git.samba.org - sfrench/cifs-2.6.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Thu, 2 Dec 2021 18:52:05 +0000 (12:52 -0600)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Sun, 5 Dec 2021 08:02:04 +0000 (03:02 -0500)
commit	ad5b353240c8837109d1bcc6c3a9a501d7f6a960
tree	ea5b8abca9f129f4d085108c6538e98a950124f0	tree
parent	a655276a594978a4887520c1241cf6ac49d6230b	commit \| diff

KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure

Currently, an SEV-ES guest is terminated if the validation of the VMGEXIT
exit code or exit parameters fails.

The VMGEXIT instruction can be issued from userspace, even though
userspace (likely) can't update the GHCB. To prevent userspace from being
able to kill the guest, return an error through the GHCB when validation
fails rather than terminating the guest. For cases where the GHCB can't be
updated (e.g. the GHCB can't be mapped, etc.), just return back to the
guest.

The new error codes are documented in the lasest update to the GHCB
specification.

Fixes: 291bd20d5d88 ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT")
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <b57280b5562893e2616257ac9c2d4525a9aeeb42.1638471124.git.thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/sev-common.h		diff \| blob \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| history