On 9/15/20 12:32 PM, Sean Christopherson wrote: > On Tue, Sep 15, 2020 at 12:22:05PM -0500, Tom Lendacky wrote: >> On 9/14/20 5:59 PM, Sean Christopherson wrote: >>> On Mon, Sep 14, 2020 at 03:15:14PM -0500, Tom Lendacky wrote: >>>> From: Tom Lendacky <thomas.lendacky@xxxxxxx> >>>> >>>> This patch series provides support for running SEV-ES guests under KVM. >>> From the x86/VMX side of things, the GPR hooks are the only changes that I >>> strongly dislike. >>> >>> For the vmsa_encrypted flag and related things like allow_debug(), I'd >>> really like to aim for a common implementation between SEV-ES and TDX[*] from >>> the get go, within reason obviously. From a code perspective, I don't think >>> it will be too onerous as the basic tenets are quite similar, e.g. guest >>> state is off limits, FPU state is autoswitched, etc..., but I suspect (or >>> maybe worry?) that there are enough minor differences that we'll want a more >>> generic way of marking ioctls() as disallowed to avoid having one-off checks >>> all over the place. >>> >>> That being said, it may also be that there are some ioctls() that should be >>> disallowed under SEV-ES, but aren't in this series. E.g. I assume >>> kvm_vcpu_ioctl_smi() should be rejected as KVM can't do the necessary >>> emulation (I assume this applies to vanilla SEV as well?). >> Right, SMM isn't currently supported under SEV-ES. SEV does support SMM, >> though, since the register state can be altered to change over to the SMM >> register state. So the SMI ioctl() is ok for SEV. > But isn't guest memory inaccessible for SEV? E.g. how does KVM emulate the > save/restore to/from SMRAM? In SEV, to support the SMM, the guest BIOS (Ovmf) maps the SMM state save area as unencrypted. This allows the KVM to access the SMM state saved area as unencrypted. SVM also provides intercepts for the RSM, so KVM does not need to fetch and decode the instruction bytes to know whether the VMEXIT was due to exiting from the SMM mode.