Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2171857rwb; Mon, 7 Nov 2022 10:00:22 -0800 (PST) X-Google-Smtp-Source: AMsMyM6qguDtbFFjLr3X0B5a9ezpWO/AJHjsMP7COSYxCLzdT8iL7JRi4k803Ma1wyk2A3Xs1PZh X-Received: by 2002:a17:902:f78c:b0:185:3d6a:7576 with SMTP id q12-20020a170902f78c00b001853d6a7576mr51349910pln.86.1667844022539; Mon, 07 Nov 2022 10:00:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667844022; cv=none; d=google.com; s=arc-20160816; b=rpa5jahzWHud7Z2nc/D4Z0p1W00FbU6845uDKiqH9l2ZHMT4OVwSt0hIoq8AAQMXPt ZHvwOCDwdgaDYfxqC3jkIDsyR4jqeFj5ENEwlfb2J+vjm4DCQGg9fZ/xCAh/1QgzoL55 lzeTF5aX4vSklHOOURlo2svIgm9oKDozbBhdOLLs4rUeAPwMTN6dQilcMZvNnKnmrYiy gLuLoRWZpp/PgMNmrbA3hqOvAKT6uAbv1eg3qr2X3P9/AnRdJCEXl124iQgfqq1eO3ia mK0TG2QqG1lO94EY9rotkwRnvu4BTJeHfiP5Urh2d0yczb+Jg+sjZfFrDIt5eYKGSgbh gl9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=nMbyX3MqszrbcsGtBhTgiGAwzJTeEdIb9t0B7nyorBU=; b=GAllUztAgaKqP3P0K7YVI96U5DIKkieffnHPgbWfs+mHAjdgUMUOwDqwYEOZoEDs5E Xbv2xJkDuXk3dnL9pYztaA0y8haDOL8ph5boPaycKlA+FQeCQj0qRykAcnn2rLn0Seho +gCeQeTOwAZVBjyq6DlW5s68BqGkRT/+Xhu1dE277NCJZB/njhML4lHIGNmxAVd8z+XU SYx4jvC+y492DZwjIGaL1SuCPWDXpCMIIgWIA/RycbNVI/5Aggl1F/vNw3nwx+/R2ZyX X3Da4kblktBcUrgHF43c5fAl4UchM1Lf0DfawftDo99Z7tdq4vZWIJTwQBAeXrMYwHNE i60w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ptht3syH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t6-20020a170902bc4600b00176953fee67si9761498plz.86.2022.11.07.10.00.08; Mon, 07 Nov 2022 10:00:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=Ptht3syH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232550AbiKGRYl (ORCPT + 94 others); Mon, 7 Nov 2022 12:24:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232495AbiKGRYi (ORCPT ); Mon, 7 Nov 2022 12:24:38 -0500 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D2072124D for ; Mon, 7 Nov 2022 09:24:37 -0800 (PST) Received: by mail-lj1-x22e.google.com with SMTP id d20so17327214ljc.12 for ; Mon, 07 Nov 2022 09:24:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nMbyX3MqszrbcsGtBhTgiGAwzJTeEdIb9t0B7nyorBU=; b=Ptht3syHZeOUew2HlM4prrnn1aDaHC4QTa5jJUqw5rtrb6FDzeiaPQsUolv10LANJg vWMWJEs8EnIm6eOegle26LtUVcuY+Uy3/fuaRkQagly2RbFHrH7P4cRNZHwp2Ovf8WfY HmdSTbvYrQInrNQPitbg3aJGuVz52jwtJO9At8/TQnsK5So2UYhv6z1ow87kioxLRtlG TX2UlUwvMy//GoL5pD1qb2sUhU5IoGCDt06xCb2qWb64Vkh+zUfsVJ64frTsNFbIPvOw mvI6P7trCGoUDINKJUgCu8VEOG/oTAHSxKIXjpbjzi7o2SuvJdI2qBd07rr6xCuXBUlB 5uZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nMbyX3MqszrbcsGtBhTgiGAwzJTeEdIb9t0B7nyorBU=; b=uzwi/It64FBSAw5qDBCQ9GPkwcmeON7KYmp1Qa20HRPktVT2frcyqmHsP3FJrQAN2Z 9bKETzxyxotyyRXP6HPiNKLtDFHfivd/IN+H1fbUp64mmGm0q6T5wW2qDs9LkNZ8mV6X 92M8iPIcMUyNEwj/l6/m5d/2TVPKj+8rIg0zEOzA0asZVtbJ2mYQ2ROXYgbNxOcRAspK 7+5WRSq2gICbqtqbJQDG+XWpcaihYGcjXCNBH2SePNRbJ+VXkzDDgySh8QbKIHHQ4hRI AttIkDpB8ENthglbJINkUqr8mBNV5esRAQnywnngX8qG/ebFst3p5EdKxnC1DgqSbpqh 08WQ== X-Gm-Message-State: ACrzQf3Ef3UKzf27EshXnF9hbGeYJrMMoFJD73hk8KeswMcSnLtymb9/ n3kuZzuESlTs6kkZUqe+LYBjqnizJC5rCUEznK3M9g== X-Received: by 2002:a05:651c:104e:b0:277:10b2:47e5 with SMTP id x14-20020a05651c104e00b0027710b247e5mr5564675ljm.502.1667841875085; Mon, 07 Nov 2022 09:24:35 -0800 (PST) MIME-Version: 1.0 References: <20221104230040.2346862-1-dionnaglaze@google.com> <20221104230040.2346862-5-dionnaglaze@google.com> In-Reply-To: From: Peter Gonda Date: Mon, 7 Nov 2022 10:24:23 -0700 Message-ID: Subject: Re: [PATCH v8 4/4] virt: sev-guest: interpret VMM errors from guest request To: Dionna Glaze Cc: linux-kernel@vger.kernel.org, x86@kernel.org, Tom Lendacky , Borislav Petkov , Liam Merwick , Yang Yingliang , Haowen Bai Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 4, 2022 at 7:33 PM Peter Gonda wrote: > > On Fri, Nov 4, 2022 at 5:01 PM Dionna Glaze wrote: > > > > The GHCB specification states that the upper 32 bits of exitinfo2 are > > for the VMM's error codes. The sev-guest ABI has already locked in > > that the fw_err status of the input will be 64 bits, and that > > BIT_ULL(32) means that the extended guest request's data buffer was too > > small, so we have to keep that ABI. > > > > We can still interpret the upper 32 bits of exitinfo2 for the user > > anyway in case the request gets throttled. For safety, since the > > encryption algorithm in GHCBv2 is AES_GCM, we cannot return to user > > space without having completed the request with the current sequence > > number. If we were to return and the guest were to make another request > > but with different message contents, then that would be IV reuse. > > > > When throttled, the driver will reschedule itself and then try > > again after sleeping half its ratelimit time to avoid a big wait queue. > > The ioctl may block indefinitely, but that has always been the case > > when deferring these requests to the host. > > > > Cc: Tom Lendacky > > Cc: Peter Gonda > > Cc: Borislav Petkov > > Cc: Tom Lendacky > > Cc: Liam Merwick > > Cc: Yang Yingliang > > Cc: Haowen Bai > > > > Signed-off-by: Dionna Glaze > > Reviewed-by: Peter Gonda Tested-by: Peter Gonda Tested with the host throttling patches you shared offlist. Used a pretty restrictive rate limit to ensure I the hit the limit during testing.