From: Joerg Roedel <jroedel@xxxxxxx> Send SIGBUS to the user-space process that caused the #VC exception instead of killing the machine. Also ratelimit the error messages so that user-space can't flood the kernel log. Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> --- arch/x86/kernel/sev-es.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/sev-es.c b/arch/x86/kernel/sev-es.c index 79a71d14a1fc..71eee7b3667d 100644 --- a/arch/x86/kernel/sev-es.c +++ b/arch/x86/kernel/sev-es.c @@ -370,16 +370,16 @@ dotraplinkage void do_vmm_communication(struct pt_regs *regs, unsigned long exit vc_finish_insn(&ctxt); break; case ES_UNSUPPORTED: - pr_emerg("Unsupported exit-code 0x%02lx in early #VC exception (IP: 0x%lx)\n", - exit_code, regs->ip); + pr_err_ratelimited("Unsupported exit-code 0x%02lx in early #VC exception (IP: 0x%lx)\n", + exit_code, regs->ip); goto fail; case ES_VMM_ERROR: - pr_emerg("PANIC: Failure in communication with VMM (exit-code 0x%02lx IP: 0x%lx)\n", - exit_code, regs->ip); + pr_err_ratelimited("Failure in communication with VMM (exit-code 0x%02lx IP: 0x%lx)\n", + exit_code, regs->ip); goto fail; case ES_DECODE_FAILED: - pr_emerg("PANIC: Failed to decode instruction (exit-code 0x%02lx IP: 0x%lx)\n", - exit_code, regs->ip); + pr_err_ratelimited("PANIC: Failed to decode instruction (exit-code 0x%02lx IP: 0x%lx)\n", + exit_code, regs->ip); goto fail; case ES_EXCEPTION: vc_forward_exception(&ctxt); @@ -394,10 +394,24 @@ dotraplinkage void do_vmm_communication(struct pt_regs *regs, unsigned long exit return; fail: - show_regs(regs); + if (user_mode(regs)) { + /* + * Do not kill the machine if user-space triggered the + * exception. Send SIGBUS instead and let user-space deal with + * it. + */ + force_sig_fault(SIGBUS, BUS_OBJERR, (void __user *)0); + } else { + /* Show some debug info */ + show_regs(regs); - while (true) - halt(); + /* Ask hypervisor to sev_es_terminate */ + sev_es_terminate(GHCB_SEV_ES_REASON_GENERAL_REQUEST); + + /* If that fails and we get here - just halt the machine */ + while (true) + halt(); + } } bool __init boot_vc_exception(struct pt_regs *regs) -- 2.17.1