On Wed, Jan 03, 2024, Ashish Kalra wrote: > On 1/3/2024 3:10 PM, Sean Christopherson wrote: > > > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > > > > index d0c580607f00..bfac6d17462a 100644 > > > > --- a/arch/x86/kvm/svm/sev.c > > > > +++ b/arch/x86/kvm/svm/sev.c > > > > @@ -143,8 +143,20 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *sev) > > > > static int sev_asid_new(struct kvm_sev_info *sev) > > > > { > > > > - int asid, min_asid, max_asid, ret; > > > > + /* > > > > + * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid. > > > > + * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. Note, the > > > > + * min ASID can end up larger than the max if basic SEV support is > > > > + * effectively disabled by disallowing use of ASIDs for SEV guests. > > > > + */ > > > > + unsigned int min_asid = sev->es_active ? 1 : min_sev_asid; > > > > + unsigned int max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid; > > > > + unsigned int asid; > > > > bool retry = true; > > > > + int ret; > > > > + > > > > + if (min_asid > max_asid) > > > > + return -ENOTTY; > > > This will still return -EBUSY to user. > > Huh? The above is obviously -ENOTTY, and I don't see anything in the call stack > > that will convert it to -EBUSY. > > Actually, sev_asid_new() returning failure to sev_guest_init() will cause it > to return -EBUSY to user. Argh, I see it now. That too should be fixed, e.g. diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0c580607f00..79eb11083ad5 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -246,21 +246,20 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - int asid, ret; + int ret; if (kvm->created_vcpus) return -EINVAL; - ret = -EBUSY; if (unlikely(sev->active)) - return ret; + return -EINVAL; sev->active = true; sev->es_active = argp->id == KVM_SEV_ES_INIT; - asid = sev_asid_new(sev); - if (asid < 0) + ret = sev_asid_new(sev); + if (ret < 0) goto e_no_asid; - sev->asid = asid; + sev->asid = ret; ret = sev_platform_init(&argp->error); if (ret)