From: Tom Lendacky <thomas.lendacky@amd.com>
To: Brijesh Singh <brijesh.singh@amd.com>, Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
kvm@vger.kernel.org, ak@linux.intel.com,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Joerg Roedel <jroedel@suse.de>,
"H. Peter Anvin" <hpa@zytor.com>, Tony Luck <tony.luck@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Paolo Bonzini <pbonzini@redhat.com>,
David Rientjes <rientjes@google.com>,
Sean Christopherson <seanjc@google.com>
Subject: Re: [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB
Date: Wed, 7 Apr 2021 09:21:52 -0500 [thread overview]
Message-ID: <205cb304-8066-5049-9952-aac930cceb24@amd.com> (raw)
In-Reply-To: <9f43f7b2-d9aa-429e-eadd-dc3ea4a34d01@amd.com>
On 4/7/21 8:35 AM, Brijesh Singh wrote:
>
> On 4/7/21 6:16 AM, Borislav Petkov wrote:
>> On Tue, Apr 06, 2021 at 10:47:18AM -0500, Brijesh Singh wrote:
>>> Before the GHCB is established the caller does not need to save and
>>> restore MSRs. The page_state_change() uses the GHCB MSR protocol and it
>>> can be called before and after the GHCB is established hence I am saving
>>> and restoring GHCB MSRs.
>> I think you need to elaborate on that, maybe with an example. What the
>> other sites using the GHCB MSR currently do is:
>>
>> 1. request by writing it
>> 2. read the response
>>
>> None of them save and restore it.
>>
>> So why here?
>
> GHCB provides two ways to exit from the guest to the hypervisor. The MSR
> protocol and NAEs. The MSR protocol is generally used before the GHCB is
> established. After the GHCB is established the guests typically uses the
> NAEs. All of the current call sites uses the MSR protocol before the
> GHCB is established so they do not need to save and restore the GHCB.
> The GHCB is established on the first #VC -
> arch/x86/boot/compressed/sev-es.c early_setup_sev_es(). The GHCB page
> must a shared page:
>
> early_setup_sev_es()
>
> set_page_decrypted()
>
> sev_snp_set_page_shared()
>
> The sev_snp_set_page_shared() called before the GHCB is established.
> While exiting from the decompression the sev_es_shutdown_ghcb() is
> called to deinit the GHCB.
>
> sev_es_shutdown_ghcb()
>
> set_page_encrypted()
>
> sev_snp_set_page_private()
>
> Now that sev_snp_set_private() is called after the GHCB is established.
I believe the current SEV-ES code always sets the GHCB address in the GHCB
MSR before invoking VMGEXIT, so I think you're safe either way. Worth
testing at least.
Thanks,
Tom
>
> Since both the sev_snp_set_page_{shared, private}() uses the common
> routine to request the page change hence I choose the Page State Change
> MSR protocol. In one case the page state request happen before and after
> the GHCB is established. We need to save and restore GHCB otherwise will
> be loose the previously established GHCB GPA.
>
> If needed then we can avoid the save and restore. The GHCB provides a
> page state change NAE that can be used after the GHCB is established. If
> we go with it then code may look like this:
>
> 1. Read the GHCB MSR to determine whether the GHCB is established.
>
> 2. If GHCB is established then use the page state change NAE
>
> 3. If GHCB is not established then use the page state change MSR protocol.
>
> We can eliminate the restore but we still need the rdmsr. The code for
> using the NAE page state is going to be a bit larger. Since it is not in
> the hot path so I felt we stick with MSR protocol for the page state change.
>
> I am open to suggestions.
>
> -Brijesh
>
next prev parent reply other threads:[~2021-04-07 14:22 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-24 16:44 [RFC Part1 PATCH 00/13] Add AMD Secure Nested Paging (SEV-SNP) Guest Support Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 01/13] x86/cpufeatures: Add SEV-SNP CPU feature Brijesh Singh
2021-03-25 10:54 ` Borislav Petkov
2021-03-25 14:50 ` Brijesh Singh
2021-03-25 16:29 ` Borislav Petkov
2021-03-24 16:44 ` [RFC Part1 PATCH 02/13] x86/mm: add sev_snp_active() helper Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 03/13] x86: add a helper routine for the PVALIDATE instruction Brijesh Singh
2021-03-26 14:30 ` Borislav Petkov
2021-03-26 15:42 ` Brijesh Singh
2021-03-26 18:22 ` Brijesh Singh
2021-03-26 19:12 ` Borislav Petkov
2021-03-26 20:04 ` Brijesh Singh
2021-03-26 19:22 ` Borislav Petkov
2021-03-26 20:01 ` Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 04/13] x86/sev-snp: define page state change VMGEXIT structure Brijesh Singh
2021-04-01 10:32 ` Borislav Petkov
2021-04-01 14:11 ` Brijesh Singh
2021-04-02 15:44 ` Borislav Petkov
2021-03-24 16:44 ` [RFC Part1 PATCH 05/13] X86/sev-es: move few helper functions in common file Brijesh Singh
2021-04-02 19:27 ` Borislav Petkov
2021-04-02 21:33 ` Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 06/13] x86/compressed: rescinds and validate the memory used for the GHCB Brijesh Singh
2021-04-06 10:33 ` Borislav Petkov
2021-04-06 15:47 ` Brijesh Singh
2021-04-06 19:42 ` Tom Lendacky
2021-04-07 11:25 ` Borislav Petkov
2021-04-07 19:45 ` Borislav Petkov
2021-04-08 13:57 ` Tom Lendacky
2021-04-07 11:16 ` Borislav Petkov
2021-04-07 13:35 ` Brijesh Singh
2021-04-07 14:21 ` Tom Lendacky [this message]
2021-04-07 17:15 ` Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 07/13] x86/compressed: register GHCB memory when SNP is active Brijesh Singh
2021-04-07 11:59 ` Borislav Petkov
2021-04-07 17:34 ` Brijesh Singh
2021-04-07 17:54 ` Tom Lendacky
2021-04-08 8:17 ` Borislav Petkov
2021-03-24 16:44 ` [RFC Part1 PATCH 08/13] x86/sev-es: register GHCB memory when SEV-SNP " Brijesh Singh
2021-04-08 8:38 ` Borislav Petkov
2021-03-24 16:44 ` [RFC Part1 PATCH 09/13] x86/kernel: add support to validate memory in early enc attribute change Brijesh Singh
2021-04-08 11:40 ` Borislav Petkov
2021-04-08 12:25 ` Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 10/13] X86: kernel: make the bss.decrypted section shared in RMP table Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 11/13] x86/kernel: validate rom memory before accessing when SEV-SNP is active Brijesh Singh
2021-04-09 16:53 ` Borislav Petkov
2021-04-09 17:40 ` Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 12/13] x86/sev-es: make GHCB get and put helper accessible outside Brijesh Singh
2021-03-24 16:44 ` [RFC Part1 PATCH 13/13] x86/kernel: add support to validate memory when changing C-bit Brijesh Singh
2021-04-12 11:49 ` Borislav Petkov
2021-04-12 12:55 ` Brijesh Singh
2021-04-12 13:05 ` Borislav Petkov
2021-04-12 14:31 ` Brijesh Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=205cb304-8066-5049-9952-aac930cceb24@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.