cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Server Processors

adilahmad17
Journeyman III
‎10-13-2020 11:00 PM

SEV-SNP VMPL-switching details

Hey,

I have a question about AMD's upcoming SEV-SNP feature. I was reading the AMD64 software developer's manual (hyper-linked) and saw the Virtual Machine Privilege Levels (VMPL) feature (to be included with SEV-SNP). I was wondering how the feature is activated by the guest and how can a guest switch the VMPL-levels of its vCPUs? I couldn't find an answer to these questions in the manual.

Thanks!

0 Likes
6 Replies
Anonymous
Not applicable
‎10-14-2020 02:23 PM

Hello adilahmad17‌,

Each VMSA defines the VMPL that it executes at (as noted in Table B-4).  For example, a guest must have 2 VMSAs, the first is defined to run at VMPL0 and the second at VMPL1.  To switch between these, the guest must coordinate with the hypervisor.  For instance, the hypervisor may have first run the VMPL1 VMSA and that code decides it needs a service from VMPL0.  That code would do a hypercall to ask the hypervisor to switch to the other VMSA.  In response to this, the hypervisor should do ‘VMRUN’ on the VMPL0 VMSA and allow it to execute.  When this is finished, it can ask the hypervisor to switch back again via a hypercall.

 

One way we expect this feature may be used would be for every vCPU of the guest to contain VMSAs at multiple levels.  For instance, the ‘rich OS’ might have a VMSA defined to run at VMPL1 while a ‘trusted layer’ has its own VMSA defined to run at VMPL0.  That trusted layer might be responsible for tasks like APIC emulation, migration, etc.  By default, the hypervisor would run the VMPL1 VMSA but if it needed a service from the trusted layer (e.g. handle an ICR write) then the hypervisor would switch over to VMPL0 so the trusted layer could handle the event.  After this is done, the hypervisor could switch back to VMPL0.

Hope this helps.

0 Likes
adilahmad17
In response to Anonymous
Journeyman III
‎10-14-2020 02:38 PM

Yeah, I saw the VMPL bit in the VMSA but I was wondering if there is a more efficient way to switch the VMPL without exiting the guest. It seems that there isn't for now, at least.

Thanks for the clarification!  

0 Likes
adilahmad17
In response to adilahmad17
Journeyman III
‎10-14-2020 02:41 PM

Another question that I had in mind was that for an SEV guest, each hypercall must definitely flush the TLB; hence, hypercalls are way more expensive than regular guests? Is my understanding valid?

Thanks!

0 Likes
Anonymous
In response to adilahmad17
Not applicable
‎10-14-2020 03:46 PM

Hello,

VMEXIT events (whether for hypercalls or due to other reasons) do not flush the TLB.  The TLB entries are tagged as described in APM vol2 section 15.36.15 and this ensures that incorrect translations can’t be used.

 

In general, encrypted guests do have additional overhead due to the extra security checks and state that must be saved/restored.  But TLB flushes are not needed.

0 Likes
adilahmad17
In response to Anonymous
Journeyman III
‎10-14-2020 07:54 PM

Awesome, got it!

Thanks a bunch for all the clarifications!  

0 Likes
adilahmad17
Journeyman III
‎08-05-2022 02:17 AM

Hi, I have another clarification to ask. As you said, we can use VMSAs for creating a tiny secure layer and a rich OS. Can we also create let's say a VMSA for a user process, instead of privileged components? 

0 Likes