KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure - kernel/linux.git

diff options

author	Tom Lendacky <thomas.lendacky@amd.com>	2021-12-02 21:52:05 +0300
committer	Paolo Bonzini <pbonzini@redhat.com>	2021-12-05 11:02:04 +0300
commit	ad5b353240c8837109d1bcc6c3a9a501d7f6a960 (patch)
tree	ea5b8abca9f129f4d085108c6538e98a950124f0 /net/netlink
parent	a655276a594978a4887520c1241cf6ac49d6230b (diff)
download	linux-ad5b353240c8837109d1bcc6c3a9a501d7f6a960.tar.xz

KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure

Currently, an SEV-ES guest is terminated if the validation of the VMGEXIT exit code or exit parameters fails. The VMGEXIT instruction can be issued from userspace, even though userspace (likely) can't update the GHCB. To prevent userspace from being able to kill the guest, return an error through the GHCB when validation fails rather than terminating the guest. For cases where the GHCB can't be updated (e.g. the GHCB can't be mapped, etc.), just return back to the guest. The new error codes are documented in the lasest update to the GHCB specification. Fixes: 291bd20d5d88 ("KVM: SVM: Add initial support for a VMGEXIT VMEXIT") Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Message-Id: <b57280b5562893e2616257ac9c2d4525a9aeeb42.1638471124.git.thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'net/netlink')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: