According to [1], while handling the #VC intercept for CPUID leaf 0x0000_000D, we need to supply the value of XSS in the GHCB page. If this value is not provided then a spec compliant hypervisor can fail the GHCB request and kill the guest. [1] https://www.amd.com/system/files/TechDocs/56421-guest-hypervisor-communication-block-standardization.pdf Signed-off-by: Jinank Jain <jinankjain@xxxxxxxxxxxxxxxxxxx> --- arch/x86/include/asm/svm.h | 1 + arch/x86/kernel/sev-shared.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 19bf955b67e0..c2f670f7cb47 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -678,5 +678,6 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_1) DEFINE_GHCB_ACCESSORS(sw_exit_info_2) DEFINE_GHCB_ACCESSORS(sw_scratch) DEFINE_GHCB_ACCESSORS(xcr0) +DEFINE_GHCB_ACCESSORS(xss) #endif diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index 2eabccde94fb..92350a24848c 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb, if (snp_cpuid_ret != -EOPNOTSUPP) return ES_VMM_ERROR; + if (regs->ax == 0xD && regs->cx == 0x1) + ghcb_set_xss(ghcb, 0); + ghcb_set_rax(ghcb, regs->ax); ghcb_set_rcx(ghcb, regs->cx); -- 2.34.1
