From: Sean Christopherson <seanjc@google.com>
To: Joerg Roedel <jroedel@suse.de>
Cc: Michael Roth <michael.roth@amd.com>,
kvm@vger.kernel.org, linux-coco@lists.linux.dev,
linux-kernel@vger.kernel.org, pbonzini@redhat.com,
thomas.lendacky@amd.com, ashish.kalra@amd.com,
liam.merwick@oracle.com, pankaj.gupta@amd.com,
dionnaglaze@google.com, huibo.wang@amd.com
Subject: Re: [PATCH v5 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching
Date: Wed, 26 Feb 2025 06:27:11 -0800 [thread overview]
Message-ID: <Z78kv-hhU6AWyufz@google.com> (raw)
In-Reply-To: <Z7yc8-QXXVPzr2K8@suse.de>
On Mon, Feb 24, 2025, Joerg Roedel wrote:
> Hi Michael,
>
> On Wed, Feb 19, 2025 at 09:15:05AM -0600, Michael Roth wrote:
> > + - If some other error occurred, userspace must set `ret` to ``EIO``.
> > + (This is to reserve special meaning for unused error codes in the
> > + future.)
>
> [...]
>
> > +static int snp_complete_req_certs(struct kvm_vcpu *vcpu)
> > +{
> > + struct vcpu_svm *svm = to_svm(vcpu);
> > + struct vmcb_control_area *control = &svm->vmcb->control;
> > +
> > + if (vcpu->run->snp_req_certs.ret) {
> > + if (vcpu->run->snp_req_certs.ret == ENOSPC) {
> > + vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->snp_req_certs.npages;
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN, 0));
> > + } else if (vcpu->run->snp_req_certs.ret == EAGAIN) {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_BUSY, 0));
> > + } else {
> > + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb,
> > + SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_GENERIC, 0));
> > + }
>
> According to the documentation above, there should be a block checking
> for EIO which injects SNP_GUEST_VMM_ERR_GENERIC and the else block
> should return with EINVAL to user-space, no?
Yeah. It feels a bit ridiculous, but it would be quite unfortunate to go through
the extra effort of decoupling KVM's error handling from the GHCB error code, only
for it to all fall apart due to not enforcing the "return" value.
next prev parent reply other threads:[~2025-02-26 14:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-19 15:15 [PATCH v5 0/1] SEV-SNP: Add KVM support for SNP certificate fetching Michael Roth
2025-02-19 15:15 ` [PATCH v5 1/1] KVM: Introduce KVM_EXIT_SNP_REQ_CERTS for SNP certificate-fetching Michael Roth
2025-02-24 16:23 ` Joerg Roedel
2025-02-26 14:27 ` Sean Christopherson [this message]
2025-02-26 15:09 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z78kv-hhU6AWyufz@google.com \
--to=seanjc@google.com \
--cc=ashish.kalra@amd.com \
--cc=dionnaglaze@google.com \
--cc=huibo.wang@amd.com \
--cc=jroedel@suse.de \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).