On Wed, Mar 30, 2022 at 11:44 AM Peter Gonda <pgonda@xxxxxxxxxx> wrote:
>
> SEV-ES guests can request termination using the GHCB's MSR protocol. See
> AMD's GHCB spec section '4.1.13 Termination Request'. Currently when a
> guest does this the userspace VMM sees an KVM_EXIT_UNKNOWN (-EVINAL)
> return code from KVM_RUN. By adding a KVM_EXIT_SHUTDOWN_ENTRY to kvm_run
> struct the userspace VMM can clearly see the guest has requested a SEV-ES
> termination including the termination reason code set and reason code.
>
> Signed-off-by: Peter Gonda <pgonda@xxxxxxxxxx>
>
> ---
> V3
> * Add Documentation/ update.
> * Updated other KVM_EXIT_SHUTDOWN exits to clear ndata and set reason
> to KVM_SHUTDOWN_REQ.
>
> V2
> * Add KVM_CAP_EXIT_SHUTDOWN_REASON check for KVM_CHECK_EXTENSION.
>
> Tested by making an SEV-ES guest call sev_es_terminate() with hardcoded
> reason code set and reason code and then observing the codes from the
> userspace VMM in the kvm_run.shutdown.data fields.
>
> Change-Id: I55dcdf0f42bfd70d0e59829ae70c2fb067b60809
> ---
> Documentation/virt/kvm/api.rst | 12 ++++++++++++
> arch/x86/kvm/svm/sev.c | 9 +++++++--
> arch/x86/kvm/svm/svm.c | 2 ++
> arch/x86/kvm/vmx/vmx.c | 2 ++
> arch/x86/kvm/x86.c | 2 ++
> include/uapi/linux/kvm.h | 13 +++++++++++++
> virt/kvm/kvm_main.c | 1 +
> 7 files changed, 39 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index 2aebb89576d1..d53a66a3760e 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
> @@ -7834,3 +7834,15 @@ only be invoked on a VM prior to the creation of VCPUs.
> At this time, KVM_PMU_CAP_DISABLE is the only capability. Setting
> this capability will disable PMU virtualization for that VM. Usermode
> should adjust CPUID leaf 0xA to reflect that the PMU is disabled.
> +
> +8.36 KVM_CAP_EXIT_SHUTDOWN_REASON
> +---------------------------
> +
> +:Capability KVM_CAP_EXIT_SHUTDOWN_REASON
> +:Architectures: x86
> +:Type: vm
> +
> +This capability means shutdown metadata may be included in
> +kvm_run.shutdown when a vCPU exits with KVM_EXIT_SHUTDOWN. This
> +may help userspace determine the guest's reason for termination and
> +if the guest should be restarted or an error caused the shutdown.
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 75fa6dd268f0..5f9d37dd3f6f 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2735,8 +2735,13 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm)
> pr_info("SEV-ES guest requested termination: %#llx:%#llx\n",
> reason_set, reason_code);
>
> - ret = -EINVAL;
> - break;
> + vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
> + vcpu->run->shutdown.reason = KVM_SHUTDOWN_SEV_TERM;
> + vcpu->run->shutdown.ndata = 2;
> + vcpu->run->shutdown.data[0] = reason_set;
> + vcpu->run->shutdown.data[1] = reason_code;
> +
> + return 0;
> }
> default:
> /* Error, keep GHCB MSR value as-is */
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 6535adee3e9c..c2cc10776517 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -1953,6 +1953,8 @@ static int shutdown_interception(struct kvm_vcpu *vcpu)
> kvm_vcpu_reset(vcpu, true);
>
> kvm_run->exit_reason = KVM_EXIT_SHUTDOWN;
> + vcpu->run->shutdown.reason = KVM_SHUTDOWN_REQ;
> + vcpu->run->shutdown.ndata = 0;
> return 0;
> }
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index 84a7500cd80c..85b21fc490e4 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -4988,6 +4988,8 @@ static __always_inline int handle_external_interrupt(struct kvm_vcpu *vcpu)
> static int handle_triple_fault(struct kvm_vcpu *vcpu)
> {
> vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
> + vcpu->run->shutdown.reason = KVM_SHUTDOWN_REQ;
> + vcpu->run->shutdown.ndata = 0;
> vcpu->mmio_needed = 0;
> return 0;
> }
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index d3a9ce07a565..f7cd224a4c32 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -9999,6 +9999,8 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> kvm_x86_ops.nested_ops->triple_fault(vcpu);
> } else {
> vcpu->run->exit_reason = KVM_EXIT_SHUTDOWN;
> + vcpu->run->shutdown.reason = KVM_SHUTDOWN_REQ;
> + vcpu->run->shutdown.ndata = 0;
> vcpu->mmio_needed = 0;
> r = 0;
> goto out;
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 8616af85dc5d..017c03421c48 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -271,6 +271,12 @@ struct kvm_xen_exit {
> #define KVM_EXIT_XEN 34
> #define KVM_EXIT_RISCV_SBI 35
>
> +/* For KVM_EXIT_SHUTDOWN */
> +/* Standard VM shutdown request. No additional metadata provided. */
> +#define KVM_SHUTDOWN_REQ 0
> +/* SEV-ES termination request */
> +#define KVM_SHUTDOWN_SEV_TERM 1
> +
> /* For KVM_EXIT_INTERNAL_ERROR */
> /* Emulate instruction failed. */
> #define KVM_INTERNAL_ERROR_EMULATION 1
> @@ -311,6 +317,12 @@ struct kvm_run {
> struct {
> __u64 hardware_exit_reason;
> } hw;
> + /* KVM_EXIT_SHUTDOWN */
> + struct {
> + __u64 reason;
> + __u32 ndata;
> + __u64 data[16];
> + } shutdown;
> /* KVM_EXIT_FAIL_ENTRY */
> struct {
> __u64 hardware_entry_failure_reason;
> @@ -1145,6 +1157,7 @@ struct kvm_ppc_resize_hpt {
> #define KVM_CAP_PMU_CAPABILITY 212
> #define KVM_CAP_DISABLE_QUIRKS2 213
> #define KVM_CAP_VM_TSC_CONTROL 214
> +#define KVM_CAP_EXIT_SHUTDOWN_REASON 215
>
> #ifdef KVM_CAP_IRQ_ROUTING
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index 70e05af5ebea..03b6e472f32c 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -4299,6 +4299,7 @@ static long kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg)
> case KVM_CAP_CHECK_EXTENSION_VM:
> case KVM_CAP_ENABLE_CAP_VM:
> case KVM_CAP_HALT_POLL:
> + case KVM_CAP_EXIT_SHUTDOWN_REASON:
> return 1;
> #ifdef CONFIG_KVM_MMIO
> case KVM_CAP_COALESCED_MMIO:
> --
> 2.35.1.1094.g7c7d902a7c-goog
>
Reviewed-by: Marc Orr <marcorr@xxxxxxxxxx>
