On Tue, Jun 01, 2021 at 05:16:12PM +0000, Sean Christopherson wrote:
The bug isn't limited to out-of-spec hardware. At the point of #GP, sme_enable() has only verified the max leaf is greater than 0x8000001f, it has not verified that 0x8000001f is actually supported. The APM itself declares several leafs between 0x80000000 and 0x8000001f as reserved/unsupported, so we can't argue that 0x8000001f must be supported if the max leaf is greater than 0x8000001f.
If a hypervisor says that 0x8000001f is supported but then we explode when reading MSR_AMD64_SEV, then hypervisor gets to keep both pieces.
We're not going to workaround all possible insane hardware/hypervisor configurations just because they dropped the ball.