Re: [PATCH RFC v7 40/64] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/19/22 17:24, Kalra, Ashish wrote:

Hello Tom,

On 12/19/2022 12:04 PM, Tom Lendacky wrote:

On 12/14/22 13:40, Michael Roth wrote:

From: Brijesh Singh <brijesh.singh@xxxxxxx>

The KVM_SEV_SNP_LAUNCH_FINISH finalize the cryptographic digest and stores
it as the measurement of the guest at launch.

While finalizing the launch flow, it also issues the LAUNCH_UPDATE command
to encrypt the VMSA pages.

If its an SNP guest, then VMSA was added in the RMP entry as
a guest owned page and also removed from the kernel direct map
so flush it later after it is transitioned back to hypervisor
state and restored in the direct map.

Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Signed-off-by: Harald Hoyer <harald@xxxxxxxxxxx>
Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
---
  .../virt/kvm/x86/amd-memory-encryption.rst    |  22 ++++
  arch/x86/kvm/svm/sev.c                        | 119 ++++++++++++++++++
  include/uapi/linux/kvm.h                      |  14 +++
  3 files changed, 155 insertions(+)
diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documentation/virt/kvm/x86/amd-memory-encryption.rst 
index c94be8e6d657..e4b42aaab1de 100644
--- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst
+++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst
@@ -513,6 +513,28 @@ Returns: 0 on success, -negative on error
  See the SEV-SNP spec for further details on how to build the VMPL permission 
  mask and page type.
+21. KVM_SNP_LAUNCH_FINISH
+-------------------------
+
+After completion of the SNP guest launch flow, the KVM_SNP_LAUNCH_FINISH command can be 
+issued to make the guest ready for the execution.
+
+Parameters (in): struct kvm_sev_snp_launch_finish
+
+Returns: 0 on success, -negative on error
+
+::
+
+        struct kvm_sev_snp_launch_finish {
+                __u64 id_block_uaddr;
+                __u64 id_auth_uaddr;
+                __u8 id_block_en;
+                __u8 auth_key_en;
+                __u8 host_data[32];


This is missing the 6 bytes of padding at the end of the struct.
Yes will fix this, the documentation is missing that, the structure defination in include/uapi/linux/kvm.h includes it. 

But why do we need this padding ?
I'm assuming it was added so that any new elements added would be aligned on an 8 byte boundary (should the next element added be a __u64). I don't think that it is truly needed right now, though. 

Thanks,
Tom
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux