git.baikalelectronics.ru Git - kernel.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Thu, 2 Dec 2021 18:52:05 +0000 (12:52 -0600)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Sun, 5 Dec 2021 08:02:04 +0000 (03:02 -0500)
commit	c759716fa76d967a6a1fff6754c6ed0b1a2b49cd
tree	ea5b8abca9f129f4d085108c6538e98a950124f0	tree \| snapshot
parent	4259f44e614ec77a7d0f35c7d240f18823373e41	commit \| diff

KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure

Currently, an SEV-ES guest is terminated if the validation of the VMGEXIT
exit code or exit parameters fails.

The VMGEXIT instruction can be issued from userspace, even though
userspace (likely) can't update the GHCB. To prevent userspace from being
able to kill the guest, return an error through the GHCB when validation
fails rather than terminating the guest. For cases where the GHCB can't be
updated (e.g. the GHCB can't be mapped, etc.), just return back to the
guest.

The new error codes are documented in the lasest update to the GHCB
specification.

Fixes: a1f1caa47b61 ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <b57280b5562893e2616257ac9c2d4525a9aeeb42.1638471124.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/sev-common.h		diff \| blob \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| history