Re: [PATCH 7/9] x86/sev-es: Include XSS value in GHCB CPUID request

From: Maxim Levitsky
Date: Thu Nov 02 2023 - 14:15:55 EST

Next message: Philipp Stanner: "[PATCH 1/3] arch/x86/kvm: copy user-array with overflow-check"
Previous message: Frank Li: "Re: [PATCH v3 2/4] PCI: layerscape: Add suspend/resume for ls1021a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2023-10-17 at 20:49 +0200, Borislav Petkov wrote:
> On Tue, Oct 17, 2023 at 01:12:30PM -0500, John Allen wrote:
> > I looked into using __rdmsr in an earlier revision of the patch, but
> > found that it causes a build warning:
> >
> > ld: warning: orphan section `__ex_table' from `arch/x86/boot/compressed/sev.o' being placed in section `__ex_table'
> >
> > This is due to the __ex_table section not being used during
> > decompression boot. Do you know of a way around this?
>
> Yeah, arch/x86/boot/msr.h.
>
> We did those a while ago. I guess they could be moved to
> asm/shared/msr.h and renamed to something that is not a
> "boot_" prefix.
>
> Something like
>
> rdmsr_without_any_exception_handling_and_other_gunk_don_t_you_even_think_of_adding()
>
> ...
>
> But srsly:
>
> raw_rdmsr()
> raw_wrmsr()
>
> should be good, as tglx suggests offlist.
>
> You can do that in one patch and prepend your set with it.
>
> Thx.
>

Assuming that we will actually allow the guest to read the IA32_XSS, then it is correct,
but otherwise we will need to return some cached value of IA32_XSS,
the same as the guest wrote last time.

Or another option: KVM can cache the last value that the guest wrote to IA32_XSS (I assume that
the guest can write msrs by sharing the address and value via GHCB), and then use it
when it constructs the CPUID.

Best regards,
Maxim Levitsky

Next message: Philipp Stanner: "[PATCH 1/3] arch/x86/kvm: copy user-array with overflow-check"
Previous message: Frank Li: "Re: [PATCH v3 2/4] PCI: layerscape: Add suspend/resume for ls1021a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]