On 3/21/22 16:02, Peter Gonda wrote:
> SEV-ES guests can request termination using the GHCB's MSR protocol. See
> AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a
> guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL)
> return code from KVM_RUN. By adding a KVM_EXIT_SHUTDOWN_ENTRY to kvm_run
> struct the userspace VMM can clearly see the guest has requested a SEV-ES
> termination including the termination reason code set and reason code.
>
> Signed-off-by: Peter Gonda <[email protected]>
> Cc: Borislav Petkov <[email protected]>
> Cc: Tom Lendacky <[email protected]>
> Cc: Brijesh Singh <[email protected]>
> Cc: Joerg Roedel <[email protected]>
> Cc: Marc Orr <[email protected]>
> Cc: Sean Christopherson <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
Looks good, but it has to also add a capability.
> + /* KVM_EXIT_SHUTDOWN_ENTRY */
Just KVM_EXIT_SHUTDOWN.
Paolo
> + struct {
> + __u64 reason;
> + __u32 ndata;
> + __u64 data[16];
> + } shutdown;
> /* KVM_EXIT_FAIL_ENTRY */
> struct {
> __u64 hardware_entry_failure_reason;
On Mon, Mar 21, 2022 at 9:27 AM Paolo Bonzini <[email protected]> wrote:
>
> On 3/21/22 16:02, Peter Gonda wrote:
> > SEV-ES guests can request termination using the GHCB's MSR protocol. See
> > AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a
> > guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL)
> > return code from KVM_RUN. By adding a KVM_EXIT_SHUTDOWN_ENTRY to kvm_run
> > struct the userspace VMM can clearly see the guest has requested a SEV-ES
> > termination including the termination reason code set and reason code.
> >
> > Signed-off-by: Peter Gonda <[email protected]>
> > Cc: Borislav Petkov <[email protected]>
> > Cc: Tom Lendacky <[email protected]>
> > Cc: Brijesh Singh <[email protected]>
> > Cc: Joerg Roedel <[email protected]>
> > Cc: Marc Orr <[email protected]>
> > Cc: Sean Christopherson <[email protected]>
> > Cc: [email protected]
> > Cc: [email protected]
>
> Looks good, but it has to also add a capability.
Thanks for the quick review! Just so I understand. I should add
KVM_CAP_SEV_TERM or something, then if that has been enabled do the
new functionality, else keep the old functionality?
>
> > + /* KVM_EXIT_SHUTDOWN_ENTRY */
>
> Just KVM_EXIT_SHUTDOWN.
>
Will do.
On 3/21/22 16:42, Peter Gonda wrote:
> On Mon, Mar 21, 2022 at 9:27 AM Paolo Bonzini <[email protected]> wrote:
>>
>> On 3/21/22 16:02, Peter Gonda wrote:
>>> SEV-ES guests can request termination using the GHCB's MSR protocol. See
>>> AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a
>>> guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL)
>>> return code from KVM_RUN. By adding a KVM_EXIT_SHUTDOWN_ENTRY to kvm_run
>>> struct the userspace VMM can clearly see the guest has requested a SEV-ES
>>> termination including the termination reason code set and reason code.
>>>
>>> Signed-off-by: Peter Gonda <[email protected]>
>>> Cc: Borislav Petkov <[email protected]>
>>> Cc: Tom Lendacky <[email protected]>
>>> Cc: Brijesh Singh <[email protected]>
>>> Cc: Joerg Roedel <[email protected]>
>>> Cc: Marc Orr <[email protected]>
>>> Cc: Sean Christopherson <[email protected]>
>>> Cc: [email protected]
>>> Cc: [email protected]
>>
>> Looks good, but it has to also add a capability.
>
> Thanks for the quick review! Just so I understand. I should add
> KVM_CAP_SEV_TERM or something, then if that has been enabled do the
> new functionality, else keep the old functionality?
No, much simpler; just something for which KVM_CHECK_EXTENSION returns
1, so that userspace knows that there is a "shutdown" member to be
filled by KVM_EXIT_SHUTDOWN. e.g. KVM_CAP_EXIT_SHUTDOWN_REASON.
Paolo
On Mon, Mar 21, 2022 at 11:08 AM Paolo Bonzini <[email protected]> wrote:
>
> On 3/21/22 16:42, Peter Gonda wrote:
> > On Mon, Mar 21, 2022 at 9:27 AM Paolo Bonzini <[email protected]> wrote:
> >>
> >> On 3/21/22 16:02, Peter Gonda wrote:
> >>> SEV-ES guests can request termination using the GHCB's MSR protocol. See
> >>> AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a
> >>> guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL)
> >>> return code from KVM_RUN. By adding a KVM_EXIT_SHUTDOWN_ENTRY to kvm_run
> >>> struct the userspace VMM can clearly see the guest has requested a SEV-ES
> >>> termination including the termination reason code set and reason code.
> >>>
> >>> Signed-off-by: Peter Gonda <[email protected]>
> >>> Cc: Borislav Petkov <[email protected]>
> >>> Cc: Tom Lendacky <[email protected]>
> >>> Cc: Brijesh Singh <[email protected]>
> >>> Cc: Joerg Roedel <[email protected]>
> >>> Cc: Marc Orr <[email protected]>
> >>> Cc: Sean Christopherson <[email protected]>
> >>> Cc: [email protected]
> >>> Cc: [email protected]
> >>
> >> Looks good, but it has to also add a capability.
> >
> > Thanks for the quick review! Just so I understand. I should add
> > KVM_CAP_SEV_TERM or something, then if that has been enabled do the
> > new functionality, else keep the old functionality?
>
> No, much simpler; just something for which KVM_CHECK_EXTENSION returns
> 1, so that userspace knows that there is a "shutdown" member to be
> filled by KVM_EXIT_SHUTDOWN. e.g. KVM_CAP_EXIT_SHUTDOWN_REASON.
Makes sense, thanks for help. Will do for V2.
>
> Paolo
>