Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support

From: Jeremi Piotrowski
Date: Mon Jan 08 2024 - 11:49:28 EST

Next message: Chen-Yu Tsai: "Re: [PATCH] dmaengine: pl330: issue_pending waits until WFP state"
Previous message: William Breathitt Gray: "Re: [PATCH v3 05/10] counter: stm32-timer-cnt: add counter prescaler extension"
Next in thread: Borislav Petkov: "Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/01/2024 17:21, Borislav Petkov wrote:
> On Fri, Jan 05, 2024 at 05:09:16PM +0100, Borislav Petkov wrote:
>> On Thu, Jan 04, 2024 at 12:05:27PM +0100, Jeremi Piotrowski wrote:
>>> Is there a really good reason to perform the snp_probe_smptable_info() check at this
>>> point (instead of in snp_rmptable_init). snp_rmptable_init will also clear the cap
>>> on failure, and bsp_init_amd() runs too early to allow for the kernel to allocate the
>>> rmptable itself. I pointed out in the previous review that kernel allocation of rmptable
>>> is necessary in SNP-host capable VMs in Azure.
>>
>> What does that even mean?>>
>> That function is doing some calculations after reading two MSRs. What
>> can possibly go wrong?!
>

What I wrote: "allow for the kernel to allocate the rmptable". Until the kernel allocates a
rmptable the two MSRs are not initialized in a VM. This is specific to SNP-host VMs because
they don't have access to the system-wide rmptable (or a virtualized version of it), and the
rmptable is only useful for kernel internal tracking in this case. So we don't strictly need
one and could save the overhead but not having one would complicate the KVM SNP code so I'd
rather allocate one for now.

It makes most sense to perform the rmptable allocation later in kernel init, after platform
detection and e820 setup. It isn't really used until device_initcall.

https://lore.kernel.org/lkml/20230213103402.1189285-2-jpiotrowski@xxxxxxxxxxxxxxxxxxx/
(I'll be posting updated patches soon).

> That could be one reason perhaps:
>
> "It needs to be called early enough to allow for AutoIBRS to not be disabled
> just because SNP is supported. By calling it where it is currently called, the
> SNP feature can be cleared if, even though supported, SNP can't be used,
> allowing AutoIBRS to be used as a more performant Spectre mitigation."
>
> https://lore.kernel.org/r/8ec38db1-5ccf-4684-bc0d-d48579ebf0d0@xxxxxxx
>

This logic seems twisted. Why use firmware rmptable allocation as a proxy for SEV-SNP
enablement if BIOS provides an explicit flag to enable/disable SEV-SNP support. That
would be a better signal to use to control AutoIBRS enablement.

Next message: Chen-Yu Tsai: "Re: [PATCH] dmaengine: pl330: issue_pending waits until WFP state"
Previous message: William Breathitt Gray: "Re: [PATCH v3 05/10] counter: stm32-timer-cnt: add counter prescaler extension"
Next in thread: Borislav Petkov: "Re: [PATCH v1 04/26] x86/sev: Add the host SEV-SNP initialization support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]