From: Sean Christopherson <seanjc@google.com>
To: Alexey Kardashevskiy <aik@amd.com>
Cc: kvm@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>,
Santosh Shukla <santosh.shukla@amd.com>
Subject: Re: [PATCH kernel 5/9] KVM: SVM/SEV/SEV-ES: Rework intercepts
Date: Fri, 30 Jun 2023 14:49:16 -0700 [thread overview]
Message-ID: <ZJ9N3GMNuKJXc5wQ@google.com> (raw)
In-Reply-To: <20230615063757.3039121-6-aik@amd.com>
On Thu, Jun 15, 2023, Alexey Kardashevskiy wrote:
> @@ -2976,6 +2977,16 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> svm_set_intercept(svm, TRAP_CR4_WRITE);
> svm_set_intercept(svm, TRAP_CR8_WRITE);
>
> + /*
> + * DR7 access must remain intercepted for an SEV-ES guest to disallow
> + * the guest kernel set up a #DB on memory that's needed to vector a #DB
> + * as otherwise the CPU gets stuck in an infinite #DB loop.
> + */
This isn't correct. Letting the guest configuring breakpoints would be weird
and nonsensical, but it wouldn't lead to infinite #DBs so long as KVM intercepts
#DB.
KVM intercepts DR7 when DebugSwap isn't enabled because otherwise KVM has no way
of context switching DR[0-3] for the guest. At least, I assume that's the case,
AFAICT the APM never actually says what happens with DR[0-3] when DebugSwap is
disabled.
next prev parent reply other threads:[~2023-06-30 21:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-15 6:37 [PATCH kernel 0/9] KVM: SEV: Enable AMD SEV-ES DebugSwap Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 1/9] KVM: SEV: move set_dr_intercepts/clr_dr_intercepts from the header Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 2/9] KVM: SEV: Move SEV's GP_VECTOR intercept setup to SEV Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 3/9] KVM: SVM: Rewrite sev_es_prepare_switch_to_guest()'s comment about swap types Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 4/9] KVM: SEV-ES: explicitly disable debug Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 5/9] KVM: SVM/SEV/SEV-ES: Rework intercepts Alexey Kardashevskiy
2023-06-30 21:49 ` Sean Christopherson [this message]
2023-07-03 2:01 ` Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 6/9] KVM: SEV: Enable data breakpoints in SEV-ES Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 7/9] KVM: SEV-ES: Eliminate #DB intercept when DebugSwap enabled Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 8/9] KVM: SVM: Don't defer NMI unblocking until next exit for SEV-ES guests Alexey Kardashevskiy
2023-06-15 6:37 ` [PATCH kernel 9/9] KVM: SVM: Don't try to pointlessly single-step SEV-ES guests for NMI window Alexey Kardashevskiy
2023-06-15 7:13 ` [PATCH kernel 0/9 v6] KVM: SEV: Enable AMD SEV-ES DebugSwap Alexey Kardashevskiy
2023-06-23 1:35 ` Alexey Kardashevskiy
2023-06-23 14:19 ` Sean Christopherson
2023-06-30 2:08 ` Alexey Kardashevskiy
2023-06-30 21:52 ` Sean Christopherson
2023-07-20 19:01 ` Alexey Kardashevskiy
2023-07-28 23:49 ` [PATCH kernel 0/9] " Sean Christopherson
2023-07-29 1:57 ` Alexey Kardashevskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJ9N3GMNuKJXc5wQ@google.com \
--to=seanjc@google.com \
--cc=aik@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=santosh.shukla@amd.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.