From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Hansen Subject: Re: [PATCH 41/62] x86/sev-es: Handle MSR events Date: Fri, 14 Feb 2020 08:59:39 -0800 Message-ID: References: <20200211135256.24617-1-joro@8bytes.org> <20200211135256.24617-42-joro@8bytes.org> <20200214072324.GE22063@8bytes.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20200214072324.GE22063@8bytes.org> Content-Language: en-US List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" To: Joerg Roedel Cc: Juergen Gross , Tom Lendacky , Thomas Hellstrom , Dave Hansen , Kees Cook , kvm@vger.kernel.org, Peter Zijlstra , x86@kernel.org, linux-kernel@vger.kernel.org, virtualization@lists.linux-foundation.org, Joerg Roedel , Andy Lutomirski , hpa@zytor.com, Dan Williams , Jiri Slaby List-Id: virtualization@lists.linuxfoundation.org On 2/13/20 11:23 PM, Joerg Roedel wrote: > Yes, investigating this is on the list for future optimizations (besides > caching CPUID results). My idea is to use alternatives patching for > this. But the exception handling is needed anyway because #VC > exceptions happen very early already, basically the first thing after > setting up a stack is calling verify_cpu(), which uses CPUID. Ahh, bummer. How does a guest know that it's running under SEV-ES? What's the enumeration mechanism if CPUID doesn't "work"? > The other reason is that things like MMIO and IOIO instructions can't be > easily patched by alternatives. Those would work with the runtime > checking you showed above, though. Is there a reason we can't make a rule that you *must* do MMIO through an accessor function so we *can* patch them? I know random drivers might break the rule, but are SEV-ES guests going to be running random drivers? I would think that they mostly if not all want to use virtio.