On Thu, Mar 28, 2024 at 03:24:29PM +0100, Jeremi Piotrowski wrote:
> It's not but if you set it before the check it will be set for all AMD
> systems, even if they are neither CC hosts nor CC guests.
That a problem?
It is under a CONFIG_ARCH_HAS_CC_PLATFORM...
> To leave open the possibility of an SNP hypervisor running nested.
But !CC_ATTR_GUEST_SEV_SNP doesn't mean that. It means it is not
a SEV-SNP guest.
> I thought you wanted to filter out SEV-SNP guests, which also have
> X86_FEATURE_SEV_SNP CPUID bit set.
I want to run snp_probe_rmptable_info() only on baremetal where it makes
sense.
> My understanding is that these are the cases:
>
> CPUID(SEV_SNP) | MSR(SEV_SNP) | what am I
> ---------------------------------------------
> set | set | SNP-guest
> set | unset | SNP-host
> unset | ?? | not SNP
So as you can see, we can't use X86_FEATURE_SEV_SNP for anything due to
the late disable need. So we should be moving away from it.
So we need a test for "am I a nested SNP hypervisor?"
So, can your thing clear X86_FEATURE_HYPERVISOR and thus "emulate"
baremetal?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
