Re: [PATCH Part2 RFC v2 36/37] KVM: SVM: Provide support for SNP_GUEST_REQUEST NAE event
From: Sean Christopherson
Date: Mon May 10 2021 - 17:18:11 EST
On Mon, May 10, 2021, Brijesh Singh wrote:
>
> On 5/10/21 1:57 PM, Peter Gonda wrote:
> >> +e_fail:
> >> + ghcb_set_sw_exit_info_2(ghcb, rc);
> >> + return;
> >> +
> >> +e_term:
> >> + ghcb_set_sw_exit_info_1(ghcb, 1);
> >> + ghcb_set_sw_exit_info_2(ghcb,
> >> + X86_TRAP_GP |
> >> + SVM_EVTINJ_TYPE_EXEPT |
> >> + SVM_EVTINJ_VALID);
> >> +}
> > I am probably missing something in the spec but I don't see any
> > references to #GP in the '4.1.7 SNP Guest Request' section. Why is
> > this different from e_fail?
>
> The spec does not say to inject the #GP, I chose this because guest is
> not adhering to the spec and there was a not a good error code in the
> GHCB spec to communicate this condition. Per the spec, both the request
> and response page must be a valid GPA. If we detect that guest is not
> following the spec then its a guest BUG. IIRC, other places in the KVM
> does something similar when guest is trying invalid operation.
The GHCB spec should be updated to define an error code, even if it's a blanket
statement for all VMGEXITs that fail to adhere to the spec. Arbitrarily choosing
an error code and/or exception number makes the information useless to the guest
because the guest can't take specific action for those failures. E.g. if there
is a return code specifically for GHCB spec violation, then the guest can panic,
WARN, etc... knowing that it done messed up.
"Injecting" an exception is particularly bad, because if the guest kernel takes
that request literally and emulates a #GP, then we can end up in a situation
where someone files a bug report because VMGEXIT is hitting a #GP and confusion
ensues.