From: Sean Christopherson <seanjc@google.com>
To: Michael Roth <michael.roth@amd.com>
Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-kernel@vger.kernel.org, x86@kernel.org,
pbonzini@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com,
pgonda@google.com, ashish.kalra@amd.com, bp@alien8.de,
pankaj.gupta@amd.com, liam.merwick@oracle.com,
Brijesh Singh <brijesh.singh@amd.com>,
Alexey Kardashevskiy <aik@amd.com>
Subject: Re: [PATCH v1-revised 1/5] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event
Date: Wed, 26 Jun 2024 07:32:32 -0700 [thread overview]
Message-ID: <ZnwmgHYWQQ4DP176@google.com> (raw)
In-Reply-To: <20240621171519.3180965-1-michael.roth@amd.com>
On Fri, Jun 21, 2024, Michael Roth wrote:
> diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h
> index 154a87a1eca9..7bd78e258569 100644
> --- a/include/uapi/linux/sev-guest.h
> +++ b/include/uapi/linux/sev-guest.h
> @@ -89,8 +89,17 @@ struct snp_ext_report_req {
> #define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0)
> #define SNP_GUEST_VMM_ERR_SHIFT 32
> #define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT)
> +#define SNP_GUEST_FW_ERR(x) ((x) & SNP_GUEST_FW_ERR_MASK)
> +#define SNP_GUEST_ERR(vmm_err, fw_err) (SNP_GUEST_VMM_ERR(vmm_err) | \
> + SNP_GUEST_FW_ERR(fw_err))
>
> +/*
> + * The GHCB spec only formally defines INVALID_LEN/BUSY VMM errors, but define
> + * a GENERIC error code such that it won't ever conflict with GHCB-defined
> + * errors if any get added in the future.
> + */
> #define SNP_GUEST_VMM_ERR_INVALID_LEN 1
> #define SNP_GUEST_VMM_ERR_BUSY 2
> +#define SNP_GUEST_VMM_ERR_GENERIC BIT(31)
Related to my suggestion to not have KVM-defined error codes, if we go that route,
then I believe SNP_GUEST_VMM_ERR_GENERIC is unnecessary.
For snp_handle_guest_req(), if sev_issue_cmd() fails, KVM can/should do something
like:
/* Forward non-firmware errors to userspace, e.g. if the PSP is dead. */
if (ret && !fw_err)
goto release_req;
ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(0, fw_err));
And then in snp_complete_req_certs(), we could either let userspace shove in any
error code whatsoever, or restrict userspace to known, GHCB-defined error codes,
e.g.
int err;
err = READ_ONCE(vcpu->run->coco.req_certs.ret);
if (err)
if (err != SNP_GUEST_VMM_ERR_INVALID_LEN &&
err != SNP_GUEST_VMM_ERR_BUSY)
return -EINVAL;
if (err == SNP_GUEST_VMM_ERR_INVALID_LEN)
vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->coco.req_certs.npages;
ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(err, 0));
return 1;
}
>
> #endif /* __UAPI_LINUX_SEV_GUEST_H_ */
> --
> 2.25.1
>
next prev parent reply other threads:[~2024-06-26 14:32 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-21 13:40 [PATCH v1 0/5] SEV-SNP: Add KVM support for attestation and KVM_EXIT_COCO Michael Roth
2024-06-21 13:40 ` [PATCH v1 1/5] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event Michael Roth
2024-06-21 15:52 ` Liam Merwick
2024-06-21 16:17 ` Michael Roth
2024-06-21 17:15 ` [PATCH v1-revised " Michael Roth
2024-06-22 0:13 ` Liam Merwick
2024-06-26 14:32 ` Sean Christopherson [this message]
2024-06-26 13:58 ` [PATCH v1 " Sean Christopherson
2024-06-26 15:45 ` Michael Roth
2024-06-26 17:13 ` Sean Christopherson
2024-06-26 17:42 ` Michael Roth
2024-06-26 19:54 ` Sean Christopherson
2024-06-27 14:48 ` Tom Lendacky
2024-06-27 15:35 ` Sean Christopherson
2024-06-27 16:23 ` Peter Gonda
2024-06-27 17:13 ` Tom Lendacky
2024-06-27 18:07 ` Sean Christopherson
2024-06-21 13:40 ` [PATCH v1 2/5] x86/sev: Move sev_guest.h into common SEV header Michael Roth
2024-06-21 16:42 ` Liam Merwick
2024-06-21 18:07 ` Tom Lendacky
2024-06-21 13:40 ` [PATCH v1 3/5] KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event Michael Roth
2024-06-21 16:45 ` Liam Merwick
2024-06-21 19:21 ` Tom Lendacky
2024-06-22 20:28 ` Carlos Bilbao
2024-06-24 13:05 ` Tom Lendacky
2024-06-24 15:02 ` Sean Christopherson
2024-06-21 13:40 ` [PATCH v1 4/5] KVM: Introduce KVM_EXIT_COCO exit type Michael Roth
2024-06-26 14:22 ` Sean Christopherson
2024-06-26 17:30 ` Michael Roth
2024-06-28 20:08 ` Sean Christopherson
2024-06-29 0:36 ` Michael Roth
2024-07-26 7:15 ` Binbin Wu
2024-09-13 16:29 ` Dionna Amalie Glaze
2024-10-28 18:20 ` Sean Christopherson
2024-11-01 20:53 ` Dionna Amalie Glaze
2024-11-01 21:52 ` Michael Roth
2024-11-01 23:54 ` Dionna Amalie Glaze
2024-11-19 13:53 ` Michael Roth
2024-11-20 4:03 ` Binbin Wu
2024-06-21 13:40 ` [PATCH v1 5/5] KVM: SEV: Add certificate support for SNP_EXTENDED_GUEST_REQUEST events Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnwmgHYWQQ4DP176@google.com \
--to=seanjc@google.com \
--cc=aik@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.