On 9/16/20 11:02 AM, Sean Christopherson wrote: > On Wed, Sep 16, 2020 at 10:11:10AM -0500, Tom Lendacky wrote: >> On 9/15/20 3:13 PM, Tom Lendacky wrote: >>> On 9/15/20 11:30 AM, Sean Christopherson wrote: >>>> I don't quite follow the "doesn't mean debugging can't be done in the future". >>>> Does that imply that debugging could be supported for SEV-ES guests, even if >>>> they have an encrypted VMSA? >>> >>> Almost anything can be done with software. It would require a lot of >>> hypervisor and guest code and changes to the GHCB spec, etc. So given >>> that, probably just the check for arch.guest_state_protected is enough for >>> now. I'll just need to be sure none of the debugging paths can be taken >>> before the VMSA is encrypted. >> >> So I don't think there's any guarantee that the KVM_SET_GUEST_DEBUG ioctl >> couldn't be called before the VMSA is encrypted, meaning I can't check the >> arch.guest_state_protected bit for that call. So if we really want to get >> rid of the allow_debug() op, I'd need some other way to indicate that this >> is an SEV-ES / protected state guest. > > Would anything break if KVM "speculatively" set guest_state_protected before > LAUNCH_UPDATE_VMSA? E.g. does KVM need to emulate before LAUNCH_UPDATE_VMSA? Yes, the way the code is set up, the guest state (VMSA) is initialized in the same way it is today (mostly) and that state is encrypted by the LAUNCH_UPDATE_VMSA call. I check the guest_state_protected bit to decide on whether to direct the updates to the real VMSA (before it's encrypted) or the GHCB (that's the get_vmsa() function from patch #5). Thanks, Tom > >> How are you planning on blocking this ioctl for TDX? Would the >> arch.guest_state_protected bit be sit earlier than is done for SEV-ES? > > Yep, guest_state_protected is set from time zero (kvm_x86_ops.vm_init) as > guest state is encrypted/inaccessible from the get go. The flag actually > gets turned off for debuggable TDX guests, but that's also forced to happen > before the KVM_RUN can be invoked (TDX architecture) and is a one-time > configuration, i.e. userspace can flip the switch exactly once, and only at > a very specific point in time. >
