From: "Kalra, Ashish" <ashish.kalra@amd.com>
To: Sean Christopherson <seanjc@google.com>
Cc: pbonzini@redhat.com, dave.hansen@linux.intel.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
x86@kernel.org, hpa@zytor.com, peterz@infradead.org,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
thomas.lendacky@amd.com, michael.roth@amd.com,
kexec@lists.infradead.org, linux-coco@lists.linux.dev
Subject: Re: [PATCH v2] x86/sev: Fix host kdump support for SNP
Date: Wed, 4 Sep 2024 14:44:33 -0500 [thread overview]
Message-ID: <89cef849-4309-478c-8250-3e668943fa15@amd.com> (raw)
In-Reply-To: <fbde9567-d235-459b-a80b-b2dbaf9d1acb@amd.com>
Hello Sean,
>>> e_free_context:
>>> @@ -2884,9 +2890,126 @@ static int snp_decommission_context(struct kvm *kvm)
>>> snp_free_firmware_page(sev->snp_context);
>>> sev->snp_context = NULL;
>>>
>>> + if (snp_asid_to_gctx_pages_map)
>>> + snp_asid_to_gctx_pages_map[sev_get_asid(kvm)] = NULL;
>>> +
>>> return 0;
>>> }
>>>
>>> +static void __snp_decommission_all(void)
>>> +{
>>> + struct sev_data_snp_addr data = {};
>>> + int ret, asid;
>>> +
>>> + if (!snp_asid_to_gctx_pages_map)
>>> + return;
>>> +
>>> + for (asid = 1; asid < min_sev_asid; asid++) {
>>> + if (snp_asid_to_gctx_pages_map[asid]) {
>>> + data.address = __sme_pa(snp_asid_to_gctx_pages_map[asid]);
>> NULL pointer deref if this races with snp_decommission_context() from task
>> context.
Actually looking at this again, this is why we really need all CPUs synchronizing in NMI context before one CPU in NMI context takes control and issues SNP_DECOMMISSION on all SNP VMs.
If there are sev_vm_destroy() -> snp_decommision_context() executing, when they start handling NMI they would have either already issued SNP_DECOMMISSION for this VM and/or reclaimed the SNP guest context page (transitioned to FW state after SNP_DECOMMISSION). In both cases when we issue SNP_DECOMMISSION here in __snp_decommission_all(), the command will fail with INVALID_GUEST/INVALID_ADDRESS error, so we can simply ignore this error and assume that the VM has already been decommissioned and continue with decommissioning the other VMs.
I actually tested some of these scenarios and they work as above.
>>> + ret = sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL);
>>> + if (!ret) {
>> And what happens if SEV_CMD_SNP_DECOMMISSION fails?
As mentioned above, we can ignore the failure here as the VM may have already been decommissioned.
In the case where SNP_DECOMMISSION fails without the VM being already decommissioned, crashkernel boot will fail.
Thanks, Ashish
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2024-09-04 19:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-03 19:10 [PATCH v2] x86/sev: Fix host kdump support for SNP Ashish Kalra
2024-09-03 19:52 ` Sean Christopherson
2024-09-03 22:58 ` Kalra, Ashish
2024-09-04 10:29 ` Paolo Bonzini
2024-09-04 17:37 ` Kalra, Ashish
2024-09-04 19:54 ` Michael Roth
2024-09-04 21:31 ` Kalra, Ashish
2024-09-04 22:23 ` Sean Christopherson
2024-09-06 20:27 ` Ashish Kalra
2024-09-09 23:33 ` Ashish Kalra
2024-09-12 22:18 ` Ashish Kalra
2024-09-04 19:44 ` Kalra, Ashish [this message]
2024-09-04 9:36 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89cef849-4309-478c-8250-3e668943fa15@amd.com \
--to=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kexec@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox