From: Sean Christopherson <seanjc@google.com>
To: Jethro Beekman <jethro@fortanix.com>
Cc: "Jon Lange" <jlange@microsoft.com>,
"Jörg Rödel" <joro@8bytes.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"x86@kernel.org" <x86@kernel.org>,
"thomas.lendacky" <thomas.lendacky@amd.com>,
"Michael Roth" <michael.roth@amd.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"coconut-svsm@lists.linux.dev" <coconut-svsm@lists.linux.dev>,
"Joerg Roedel" <joerg.roedel@amd.com>
Subject: Re: [EXTERNAL] Re: [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE
Date: Tue, 23 Jun 2026 15:55:37 -0700 [thread overview]
Message-ID: <ajsO6SLATtDsXYsZ@google.com> (raw)
In-Reply-To: <4982d413-4634-40b2-a9f6-566733933c2b@fortanix.com>
On Wed, Jun 24, 2026, Jethro Beekman wrote:
> On 2026-06-24 00:02, Sean Christopherson wrote:
> >> A UAPI that allows creation of all architecturally-valid enclaves for
> >> purposes of measurement portability was stated as an explicit non-goal. As
> >> this is the only stated purpose of this patch set, it should also not be
> >> accepted.
> >
> > No, the stated goals (thanks to the follow-up from Jon) are to (a) support VMSA
> > GPAs other than KVM's hardcoded, arbitrary 0xFFFFFFFFF000, and
>
> As Jon points out, the VMSA GPA is not architecturally relevant, so any
> enclave can be changed to support a BSP VMSA at 0xFFFFFFFFF000. The only
> reason to "support VMSA GPAs other than KVM's hardcoded, arbitrary
> 0xFFFFFFFFF000" is measurement portability.
Well, that and hardcoding 0xFFFFFFFFF000 is bizarre and confusing, IMO.
> > (b) to play nice with multi-VMPL scenarios in the future.
>
> It's not clear to me what multi-VMPL scenario Jon is describing that requires
> custom VMSA content/address at launch time other than measurement
> portability. It's currently completely possible for VMPL0 code to set the
> VMPL of a VMSA or create a new VMSA with VMPL>0 at any GPA of their choosing.
Sorry, I phrased that poorly. It's not about directly playing nice with multi-VMPL
scenarios, it's that if/when multi-VMPL support comes along, the BSP's VMSA for
VMPL0 will likely be the only VMSA that is NOT in guest memory. And so supporting
an in-guest VMSA for BSP VMPL0 would provide consistency on top of cross-hypervisor
compatilibity, and I place a lot of value on consistency.
FWIW, I loathe the AP_CREATE scheme. I wish we could go back in time and burn it
with fire. Unfortunately, we're stuck with it, i.e. we need to deal with the
complexity of in-guest VMSAs regardless of whether or not KVM supports one for
the BSP, at which point we don't gain much by refusing to support "bring your
own VMSA" (so long as the uAPI and implementation are clean and don't add undue
burden).
next prev parent reply other threads:[~2026-06-23 22:55 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-11 12:35 [PATCH 0/4] KVM: SEV: Support direct setting of VMSA for SEV-SNP guests Jörg Rödel
2026-06-11 12:35 ` [PATCH 1/4] kvm: svm: Streamline VMSA setting for VCPUs Jörg Rödel
2026-06-11 12:56 ` sashiko-bot
2026-06-11 14:13 ` Jörg Rödel
2026-06-16 20:52 ` Tom Lendacky
2026-06-23 10:55 ` Jörg Rödel
2026-06-23 20:18 ` Sean Christopherson
2026-06-11 12:35 ` [PATCH 2/4] kvm: svm: Defer VMSA allocation to LAUNCH_FINISH stage Jörg Rödel
2026-06-11 12:58 ` sashiko-bot
2026-06-11 14:29 ` Jörg Rödel
2026-06-16 21:33 ` Tom Lendacky
2026-06-23 11:26 ` Jörg Rödel
2026-06-11 12:35 ` [PATCH 3/4] kvm: svm: Support guest-provided VMSA for launching Jörg Rödel
2026-06-11 13:05 ` sashiko-bot
2026-06-11 14:43 ` Jörg Rödel
2026-06-16 21:48 ` Tom Lendacky
2026-06-23 11:36 ` Jörg Rödel
2026-06-23 21:07 ` Sean Christopherson
2026-06-11 12:35 ` [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE Jörg Rödel
2026-06-11 12:43 ` Sean Christopherson
2026-06-11 13:23 ` Jörg Rödel
2026-06-16 17:55 ` Sean Christopherson
2026-06-17 6:45 ` Jörg Rödel
2026-06-17 13:00 ` Sean Christopherson
2026-06-17 13:25 ` Jörg Rödel
2026-06-17 13:37 ` Sean Christopherson
2026-06-17 14:44 ` Jörg Rödel
2026-06-23 13:40 ` Sean Christopherson
2026-06-23 14:44 ` Jörg Rödel
2026-06-23 14:51 ` [EXTERNAL] " Jon Lange
2026-06-23 20:23 ` Sean Christopherson
2026-06-23 20:43 ` Jethro Beekman
2026-06-23 21:43 ` Sean Christopherson
2026-06-23 21:47 ` Jethro Beekman
2026-06-23 22:02 ` Sean Christopherson
2026-06-23 22:35 ` Jethro Beekman
2026-06-23 22:55 ` Sean Christopherson [this message]
2026-06-23 23:08 ` Jethro Beekman
2026-06-23 23:43 ` Sean Christopherson
2026-06-17 13:18 ` James Bottomley
2026-06-17 13:28 ` Jörg Rödel
2026-06-17 13:45 ` James Bottomley
2026-06-17 14:53 ` Jörg Rödel
2026-06-11 12:58 ` sashiko-bot
2026-06-11 15:23 ` Jörg Rödel
2026-06-16 22:11 ` Tom Lendacky
2026-06-23 11:48 ` Jörg Rödel
2026-06-23 21:29 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajsO6SLATtDsXYsZ@google.com \
--to=seanjc@google.com \
--cc=coconut-svsm@lists.linux.dev \
--cc=jethro@fortanix.com \
--cc=jlange@microsoft.com \
--cc=joerg.roedel@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.