On Thu, Nov 16, 2017 at 6:41 AM, Tom Lendacky <thomas.lenda...@amd.com> wrote: > On 11/16/2017 4:02 AM, Borislav Petkov wrote: >> >> On Wed, Nov 15, 2017 at 03:57:13PM -0800, Steve Rutherford wrote: >>> >>> One piece that seems missing here is the handling of the vmm >>> communication exception. What's the plan for non-automatic exits? In >>> particular, what's the plan for emulated devices that are currently >>> accessed through MMIO (e.g. the IOAPIC)? >> >> >> First of all, please do not top-post. >> >> Then, maybe this would answer some of your questions: >> >> >> http://support.amd.com/TechDocs/Protecting%20VM%20Register%20State%20with%20SEV-ES.pdf >> >> But I'd look in Tom's direction for further comments. > > > I'm not sure what the question really is... > > MMIO works just fine using the data contained in the VMCB on exit > (exit_info_1, exit_info_2, insn_bytes, etc.). > > These patches are for SEV support. If the question is related to SEV-ES > (based on the non-automatic exit comment), that support is not part of > these patches and will require additional changes to be able to both > launch a guest as an SEV-ES guest and run as an SEV-ES guest.
I conflated SEV with SEV-ES, which I suspect answers everything here. The reason it doesn't have support for the #VC exception is because it's not supposed to... yet. I'm still interested in the plan for the #VC exception handler, but this thread doesn't seem like the place. > >> >>> Maybe I'm getting ahead of myself: What's the testing story? (since I >>> don't think linux would boot with these patches, I'm curious what you >>> are doing to ensure these pieces work) >> >> >> Seems to boot fine here :) > > > Using these patches we have successfully booted and tested a guest both > with and without SEV enabled. > > Thanks, > Tom > >> > Thanks, Steve
