From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Borislav Petkov <bp@suse.de>,
Tom Lendacky <thomas.lendacky@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>
Subject: Re: [PATCH v2 05/14] KVM: x86: Override reported SME/SEV feature flags with host mask
Date: Thu, 28 Jan 2021 09:09:18 -0800 [thread overview]
Message-ID: <YBLvvpeEORjVd2IP@google.com> (raw)
In-Reply-To: <74642db3-14dc-4e13-3130-dc8abe1a2b6e@redhat.com>
On Thu, Jan 28, 2021, Paolo Bonzini wrote:
> On 14/01/21 01:36, Sean Christopherson wrote:
> > Add a reverse-CPUID entry for the memory encryption word, 0x8000001F.EAX,
> > and use it to override the supported CPUID flags reported to userspace.
> > Masking the reported CPUID flags avoids over-reporting KVM support, e.g.
> > without the mask a SEV-SNP capable CPU may incorrectly advertise SNP
> > support to userspace.
> >
> > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> > arch/x86/kvm/cpuid.c | 2 ++
> > arch/x86/kvm/cpuid.h | 1 +
> > 2 files changed, 3 insertions(+)
> >
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index 13036cf0b912..b7618cdd06b5 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -855,6 +855,8 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
> > case 0x8000001F:
> > if (!boot_cpu_has(X86_FEATURE_SEV))
> > entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
> > + else
> > + cpuid_entry_override(entry, CPUID_8000_001F_EAX);
> > break;
> > /*Add support for Centaur's CPUID instruction*/
> > case 0xC0000000:
> > diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
> > index dc921d76e42e..8b6fc9bde248 100644
> > --- a/arch/x86/kvm/cpuid.h
> > +++ b/arch/x86/kvm/cpuid.h
> > @@ -63,6 +63,7 @@ static const struct cpuid_reg reverse_cpuid[] = {
> > [CPUID_8000_0007_EBX] = {0x80000007, 0, CPUID_EBX},
> > [CPUID_7_EDX] = { 7, 0, CPUID_EDX},
> > [CPUID_7_1_EAX] = { 7, 1, CPUID_EAX},
> > + [CPUID_8000_001F_EAX] = {0x8000001f, 1, CPUID_EAX},
> > };
> > /*
> >
>
> I don't understand, wouldn't this also need a kvm_cpu_cap_mask call
> somewhere else? As it is, it doesn't do anything.
Ugh, yes, apparently I thought the kernel would magically clear bits it doesn't
care about.
Looking at this again, I think the kvm_cpu_cap_mask() invocation should always
mask off X86_FEATURE_SME. SME cannot be virtualized, and AFAIK it's not
emulated by KVM. This would fix an oddity where SME would be advertised if SEV
is also supported.
Boris has queue the kernel change to tip/x86/cpu, I'll spin v4 against that.
next prev parent reply other threads:[~2021-01-28 17:12 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 0:36 [PATCH v2 00/14] KVM: SVM: Misc SEV cleanups Sean Christopherson
2021-01-14 0:36 ` [PATCH v2 01/14] KVM: SVM: Zero out the VMCB array used to track SEV ASID association Sean Christopherson
2021-01-14 15:56 ` Tom Lendacky
2021-01-14 17:13 ` Sean Christopherson
2021-01-14 20:57 ` Brijesh Singh
2021-01-14 0:36 ` [PATCH v2 02/14] KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails Sean Christopherson
2021-01-14 15:49 ` Tom Lendacky
2021-01-14 17:12 ` Sean Christopherson
2021-01-14 18:02 ` Tom Lendacky
2021-01-14 19:17 ` Sean Christopherson
2021-01-14 0:36 ` [PATCH v2 03/14] KVM: SVM: Move SEV module params/variables to sev.c Sean Christopherson
2021-01-14 19:07 ` Tom Lendacky
2021-01-14 20:59 ` Brijesh Singh
2021-01-14 0:36 ` [PATCH v2 04/14] x86/cpufeatures: Assign dedicated feature word for AMD mem encryption Sean Christopherson
2021-01-14 11:35 ` Borislav Petkov
2021-01-14 17:09 ` Sean Christopherson
2021-01-14 17:16 ` Borislav Petkov
2021-01-28 15:09 ` Paolo Bonzini
2021-01-14 21:17 ` Brijesh Singh
2021-01-14 0:36 ` [PATCH v2 05/14] KVM: x86: Override reported SME/SEV feature flags with host mask Sean Christopherson
2021-01-14 21:18 ` Brijesh Singh
2021-01-28 15:07 ` Paolo Bonzini
2021-01-28 17:09 ` Sean Christopherson [this message]
2021-01-28 17:25 ` Paolo Bonzini
2021-01-14 0:37 ` [PATCH v2 06/14] x86/sev: Drop redundant and potentially misleading 'sev_enabled' Sean Christopherson
2021-01-14 17:54 ` Tom Lendacky
2021-01-14 21:24 ` Brijesh Singh
2021-01-14 0:37 ` [PATCH v2 07/14] KVM: SVM: Append "_enabled" to module-scoped SEV/SEV-ES control variables Sean Christopherson
2021-01-14 21:28 ` Brijesh Singh
2021-01-14 0:37 ` [PATCH v2 08/14] KVM: SVM: Condition sev_enabled and sev_es_enabled on CONFIG_KVM_AMD_SEV=y Sean Christopherson
2021-01-14 20:56 ` Tom Lendacky
2021-01-14 21:28 ` Brijesh Singh
2021-01-14 0:37 ` [PATCH v2 09/14] KVM: SVM: Unconditionally invoke sev_hardware_teardown() Sean Christopherson
2021-01-14 21:26 ` Tom Lendacky
2021-01-14 21:32 ` Brijesh Singh
2021-01-14 0:37 ` [PATCH v2 10/14] KVM: SVM: Explicitly check max SEV ASID during sev_hardware_setup() Sean Christopherson
2021-01-14 21:35 ` Brijesh Singh
2021-01-14 21:49 ` Tom Lendacky
2021-01-14 0:37 ` [PATCH v2 11/14] KVM: SVM: Move SEV VMCB tracking allocation to sev.c Sean Christopherson
2021-01-14 21:37 ` Brijesh Singh
2021-01-14 21:53 ` Tom Lendacky
2021-01-14 22:15 ` Tom Lendacky
2021-01-14 0:37 ` [PATCH v2 12/14] KVM: SVM: Drop redundant svm_sev_enabled() helper Sean Christopherson
2021-01-14 21:44 ` Brijesh Singh
2021-01-14 22:51 ` Tom Lendacky
2021-01-14 0:37 ` [PATCH v2 13/14] KVM: SVM: Remove an unnecessary prototype declaration of sev_flush_asids() Sean Christopherson
2021-01-14 21:45 ` Brijesh Singh
2021-01-14 22:53 ` Tom Lendacky
2021-01-14 0:37 ` [PATCH v2 14/14] KVM: SVM: Skip SEV cache flush if no ASIDs have been used Sean Christopherson
2021-01-15 15:07 ` Tom Lendacky
2021-01-15 17:19 ` Sean Christopherson
2021-01-28 15:10 ` Paolo Bonzini
2021-01-28 16:29 ` Sean Christopherson
2021-01-28 16:59 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBLvvpeEORjVd2IP@google.com \
--to=seanjc@google.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).