On 03/01/23 01:32, Borislav Petkov wrote: > On Mon, Jan 02, 2023 at 08:50:23PM +0530, Nikunj A. Dadhania wrote: >>>> + /* >>>> + * Terminate the boot if hypervisor has enabled any feature >>>> + * lacking guest side implementation. >>>> + */ >>>> + if (sev_status & SNP_FEATURES_IMPL_REQ & ~SNP_FEATURES_PRESENT) >>>> + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_FEAT_NOT_IMPLEMENTED); >>> >>> We can't help out by specifying which feature(s)? >> >> The purpose of SNP_FEATURES_PRESENT is just that, at present no features that need guest >> implementation is part of the kernel. For e.g. I will be posting patches with SecureTSC >> enabled, that will make the following change. > > I think what David means is, can we have sev_es_terminate() say exactly which > feature wasn't implemented instead of users having to dig out which one exactly > wasn't by trying to find out what their SNP_FEATURES_IMPL_REQ and > SNP_FEATURES_PRESENT masks are. > > Looking at the GHCB protocol, where GHCB_SNP_FEAT_NOT_IMPLEMENTED reason code > goes is GHCBData[23:16] which is not enough... And the VMSA has SEV_FEATURES but > that's guest-only. Currently, GHCBData[24:63] is unused. If we intend to use the bit range(40bits), GHCB spec will need to be updated. And probably would not be enough. > I guess we need a way to communicate those masks in a more user-friendly way so > that it is exactly clear because of which missing feature(s) has the guest > terminated. As the termination request is done using GHCB MSR protocol, exit codes cannot be used. Regards, Nikunj
