Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command

From: Brijesh Singh
Date: Mon Jul 19 2021 - 16:27:17 EST

Next message: Bjorn Andersson: "Re: [PATCH v3 02/13] dt-bindings: remoteproc: qcom: pas: Add QMP bindings"
Previous message: Mathieu Poirier: "Re: [PATCH 3/6] perf cs-etm: Only setup queues when they are modified"
In reply to: Sean Christopherson: "Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command"
Next in thread: Sean Christopherson: "Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/19/21 2:14 PM, Sean Christopherson wrote:

Where? I feel like I'm missing something. The only change to sev_free_vcpu() I
see is that addition of the rmpupdate(), I don't see any reclaim path.

Clearing of the immutable bit (aka reclaim) is done by the firmware after the command was successful. See the section 8.14.2.1 of the SEV-SNP spec[1].

The firmware encrypts the page with the VEK in place. The firmware
sets the RMP.VMSA of the page to 1. The firmware sets the VMPL
permissions for the page and transitions the page to Guest-Valid.

The Guest-Valid state means the immutable bit is cleared. In this case,
the hypervisor just need to make the page shared and that's what the sev_free_vcpu() does to ensure that page is transitioned from the Guest-Valid to Hypervisor.

[1] https://www.amd.com/system/files/TechDocs/56860.pdf

thanks

Next message: Bjorn Andersson: "Re: [PATCH v3 02/13] dt-bindings: remoteproc: qcom: pas: Add QMP bindings"
Previous message: Mathieu Poirier: "Re: [PATCH 3/6] perf cs-etm: Only setup queues when they are modified"
In reply to: Sean Christopherson: "Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command"
Next in thread: Sean Christopherson: "Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]