On 29/11/20 10:41, Ashish Kalra wrote:
From: Ashish Kalra <ashish.kalra@xxxxxxx>
This patch breaks SEV guests.
The patch stores current ASID in struct vcpu_svm and only moves it to VMCB in
svm_vcpu_run(), but by doing so, the ASID allocated for SEV guests and setup
in vmcb->control.asid by pre_sev_run() gets over-written by this ASID
stored in struct vcpu_svm and hence, VMRUN fails as SEV guest is bound/activated
on a different ASID then the one overwritten in vmcb->control.asid at VMRUN.
For example, asid#1 was activated for SEV guest and then vmcb->control.asid is
overwritten with asid#0 (svm->asid) as part of this patch in svm_vcpu_run() and
hence VMRUN fails.
Thanks Ashish, I've sent a patch to fix it.
Would it be possible to add a minimal SEV test to
tools/testing/selftests/kvm? It doesn't have to do full attestation
etc., if you can just write an "out" instruction using SEV_DBG_ENCRYPT
and check that you can run it that's enough.
Paolo