system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-04 18:33:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/arch/x86/kvm/svm
History
Michael Roth cf6d9d2d24 KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests 
With commit 27bd5fdc24 ("KVM: SEV-ES: Prevent MSR access post VMSA
encryption"), older VMMs like QEMU 9.0 and older will fail when booting
SEV-ES guests with something like the following error:

  qemu-system-x86_64: error: failed to get MSR 0x174
  qemu-system-x86_64: ../qemu.git/target/i386/kvm/kvm.c:3950: kvm_get_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

This is because older VMMs that might still call
svm_get_msr()/svm_set_msr() for SEV-ES guests after guest boot even if
those interfaces were essentially just noops because of the vCPU state
being encrypted and stored separately in the VMSA. Now those VMMs will
get an -EINVAL and generally crash.

Newer VMMs that are aware of KVM_SEV_INIT2 however are already aware of
the stricter limitations of what vCPU state can be sync'd during
guest run-time, so newer QEMU for instance will work both for legacy
KVM_SEV_ES_INIT interface as well as KVM_SEV_INIT2.

So when using KVM_SEV_INIT2 it's okay to assume userspace can deal with
-EINVAL, whereas for legacy KVM_SEV_ES_INIT the kernel might be dealing
with either an older VMM and so it needs to assume that returning
-EINVAL might break the VMM.

Address this by only returning -EINVAL if the guest was started with
KVM_SEV_INIT2. Otherwise, just silently return.

Cc: Ravi Bangoria <ravi.bangoria@amd.com>
Cc: Nikunj A Dadhania <nikunj@amd.com>
Reported-by: Srikanth Aithal <sraithal@amd.com>
Closes: https://lore.kernel.org/lkml/37usuu4yu4ok7be2hqexhmcyopluuiqj3k266z4gajc2rcj4yo@eujb23qc3zcm/
Fixes: 27bd5fdc24 ("KVM: SEV-ES: Prevent MSR access post VMSA encryption")
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240604233510.764949-1-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-06-21 07:11:29 -04:00
..
avic.c x86: KVM: SVM: add support for Invalid IPI Vector interception 2023-10-12 11:08:59 -04:00
hyperv.c KVM: nSVM: hyper-v: Enable L2 TLB flush 2022-11-18 12:59:18 -05:00
hyperv.h KVM: x86: Make Hyper-V emulation optional 2023-12-07 09:34:57 -08:00
nested.c KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe 2024-01-29 20:34:19 +01:00
pmu.c KVM: x86/pmu: Move pmc_idx => pmc translation helper to common code 2024-02-01 09:35:47 -08:00
sev.c KVM: SEV-ES: Delegate LBR virtualization to the processor 2024-06-03 13:07:18 -04:00
svm.c KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests 2024-06-21 07:11:29 -04:00
svm.h KVM: SEV-ES: Delegate LBR virtualization to the processor 2024-06-03 13:07:18 -04:00
svm_onhyperv.c KVM: x86: Move Hyper-V partition assist page out of Hyper-V emulation context 2023-12-07 09:34:01 -08:00
svm_onhyperv.h s390: 2023-05-01 12:06:20 -07:00
svm_ops.h work around gcc bugs with 'asm goto' with outputs 2024-02-09 15:57:48 -08:00
vmenter.S KVM: SVM: Create a stack frame in __svm_sev_es_vcpu_run() 2024-04-09 10:21:10 -07:00