[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2e2e6161-9f65-4939-8061-83bf71810076@amd.com>
Date: Tue, 1 Oct 2024 15:59:37 +0700
From: "Suthikulpanit, Suravee" <suravee.suthikulpanit@....com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, pbonzini@...hat.com,
david.kaplan@....com
Subject: Re: [PATCH] KVM: SVM: Disable AVIC on SNP-enabled system without
HvInUseWrAllowed feature
Hi Sean,
On 9/30/2024 11:04 PM, Sean Christopherson wrote:
> On Mon, Sep 30, 2024, Suravee Suthikulpanit wrote:
>> On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while
>> the guest is running for both secure and non-secure guest. This causes
>> any attempts to modify the RMP entries for the backing page to result in
>> FAIL_INUSE response. This is to ensure that the AVIC backing page is not
>> maliciously assigned to an SNP guest while the unencrypted guest is active.
>>
>> Currently, an attempt to run AVIC guest would result in the following error:
>>
>> BUG: unable to handle page fault for address: ff3a442e549cc270
>> #PF: supervisor write access in kernel mode
>> #PF: error_code(0x80000003) - RMP violation
>> PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163
>> SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00]
>> ...
> This should be "fixed" by commit 75253db41a46 ("KVM: SEV: Make AVIC backing, VMSA
> and VMCB memory allocation SNP safe"), no?
The commit 75253db41a46 fixes another issue related to 2MB-aligned
in-use page, where the CPU incorrectly treats the whole 2MB region as
in-use and signal an RMP violation #PF.
This enhancement is mainly to allow hypervisor to write to the AVIC
backing page of non-secure guest on SNP-enabled system.
Note: This change might need to be ported to stable 6.9, 6.10, and 6.11
tree as well.
Thanks,
Suravee
Powered by blists - more mailing lists