Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3554070pxb; Mon, 9 Nov 2020 14:30:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJw+qwNIsvacrV998BT7eSW4AJBUs0ZWnqvZQPdsMxDqMON9HwezRSrBt70g1Y2a+pdEXHQZ X-Received: by 2002:a17:906:1c84:: with SMTP id g4mr18148529ejh.155.1604961003057; Mon, 09 Nov 2020 14:30:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1604961003; cv=pass; d=google.com; s=arc-20160816; b=cx53m0In9yaBDBnmD0lWy6ZgBc0ILPDZQTKxPbu6oeMhwqWatys2HL4ajHP1wivX+g 6KIgEmvsxX/+5kC//TJbzM1FIqQTZvX8E4aLI/ouKUgTqSv3Eldnrg66yiOyULDZtyWa 7ltFpagIO2TNOMfctqu/BXnHDWM/YrURCzJNRZJNXA2CDuj5KkmJtAqzCWQVg6QPNsR6 SzZKddLSoYmtw347G9VNJB5K9cCeQvck0nnYE6Xctptmisg0qFmLs73XbYWzfSiTXRCu FbywUd4EfxUGzi/8XP2OYGZ8Tj0HNBcEM2UE3v9RO/2eCZkCvmasA/Rvo9r66KySsj20 jNsQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xCPd1cemga2nT9Mliq6eEgmXXXeJRbwSStRGkT1lprA=; b=xirDbqu2cT0lLm8q4igv3RvbSRT+fSKMnDPerTfRuyu0tgiRhP/JqRJfKPgyARdO8v 11UlEh9cdmPOY7BIk0joMk5tLOJUkKb7KS3vSeTNE+7Cs2C8cpZQAMhmSCcjXikk77mX kqPVRnZbpcxlcu9gTcyG4ORUKQkfbxlFJJKPYHu8zdW5YreNQby9Q/tM/NJ4X18XAiIn naY/w6fWVA1dgF3C9ie0aR1rhxxPPxry8XLPCXLVizaXeppGhU0w9Tf1qLc1ntPZnutQ 1Api1q5LmK5IFS10Qa5Z60+5FoRjY2tAWlktkkflvndsieBiOsVWO+puIYPlfkdvgZFL 0wqQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=XeoYasc8; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i25si5808460edy.223.2020.11.09.14.29.40; Mon, 09 Nov 2020 14:30:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@amdcloud.onmicrosoft.com header.s=selector2-amdcloud-onmicrosoft-com header.b=XeoYasc8; arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731400AbgKIW1i (ORCPT + 99 others); Mon, 9 Nov 2020 17:27:38 -0500 Received: from mail-bn8nam12on2050.outbound.protection.outlook.com ([40.107.237.50]:28320 "EHLO NAM12-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1729336AbgKIW1h (ORCPT ); Mon, 9 Nov 2020 17:27:37 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iz31hr6MLvf6RERzm2HcXdm4wT9ftVWL6DJMD/9tAz8hOOXmvutql52OucuuuwTCRmXGU9hKs7o6AUxCi9flLfllY1fYW+x2JDK8oQZ1LC83WGzaLiNZgJ0NDNgDu0t1kncsA2vlSh9Pf6bgpIjzK1S48pzDKv1aGxvFbDFCY3FVJnK3GbJVU5/FqKf2zLBJhFSRXuyP+sc5QUdzUz1qer5QC8lCyPRRWzZIPfw6L9TxQSZjoGYU4wGTKgT48ViyACUauqakoZDnBUtuf1my4wGvD7sl6KW9zfgPLk6PR2bHjpQAqIZ13vRPDB5JxYKbK3Z8KtuST63EuXg/xTqjng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCPd1cemga2nT9Mliq6eEgmXXXeJRbwSStRGkT1lprA=; b=AHI16du0i8HJ+xLASPvIooags3wVoyTpzGPA+7ooDeXZg1V41XTOiDgBtOnJVVdZm6trgnDyIwt9c9Mt8RJZDtItLWrw/masgB4jS9Oee40csVnl+Yg2pEpRXNgnTHDcrm5zHLHz3bjVdSyeznARuaEeUCGfVmEAzxWN65UA2Lrs5Yi3e4q9BHM2mQ2pJ8qn9p+KpwTCqdxDC9yqT6MupKAajW/ViBRf0XqZGnvwrvNFphEEhefqfZbg/1smVI/DmctAdUEYp/uNzY/0F4k7xIvsD/uwSKgApPgSTWBl7uIuLXeAEmxLydPTCokV7NRpymVXURPYvNfWqe+c6l7FIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector2-amdcloud-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xCPd1cemga2nT9Mliq6eEgmXXXeJRbwSStRGkT1lprA=; b=XeoYasc8oTXsXxrBbB/DsPQTcF5OrzEi+i5WqWpftGCQjVlhrs8vkRFWOcNmXYdicU++ejSXB1kpnw+kCCoItgHTHVVd5izB69nDP9m6y0abayx1IfTJ/2lD0Ogz7WPMgIF9LvPCnjYV+J88TLdhGfCH8OUhelLRtY3Tlhozd38= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Received: from DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) by DM6PR12MB4058.namprd12.prod.outlook.com (2603:10b6:5:21d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21; Mon, 9 Nov 2020 22:27:34 +0000 Received: from DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::e442:c052:8a2c:5fba]) by DM5PR12MB1355.namprd12.prod.outlook.com ([fe80::e442:c052:8a2c:5fba%6]) with mapi id 15.20.3499.032; Mon, 9 Nov 2020 22:27:34 +0000 From: Tom Lendacky To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Paolo Bonzini , Jim Mattson , Joerg Roedel , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Borislav Petkov , Ingo Molnar , Thomas Gleixner , Brijesh Singh Subject: [PATCH v3 10/34] KVM: SVM: Cannot re-initialize the VMCB after shutdown with SEV-ES Date: Mon, 9 Nov 2020 16:25:36 -0600 Message-Id: X-Mailer: git-send-email 2.28.0 In-Reply-To: References: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: DM5PR07CA0025.namprd07.prod.outlook.com (2603:10b6:3:16::11) To DM5PR12MB1355.namprd12.prod.outlook.com (2603:10b6:3:6e::7) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from tlendack-t1.amd.com (165.204.77.1) by DM5PR07CA0025.namprd07.prod.outlook.com (2603:10b6:3:16::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3541.21 via Frontend Transport; Mon, 9 Nov 2020 22:27:33 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 33452629-1fe2-4b4f-d6c1-08d884fea7aa X-MS-TrafficTypeDiagnostic: DM6PR12MB4058: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4502; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: p0SD/zjUXzAo3GXbywdS78hsAHTOMos6TzJdfL3qUafkROslG6Djin23QV8tAM0WaIdJZytMtDakOdG+I0jvmo96+iSX58M8IU+HdXCi7rMYx9cIP9d1VZr+1Z7EkjQ0wNfjabHFjoxEiT9By0DpMcE8qa9OJwIw38NVmagZxxA2LbgM4zbgp//KtikJpvNrIp8Se0O6k550rLREgxDLkBpKmBR3f5XmUR6HCzroGPPe6tiERVtRItjY/Iwwry0IyP+nCmJrFMJfbwNyYmCeYt1h9hmNTkHXB3fztJUzaxfDKA5zhmbDX+DR37+a5vmu X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR12MB1355.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(346002)(376002)(396003)(136003)(39860400002)(366004)(4744005)(2616005)(956004)(8676002)(16526019)(54906003)(316002)(86362001)(4326008)(26005)(8936002)(7416002)(36756003)(5660300002)(52116002)(7696005)(66556008)(66476007)(66946007)(6486002)(478600001)(2906002)(186003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: 0MF/GGeIYxTc3lamnPJ72veuFgHk4traMsByADC7DdGpUnwM9OIFRAp4G+ak8JRikjcfPewRPtF8bA4TK0TlecqGYpSGWV+YnmWN+urktypKR00UVeWDSpK9RTR4ESXT6cxG19rErPyaYNCd7LuAVpHDxBUkuKTTU81tmNp7pHqb7pEIl9sVFp7RXRpQipZ2PGabiFj3hIcqZk+8b968KK0FLW7ShQbfAZA1vRNBCYWbfyzfKlBWfhOjnpLYDxwrAHhHfiRvnRYeSMGoYjU6cN83k9DIH8P7ngwqGI6ptTpOL7yFo6yxD84g6Petc2K4kity3reXRGkNAgffVSrQQTz70boiabKG4gufivdolcHFGdMEiV8eFJKHyerXI7Mw9dqSMHARrHPrZB4phwHrBq0ar0iotg/QKyGzOoJanGzP+BMf65GcLpZ8D2wWTqBoVZRTrkWahFi9pyYmZzJ/luoJ0qZi2XBTU3FLOf/pRtcd0YBJlAkBcdBoYsTXbcbn7VdYJETfpnX2KREsZauqHwj7B16+13SuID3xsT1okI9OtZ83rrZPxyauZIrpQn/INYw/ZnqSmDM1SSigrdJXH38DBwzPACLvHCYZ50tkhi/CycpMn8wGkRBL5Uk91ZZhxFVoj5/H/22SoPjEfQ4Z/A== X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: 33452629-1fe2-4b4f-d6c1-08d884fea7aa X-MS-Exchange-CrossTenant-AuthSource: DM5PR12MB1355.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Nov 2020 22:27:34.4495 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dj2XXpPMFeOHpgeZiu1ePPyqxxX7Lh+3mNc5h362vwbB2FpSpUurL3GTFfUzZlQVD4cQfFWUxDkdvYrkoyckCw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4058 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tom Lendacky When a SHUTDOWN VMEXIT is encountered, normally the VMCB is re-initialized so that the guest can be re-launched. But when a guest is running as an SEV-ES guest, the VMSA cannot be re-initialized because it has been encrypted. For now, just return -EINVAL to prevent a possible attempt at a guest reset. Signed-off-by: Tom Lendacky --- arch/x86/kvm/svm/svm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0e5f83912b56..f353039e54b6 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2026,6 +2026,13 @@ static int shutdown_interception(struct vcpu_svm *svm) { struct kvm_run *kvm_run = svm->vcpu.run; + /* + * The VM save area has already been encrypted so it + * cannot be reinitialized - just terminate. + */ + if (sev_es_guest(svm->vcpu.kvm)) + return -EINVAL; + /* * VMCB is undefined after a SHUTDOWN intercept * so reinitialize it. -- 2.28.0