Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
From: Borislav Petkov <bp@xxxxxxxxx>
Date: Tue, 18 Jan 2022 17:34:49 +0100
Cc: Brijesh Singh <brijesh.singh@xxxxxxx>, x86@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-efi@xxxxxxxxxxxxxxx, platform-driver-x86@xxxxxxxxxxxxxxx, linux-coco@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Joerg Roedel <jroedel@xxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Ard Biesheuvel <ardb@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Sean Christopherson <seanjc@xxxxxxxxxx>, Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>, Jim Mattson <jmattson@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Sergio Lopez <slp@xxxxxxxxxx>, Peter Gonda <pgonda@xxxxxxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Srinivas Pandruvada <srinivas.pandruvada@xxxxxxxxxxxxxxx>, David Rientjes <rientjes@xxxxxxxxxx>, Dov Murik <dovmurik@xxxxxxxxxxxxx>, Tobin Feldman-Fitzthum <tobin@xxxxxxx>, Vlastimil Babka <vbabka@xxxxxxx>, "Kirill A . Shutemov" <kirill@xxxxxxxxxxxxx>, Andi Kleen <ak@xxxxxxxxxxxxxxx>, "Dr . David Alan Gilbert" <dgilbert@xxxxxxxxxx>, tony.luck@xxxxxxxxx, marcorr@xxxxxxxxxx, sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx
In-reply-to: <20220118143730.wenhm2bbityq7wwy@amd.com>
References: <20211210154332.11526-1-brijesh.singh@amd.com> <20211210154332.11526-30-brijesh.singh@amd.com> <YeAmFePcPjvMoWCP@zn.tnic> <20220113163913.phpu4klrmrnedgic@amd.com> <YeGhKll2fTcTr2wS@zn.tnic> <20220118043521.exgma53qrzrbalpd@amd.com> <YebIiN6Ftq2aPtyF@zn.tnic> <20220118142345.65wuub2p3alavhpb@amd.com> <20220118143238.lu22npcktxuvadwk@amd.com> <20220118143730.wenhm2bbityq7wwy@amd.com>

On Tue, Jan 18, 2022 at 08:37:30AM -0600, Michael Roth wrote:
> Actually, no, because doing that would provide hypervisor a means to
> effectively disable CPUID page for an SNP guest by provided a table with
> count == 0, which needs to be guarded against.

Err, I'm confused.

Isn't that "SEV-SNP guests will be provided the location of special
'secrets' 'CPUID' pages via the Confidential Computing blob..." and the
HV has no say in there?

Why does the HV provide the CPUID page?

And when I read "secrets page" I think, encrypted/signed and given
directly to the guest, past the HV which cannot even touch it.

Hmmm.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Follow-Ups:
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth

References:
- [PATCH v8 00/40] Add AMD Secure Nested Paging (SEV-SNP) Guest Support
  - From: Brijesh Singh
- [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Brijesh Singh
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Borislav Petkov
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Borislav Petkov
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Borislav Petkov
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth
- Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
  - From: Michael Roth

Prev by Date: Re: [PATCH v2 0/4] KVM: x86: Partially allow KVM_SET_CPUID{,2} after KVM_RUN for CPU hotplug
Next by Date: Re: [PATCH v5 15/69] KVM: arm64: nv: Inject HVC exceptions to the virtual EL2
Previous by thread: Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
Next by thread: Re: [PATCH v8 29/40] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers
Index(es):
- Date
- Thread

[Index of Archives] [KVM ARM] [KVM ia64] [KVM ppc] [Virtualization Tools] [Spice Development] [Libvirt] [Libvirt Users] [Linux USB Devel] [Linux Audio Users] [Yosemite Questions] [Linux Kernel] [Linux SCSI] [XFree86]