RE: [PATCH Part2 v6 05/49] x86/sev: Add RMP entry lookup helpers

[Kalra, Ashish]

[Public]

From: Dave Hansen <dave.hansen@xxxxxxxxx>
Sent: Wednesday, June 22, 2022 2:50 PM
To: Kalra, Ashish <Ashish.Kalra@xxxxxxx>; x86@xxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; kvm@xxxxxxxxxxxxxxx; linux-coco@xxxxxxxxxxxxxxx; linux-mm@xxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx
Cc: tglx@xxxxxxxxxxxxx; mingo@xxxxxxxxxx; jroedel@xxxxxxx; Lendacky, Thomas <Thomas.Lendacky@xxxxxxx>; hpa@xxxxxxxxx; ardb@xxxxxxxxxx; pbonzini@xxxxxxxxxx; seanjc@xxxxxxxxxx; vkuznets@xxxxxxxxxx; jmattson@xxxxxxxxxx; luto@xxxxxxxxxx; dave.hansen@xxxxxxxxxxxxxxx; slp@xxxxxxxxxx; pgonda@xxxxxxxxxx; peterz@xxxxxxxxxxxxx; srinivas.pandruvada@xxxxxxxxxxxxxxx; rientjes@xxxxxxxxxx; dovmurik@xxxxxxxxxxxxx; tobin@xxxxxxx; bp@xxxxxxxxx; Roth, Michael <Michael.Roth@xxxxxxx>; vbabka@xxxxxxx; kirill@xxxxxxxxxxxxx; ak@xxxxxxxxxxxxxxx; tony.luck@xxxxxxxxx; marcorr@xxxxxxxxxx; sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx; alpergun@xxxxxxxxxx; dgilbert@xxxxxxxxxx; jarkko@xxxxxxxxxx
Subject: Re: [PATCH Part2 v6 05/49] x86/sev: Add RMP entry lookup helpers

On 6/22/22 12:43, Kalra, Ashish wrote:
>>> I think that needs to be fixed.  It should be as simple as a 
>>> model/family check, though.  If someone (for example) attempts to 
>>> use SNP (and thus snp_lookup_rmpentry() and dump_rmpentry()) code on 
>>> a newer CPU, the kernel should refuse.
>> More specifically I am thinking of adding RMP entry field accessors 
>> so that they can do this cpu model/family check and return the 
>> correct field as per processor architecture.

>That will be helpful down the road when there's more than one format.
>But, the real issue is that the kernel doesn't *support* a different RMP format.  So, the SNP support should be disabled when encountering a model/family other than the known good one.

>Yes, that makes sense, will add an additional check in snp_rmptable_init().

Also to add here,  additionally we may create an architectural way to read the RMP entry in the future.

Thanks,
Ashish