Re: [PATCH v7 05/26] target/i386: add memory encryption feature cpuid support

[Brijesh Singh <brijesh.singh@xxxxxxx>]

On 02/07/2018 10:54 AM, Paolo Bonzini wrote:
> On 07/02/2018 17:06, Brijesh Singh wrote:
> > AMD EPYC processors support memory encryption feature. The feature
> > is reported through CPUID 8000_001F[EAX].
> >
> > Fn8000_001F [EAX]:
> >   Bit 0   Secure Memory Encryption (SME) supported
> >   Bit 1   Secure Encrypted Virtualization (SEV) supported
> >   Bit 2   Page flush MSR supported
> >   Bit 3   Ecrypted State (SEV-ES) support
> >
> > when memory encryption feature is reported, CPUID 8000_001F[EBX] should
> > provide additional information regarding the feature (such as which page
> > table bit is used to mark pages as encrypted etc). The information in EBX
> > and ECX may vary from one family to another hence we use the host cpuid
> > to populate the EBX information.
> >
> > The details for memory encryption CPUID is available in AMD APM
> > (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
> >
> > Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> > Cc: Richard Henderson <rth@xxxxxxxxxxx>
> > Cc: Eduardo Habkost <ehabkost@xxxxxxxxxx>
> > Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> > ---
> >   target/i386/cpu.c | 36 ++++++++++++++++++++++++++++++++++++
> >   target/i386/cpu.h |  6 ++++++
> >   2 files changed, 42 insertions(+)
> >
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> > index a49d2221adc9..4147eb6e18a9 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -234,6 +234,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
> >   #define TCG_EXT4_FEATURES 0
> >   #define TCG_SVM_FEATURES 0
> >   #define TCG_KVM_FEATURES 0
> > +#define TCG_MEM_ENCRYPT_FEATURES 0
> >   #define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
> >             CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
> >             CPUID_7_0_EBX_PCOMMIT | CPUID_7_0_EBX_CLFLUSHOPT |            \
> > @@ -545,6 +546,20 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
> >           .cpuid_reg = R_EDX,
> >           .tcg_features = ~0U,
> >       },
> > +    [FEAT_MEM_ENCRYPT] = {
> > +        .feat_names = {
> > +            "sme", "sev", "page-flush-msr", "sev-es",
>
> Why would sme ever be on in a guest?  That is, would a guest care about
> whether SME is on in the host?


Guest does not need the SME feature bit exposed  and it does not care 
whether SME is enabled on the host. Since I was defining the bit fields 
from 8000_001F EAX hence I tried to list them all. In next version, I 
will update the MEM_ENCRYPT feature to expose just SEV.

Thanks