On Fri, Jun 21, 2024, Michael Roth wrote:
> diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h
> index 154a87a1eca9..7bd78e258569 100644
> --- a/include/uapi/linux/sev-guest.h
> +++ b/include/uapi/linux/sev-guest.h
> @@ -89,8 +89,17 @@ struct snp_ext_report_req {
> #define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0)
> #define SNP_GUEST_VMM_ERR_SHIFT 32
> #define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT)
> +#define SNP_GUEST_FW_ERR(x) ((x) & SNP_GUEST_FW_ERR_MASK)
> +#define SNP_GUEST_ERR(vmm_err, fw_err) (SNP_GUEST_VMM_ERR(vmm_err) | \
> + SNP_GUEST_FW_ERR(fw_err))
>
> +/*
> + * The GHCB spec only formally defines INVALID_LEN/BUSY VMM errors, but define
> + * a GENERIC error code such that it won't ever conflict with GHCB-defined
> + * errors if any get added in the future.
> + */
> #define SNP_GUEST_VMM_ERR_INVALID_LEN 1
> #define SNP_GUEST_VMM_ERR_BUSY 2
> +#define SNP_GUEST_VMM_ERR_GENERIC BIT(31)
Related to my suggestion to not have KVM-defined error codes, if we go that route,
then I believe SNP_GUEST_VMM_ERR_GENERIC is unnecessary.
For snp_handle_guest_req(), if sev_issue_cmd() fails, KVM can/should do something
like:
/* Forward non-firmware errors to userspace, e.g. if the PSP is dead. */
if (ret && !fw_err)
goto release_req;
ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(0, fw_err));
And then in snp_complete_req_certs(), we could either let userspace shove in any
error code whatsoever, or restrict userspace to known, GHCB-defined error codes,
e.g.
int err;
err = READ_ONCE(vcpu->run->coco.req_certs.ret);
if (err)
if (err != SNP_GUEST_VMM_ERR_INVALID_LEN &&
err != SNP_GUEST_VMM_ERR_BUSY)
return -EINVAL;
if (err == SNP_GUEST_VMM_ERR_INVALID_LEN)
vcpu->arch.regs[VCPU_REGS_RBX] = vcpu->run->coco.req_certs.npages;
ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(err, 0));
return 1;
}
>
> #endif /* __UAPI_LINUX_SEV_GUEST_H_ */
> --
> 2.25.1
>
