Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1004921pxb; Wed, 6 Apr 2022 06:31:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLax8LZ5plH6/5/eilrULWPC2I93+UaIKXnQIH2yIAK0cFtFTmjOdvjE3XVAjENp8MJMxz X-Received: by 2002:a17:90a:c302:b0:1bd:14ff:15 with SMTP id g2-20020a17090ac30200b001bd14ff0015mr10083139pjt.19.1649251901385; Wed, 06 Apr 2022 06:31:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649251901; cv=none; d=google.com; s=arc-20160816; b=WaUVGzk4GweU/YWECJSAzrFkkQ0x12Sk2fQXKEpZKndD2yH5j/SPzsf4ht4ahbl2qf lL2jhpKG3npGdCr2oykfpi2VN3+O3nqj2z3dc12gWg4oJdvKpPCMKarrn3oOH3o/bxaZ HJdNCIam+TCFAP9xXmdWJIlreRdNCir+W8kP350Caf9ZrEC6d89e8v8PaPg2+TGhCeAW 5WHjg2rwtNbSxyLTfaoPzl+yvKJyJfYV3kIuT9aKDqboS6FvEdojKDmBGTcWYDqaUTBf djua4cuwWvh0iZhlmfzuG6XZtDyxd2T8rQKW1dpFbIE/kpaxmw2cd9FYxHZdQe8wg0qf kK2w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=93hqF3zu4zfws/pXFt3afJAAZFw6d9ShnYeFOPkrFgM=; b=BbynosvVUd1VplpfS5RgJ2Zz6Dvw7vOI9yzWKszw4E3U8uPJS0+/LEW4cmi4T4D5zf CrTObyURfnogbhEPnbbSYTfVMLo3WROhEd6IuobgMJ9teY30gTffUUrfk4TRbKnVMvc9 iNO9y7Kk/V3gss/YsTMD9ddUAmcf1bfdT7RO07/PIueVqztjEoRuKFJWFIZWGdFZl9AR erzA7+i3yL+AOmgr/HcZhd0XgXpMoA+sHInjH8ELJZ8TBQiyyjSLr5vhZarYOX7IkXsb FFy0sZkRR6dNOivpYqsBzUH7pLraJWawRA+MHelpuvP9wSst1iekevgWaEIMbH1h2mcz hupA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rLsbGoMa; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id o4-20020a656a44000000b003994c5a213fsi7714360pgu.470.2022.04.06.06.31.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 06:31:41 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=rLsbGoMa; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6940F5D0D14; Wed, 6 Apr 2022 04:10:06 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1850642AbiDFCyW (ORCPT + 99 others); Tue, 5 Apr 2022 22:54:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44018 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1838546AbiDFAwK (ORCPT ); Tue, 5 Apr 2022 20:52:10 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E02CC19C593 for ; Tue, 5 Apr 2022 15:57:01 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id kw18so856505pjb.5 for ; Tue, 05 Apr 2022 15:57:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=93hqF3zu4zfws/pXFt3afJAAZFw6d9ShnYeFOPkrFgM=; b=rLsbGoMaSw/NaYYVVLR3+f4CrDv+UXu6+WPoFRLbCoyBXn9XKGoz3l2vLGcQ68TijN +LdId9cQ67lLczOBjrrBvLOQSantj9vPoPKEUpVaqIspK76UFiDz/zCzXqf81M5R2Jt5 ghI6qqteOKSO7JqMiUPpfrpe4Gly17dh4yIvAqyiIXR5PEUNO8gcDkrcrIiRHdwio3bZ 3+y0ubNu0Kt66Z+CLfP5a/bgYdsJCG+CUUfr0b8nC1ECsHEv2+ZdAyg4ys/+NyZEHgle Nxb4P1JGgpH8YmeMtOFMcOajAHOxRhj8maCFDHH1y++veu5DsG2Acrvt+iRgPpUZ3hr6 le1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=93hqF3zu4zfws/pXFt3afJAAZFw6d9ShnYeFOPkrFgM=; b=I8xxr3PszKk+KZJ6D4nNr2gU0+IWgxwdq/uHw//Eb2CLiTOCDtBwnOOCqj1lmHxIcl 7aVWJ99lOnJiMp7Iyp7xaaaS2Zg7E+ZJPAbXeASoJI4065fn0e5mhVG8zPC2VoqKsLMw ZZZ/Ao8QAA38w4jxfkpToUV8v5BskFsF4fipzCvXHqFSyhucGtDYwKrVUovPxS3XJn4K OmlgU0Djtd8nJvUHkQ3+UKqo0+ghuZMK0dciz5DcuNMaia6uxQyU0yPgXOCwkCcPxnLE +m/d50opYH29A4KvnmuzMyO6U4qxZqC5PAuuVJhE61FrHD+/Zp3zhpObj+aLjvETv2l9 38QQ== X-Gm-Message-State: AOAM5319ihgKdCMAYTCRlNVtgw3vIgKQiuuzRWFg1p8FMdnWitleCqCh oaB0W/WFjZ6RfdOcMDImf9usSg== X-Received: by 2002:a17:902:e750:b0:154:5672:b918 with SMTP id p16-20020a170902e75000b001545672b918mr5529963plf.43.1649199420667; Tue, 05 Apr 2022 15:57:00 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id j13-20020a17090a840d00b001ca89db9e6esm3539167pjn.19.2022.04.05.15.56.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Apr 2022 15:57:00 -0700 (PDT) Date: Tue, 5 Apr 2022 22:56:55 +0000 From: Sean Christopherson To: Peter Gonda Cc: kvm@vger.kernel.org, Vitaly Kuznetsov , Borislav Petkov , Tom Lendacky , Brijesh Singh , Joerg Roedel , Marc Orr , linux-kernel@vger.kernel.org Subject: Re: [PATCH V4] KVM, SEV: Add KVM_EXIT_SYSTEM_EVENT metadata for SEV-ES Message-ID: References: <20220405183506.2138403-1-pgonda@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220405183506.2138403-1-pgonda@google.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 05, 2022, Peter Gonda wrote: > SEV-ES guests can request termination using the GHCB's MSR protocol. See > AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a > guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL) s/EVINAL/EINVAL > return code from KVM_RUN. By adding a KVM_EXIT_SYSTEM_EVENT to kvm_run > struct the userspace VMM can clearly see the guest has requested a SEV-ES > termination including the termination reason code set and reason code. Nit, phrase that last part as a command, nowhere in the changelog is it actually stated that the patch converts to use KVM_EXIT_SYSTEM_EVENT. And my personal preference is to lead with the "what", especially when there's already a fair amount of assumed knowledge, e.g. someone that's familiar with SEV-ES probably already knows the guest can request termination, or at least won't be surprised by the news, whereas leading with the SEV-ES and GHCB info is just going to add to the confusion of someone who's clueless about SEV-ES. If an SEV-ES guest requests termination, exit to userspace with KVM_EXIT_SYSTEM_EVENT and a dedicated SEV_TERM type instead of -EINVAL so that userspace can take appropriate action. See AMD's GHCB spec section '4.1.13 Termination Request' for more details. > Signed-off-by: Peter Gonda > Suggested-by: Sean Christopherson > Cc: Vitaly Kuznetsov > Cc: Borislav Petkov > Cc: Tom Lendacky > Cc: Brijesh Singh > Cc: Joerg Roedel > Cc: Marc Orr > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > > --- > > V4 > * Switch to using KVM_SYSTEM_EVENT exit reason. > > V3 > * Add Documentation/ update. > * Updated other KVM_EXIT_SHUTDOWN exits to clear ndata and set reason > to KVM_SHUTDOWN_REQ. > > V2 > * Add KVM_CAP_EXIT_SHUTDOWN_REASON check for KVM_CHECK_EXTENSION. > > Tested by making an SEV-ES guest call sev_es_terminate() with hardcoded > reason code set and reason code and then observing the codes from the > userspace VMM in the kvm_run.system_event fields. > > --- > arch/x86/kvm/svm/sev.c | 7 +++++-- > include/uapi/linux/kvm.h | 1 + > 2 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 75fa6dd268f0..039b241a9fb5 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -2735,8 +2735,11 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) > pr_info("SEV-ES guest requested termination: %#llx:%#llx\n", > reason_set, reason_code); > > - ret = -EINVAL; > - break; > + vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN; Wrong exit reason. > + vcpu->run->system_event.type = KVM_SYSTEM_EVENT_SEV_TERM; > + vcpu->run->system_event.flags = control->ghcb_gpa; > + > + return 0; > } > default: > /* Error, keep GHCB MSR value as-is */ > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 8616af85dc5d..d9d24db12930 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -444,6 +444,7 @@ struct kvm_run { > #define KVM_SYSTEM_EVENT_SHUTDOWN 1 > #define KVM_SYSTEM_EVENT_RESET 2 > #define KVM_SYSTEM_EVENT_CRASH 3 > +#define KVM_SYSTEM_EVENT_SEV_TERM 4 > __u32 type; > __u64 flags; @type isn't properly padded, so this needs to be changed when using flags. And we definitely want to grab more room than just a single u64. Per Paolo and I's combined powers[*], use bit 31 of the type to enumerate that ndata is valid, and then change the sub-struct to: struct { #define KVM_SYSTEM_EVENT_SHUTDOWN 1 #define KVM_SYSTEM_EVENT_RESET 2 #define KVM_SYSTEM_EVENT_CRASH 3 #define KVM_SYSTEM_EVENT_SEV_TERM 4 #define KVM_SYSTEM_EVENT_NDATA_VALID (1u << 31) __u32 type; __u32 ndata; __u64 data[16]; } system_event; [*] https://lore.kernel.org/all/e0285020-49d9-8168-be4d-90940a30a048@redhat.com > } system_event; > -- > 2.35.1.1094.g7c7d902a7c-goog >