Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in... | linux-coco

[PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 01/22] x86/sev: shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 01/22] x86/sev: shorten GHCB terminate macro names · Venu Busireddy <hidden> · 2021-06-08
[PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Venu Busireddy <hidden> · 2021-06-08
Re: [PATCH Part1 RFC v3 02/22] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-06-08
[PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Borislav Petkov <bp@alien8.de> · 2021-06-03
Re: [PATCH Part1 RFC v3 03/22] x86/sev: Save the negotiated GHCB version · Venu Busireddy <hidden> · 2021-06-08
[PATCH Part1 RFC v3 04/22] x86/mm: Add sev_feature_enabled() helper · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 04/22] x86/mm: Add sev_feature_enabled() helper · Borislav Petkov <bp@alien8.de> · 2021-06-05
[PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-06-07
Re: [PATCH Part1 RFC v3 05/22] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-06-07
[PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-06-07
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-07
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Brijesh Singh <hidden> · 2021-06-17
Re: [PATCH Part1 RFC v3 06/22] x86/sev: check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-06-18
[PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-06-10
Re: [PATCH Part1 RFC v3 10/22] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-14
[PATCH Part1 RFC v3 17/22] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-10
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-06-16
Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes · Dr. David Alan Gilbert <hidden> · 2021-06-16
[PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-23
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-23
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-24
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Brijesh Singh <hidden> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Michael Roth <hidden> · 2021-06-25
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · Borislav Petkov <bp@alien8.de> · 2021-06-28
Re: [PATCH Part1 RFC v3 20/22] x86/boot: Add Confidential Computing address to setup_header · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-06-24
[PATCH Part1 RFC v3 07/22] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 07/22] x86/sev: Add a helper for the PVALIDATE instruction · Borislav Petkov <bp@alien8.de> · 2021-06-07
[PATCH Part1 RFC v3 12/22] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 12/22] x86/kernel: Make the bss.decrypted section shared in RMP table · Borislav Petkov <bp@alien8.de> · 2021-06-10
[PATCH Part1 RFC v3 18/22] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Sergio Lopez <hidden> · 2021-06-04
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-09
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-11
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Dr. David Alan Gilbert <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Borislav Petkov <bp@alien8.de> · 2021-06-18
Re: [PATCH Part1 RFC v3 21/22] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-06-18
[PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Borislav Petkov <bp@alien8.de> · 2021-06-08
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-06-08
Re: [PATCH Part1 RFC v3 08/22] x86/compressed: Add helper for validating pages in the decompression stage · Borislav Petkov <bp@alien8.de> · 2021-06-16
[PATCH Part1 RFC v3 13/22] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-06-30
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-06-30
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-07-01
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-07-01
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Borislav Petkov <bp@alien8.de> · 2021-07-03
Re: [PATCH Part1 RFC v3 22/22] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-07-05
[PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-06-09
Re: [PATCH Part1 RFC v3 09/22] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-06-14
[PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-06-11
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-06-14
Re: [PATCH Part1 RFC v3 14/22] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-06-14
[PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Borislav Petkov <bp@alien8.de> · 2021-06-14
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-14
Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area · Borislav Petkov <bp@alien8.de> · 2021-06-14
[PATCH Part1 RFC v3 15/22] KVM: SVM: define new SEV_FEATURES field in the VMCB Save State Area · Brijesh Singh <hidden> · 2021-06-02
[PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Brijesh Singh <hidden> · 2021-06-02
Re: [PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Borislav Petkov <bp@alien8.de> · 2021-06-16
Re: [PATCH Part1 RFC v3 19/22] x86/sev-snp: SEV-SNP AP creation support · Tom Lendacky <thomas.lendacky@amd.com> · 2021-06-16
Re: [PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Venu Busireddy <hidden> · 2021-06-07
Re: [PATCH Part1 RFC v3 00/22] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Borislav Petkov <bp@alien8.de> · 2021-06-07

Re: [PATCH Part1 RFC v3 11/22] x86/sev: Add helper for validating pages in early enc attribute changes

From: Borislav Petkov <bp@alien8.de>
Date: 2021-06-14 19:03:16
Also in: kvm, linux-crypto, linux-efi, linux-mm, lkml, platform-driver-x86

On Mon, Jun 14, 2021 at 07:45:11AM -0500, Brijesh Singh wrote:

IMO, there is no need to add a warning. This case should happen if its
either a hypervisor bug or hypervisor does not follow the GHCB
specification. I followed the SEV-ES vmgexit handling  and it does not
warn if the hypervisor returns a wrong response code. We simply
terminate the guest.

This brings my regular user-friendliness question: will the guest user
know what happened or will the guest simply disappear/freeze without any
hint as to what has happened so that a post-mortem analysis would turn
out hard to decipher?

I did thought about reusing the VMGEXIT defined macro
SNP_PAGE_STATE_{PRIVATE, SHARED} but I was not sure if you will be okay
with that.

Yeah, I think that makes stuff simpler. Unless there's something
speaking against it which we both are not thinking of right now.

Additionally now both the function name and macro name will
include the "SNP". The call will look like this:

snp_prep_memory(paddr, SNP_PAGE_STATE_PRIVATE)

Yap, looks ok to me.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help