From: "Gupta, Pankaj" <pankaj.gupta@amd.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Naveen N Rao <naveen@kernel.org>,
Kim Phillips <kim.phillips@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Alexey Kardashevskiy <aik@amd.com>
Subject: Re: [PATCH v2 04/10] KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
Date: Thu, 27 Feb 2025 11:25:31 +0100 [thread overview]
Message-ID: <a0f7bc73-aec3-4e05-b35e-b3095badf534@amd.com> (raw)
In-Reply-To: <20250227012541.3234589-5-seanjc@google.com>
On 2/27/2025 2:25 AM, Sean Christopherson wrote:
> If KVM rejects an AP Creation event, leave the target vCPU state as-is.
> Nothing in the GHCB suggests the hypervisor is *allowed* to muck with vCPU
> state on failure, let alone required to do so. Furthermore, kicking only
> in the !ON_INIT case leads to divergent behavior, and even the "kick" case
> is non-deterministic.
>
> E.g. if an ON_INIT request fails, the guest can successfully retry if the
> fixed AP Creation request is made prior to sending INIT. And if a !ON_INIT
> fails, the guest can successfully retry if the fixed AP Creation request is
> handled before the target vCPU processes KVM's
> KVM_REQ_UPDATE_PROTECTED_GUEST_STATE.
>
> Fixes: e366f92ea99e ("KVM: SEV: Support SEV-SNP AP Creation NAE event")
> Cc: stable@vger.kernel.org
> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com>
> ---
> arch/x86/kvm/svm/sev.c | 13 ++++++-------
> 1 file changed, 6 insertions(+), 7 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 218738a360ba..9aad0dae3a80 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -3957,16 +3957,12 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm)
>
> /*
> * The target vCPU is valid, so the vCPU will be kicked unless the
> - * request is for CREATE_ON_INIT. For any errors at this stage, the
> - * kick will place the vCPU in an non-runnable state.
> + * request is for CREATE_ON_INIT.
> */
> kick = true;
>
> mutex_lock(&target_svm->sev_es.snp_vmsa_mutex);
>
> - target_svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;
> - target_svm->sev_es.snp_ap_waiting_for_reset = true;
> -
> /* Interrupt injection mode shouldn't change for AP creation */
> if (request < SVM_VMGEXIT_AP_DESTROY) {
> u64 sev_features;
> @@ -4012,20 +4008,23 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm)
> target_svm->sev_es.snp_vmsa_gpa = svm->vmcb->control.exit_info_2;
> break;
> case SVM_VMGEXIT_AP_DESTROY:
> + target_svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;
> break;
> default:
> vcpu_unimpl(vcpu, "vmgexit: invalid AP creation request [%#x] from guest\n",
> request);
> ret = -EINVAL;
> - break;
> + goto out;
> }
>
> -out:
> + target_svm->sev_es.snp_ap_waiting_for_reset = true;
> +
> if (kick) {
> kvm_make_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, target_vcpu);
> kvm_vcpu_kick(target_vcpu);
> }
>
> +out:
> mutex_unlock(&target_svm->sev_es.snp_vmsa_mutex);
>
> return ret;
next prev parent reply other threads:[~2025-02-27 10:25 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-27 1:25 [PATCH v2 00/10] KVM: SVM: Attempt to cleanup SEV_FEATURES Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 01/10] KVM: SVM: Save host DR masks on CPUs with DebugSwap Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 02/10] KVM: SVM: Don't rely on DebugSwap to restore host DR0..DR3 Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 03/10] KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest has an invalid VMSA Sean Christopherson
2025-02-27 16:03 ` Tom Lendacky
2025-02-27 16:56 ` Gupta, Pankaj
2025-02-27 1:25 ` [PATCH v2 04/10] KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error Sean Christopherson
2025-02-27 10:25 ` Gupta, Pankaj [this message]
2025-02-27 1:25 ` [PATCH v2 05/10] KVM: SVM: Require AP's "requested" SEV_FEATURES to match KVM's view Sean Christopherson
2025-02-27 7:12 ` Gupta, Pankaj
2025-02-27 14:33 ` Sean Christopherson
2025-02-27 15:18 ` Gupta, Pankaj
2025-02-27 15:42 ` Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 06/10] KVM: SVM: Simplify request+kick logic in SNP AP Creation handling Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 07/10] KVM: SVM: Use guard(mutex) to simplify SNP AP Creation error handling Sean Christopherson
2025-02-27 16:51 ` Gupta, Pankaj
2025-02-27 1:25 ` [PATCH v2 08/10] KVM: SVM: Mark VMCB dirty before processing incoming snp_vmsa_gpa Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 09/10] KVM: SVM: Use guard(mutex) to simplify SNP vCPU state updates Sean Christopherson
2025-02-27 1:25 ` [PATCH v2 10/10] KVM: SVM: Invalidate "next" SNP VMSA GPA even on failure Sean Christopherson
2025-03-05 1:05 ` [PATCH v2 00/10] KVM: SVM: Attempt to cleanup SEV_FEATURES Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0f7bc73-aec3-4e05-b35e-b3095badf534@amd.com \
--to=pankaj.gupta@amd.com \
--cc=aik@amd.com \
--cc=kim.phillips@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=naveen@kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.