]> git.baikalelectronics.ru Git - kernel.git/commit
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure
authorTom Lendacky <thomas.lendacky@amd.com>
Thu, 2 Dec 2021 18:52:05 +0000 (12:52 -0600)
committerPaolo Bonzini <pbonzini@redhat.com>
Sun, 5 Dec 2021 08:02:04 +0000 (03:02 -0500)
commit8e984e6577d7c3c5b1ffa7b46deda644e317574a
treeea5b8abca9f129f4d085108c6538e98a950124f0
parent88a406355c39dd1420cc6272d90063303866638f
KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure

Currently, an SEV-ES guest is terminated if the validation of the VMGEXIT
exit code or exit parameters fails.

The VMGEXIT instruction can be issued from userspace, even though
userspace (likely) can't update the GHCB. To prevent userspace from being
able to kill the guest, return an error through the GHCB when validation
fails rather than terminating the guest. For cases where the GHCB can't be
updated (e.g. the GHCB can't be mapped, etc.), just return back to the
guest.

The new error codes are documented in the lasest update to the GHCB
specification.

Fixes: 2a4a6e417d97 ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <b57280b5562893e2616257ac9c2d4525a9aeeb42.1638471124.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/include/asm/sev-common.h
arch/x86/kvm/svm/sev.c