Hi Sean, On 9/30/2024 11:04 PM, Sean Christopherson wrote:
On Mon, Sep 30, 2024, Suravee Suthikulpanit wrote:On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while the guest is running for both secure and non-secure guest. This causes any attempts to modify the RMP entries for the backing page to result in FAIL_INUSE response. This is to ensure that the AVIC backing page is not maliciously assigned to an SNP guest while the unencrypted guest is active. Currently, an attempt to run AVIC guest would result in the following error: BUG: unable to handle page fault for address: ff3a442e549cc270 #PF: supervisor write access in kernel mode #PF: error_code(0x80000003) - RMP violation PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163 SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00] ...This should be "fixed" by commit 75253db41a46 ("KVM: SEV: Make AVIC backing, VMSA and VMCB memory allocation SNP safe"), no?
The commit 75253db41a46 fixes another issue related to 2MB-aligned in-use page, where the CPU incorrectly treats the whole 2MB region as in-use and signal an RMP violation #PF.
This enhancement is mainly to allow hypervisor to write to the AVIC backing page of non-secure guest on SNP-enabled system.
Note: This change might need to be ported to stable 6.9, 6.10, and 6.11 tree as well.
Thanks, Suravee
