Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler

[PATCH v6 00/42] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 01/42] x86/mm: Extend cc_attr to include AMD SEV-SNP · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 05/42] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 06/42] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 04/42] x86/head64: Carve out the guest encryption postprocessing into a helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-27
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-27
[PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-10-13
[PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-10-19
[PATCH v6 10/42] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 12/42] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 11/42] x86/sev: Check the vmpl level · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 11/42] x86/sev: Check the vmpl level · Borislav Petkov <bp@alien8.de> · 2021-10-28
[PATCH v6 17/42] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 20/42] KVM: SVM: Define sev_features and vmpl field in the VMSA · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 18/42] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-09
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Tom Lendacky <thomas.lendacky@amd.com> · 2021-11-11
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-11
[PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-03
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Boris Petkov <bp@alien8.de> · 2021-11-04
[PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 21/42] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 22/42] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 23/42] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 24/42] x86/sev: Use SEV-SNP AP creation to start secondary CPUs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 25/42] x86/head: re-enable stack protection for 32/64-bit builds · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 28/42] x86/compressed/acpi: move EFI system table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 16/42] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 26/42] x86/sev: move MSR-based VMGEXITs for CPUID to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 27/42] KVM: x86: move lookup of indexed CPUID leafs to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 30/42] x86/compressed/acpi: move EFI vendor table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 29/42] x86/compressed/acpi: move EFI config table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 31/42] x86/boot: Add Confidential Computing type to setup_data · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 41/42] virt: sevguest: Add support to derive key · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 39/42] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 38/42] x86/sev: Provide support for SNP guest request NAEs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Dov Murik <hidden> · 2021-10-10
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-13
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-20
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
[PATCH v6 36/42] x86/compressed/64: add identity mapping for Confidential Computing blob · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 37/42] x86/sev: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 42/42] virt: sevguest: Add support to get extended report · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 35/42] x86/compressed/64: store Confidential Computing blob address in bootparams · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 32/42] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 33/42] boot/compressed/64: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 34/42] x86/boot: add a pointer to Confidential Computing blob in bootparams · Brijesh Singh <hidden> · 2021-10-08

From: Borislav Petkov <bp@alien8.de>
Date: 2021-10-21 17:37:10
Also in: kvm, linux-efi, linux-mm, lkml, platform-driver-x86

On Thu, Oct 21, 2021 at 06:12:53PM +0100, Dr. David Alan Gilbert wrote:

OK, so that bit is 8...21 Eax ext2eax bit 6 page 1-109

then 2.1.5.3 CPUID policy enforcement shows 8...21 EAX as
'bitmask'
'bits set in the GuestVal must also be set in HostVal.
This is often applied to feature fields where each bit indicates
support for a feature'

So that's right isn't it?

Yap, AFAIRC, it would fail the check if:

(GuestVal & HostVal) != GuestVal

and GuestVal is "the CPUID result value created by the hypervisor that
it wants to give to the guest". Let's say it clears bit 6 there.

Then HostVal comes in which is "the actual CPUID result value specified
in this PPR" and there the guest catches the HV lying its *ss off.

:-)

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help