On 6/14/21 5:58 AM, Borislav Petkov wrote:
> On Wed, Jun 02, 2021 at 09:04:10AM -0500, Brijesh Singh wrote:
>> +/* Save area definition for SEV-ES and SEV-SNP guests */
>> +struct sev_es_save_area {
>
> Can we agree on a convention here to denote SEV-ES and later
> variants VS earlier ones so that you don't have "SEV-ES" in the name
> sev_es_save_area but to mean that this applies to SNP and future stuff
> too?
I was just following the APM, which lists it as the "State Save Area for
SEV-ES."
>
> What about SEV-only guests? I'm assuming those use the old variant.
Correct.
>
> Which would mean you can call this
>
> struct prot_guest_save_area
>
> or so, so that it doesn't have "sev" in the name and so that there's no
> confusion...
I guess we can call it just prot_save_area or protected_save_area or even
encrypted_save_area (no need for guest, since guest is implied, e.g. we
don't call the normal save area guest_save_area).
>
> Ditto for the size defines.
>
>> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
>> index 5bc887e9a986..d93a1c368b61 100644
>> --- a/arch/x86/kvm/svm/sev.c
>> +++ b/arch/x86/kvm/svm/sev.c
>> @@ -542,12 +542,20 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
>>
>> static int sev_es_sync_vmsa(struct vcpu_svm *svm)
>
> Not SEV-ES only anymore, so I guess sev_snp_sync_vmca() or so.
>
>> - struct vmcb_save_area *save = &svm->vmcb->save;
>> + struct sev_es_save_area *save = svm->vmsa;
>>
>> /* Check some debug related fields before encrypting the VMSA */
>> - if (svm->vcpu.guest_debug || (save->dr7 & ~DR7_FIXED_1))
>> + if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1))
>> return -EINVAL;
>>
>> + /*
>> + * SEV-ES will use a VMSA that is pointed to by the VMCB, not
>> + * the traditional VMSA that is part of the VMCB. Copy the
>> + * traditional VMSA as it has been built so far (in prep
>> + * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state.
>
> Ditto - nomenclature.
Yup, that can be made more generic.
>
>> + */
>> + memcpy(save, &svm->vmcb->save, sizeof(svm->vmcb->save));
>> +
>> /* Sync registgers */
> ^^^^^^^^^^
>
> typo. Might as well fix while at it.
Will do.
Thanks,
Tom
>
