From: Alexey Kardashevskiy <aik@amd.com>
To: Alexey Kardashevskiy <aik@amd.com>
Cc: <kvm@vger.kernel.org>, <x86@kernel.org>,
<linux-kernel@vger.kernel.org>,
Venu Busireddy <venu.busireddy@oracle.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
"Nikunj A Dadhania" <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Borislav Petkov <bp@alien8.de>,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Sean Christopherson <seanjc@google.com>
Subject: [PATCH kernel v4 3/3] x86/sev: Do not handle #VC for DR7 read/write
Date: Mon, 30 Jan 2023 11:56:57 +1100 [thread overview]
Message-ID: <20230130005657.989935-1-aik@amd.com> (raw)
In-Reply-To: <20230120031047.628097-4-aik@amd.com>
With MSR_AMD64_SEV_DEBUG_SWAP enabled, the VM should not get #VC
events for DR7 read/write which it rather avoided.
Update the SNP_FEATURES_PRESENT mask with MSR_AMD64_SNP_DEBUG_SWAP so
an SNP guest can gracefully terminate during SNP feature negotiation.
For SEV-ES (which does not negotiate features) and enabled DebugSwap,
fail to handle DR7's #VC and return en error which in turn causes
panic() as there is no goot reason for the HV to keep intercepting DR7.
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---
1/3 and 2/3 are the same as in v3 and fairly independent from this one.
The question now is what should SNP-feature-negotiation-aware guest do
when KVM enables DebugSwap.
"x86/sev: Add SEV-SNP guest feature negotiation support" is going to
reach the upstream long before any of these three from this thread.
It does not matter now as there is no SNP in upstream KVM.
---
Changes:
v4:
* rebased on top of SNP feature negotiation
v2:
* use new bit definition
---
arch/x86/boot/compressed/sev.c | 2 +-
arch/x86/kernel/sev.c | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index d63ad8f99f83..ac86f458951d 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -315,7 +315,7 @@ static void enforce_vmpl0(void)
* by the guest kernel. As and when a new feature is implemented in the
* guest kernel, a corresponding bit should be added to the mask.
*/
-#define SNP_FEATURES_PRESENT (0)
+#define SNP_FEATURES_PRESENT MSR_AMD64_SNP_DEBUG_SWAP
void snp_check_features(void)
{
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 679026a640ef..f29e60c496d7 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1618,6 +1618,9 @@ static enum es_result vc_handle_dr7_write(struct ghcb *ghcb,
long val, *reg = vc_insn_get_rm(ctxt);
enum es_result ret;
+ if (sev_status & MSR_AMD64_SNP_DEBUG_SWAP)
+ return ES_VMM_ERROR;
+
if (!reg)
return ES_DECODE_FAILED;
@@ -1655,6 +1658,9 @@ static enum es_result vc_handle_dr7_read(struct ghcb *ghcb,
struct sev_es_runtime_data *data = this_cpu_read(runtime_data);
long *reg = vc_insn_get_rm(ctxt);
+ if (sev_status & MSR_AMD64_SNP_DEBUG_SWAP)
+ return ES_VMM_ERROR;
+
if (!reg)
return ES_DECODE_FAILED;
--
2.39.1
prev parent reply other threads:[~2023-01-30 0:58 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-20 3:10 [PATCH kernel v3 0/3] KVM: SEV: Enable AMD SEV-ES DebugSwap Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 1/3] x86/amd: Cache debug register values in percpu variables Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 2/3] KVM: SEV: Enable data breakpoints in SEV-ES Alexey Kardashevskiy
2023-01-31 19:22 ` Borislav Petkov
2023-02-01 2:20 ` Sean Christopherson
2023-02-01 19:32 ` Sean Christopherson
2023-02-03 12:26 ` Borislav Petkov
2023-02-01 2:18 ` Sean Christopherson
2023-02-03 3:37 ` Alexey Kardashevskiy
2023-02-03 5:14 ` [PATCH kernel v4] " Alexey Kardashevskiy
2023-02-21 5:19 ` Alexey Kardashevskiy
2023-03-14 9:43 ` Alexey Kardashevskiy
2023-03-21 6:56 ` Alexey Kardashevskiy
2023-03-23 17:40 ` Sean Christopherson
2023-03-29 15:13 ` Tom Lendacky
2023-03-23 16:39 ` [PATCH kernel v3 2/3] " Sean Christopherson
2023-03-24 4:05 ` Alexey Kardashevskiy
2023-01-20 3:10 ` [PATCH kernel v3 3/3] x86/sev: Do not handle #VC for DR7 read/write Alexey Kardashevskiy
2023-01-20 5:12 ` Nikunj A. Dadhania
2023-01-20 10:23 ` Alexey Kardashevskiy
2023-01-20 12:06 ` Borislav Petkov
2023-01-25 3:11 ` Alexey Kardashevskiy
2023-01-25 5:44 ` Borislav Petkov
2023-01-24 10:37 ` Nikunj A. Dadhania
2023-01-24 12:37 ` Alexey Kardashevskiy
2023-01-24 13:17 ` Nikunj A. Dadhania
2023-01-30 0:56 ` Alexey Kardashevskiy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230130005657.989935-1-aik@amd.com \
--to=aik@amd.com \
--cc=Jason@zx2c4.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=venu.busireddy@oracle.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).