Thread (178 messages) 178 messages, 11 authors, 2022-06-06

Re: [PATCH Part2 RFC v4 26/40] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_FINISH command

From: Brijesh Singh <hidden>
Date: 2021-07-19 20:27:52
Also in: kvm, linux-coco, linux-crypto, linux-efi, lkml, platform-driver-x86 


On 7/19/21 2:14 PM, Sean Christopherson wrote:

Where?  I feel like I'm missing something.  The only change to sev_free_vcpu() I
see is that addition of the rmpupdate(), I don't see any reclaim path.
Clearing of the immutable bit (aka reclaim) is done by the firmware 
after the command was successful. See the section 8.14.2.1 of the 
SEV-SNP spec[1].

   The firmware encrypts the page with the VEK in place. The firmware
   sets the RMP.VMSA of the page to 1. The firmware sets the VMPL
   permissions for the page and transitions the page to Guest-Valid.

The Guest-Valid state means the immutable bit is cleared.  In this case,
the hypervisor just need to make the page shared and that's what the 
sev_free_vcpu() does to ensure that page is transitioned from the 
Guest-Valid to Hypervisor.

[1] https://www.amd.com/system/files/TechDocs/56860.pdf

thanks
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help