From: Eduardo Habkost <ehabkost@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: "Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
Peter Maydell <peter.maydell@linaro.org>,
Borislav Petkov <bp@suse.de>,
kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
Alistair Francis <alistair.francis@xilinx.com>,
Peter Crosthwaite <crosthwaite.peter@gmail.com>,
Richard Henderson <richard.henderson@linaro.org>,
Alexander Graf <agraf@suse.de>,
qemu-devel@nongnu.org,
Christian Borntraeger <borntraeger@de.ibm.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Marcel Apfelbaum <marcel@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Lendacky <Thomas.Lendacky@amd.com>,
Bruce Rogers <brogers@suse.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Markus Armbruster <armbru@redhat.com>,
Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH v10 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active
Date: Tue, 6 Mar 2018 09:39:12 -0300 [thread overview]
Message-ID: <20180306123912.GJ5120@localhost.localdomain> (raw)
In-Reply-To: <20180228211028.83970-26-brijesh.singh@amd.com>
On Wed, Feb 28, 2018 at 03:10:25PM -0600, Brijesh Singh wrote:
> When SEV is enabled, CPUID 0x8000_001F should provide additional
> information regarding the feature (such as which page table bit is used
> to mark the pages as encrypted etc).
>
> The details for memory encryption CPUID is available in AMD APM
> (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> target/i386/cpu.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index b5e431e769da..7a3cec59402b 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -26,6 +26,7 @@
> #include "sysemu/hvf.h"
> #include "sysemu/cpus.h"
> #include "kvm_i386.h"
> +#include "sev_i386.h"
>
> #include "qemu/error-report.h"
> #include "qemu/option.h"
> @@ -3612,6 +3613,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> *ecx = 0;
> *edx = 0;
> break;
> + case 0x8000001F:
What I'm worried about here is ABI stability and migration safety
guarantees. Let's see:
> + *eax = sev_enabled() ? 0x2 : 0;
sev_enabled() just checks if sev_state is set.
sev_state is only set by sev_guest_init().
sev_guest_init() is only called if MachineState::memory_encryption is set.
The value is a function of command-line options only. Good.
> + *ebx = sev_get_cbit_position();
This is 0 if sev_state is NULL (see above). Good.
If sev_state is set, it returns sev_state->cbitpos.
s->cbitpos is set based on the "cbitpos" property of
QSevGuestInfo only (it's only validated against host CPUID). The
property has no host-dependent default and needs to be set
explicitly.
This means sev_get_cbit_position() is a function of command-line
options only, too. Good.
> + *ebx |= sev_get_reduced_phys_bits() << 6;
Logic is very similar to sev_get_cbit_position(), and depends on
the "reduced-phys-bits" property of QSevGuestInfo only. Good.
> + *ecx = 0;
> + *edx = 0;
> + break;
> default:
> /* reserved values: zero */
> *eax = 0;
> @@ -4041,6 +4049,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
> if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
> x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
> }
> +
> + /* SEV requires CPUID[0x8000001F] */
> + if (sev_enabled()) {
> + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
> + }
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
> }
>
> /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
> --
> 2.14.3
>
>
--
Eduardo
WARNING: multiple messages have this Message-ID (diff)
From: Eduardo Habkost <ehabkost@redhat.com>
To: Brijesh Singh <brijesh.singh@amd.com>
Cc: qemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>,
kvm@vger.kernel.org, "Michael S. Tsirkin" <mst@redhat.com>,
Stefan Hajnoczi <stefanha@gmail.com>,
Alexander Graf <agraf@suse.de>,
"Edgar E. Iglesias" <edgar.iglesias@xilinx.com>,
Markus Armbruster <armbru@redhat.com>,
Bruce Rogers <brogers@suse.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Marcel Apfelbaum <marcel@redhat.com>,
Borislav Petkov <bp@suse.de>,
Thomas Lendacky <Thomas.Lendacky@amd.com>,
Richard Henderson <richard.henderson@linaro.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Alistair Francis <alistair.francis@xilinx.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>,
Richard Henderson <rth@twiddle.net>,
Peter Crosthwaite <crosthwaite.peter@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v10 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active
Date: Tue, 6 Mar 2018 09:39:12 -0300 [thread overview]
Message-ID: <20180306123912.GJ5120@localhost.localdomain> (raw)
In-Reply-To: <20180228211028.83970-26-brijesh.singh@amd.com>
On Wed, Feb 28, 2018 at 03:10:25PM -0600, Brijesh Singh wrote:
> When SEV is enabled, CPUID 0x8000_001F should provide additional
> information regarding the feature (such as which page table bit is used
> to mark the pages as encrypted etc).
>
> The details for memory encryption CPUID is available in AMD APM
> (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
> target/i386/cpu.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index b5e431e769da..7a3cec59402b 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -26,6 +26,7 @@
> #include "sysemu/hvf.h"
> #include "sysemu/cpus.h"
> #include "kvm_i386.h"
> +#include "sev_i386.h"
>
> #include "qemu/error-report.h"
> #include "qemu/option.h"
> @@ -3612,6 +3613,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> *ecx = 0;
> *edx = 0;
> break;
> + case 0x8000001F:
What I'm worried about here is ABI stability and migration safety
guarantees. Let's see:
> + *eax = sev_enabled() ? 0x2 : 0;
sev_enabled() just checks if sev_state is set.
sev_state is only set by sev_guest_init().
sev_guest_init() is only called if MachineState::memory_encryption is set.
The value is a function of command-line options only. Good.
> + *ebx = sev_get_cbit_position();
This is 0 if sev_state is NULL (see above). Good.
If sev_state is set, it returns sev_state->cbitpos.
s->cbitpos is set based on the "cbitpos" property of
QSevGuestInfo only (it's only validated against host CPUID). The
property has no host-dependent default and needs to be set
explicitly.
This means sev_get_cbit_position() is a function of command-line
options only, too. Good.
> + *ebx |= sev_get_reduced_phys_bits() << 6;
Logic is very similar to sev_get_cbit_position(), and depends on
the "reduced-phys-bits" property of QSevGuestInfo only. Good.
> + *ecx = 0;
> + *edx = 0;
> + break;
> default:
> /* reserved values: zero */
> *eax = 0;
> @@ -4041,6 +4049,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
> if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) {
> x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A);
> }
> +
> + /* SEV requires CPUID[0x8000001F] */
> + if (sev_enabled()) {
> + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
> + }
Reviewed-by: Eduardo Habkost <ehabkost@redhat.com>
> }
>
> /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
> --
> 2.14.3
>
>
--
Eduardo
next prev parent reply other threads:[~2018-03-06 12:39 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-28 21:10 [PATCH v10 00/29] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 01/28] memattrs: add debug attribute Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 02/28] exec: add ram_debug_ops support Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 03/28] exec: add debug version of physical memory read and write API Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 04/28] monitor/i386: use debug APIs when accessing guest memory Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 05/28] machine: add -memory-encryption property Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 06/28] kvm: update kvm.h to include memory encryption ioctls Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 07/28] docs: add AMD Secure Encrypted Virtualization (SEV) Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 08/28] target/i386: add Secure Encrypted Virtulization (SEV) object Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 09/28] qmp: add query-sev command Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-01 20:09 ` Eric Blake
2018-03-01 20:09 ` [Qemu-devel] " Eric Blake
2018-02-28 21:10 ` [PATCH v10 10/28] include: add psp-sev.h header file Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 11/28] sev/i386: add command to initialize the memory encryption context Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-05 13:37 ` Laszlo Ersek
2018-03-05 13:37 ` [Qemu-devel] " Laszlo Ersek
2018-03-07 13:19 ` Brijesh Singh
2018-03-07 13:19 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 12/28] sev/i386: register the guest memory range which may contain encrypted data Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 13/28] kvm: introduce memory encryption APIs Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 14/28] hmp: add 'info sev' command Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-02 11:31 ` Dr. David Alan Gilbert
2018-03-02 11:31 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-02-28 21:10 ` [PATCH v10 15/28] sev/i386: add command to create launch memory encryption context Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 16/28] sev/i386: add command to encrypt guest memory region Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 17/28] target/i386: encrypt bios rom Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 18/28] sev/i386: add support to LAUNCH_MEASURE command Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 19/28] sev/i386: finalize the SEV guest launch flow Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 20/28] hw/i386: set ram_debug_ops when memory encryption is enabled Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 21/28] sev/i386: add debug encrypt and decrypt commands Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 22/28] target/i386: clear C-bit when walking SEV guest page table Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 23/28] qmp: add query-sev-launch-measure command Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-01 20:11 ` Eric Blake
2018-03-01 20:11 ` [Qemu-devel] " Eric Blake
2018-02-28 21:10 ` [PATCH v10 24/28] sev/i386: add migration blocker Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 25/28] cpu/i386: populate CPUID 0x8000_001F when SEV is active Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-06 12:39 ` Eduardo Habkost [this message]
2018-03-06 12:39 ` Eduardo Habkost
2018-02-28 21:10 ` [PATCH v10 26/28] qmp: add query-sev-capabilities command Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-03-01 20:13 ` Eric Blake
2018-03-01 20:13 ` [Qemu-devel] " Eric Blake
2018-03-05 17:35 ` Brijesh Singh
2018-03-05 17:35 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 27/28] sev/i386: add sev_get_capabilities() Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:10 ` [PATCH v10 28/28] tests/qmp-test: blacklist sev specific qmp commands Brijesh Singh
2018-02-28 21:10 ` [Qemu-devel] " Brijesh Singh
2018-02-28 21:43 ` [PATCH v10 00/29] x86: Secure Encrypted Virtualization (AMD) Brijesh Singh
2018-02-28 21:43 ` [Qemu-devel] " Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180306123912.GJ5120@localhost.localdomain \
--to=ehabkost@redhat.com \
--cc=Thomas.Lendacky@amd.com \
--cc=agraf@suse.de \
--cc=alistair.francis@xilinx.com \
--cc=armbru@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=brogers@suse.com \
--cc=cornelia.huck@de.ibm.com \
--cc=crosthwaite.peter@gmail.com \
--cc=dgilbert@redhat.com \
--cc=edgar.iglesias@xilinx.com \
--cc=kvm@vger.kernel.org \
--cc=marcel@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=rth@twiddle.net \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.