Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

From: Dave Hansen
Date: Mon Nov 22 2021 - 13:30:39 EST

On 11/22/21 7:23 AM, Brijesh Singh wrote:
> Thank you for starting the thread; based on the discussion, I am keeping
> the current implementation as-is and *not* going with the auto
> conversion from private to shared. To summarize what we are doing in the
> current SNP series:
> - If userspace accesses guest private memory, it gets SIGBUS.
> - If kernel accesses[*] guest private memory, it does panic.

There's a subtlety here, though. There are really three *different*
kinds of kernel accesses that matter:

1. Kernel bugs. Kernel goes off and touches some guest private memory
when it didn't mean to. Say, it runs off the end of a slab page and
runs into a guest page. panic() is expected here.
2. Kernel accesses guest private memory via a userspace mapping, in a
place where it is known to be accessing userspace and is prepared to
fault. copy_to_user() is the most straightforward example. Kernel
must *not* panic(). Returning an error to the syscall is a good
way to handle these (if in a syscall).
3. Kernel accesses guest private memory via a kernel mapping. This one
is tricky. These probably *do* result in a panic() today, but
ideally shouldn't.

Could you explicitly clarify what the current behavior is?