From: Sean Christopherson <seanjc@google.com>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: Melody Wang <huibo.wang@amd.com>,
kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
roedel@suse.de, Tom Lendacky <thomas.lendacky@amd.com>,
ashish.kalra@amd.com, liam.merwick@oracle.com,
pankaj.gupta@amd.com, Michael Roth <michael.roth@amd.com>
Subject: Re: [PATCH v4 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching
Date: Tue, 21 Jan 2025 08:52:03 -0800 [thread overview]
Message-ID: <Z4_Qs2mAXK28IwJa@google.com> (raw)
In-Reply-To: <CAAH4kHZL-9R+MLLvArcwQ2Zpk+gtqYTvVMR01WA1kVJ9goq_sw@mail.gmail.com>
On Tue, Jan 21, 2025, Dionna Amalie Glaze wrote:
> On Mon, Jan 20, 2025 at 1:58 PM Melody Wang <huibo.wang@amd.com> wrote:
> > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > index 943bd074a5d3..4896c34ed318 100644
> > --- a/arch/x86/kvm/svm/sev.c
> > +++ b/arch/x86/kvm/svm/sev.c
> > @@ -4064,6 +4064,30 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_
> > return ret;
> > }
> >
> > +static int snp_complete_req_certs(struct kvm_vcpu *vcpu)
> > +{
> > + struct vcpu_svm *svm = to_svm(vcpu);
> > + struct vmcb_control_area *control = &svm->vmcb->control;
> > +
> > + if (vcpu->run->snp_req_certs.ret) {
> > + if (vcpu->run->snp_req_certs.ret == ENOSPC) {
> > + vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->snp_req_certs.npages;
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN, 0));
> > + } else if (vcpu->run->snp_req_certs.ret == EAGAIN) {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_BUSY, 0));
>
> Discussion, not a change request: given that my proposed patch [1] to
> add rate-limiting for guest messages to the PSP generally was
> rejected,
For the record, it wasn't rejected outright. I pointed out flaws in the proposed
behavior[*], and AFAICT no one ever responded. If I fully reject something, I
promise I will make it abundantly clear :-)
[*] https://lore.kernel.org/all/Y8rEFpbMV58yJIKy@google.com
> do we think it'd be proper to add a KVM_EXIT_SNP_REQ_MSG or
> some such for the VMM to decide if the guest should have access to the
> globally shared resource (PSP) via EAGAIN or 0?
Can you elaborate? I don't quite understand what you're suggesting.
> [1] https://patchwork.kernel.org/project/kvm/cover/20230119213426.379312-1-dionnaglaze@google.com/
>
> > + } else {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_GENERIC, 0));
> > + }
> > +
> > + return 1; /* resume guest */
> > + }
> > +
> > + return snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2);
> > +}
next prev parent reply other threads:[~2025-01-21 16:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-20 21:58 [PATCH v4 0/1] SEV-SNP: Add KVM support for SNP certificate fetching Melody Wang
2025-01-20 21:58 ` [PATCH v4 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching Melody Wang
2025-01-21 15:55 ` Dionna Amalie Glaze
2025-01-21 16:52 ` Sean Christopherson [this message]
2025-01-21 17:19 ` Dionna Amalie Glaze
2025-02-19 17:36 ` Michael Roth
2025-01-21 20:18 ` Liam Merwick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4_Qs2mAXK28IwJa@google.com \
--to=seanjc@google.com \
--cc=ashish.kalra@amd.com \
--cc=dionnaglaze@google.com \
--cc=huibo.wang@amd.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=roedel@suse.de \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox