On 12/14/21 2:23 PM, Tom Lendacky wrote: >> I don't really understand how this can be more general any *not* get >> utilized by the existing SEV support. > > The Virtual Top-of-Memory (VTOM) support is an SEV-SNP feature that is > meant to be used with a (relatively) un-enlightened guest. The idea is > that the C-bit in the guest page tables must be 0 for all accesses. It > is only the physical address relative to VTOM that determines if the > access is encrypted or not. So setting sme_me_mask will actually cause > issues when running with this feature. Since all DMA for an SEV-SNP > guest must still be to shared (unencrypted) memory, some enlightenment > is needed. In this case, memory mapped above VTOM will provide that via > the SWIOTLB update. For SEV-SNP guests running with VTOM, they are > likely to also be running with the Reflect #VC feature, allowing a > "paravisor" to handle any #VCs generated by the guest. > > See sections 15.36.8 "Virtual Top-of-Memory" and 15.36.9 "Reflect #VC" > in volume 2 of the AMD APM [1]. Thanks, Tom, that's pretty much what I was looking for. The C-bit normally comes from the page tables. But, the hardware also provides an alternative way to effectively get C-bit behavior without actually setting the bit in the page tables: Virtual Top-of-Memory (VTOM). Right? It sounds like Hyper-V has chosen to use VTOM instead of requiring the guest to do the C-bit in its page tables. But, the thing that confuses me is when you said: "it (VTOM) is meant to be used with a (relatively) un-enlightened guest". We don't have an unenlightened guest here. We have Linux, which is quite enlightened. Is VTOM being used because there's something that completely rules out using the C-bit in the page tables? What's that "something"?
