Thread (100 messages) 100 messages, 8 authors, 2021-07-05

Re: [PATCH Part1 RFC v3 16/22] KVM: SVM: Create a separate mapping for the SEV-ES save area

From: Tom Lendacky <thomas.lendacky@amd.com>
Date: 2021-06-14 19:34:14
Also in: kvm, linux-crypto, linux-efi, linux-mm, lkml, platform-driver-x86 

On 6/14/21 5:58 AM, Borislav Petkov wrote:
On Wed, Jun 02, 2021 at 09:04:10AM -0500, Brijesh Singh wrote:
quoted
+/* Save area definition for SEV-ES and SEV-SNP guests */
+struct sev_es_save_area {
Can we agree on a convention here to denote SEV-ES and later
variants VS earlier ones so that you don't have "SEV-ES" in the name
sev_es_save_area but to mean that this applies to SNP and future stuff
too?
I was just following the APM, which lists it as the "State Save Area for
SEV-ES."

What about SEV-only guests? I'm assuming those use the old variant.
Correct.

Which would mean you can call this

struct prot_guest_save_area

or so, so that it doesn't have "sev" in the name and so that there's no
confusion...
I guess we can call it just prot_save_area or protected_save_area or even
encrypted_save_area (no need for guest, since guest is implied, e.g. we
don't call the normal save area guest_save_area).

Ditto for the size defines.
quoted
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 5bc887e9a986..d93a1c368b61 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -542,12 +542,20 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 static int sev_es_sync_vmsa(struct vcpu_svm *svm)
Not SEV-ES only anymore, so I guess sev_snp_sync_vmca() or so.
quoted
-	struct vmcb_save_area *save = &svm->vmcb->save;
+	struct sev_es_save_area *save = svm->vmsa;
 
 	/* Check some debug related fields before encrypting the VMSA */
-	if (svm->vcpu.guest_debug || (save->dr7 & ~DR7_FIXED_1))
+	if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1))
 		return -EINVAL;
 
+	/*
+	 * SEV-ES will use a VMSA that is pointed to by the VMCB, not
+	 * the traditional VMSA that is part of the VMCB. Copy the
+	 * traditional VMSA as it has been built so far (in prep
+	 * for LAUNCH_UPDATE_VMSA) to be the initial SEV-ES state.
Ditto - nomenclature.
Yup, that can be made more generic.

quoted
+	 */
+	memcpy(save, &svm->vmcb->save, sizeof(svm->vmcb->save));
+
 	/* Sync registgers */
		^^^^^^^^^^

typo. Might as well fix while at it.
Will do.

Thanks,
Tom

  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help