Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm

From: Paolo Bonzini
Date: Mon Nov 30 2020 - 09:43:30 EST

Next message: Steen Hegelund: "Re: [RFC PATCH 2/3] net: sparx5: Add Sparx5 switchdev driver"
Previous message: Paolo Bonzini: "[PATCH] KVM: x86: adjust SEV for commit 7e8e6eed75e"
In reply to: Ashish Kalra: "Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Next in thread: Ashish Kalra: "Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 29/11/20 10:41, Ashish Kalra wrote:

From: Ashish Kalra <ashish.kalra@xxxxxxx>

This patch breaks SEV guests.

The patch stores current ASID in struct vcpu_svm and only moves it to VMCB in
svm_vcpu_run(), but by doing so, the ASID allocated for SEV guests and setup
in vmcb->control.asid by pre_sev_run() gets over-written by this ASID
stored in struct vcpu_svm and hence, VMRUN fails as SEV guest is bound/activated
on a different ASID then the one overwritten in vmcb->control.asid at VMRUN.

For example, asid#1 was activated for SEV guest and then vmcb->control.asid is
overwritten with asid#0 (svm->asid) as part of this patch in svm_vcpu_run() and
hence VMRUN fails.

Thanks Ashish, I've sent a patch to fix it.

Would it be possible to add a minimal SEV test to tools/testing/selftests/kvm? It doesn't have to do full attestation etc., if you can just write an "out" instruction using SEV_DBG_ENCRYPT and check that you can run it that's enough.

Paolo

Next message: Steen Hegelund: "Re: [RFC PATCH 2/3] net: sparx5: Add Sparx5 switchdev driver"
Previous message: Paolo Bonzini: "[PATCH] KVM: x86: adjust SEV for commit 7e8e6eed75e"
In reply to: Ashish Kalra: "Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Next in thread: Ashish Kalra: "Re: [PATCH v2 1/2] KVM: SVM: Move asid to vcpu_svm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]