Skip to content

Commit d26638b

Browse files
sean-jcsean-jc
committed
KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
If KVM rejects an AP Creation event, leave the target vCPU state as-is. Nothing in the GHCB suggests the hypervisor is *allowed* to muck with vCPU state on failure, let alone required to do so. Furthermore, kicking only in the !ON_INIT case leads to divergent behavior, and even the "kick" case is non-deterministic. E.g. if an ON_INIT request fails, the guest can successfully retry if the fixed AP Creation request is made prior to sending INIT. And if a !ON_INIT fails, the guest can successfully retry if the fixed AP Creation request is handled before the target vCPU processes KVM's KVM_REQ_UPDATE_PROTECTED_GUEST_STATE. Fixes: e366f92 ("KVM: SEV: Support SEV-SNP AP Creation NAE event") Cc: stable@vger.kernel.org Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Pankaj Gupta <pankaj.gupta@amd.com> Link: https://lore.kernel.org/r/20250227012541.3234589-5-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
1 parent 72d1271 commit d26638b

File tree

1 file changed

+6
-7
lines changed

1 file changed

+6
-7
lines changed

arch/x86/kvm/svm/sev.c

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3963,16 +3963,12 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm)
39633963

39643964
/*
39653965
* The target vCPU is valid, so the vCPU will be kicked unless the
3966-
* request is for CREATE_ON_INIT. For any errors at this stage, the
3967-
* kick will place the vCPU in an non-runnable state.
3966+
* request is for CREATE_ON_INIT.
39683967
*/
39693968
kick = true;
39703969

39713970
mutex_lock(&target_svm->sev_es.snp_vmsa_mutex);
39723971

3973-
target_svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;
3974-
target_svm->sev_es.snp_ap_waiting_for_reset = true;
3975-
39763972
/* Interrupt injection mode shouldn't change for AP creation */
39773973
if (request < SVM_VMGEXIT_AP_DESTROY) {
39783974
u64 sev_features;
@@ -4018,20 +4014,23 @@ static int sev_snp_ap_creation(struct vcpu_svm *svm)
40184014
target_svm->sev_es.snp_vmsa_gpa = svm->vmcb->control.exit_info_2;
40194015
break;
40204016
case SVM_VMGEXIT_AP_DESTROY:
4017+
target_svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;
40214018
break;
40224019
default:
40234020
vcpu_unimpl(vcpu, "vmgexit: invalid AP creation request [%#x] from guest\n",
40244021
request);
40254022
ret = -EINVAL;
4026-
break;
4023+
goto out;
40274024
}
40284025

4029-
out:
4026+
target_svm->sev_es.snp_ap_waiting_for_reset = true;
4027+
40304028
if (kick) {
40314029
kvm_make_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, target_vcpu);
40324030
kvm_vcpu_kick(target_vcpu);
40334031
}
40344032

4033+
out:
40354034
mutex_unlock(&target_svm->sev_es.snp_vmsa_mutex);
40364035

40374036
return ret;

0 commit comments

Comments
 (0)