From: Kim Phillips <kim.phillips@amd.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
"Nikunj A . Dadhania" <nikunj@amd.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [RFC] target/i386: sev: Add cmdline option to enable the Allowed SEV Features feature
Date: Tue, 11 Feb 2025 13:03:26 -0600 [thread overview]
Message-ID: <d61d4ca6-41ec-4236-a5ca-8fb40d987e3a@amd.com> (raw)
In-Reply-To: <Z6nFzwwOZDx4p6yq@redhat.com>
On 2/10/25 3:24 AM, Daniel P. Berrangé wrote:
> On Fri, Feb 07, 2025 at 05:33:27PM -0600, Kim Phillips wrote:
>> The Allowed SEV Features feature allows the host kernel to control
>> which SEV features it does not want the guest to enable [1].
>>
>> This has to be explicitly opted-in by the user because it has the
>> ability to break existing VMs if it were set automatically.
>>
>> Currently, both the PmcVirtualization and SecureAvic features
>> require the Allowed SEV Features feature to be set.
>>
>> Based on a similar patch written for Secure TSC [2].
>>
>> [1] Section 15.36.20 "Allowed SEV Features", AMD64 Architecture
>> Programmer's Manual, Pub. 24593 Rev. 3.42 - March 2024:
>> https://bugzilla.kernel.org/attachment.cgi?id=306250
>>
>> [2] https://github.com/qemu/qemu/commit/4b2288dc6025ba32519ee8d202ca72d565cbbab7
>
> Despite that URL, that commit also does not appear to be merged into
> the QEMU git repo, and indeed I can't find any record of it even being
> posted as a patch for review on qemu-devel.
>
> This is horribly misleading to reviewers, suggesting that the referenced
> patch was already accepted :-(
Apologies, that was not the intent. I'll remove it from the next version.
>> @@ -1524,6 +1552,20 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
>> case KVM_X86_SNP_VM: {
>> struct kvm_sev_init args = { 0 };
>>
>> + if (sev_es_enabled()) {
>> + __u64 vmsa_features, supported_vmsa_features;
>> +
>> + supported_vmsa_features = sev_supported_vmsa_features();
>> + vmsa_features = sev_common->vmsa_features;
>> + if ((vmsa_features & supported_vmsa_features) != vmsa_features) {
>> + error_setg(errp, "%s: requested sev feature mask (0x%llx) "
>> + "contains bits not supported by the host kernel "
>> + " (0x%llx)", __func__, vmsa_features,
>> + supported_vmsa_features);
>
> This logic is being applied unconditionally, and not connected to
> the setting of the new 'allowed-sev-features' flag value. Is that
> correct ?
That's correct.
> Will this end up breaking existing deployed guests, or is this a
> scenario that would have been blocked with an error later on
> regardless ?
It would have been blocked regardless by this check in kvm's __sev_guest_init:
https://elixir.bootlin.com/linux/v6.13.2/source/arch/x86/kvm/svm/sev.c#L418
I've addressed all your other comments.
Thank you for your review,
Kim
next prev parent reply other threads:[~2025-02-11 19:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-07 23:33 [RFC] target/i386: sev: Add cmdline option to enable the Allowed SEV Features feature Kim Phillips
2025-02-10 9:24 ` Daniel P. Berrangé
2025-02-11 19:03 ` Kim Phillips [this message]
2025-02-10 18:53 ` Tom Lendacky
2025-02-10 23:27 ` Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d61d4ca6-41ec-4236-a5ca-8fb40d987e3a@amd.com \
--to=kim.phillips@amd.com \
--cc=ashish.kalra@amd.com \
--cc=berrange@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).