On Mon, Sep 30, 2024, Suravee Suthikulpanit wrote:
On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use whileThis should be "fixed" by commit 75253db41a46 ("KVM: SEV: Make AVIC backing, VMSA
the guest is running for both secure and non-secure guest. This causes
any attempts to modify the RMP entries for the backing page to result in
FAIL_INUSE response. This is to ensure that the AVIC backing page is not
maliciously assigned to an SNP guest while the unencrypted guest is active.
Currently, an attempt to run AVIC guest would result in the following error:
BUG: unable to handle page fault for address: ff3a442e549cc270
#PF: supervisor write access in kernel mode
#PF: error_code(0x80000003) - RMP violation
PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163
SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00]
...
and VMCB memory allocation SNP safe"), no?