On Mon, Jan 02, 2023 at 08:50:23PM +0530, Nikunj A. Dadhania wrote:
> >> + /*
> >> + * Terminate the boot if hypervisor has enabled any feature
> >> + * lacking guest side implementation.
> >> + */
> >> + if (sev_status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT)
> >> + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_FEAT_NOT_IMPLEMENTED);
> >
> > We can't help out by specifying which feature(s)?
>
> The purpose of SNP_FEATURES_PRESENT is just that, at present no features that need guest
> implementation is part of the kernel. For e.g. I will be posting patches with SecureTSC
> enabled, that will make the following change.
I think what David means is, can we have sev_es_terminate() say exactly which
feature wasn't implemented instead of users having to dig out which one exactly
wasn't by trying to find out what their SNP_FEATURES_IMPL_REQ and
SNP_FEATURES_PRESENT masks are.
Looking at the GHCB protocol, where GHCB_SNP_FEAT_NOT_IMPLEMENTED reason code
goes is GHCBData[23:16] which is not enough... And the VMSA has SEV_FEATURES but
that's guest-only.
I guess we need a way to communicate those masks in a more user-friendly way so
that it is exactly clear because of which missing feature(s) has the guest
terminated.
Hmm.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
