On Mon, Nov 22, 2021, Paolo Bonzini wrote: > Now that we have a facility to lock two VMs with deadlock > protection, use it for the creation of mirror VMs as well. One of > COPY_ENC_CONTEXT_FROM(dst, src) and COPY_ENC_CONTEXT_FROM(src, dst) > would always fail, so the combination is nonsensical and it is okay to > return -EBUSY if it is attempted. > > This sidesteps the question of what happens if a VM is > MOVE_ENC_CONTEXT_FROM'd at the same time as it is > COPY_ENC_CONTEXT_FROM'd: the locking prevents that from > happening. > > Cc: Peter Gonda <pgonda@xxxxxxxxxx> > Cc: Sean Christopherson <seanjc@xxxxxxxxxx> > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> > --- > arch/x86/kvm/svm/sev.c | 69 +++++++++++++++++------------------------- > 1 file changed, 27 insertions(+), 42 deletions(-) > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index c1eb1c83401d..025d9731b66c 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -1548,6 +1548,9 @@ static int sev_lock_two_vms(struct kvm *dst_kvm, struct kvm *src_kvm) > struct kvm_sev_info *dst_sev = &to_kvm_svm(dst_kvm)->sev_info; > struct kvm_sev_info *src_sev = &to_kvm_svm(src_kvm)->sev_info; > > + if (dst_kvm == src_kvm) > + return -EINVAL; This should go into KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM because before that, KVM would never attempt mutex_lock() on the second VM, one of the SEV || !SEV was guaranteed to fail. With that change, Reviewed-by: Sean Christopherson <seanjc@xxxxxxxxxx>
