From: Tom Lendacky <thomas.lendacky@amd.com>
To: Borislav Petkov <bp@alien8.de>
Cc: "Ard Biesheuvel" <ardb+git@google.com>,
"Michael Roth" <michael.roth@amd.com>,
"Jörg Rödel" <joro@8bytes.org>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
x86@kernel.org, "Ard Biesheuvel" <ardb@kernel.org>,
"Ingo Molnar" <mingo@kernel.org>,
"Kevin Loughlin" <kevinloughlin@google.com>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"Peter Zijlstra" <peterz@infradead.org>,
"Nikunj A Dadhania" <nikunj@amd.com>
Subject: Re: [PATCH v7 01/22] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback
Date: Wed, 10 Sep 2025 08:57:26 -0500 [thread overview]
Message-ID: <4914b8ad-6a9e-75df-4f57-13529ca9b58d@amd.com> (raw)
In-Reply-To: <20250909222045.GDaMCoPUqawgEenBsF@fat_crate.local>
On 9/9/25 17:20, Borislav Petkov wrote:
> On Tue, Sep 09, 2025 at 04:44:07PM -0500, Tom Lendacky wrote:
>> It only uses the MSR protocol for particular CPUID values in
>> snp_cpuid_postprocess(). If the CPUID leaf isn't in the CPUID table,
>> then it will set the CPUID values to all 0 and then call the
>> post-processing routine which may or may not call the HV.
>>
>> The second call to __sev_cpuid_hv_msr() only happens if there is no
>> CPUID table - which will be the case for SEV-ES. So you can't remove the
>> second call.
>
> This needs to be turned into a proper comment, at least, and stuck above it as
> the situation there is clear as mud. Especially after the dropping of the GHCB
> protocol call, which makes the confusion even more probable...
>
> I'll do it tomorrow if you don't beat me to it today. :)
Something like this?:
diff --git a/arch/x86/boot/startup/sev-shared.c b/arch/x86/boot/startup/sev-shared.c
index 08cc1568d8af..eb7a7b45f773 100644
--- a/arch/x86/boot/startup/sev-shared.c
+++ b/arch/x86/boot/startup/sev-shared.c
@@ -458,6 +458,13 @@ void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code)
leaf.fn = fn;
leaf.subfn = subfn;
+ /*
+ * If SNP is active, then snp_cpuid() uses the CPUID table to obtain the
+ * CPUID values (with possible HV interaction during post-processing of
+ * the values). But if SNP is not active (no CPUID table present), then
+ * snp_cpuid() returns -EOPNOTSUPP so that an SEV-ES guest can call the
+ * HV to obtain the CPUID information.
+ */
ret = snp_cpuid(snp_cpuid_hv_msr, NULL, &leaf);
if (!ret)
goto cpuid_done;
@@ -465,6 +472,10 @@ void do_vc_no_ghcb(struct pt_regs *regs, unsigned long exit_code)
if (ret != -EOPNOTSUPP)
goto fail;
+ /*
+ * If we got here, we're an SEV-ES guest and need to invoke the HV for
+ * the CPUID data.
+ */
if (__sev_cpuid_hv_msr(&leaf))
goto fail;
>
next prev parent reply other threads:[~2025-09-10 13:57 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-28 10:22 [PATCH v7 00/22] x86: strict separation of startup code Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 01/22] x86/sev: Separate MSR and GHCB based snp_cpuid() via a callback Ard Biesheuvel
2025-08-28 15:33 ` Borislav Petkov
2025-08-28 16:14 ` Ard Biesheuvel
2025-09-09 21:45 ` Tom Lendacky
2025-09-09 21:44 ` Tom Lendacky
2025-09-09 22:20 ` Borislav Petkov
2025-09-10 13:57 ` Tom Lendacky [this message]
2025-08-28 10:22 ` [PATCH v7 02/22] x86/sev: Use MSR protocol for remapping SVSM calling area Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 03/22] x86/sev: Use MSR protocol only for early SVSM PVALIDATE call Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 04/22] x86/sev: Run RMPADJUST on SVSM calling area page to test VMPL Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 05/22] x86/sev: Move GHCB page based HV communication out of startup code Ard Biesheuvel
2025-08-31 10:49 ` Borislav Petkov
2025-08-31 10:52 ` Ard Biesheuvel
2025-08-31 10:56 ` Ard Biesheuvel
2025-08-31 11:15 ` Borislav Petkov
2025-08-31 12:30 ` Ard Biesheuvel
2025-08-31 13:11 ` Ard Biesheuvel
2025-09-01 13:54 ` Borislav Petkov
2025-09-01 14:02 ` Ard Biesheuvel
2025-09-01 14:25 ` Borislav Petkov
2025-09-01 14:26 ` Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 06/22] x86/sev: Avoid global variable to store virtual address of SVSM area Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 07/22] x86/sev: Share implementation of MSR-based page state change Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 08/22] x86/sev: Pass SVSM calling area down to early page state change API Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 09/22] x86/sev: Use boot SVSM CA for all startup and init code Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 10/22] x86/boot: Drop redundant RMPADJUST in SEV SVSM presence check Ard Biesheuvel
2025-09-02 12:02 ` Borislav Petkov
2025-09-02 13:50 ` Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 11/22] x86/boot: Provide PIC aliases for 5-level paging related constants Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 12/22] x86/sev: Provide PIC aliases for SEV related data objects Ard Biesheuvel
2025-09-02 12:06 ` Borislav Petkov
2025-09-02 12:24 ` Ard Biesheuvel
2025-09-02 16:24 ` Borislav Petkov
2025-08-28 10:22 ` [PATCH v7 13/22] x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 14/22] x86/sev: Export startup routines for later use Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 15/22] objtool: Add action to check for absence of absolute relocations Ard Biesheuvel
2025-10-13 9:40 ` Andreas Schwab
2025-08-28 10:22 ` [PATCH v7 16/22] x86/boot: Check startup code " Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 17/22] x86/boot: Revert "Reject absolute references in .head.text" Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 18/22] x86/kbuild: Incorporate boot/startup/ via Kbuild makefile Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 19/22] x86/boot: Create a confined code area for startup code Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 20/22] efistub/x86: Remap inittext read-execute when needed Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 21/22] x86/boot: Move startup code out of __head section Ard Biesheuvel
2025-09-03 9:20 ` Ard Biesheuvel
2025-08-28 10:22 ` [PATCH v7 22/22] x86/boot: Get rid of the .head.text section Ard Biesheuvel
2025-09-03 16:22 ` [PATCH v7 00/22] x86: strict separation of startup code Borislav Petkov
2025-09-04 6:29 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4914b8ad-6a9e-75df-4f57-13529ca9b58d@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ardb+git@google.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=joro@8bytes.org \
--cc=jpoimboe@kernel.org \
--cc=kevinloughlin@google.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@kernel.org \
--cc=nikunj@amd.com \
--cc=peterz@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox