Re: [PATCH kernel 5/9] KVM: SVM/SEV/SEV-ES: Rework intercepts

From: Sean Christopherson
Date: Fri Jun 30 2023 - 17:49:25 EST

Next message: Bjorn Helgaas: "Re: [PATCH V5 1/3] Move and rename error interrupt bits to a common header."
Previous message: Matthew Wilcox: "Re: [PATCH] fs: Optimize unixbench's file copy test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 15, 2023, Alexey Kardashevskiy wrote:
> @@ -2976,6 +2977,16 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm)
> svm_set_intercept(svm, TRAP_CR4_WRITE);
> svm_set_intercept(svm, TRAP_CR8_WRITE);
>
> + /*
> + * DR7 access must remain intercepted for an SEV-ES guest to disallow
> + * the guest kernel set up a #DB on memory that's needed to vector a #DB
> + * as otherwise the CPU gets stuck in an infinite #DB loop.
> + */

This isn't correct. Letting the guest configuring breakpoints would be weird
and nonsensical, but it wouldn't lead to infinite #DBs so long as KVM intercepts
#DB.

KVM intercepts DR7 when DebugSwap isn't enabled because otherwise KVM has no way
of context switching DR[0-3] for the guest. At least, I assume that's the case,
AFAICT the APM never actually says what happens with DR[0-3] when DebugSwap is
disabled.

Next message: Bjorn Helgaas: "Re: [PATCH V5 1/3] Move and rename error interrupt bits to a common header."
Previous message: Matthew Wilcox: "Re: [PATCH] fs: Optimize unixbench's file copy test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]