From: Sean Christopherson <seanjc@google.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: Melody Wang <huibo.wang@amd.com>,
kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
roedel@suse.de, Tom Lendacky <thomas.lendacky@amd.com>,
ashish.kalra@amd.com, liam.merwick@oracle.com,
pankaj.gupta@amd.com, Michael Roth <michael.roth@amd.com>
Subject: Re: [PATCH v4 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching
Date: Tue, 21 Jan 2025 08:52:03 -0800 [thread overview]
Message-ID: <Z4_Qs2mAXK28IwJa@google.com> (raw)
In-Reply-To: <CAAH4kHZL-9R+MLLvArcwQ2Zpk+gtqYTvVMR01WA1kVJ9goq_sw@mail.gmail.com>
On Tue, Jan 21, 2025, Dionna Amalie Glaze wrote:
> On Mon, Jan 20, 2025 at 1:58 PM Melody Wang <huibo.wang@amd.com> wrote:
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index 943bd074a5d3..4896c34ed318 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -4064,6 +4064,30 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_
> > return ret;
> > }
> >
> > +static int snp_complete_req_certs(struct kvm_vcpu *vcpu)
> > +{
> > + struct vcpu_svm *svm = to_svm(vcpu);
> > + struct vmcb_control_area *control = &svm->vmcb->control;
> > +
> > + if (vcpu->run->snp_req_certs.ret) {
> > + if (vcpu->run->snp_req_certs.ret == ENOSPC) {
> > + vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->snp_req_certs.npages;
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN, 0));
> > + } else if (vcpu->run->snp_req_certs.ret == EAGAIN) {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_BUSY, 0));
>
> Discussion, not a change request: given that my proposed patch [1] to
> add rate-limiting for guest messages to the PSP generally was
> rejected,
For the record, it wasn't rejected outright. I pointed out flaws in the proposed
behavior[*], and AFAICT no one ever responded. If I fully reject something, I
promise I will make it abundantly clear :-)
[*] https://lore.kernel.org/all/Y8rEFpbMV58yJIKy@google.com
> do we think it'd be proper to add a KVM_EXIT_SNP_REQ_MSG or
> some such for the VMM to decide if the guest should have access to the
> globally shared resource (PSP) via EAGAIN or 0?
Can you elaborate? I don't quite understand what you're suggesting.
> [1] https://patchwork.kernel.org/project/kvm/cover/20230119213426.379312-1-dionnaglaze@google.com/
>
> > + } else {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_GENERIC, 0));
> > + }
> > +
> > + return 1; /* resume guest */
> > + }
> > +
> > + return snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2);
> > +}
next prev parent reply other threads:[~2025-01-21 16:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-20 21:58 [PATCH v4 0/1] SEV-SNP: Add KVM support for SNP certificate fetching Melody Wang
2025-01-20 21:58 ` [PATCH v4 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching Melody Wang
2025-01-21 15:55 ` Dionna Amalie Glaze
2025-01-21 16:52 ` Sean Christopherson [this message]
2025-01-21 17:19 ` Dionna Amalie Glaze
2025-02-19 17:36 ` Michael Roth
2025-01-21 20:18 ` Liam Merwick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4_Qs2mAXK28IwJa@google.com \
--to=seanjc@google.com \
--cc=ashish.kalra@amd.com \
--cc=dionnaglaze@google.com \
--cc=huibo.wang@amd.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=roedel@suse.de \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.