Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1230880pxb;
        Fri, 21 Jan 2022 12:53:44 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz2LgomiRbYhLBnZzAK1ENPnyE5PvK31kRKzBlcOmkVvZnnTZoDEASNcrSVRRHdt2dI/KP3
X-Received: by 2002:a63:9712:: with SMTP id n18mr4130171pge.594.1642798423955;
        Fri, 21 Jan 2022 12:53:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1642798423; cv=none;
        d=google.com; s=arc-20160816;
        b=XVmieYCAS0/+uWTEa733NbE8CoVgFIS778n/TFrR7uJKlCqpic+sct71b2LtgNCOal
         7vLVlR9I0vSdG0ratAFpfkGaTVWuB1y/OuC9+xa+Av1eSEIGzxJKkmA4esNyG8RsRVCW
         KQQGHTYsx39Jh5gKV7wNlVIkbJiWIDUmvfCLZZb0fdphEzkkXp7o7PGjQC0+y+V5L2Aq
         gOmCJpQQzoz1vAOzhlk9DZbp5T0LyJ7i5h6IlqS0gJkc0NfYOsVrdimyUy+oBuhKXAM+
         QAM8KinBbFkxnO2by1+Ir+GYoslMZ6mj3TCdJvKzypDokEdWvxFSq9Cr+mG1Tvuhmv5Y
         74iQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:reply-to:dkim-signature;
        bh=7/mr3VAZ+GGwhFCFeDChGtplD3crV8sSPlyeJQ/WW78=;
        b=qQw2ZV6RayoM/ZpKM4a1Nv0laNaltkcEI2tflRu9C+g6PPDU1oDIXEvKM0jJaOL4SE
         LNnDKZjH4OYHy5EUEd8FTFLNuLYipM+0Fbt2LAiRhH/SOMilNpsXbo+7PRsVjJHzvou/
         YTQfT6uHZmpNANXh6fro/PsGJszaTwxyNeD+b92EhosUiWshxvR6NLms5/Zi7dNP4S3o
         0yuVVN5k1dW+wYWUtc9PeeDYtq+8jKVG4n/b212TAw181c1LNdbDLByisX1AzN/4R0rH
         4mwCEQQcPW71lgroEkgVeAewkzRZZVkdS3fcTzpewkV09Gwg1i8sYdEAOvavVkNeiayb
         dnpw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="h/W8byg/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id q20si2093575plk.608.2022.01.21.12.53.32;
        Fri, 21 Jan 2022 12:53:43 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="h/W8byg/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1358083AbiATBHg (ORCPT <rfc822;stevenley.huang@gmail.com>
        + 99 others); Wed, 19 Jan 2022 20:07:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49074 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1358059AbiATBH3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Jan 2022 20:07:29 -0500
Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75933C061574
        for <linux-kernel@vger.kernel.org>; Wed, 19 Jan 2022 17:07:29 -0800 (PST)
Received: by mail-pj1-x1049.google.com with SMTP id z3-20020a17090a468300b001b4df1f5a6eso2925655pjf.6
        for <linux-kernel@vger.kernel.org>; Wed, 19 Jan 2022 17:07:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=reply-to:date:in-reply-to:message-id:mime-version:references
         :subject:from:to:cc;
        bh=7/mr3VAZ+GGwhFCFeDChGtplD3crV8sSPlyeJQ/WW78=;
        b=h/W8byg/FWcCNjEgb8CsHlM5dZ+jci1WvPkSRhZu+0zijU22D1Ea30LhYvfuHFqhf2
         XPJYrAjjfiNdXe4hxqzf07LF0Gsp+2SGewdv2xfH9/WY5gpNeaEGrznxKQgdvMaETJUF
         vTG9FTPG4ill1PYBj1T3xmwg0sI1HGrWhcSAy3Dg4/gDrlZzDQ7ev4hMEx4+xiFBzfJ0
         GQWtqnz+VVaF5rbEVyFoj+Sg9aTTwahg3TAb3GQcb9iN+XGdDL0/YEIhjkkqpUO9wn0r
         JGncI/1jztmotAHVBnnfGo3GpunEJ14Mi92O2IBP6n8H6h/dBPSU3DCaWfzfL9q889q1
         AdhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:reply-to:date:in-reply-to:message-id
         :mime-version:references:subject:from:to:cc;
        bh=7/mr3VAZ+GGwhFCFeDChGtplD3crV8sSPlyeJQ/WW78=;
        b=wzhoi0bx6rXTbJh86wg+TPxTwukgKXJSlVNo8jn4BwU8HSXYrtuP4F7diUZjCKziax
         TqpQv7KJYjvk+ImoisTHj0Ikv1JRJNJeY5ujK5R8biWHxZuFqmBNG6U/lpFVEzy8iP6D
         mn3wdGh/rk6tQ5jseXLao9pWi2j+Cv/OzCFvI7orD/9bG6RYQb1kaRVMT+4aJR+NK/BG
         Hg7gppoIKRPRzX7A+6rAs6cA4VPMW4mlRJ3J3HiWAJrU5ZMDLFp6GByO+IojBMtOffcC
         i4Q8Hk2frmXvihA3ZUUrh6PEebU9U6zYvTQYJbysqdrEVfLI4Q++Xz8tCk6NnjEajOD9
         DE3A==
X-Gm-Message-State: AOAM530CrgiFtIuPcDb3XcKbmz7LMhZxZsCh0rk0fAPT99Ifxp3RTCF4
        45nyETFBkLRQRR5w7URPUqqzfavajCk=
X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5])
 (user=seanjc job=sendgmr) by 2002:a05:6a00:13aa:b0:4c1:e99b:2084 with SMTP id
 t42-20020a056a0013aa00b004c1e99b2084mr31574313pfg.19.1642640848679; Wed, 19
 Jan 2022 17:07:28 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Thu, 20 Jan 2022 01:07:13 +0000
In-Reply-To: <20220120010719.711476-1-seanjc@google.com>
Message-Id: <20220120010719.711476-4-seanjc@google.com>
Mime-Version: 1.0
References: <20220120010719.711476-1-seanjc@google.com>
X-Mailer: git-send-email 2.34.1.703.g22d0c6ccf7-goog
Subject: [PATCH 3/9] KVM: SVM: Don't intercept #GP for SEV guests
From:   Sean Christopherson <seanjc@google.com>
To:     Paolo Bonzini <pbonzini@redhat.com>
Cc:     Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Brijesh Singh <brijesh.singh@amd.com>,
        Liam Merwick <liam.merwick@oracle.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Never intercept #GP for SEV guests as reading SEV guest private memory
will return cyphertext, i.e. emulating on #GP can't work as intended.

Cc: stable@vger.kernel.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/svm.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 85703145eb0a..edea52be6c01 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -312,7 +312,11 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer)
 				return ret;
 			}
 
-			if (svm_gp_erratum_intercept)
+			/*
+			 * Never intercept #GP for SEV guests, KVM can't
+			 * decrypt guest memory to workaround the erratum.
+			 */
+			if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm))
 				set_exception_intercept(svm, GP_VECTOR);
 		}
 	}
@@ -1010,9 +1014,10 @@ static void init_vmcb(struct kvm_vcpu *vcpu)
 	 * Guest access to VMware backdoor ports could legitimately
 	 * trigger #GP because of TSS I/O permission bitmap.
 	 * We intercept those #GP and allow access to them anyway
-	 * as VMware does.
+	 * as VMware does.  Don't intercept #GP for SEV guests as KVM can't
+	 * decrypt guest memory to decode the faulting instruction.
 	 */
-	if (enable_vmware_backdoor)
+	if (enable_vmware_backdoor && !sev_guest(vcpu->kvm))
 		set_exception_intercept(svm, GP_VECTOR);
 
 	svm_set_intercept(svm, INTERCEPT_INTR);
-- 
2.34.1.703.g22d0c6ccf7-goog