-1-michael.roth@amd.com> <20231230161954.569267-5-michael.roth@amd.com> <20240105160916.GDZZgprE8T6xbbHJ9E@fat_crate.local> <20240105162142.GEZZgslgQCQYI7twat@fat_crate.local> <0c4aac73-10d8-4e47-b6a8-f0c180ba1900@linux.microsoft.com> <20240108170418.GDZZwrEiIaGuMpV0B0@fat_crate.local> From: Jeremi Piotrowski In-Reply-To: <20240108170418.GDZZwrEiIaGuMpV0B0@fat_crate.local> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 08/01/2024 18:04, Borislav Petkov wrote: > On Mon, Jan 08, 2024 at 05:49:01PM +0100, Jeremi Piotrowski wrote: >> What I wrote: "allow for the kernel to allocate the rmptable". > > What?! > > "15.36.5 Hypervisor RMP Management > > ... > > Because the RMP is initialized by the AMD-SP to prevent direct access to > the RMP, the hypervisor must use the RMPUPDATE instruction to alter the > entries of the RMP. RMPUPDATE allows the hypervisor to alter the > Guest_Physical_Address, Assigned, Page_Size, Immutable, and ASID fields > of an RMP entry." >> What you want is something that you should keep far and away from the > upstream kernel. > Can we please not assume I am acting in bad faith. I am explicitly trying to integrate nicely with AMD's KVM SNP host patches to cover an additional usecase and get something upstreamable. Let's separate RMP allocation from who (and how) maintains the entries. """ 15.36.4 Initializing the RMP ... Software must program RMP_BASE and RMP_END identically for each core in the system and before enabling SEV-SNP globally. """ KVM expects UEFI to do this, Hyper-V does the allocation itself (on bare-metal). Both are valid. Afaik it is the SNP_INIT command that hands over control of the RMP from software to AMD-SP. When it comes to "who and how maintains the rmp" - that is of course the AMD-SP and hypervisor issues RMPUPDATE instructions. The paragraph you cite talks about the physical RMP and AMD-SP - not virtualized SNP (aka "SNP-host VM"/nested SNP). AMD specified an MSR-based RMPUPDATE for us for that usecase (15.36.19 SEV-SNP Instruction Virtualization). The RMP inside the SNP-host VM is not related to the physical RMP and is an entirely software based construct. The RMP in nested SNP is only used for kernel bookkeeping and so its allocation is optional. KVM could do without reading the RMP directly altogether (by tracking the assigned bit somewhere) but that would be a design change and I'd rather see the KVM SNP host patches merged in their current shape. Which is why the patch I linked allocates a (shadow) RMP from the kernel. I would very much appreciate if we would not prevent that usecase from working - that's why I've been reviewing and testing multiple revisions of these patches and providing feedback all along.