Re: [PATCH 1/2] KVM: SVM: Update EFER software model on CR0 trap for SEV-ES

Tom Lendacky <thomas.lendacky@xxxxxxx> · Fri, 7 May 2021 18:15:48 -0500



On 5/7/21 11:59 AM, Sean Christopherson wrote:
> For protected guests, a.k.a. SEV-ES guests, update KVM's model of EFER
> when processing the side effect of the CPU entering long mode when paging
> is enabled.  The whole point of intercepting CR0/CR4/EFER is to keep
> KVM's software model up-to-date.
> 
> Fixes: f1c6366e3043 ("KVM: SVM: Add required changes to support intercepts under SEV-ES")
> Reported-by: Peter Gonda <pgonda@xxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>

Acked-by: Tom Lendacky <thomas.lendacky@xxxxxxx>

> ---
>  arch/x86/kvm/svm/svm.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index a7271f31df47..d271fe8e58de 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -1696,15 +1696,17 @@ void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0)
>  	u64 hcr0 = cr0;
>  
>  #ifdef CONFIG_X86_64
> -	if (vcpu->arch.efer & EFER_LME && !vcpu->arch.guest_state_protected) {
> +	if (vcpu->arch.efer & EFER_LME) {
>  		if (!is_paging(vcpu) && (cr0 & X86_CR0_PG)) {
>  			vcpu->arch.efer |= EFER_LMA;
> -			svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
> +			if (!vcpu->arch.guest_state_protected)
> +				svm->vmcb->save.efer |= EFER_LMA | EFER_LME;
>  		}
>  
>  		if (is_paging(vcpu) && !(cr0 & X86_CR0_PG)) {
>  			vcpu->arch.efer &= ~EFER_LMA;
> -			svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
> +			if (!vcpu->arch.guest_state_protected)
> +				svm->vmcb->save.efer &= ~(EFER_LMA | EFER_LME);
>  		}
>  	}
>  #endif
>