Re: [PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall
From: Sean Christopherson
Date: Mon Jan 10 2022 - 20:05:40 EST
On Mon, Jan 10, 2022, Shirong Hao wrote:
> This hypercall is used by the SEV guest to get the firmware handle.
This is completely insufficient to justify why KVM is providing host information
to the guest, let alone why KVM is providing that information to guest _userspace_.
> +static int sev_vm_handle(struct kvm *kvm)
> +{
> + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> +
> + if (!sev_guest(kvm))
> + return -ENOTTY;
> +
> + return sev->handle;
> +}
> +
> static struct kvm_x86_ops svm_x86_ops __initdata = {
> .name = "kvm_amd",
>
...
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 0cf1082455df..24acf0f2a539 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -8906,7 +8906,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
> a3 &= 0xFFFFFFFF;
> }
>
> - if (static_call(kvm_x86_get_cpl)(vcpu) != 0) {
> + if (static_call(kvm_x86_get_cpl)(vcpu) != 0 && nr != KVM_HC_VM_HANDLE) {
> ret = -KVM_EPERM;
> goto out;
> }