From patchwork Thu Jan 19 21:34:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 46021 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp565741wrn; Thu, 19 Jan 2023 14:02:11 -0800 (PST) X-Google-Smtp-Source: AMrXdXstiDTUL9bMZrEM2QKOQa3ZEulUl8wRSn5tbu3N6TzxZRDkIFBN/lMCFWSkQrTKbRaA4Y1g X-Received: by 2002:a17:90a:8a82:b0:226:ecec:9e6a with SMTP id x2-20020a17090a8a8200b00226ecec9e6amr12519040pjn.21.1674165731285; Thu, 19 Jan 2023 14:02:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674165731; cv=none; d=google.com; s=arc-20160816; b=Se0P2K7KhgBhIuHPVHg9l4ystMysPCWZ97q3YSSiuukpFzofmRUf3IY8dsb267PE3g 0exYaDlyoRqVSL49YE4wpmzbJWNhLXtfywaheyuvlWthXeBXpHXQJu2pYBxSLIMzzXRJ FjwJAbDVrL0pdgvlKwjIb6L3NoWR3nnnWAnn18Ngvn4Sm1Yi6FoJwiBIAbY1RAYCRvfo NKq+BaGyuBbJhxSXc3edddiUfs8arTgw5S8W3UsjS4Hftjo7x+DfQfNlzFRipBKD9xEg cVrVFiIp+iywcmBNda2+QU+ubJRE4+skLMoGZZX0LuihjgoVitxDe6yEw+2+PKm2h/pw HLPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=LXeEK1Kbvuk2JPbM8yD6qcpUOvIqc9ntM80OCtFV2Pc=; b=XfnGbvNA4D+aNsVRx9LGKUOuVxfY36OIiESVwYbIoDnSnvCc43F8b/ffxDCt4dznTY 0ztTIYb3FmJrrczVHgix+VSPewHFsbegbUr51pq9X/foCSaur/9mO5F9y0TsxdWK0G2A 7uNH5L+K2+ADQJSfBykxbVq/eUOYgevbI21r+WQV+8dZZN2z8BhHfGB/IxxNIkMM0tZk 7HnQU6X5FGgqyaddmNVqZEb66t+h8y+Azi1LSOVwe1cYu/Zl9oFBVKGUt8dPBLwCgU1e +Q75v5npGTYuFznbGsCgJn7BqOEtAEhYbc58ZykNFhA5fKLkP8zRE81km1tbc957CRI5 37+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tEnmvnxM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o24-20020a17090ad25800b0022969bb5cdbsi330205pjw.140.2023.01.19.14.01.54; Thu, 19 Jan 2023 14:02:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=tEnmvnxM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230266AbjASVx4 (ORCPT + 99 others); Thu, 19 Jan 2023 16:53:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231235AbjASVxH (ORCPT ); Thu, 19 Jan 2023 16:53:07 -0500 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A8888B1EFC for ; Thu, 19 Jan 2023 13:34:31 -0800 (PST) Received: by mail-pg1-x549.google.com with SMTP id y187-20020a638ac4000000b004cf52d8bb9bso1581811pgd.21 for ; Thu, 19 Jan 2023 13:34:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LXeEK1Kbvuk2JPbM8yD6qcpUOvIqc9ntM80OCtFV2Pc=; b=tEnmvnxM4IUmcMY9AKBYh9I/Rb/pEUtEZLgiNEf9uIgLM6z7B0M3Ah9ot6TwzUuIr2 IB88l1wTD/fGBUWpxzoxMrnUq0Z+euhdRafpokJhocLPNGvD8ZS5i0pJsQzUh9Nm767/ 2JcHdDTv3QxeKaBorqwNJrpHXz4Xq6HIbVTLhTn5UbUtr3vFz2vWAQHv/45NPj9kPVJv x/bFoLggsTCaG1VuKdEQVw8DBhUVAghU2vxJqj0Nb2ZcARsToZMoeUY8trThDvkHpkHp 0VS2+QpFK6YTVWz338kYVSUUte8vAo2wBreh98p1mmsmRZ4z6RPuZOBjhenTXU6xr6IU h2GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LXeEK1Kbvuk2JPbM8yD6qcpUOvIqc9ntM80OCtFV2Pc=; b=pzNaTNvNWRMxAROuzZlz04eR/scszd1bZ5RX268mtPvvAn1djwRJrzPulgRLQqzsk/ NxKG8Q3RohQ/J2DZibshhMx0xd3TVeDuCUb+9NdLxTWYnFflrTQaqN4msBBu2U8ghyuj 2eP5G9woy3W7TrwPW9lAlxMArq3J9wbTkLGtlxDqv0CF12pS/w46f7qa1D703rp5AXia iVhx6sjhhg67gKI71ATxFW7LmjOfvCflknRuZCIhgQUTgba8AAVK9xHAkgLT91DKwvdD RLwXzj9TkbyY6Sr4cP62IdYK8bpFJ6/28+1jiLH9lIZAASBFhGGAFFVAVwvoPAxxGy9q sxjg== X-Gm-Message-State: AFqh2koJY77YIoduXL8bC4/uchFT9GrXwzRjmoK4hs2pMl9B4C4X+Ytd psaKYOgl5Su6Ds2VzlyQDf+fMt5s89CY3sfikg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:aa7:9727:0:b0:58c:1d0d:f1a6 with SMTP id k7-20020aa79727000000b0058c1d0df1a6mr1268749pfg.2.1674164070881; Thu, 19 Jan 2023 13:34:30 -0800 (PST) Date: Thu, 19 Jan 2023 21:34:24 +0000 In-Reply-To: <20230119213426.379312-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230119213426.379312-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.39.0.246.g2a6d74b583-goog Message-ID: <20230119213426.379312-2-dionnaglaze@google.com> Subject: [PATCH v3 1/2] kvm: sev: Add SEV-SNP guest request throttling From: Dionna Glaze To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Thomas Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Borislav Petkov X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755490005493494498?= X-GMAIL-MSGID: =?utf-8?q?1755490005493494498?= The AMD-SP is a precious resource that doesn't have a scheduler other than a mutex lock queue. To avoid customers from causing a DoS, a module_param-set rate limit is added with a default of 2 requests per 2 seconds. These defaults were chosen empirically with a the assumption that current server-grade SEV-SNP machines will rarely exceed 128 VMs under usual circumstance. The 2 burst per 2 seconds means on average 1 request every second. We allow 2 requests back to back to allow for the guest to query the certificate length in an extended guest request without a pause. The 1 second average is our target for quality of service since empirical tests show that 64 VMs can concurrently request an attestation report with a maximum latency of 1 second. We don't anticipate more concurrency than that for a seldom used request for a majority well- behaved set of VMs. The majority point is decided as >64 VMs given the assumed 128 VM count for "extreme load". The throttling code is 2 << 32 given that invalid length is 1 and 2 is the next available code. This was suggested by Tom Lendacky, and will be included in a new revision of the GHCB specification. Cc: Thomas Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Borislav Petkov Signed-off-by: Dionna Glaze --- arch/x86/include/asm/sev-common.h | 1 + arch/x86/kvm/svm/sev.c | 29 +++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 3 +++ include/uapi/linux/in.h | 1 + 4 files changed, 34 insertions(+) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index 1b111cde8c82..e3a6b039480d 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -158,6 +158,7 @@ struct snp_psc_desc { /* Guest message request error code */ #define SNP_GUEST_REQ_INVALID_LEN BIT_ULL(32) +#define SNP_GUEST_REQ_THROTTLED (((u64)2) << 32) #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0e58cffd1ed..cd9372ce6fc2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -58,6 +58,14 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444); /* enable/disable SEV-SNP support */ static bool sev_snp_enabled = true; module_param_named(sev_snp, sev_snp_enabled, bool, 0444); + +/* Throttle guest requests to a burst # per this many seconds */ +unsigned int guest_request_throttle_s = 2; +module_param(guest_request_throttle_s, int, 0444); + +/* Throttle guest requests to this many per the above many seconds */ +unsigned int guest_request_throttle_burst = 2; +module_param(guest_request_throttle_burst, int, 0444); #else #define sev_enabled false #define sev_es_enabled false @@ -333,6 +341,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) goto e_free; mutex_init(&sev->guest_req_lock); + ratelimit_state_init(&sev->snp_guest_msg_rs, + guest_request_throttle_s * HZ, + guest_request_throttle_burst); ret = sev_snp_init(&argp->error, false); } else { ret = sev_platform_init(&argp->error); @@ -3595,6 +3606,14 @@ static void snp_cleanup_guest_buf(struct sev_data_snp_guest_request *data, unsig *rc = SEV_RET_INVALID_ADDRESS; } +static bool snp_throttle_guest_request(struct kvm_sev_info *sev) { + if (__ratelimit(&sev->snp_guest_msg_rs)) + return false; + + pr_info_ratelimited("svm: too many guest message requests\n"); + return true; +} + static void snp_handle_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_gpa) { struct sev_data_snp_guest_request data = {0}; @@ -3611,6 +3630,11 @@ static void snp_handle_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t sev = &to_kvm_svm(kvm)->sev_info; + if (snp_throttle_guest_request(sev)) { + rc = SNP_GUEST_REQ_THROTTLED; + goto e_fail; + } + mutex_lock(&sev->guest_req_lock); rc = snp_setup_guest_buf(svm, &data, req_gpa, resp_gpa); @@ -3648,6 +3672,11 @@ static void snp_handle_ext_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gp sev = &to_kvm_svm(kvm)->sev_info; + if (snp_throttle_guest_request(sev)) { + rc = SNP_GUEST_REQ_THROTTLED; + goto e_fail; + } + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 8d1ba66860a4..7048f817efb0 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -105,6 +106,8 @@ struct kvm_sev_info { unsigned int snp_certs_len; /* Size of instance override for certs */ struct mutex guest_req_lock; + struct ratelimit_state snp_guest_msg_rs; /* Limit guest requests */ + u64 sev_features; /* Features set at VMSA creation */ }; diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h index f243ce665f74..07a4cb149305 100644 --- a/include/uapi/linux/in.h +++ b/include/uapi/linux/in.h @@ -20,6 +20,7 @@ #define _UAPI_LINUX_IN_H #include +#include #include #include From patchwork Thu Jan 19 21:34:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 46023 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp566226wrn; Thu, 19 Jan 2023 14:03:07 -0800 (PST) X-Google-Smtp-Source: AMrXdXtgcwSsGTGH2Uq/iSvGT7E2Zm+AxrMrjxXmHXGHscoF5j5y7ln6x4gVe5PPRD/DohHaWdwu X-Received: by 2002:aa7:8619:0:b0:581:12c5:1356 with SMTP id p25-20020aa78619000000b0058112c51356mr13019561pfn.30.1674165787372; Thu, 19 Jan 2023 14:03:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674165787; cv=none; d=google.com; s=arc-20160816; b=a8lhNowvQqJSzSgmqD2BnmzzwkFRitArsBwa7biHndYDi/E2Zktuxx36S/e6cPvCSi fS0xEkngt+skyaixqKljBc51UBzptQIFvJlQUpP6Cgm2Ffil0/WkgCxR8ckPR1V1eRh2 d+1nzuHaER/nh4xro5pw0k53i6JByois7R3MiF4qGlmO3bpd65dTnlU1mkvLJU/R2ImE X7tIyFfDDxD4E02MIk58gkQgoBS/1ClUTisr5DTLrN1WMABLJknLmPmZOjBOecmjCT7D ZUHR7+S8rLNKU8D93JdkXlRKh90pvMvW2xVjTx4Dqle1X3uG9e8SfUM1XBrdD60xzVDl S6ZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=XP5abnKwoWHYzfvPZhByiAlFcIOsPkv0onTEpyjGkOA=; b=k3nz4XNCy2DhVa1A/A3AzLpTqXlOk3Q4mHdx1mljD0+TJgCFLyOkGsoZ61pbZuEsQu 5KuugspQLS+zLGnklZyyy6xy3sgSy6szkye+68dKPL/9R9RIaLRsf7oCvzBXP+hY8Vl8 gQ9WbrMp5aJj9ilF7VExbXl5SznZo10Guc4f+a4UELwMIiK8/Qmw3kL8uqJrfTAvCq1W v0eY43qFRYD5CcLpV4go3D+CxekYgfdv+j5O3hg7lSUTWDoqCu22bPcXkcceeggOJQaY g4U7UVIRfhCl1+xK8upWIfqlH9jOA5WfTTqo47Q2NGvuzcwOW8AaJvpwHn9rfCm2V8L9 goFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=i4TDJZV9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id d20-20020a056a0010d400b00585943a2050si16786181pfu.319.2023.01.19.14.02.52; Thu, 19 Jan 2023 14:03:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=i4TDJZV9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230159AbjASVyE (ORCPT + 99 others); Thu, 19 Jan 2023 16:54:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230418AbjASVxL (ORCPT ); Thu, 19 Jan 2023 16:53:11 -0500 Received: from mail-pj1-x1049.google.com (mail-pj1-x1049.google.com [IPv6:2607:f8b0:4864:20::1049]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 321B1AED93 for ; Thu, 19 Jan 2023 13:34:34 -0800 (PST) Received: by mail-pj1-x1049.google.com with SMTP id om10-20020a17090b3a8a00b002299e350deaso3959177pjb.1 for ; Thu, 19 Jan 2023 13:34:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XP5abnKwoWHYzfvPZhByiAlFcIOsPkv0onTEpyjGkOA=; b=i4TDJZV9AsYZggXWT49Rh8u+Cqa1ja4Ok/tTT96quI+KK+vj/fKuizWOfYp3FBC28G RgcXCk0MTknMVs0eGoHSVbG5x5Jh2QrCBOtiIAM/pZitOj/QH/+EbKRD1hX/LGfTSXEm XdsGBNAQ1ve/IjyYAwCzZSBEpL1hNp7b8UEhbvKQjIAJiBG/QuhbRtiR7kReLh1wR9un 31CWO+3vnlDRNAe5wq9dDA9jC58lWSjR586Au3LI6Iuwb43aSzMweU/Z0WY31q2ZeFME jKluDnzlI9UyLtChnv4pZFVa+xdS3hjuPDq84zkdKmAGMXE59wBBT0khj6vWbkskA18m i1sQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XP5abnKwoWHYzfvPZhByiAlFcIOsPkv0onTEpyjGkOA=; b=yX1LxSwvTEWVDvjlJCRCCqF2E2yOQQ4NrZ3cplPXazOA/AAzX68QguZXsPnzyp5HxC G7/q/YlkCVbLy2SUFuaTnLVsbjql1Sd3ltzdsBJjJpvcnRrZgNzBAeOyL2CxNuasYCg+ 9Vx97UABcaYMYy99QTfzJysR8ONmo+EUdJaSUGv1yFF5SqF53grnBeoq5aAdcz4x3Xeb j1iHg5cSMMo3RJvEOxdXRowkapGbFvj7QqMwpXetVCWcuVVKnmhnCrrxYYfy5ePS0YO6 a5MP5UTeNiDNPPfv8GuuAMou0hAGf09+uT/t1/V4sSgMA/rYpQkrY/uF3iM7ylFrFP04 xNMA== X-Gm-Message-State: AFqh2krMotrjl7b8Tt4dOLUevEZVK+DNv0QnmpwOdk1Elz/q2RwixJO3 D93SfO7rR9KT+FanLixOQ5493vBtLSYTr4lDvA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:4088:b0:586:7e0c:372d with SMTP id bw8-20020a056a00408800b005867e0c372dmr1215084pfb.14.1674164072489; Thu, 19 Jan 2023 13:34:32 -0800 (PST) Date: Thu, 19 Jan 2023 21:34:25 +0000 In-Reply-To: <20230119213426.379312-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20230119213426.379312-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.39.0.246.g2a6d74b583-goog Message-ID: <20230119213426.379312-3-dionnaglaze@google.com> Subject: [PATCH v3 2/2] kvm: sev: If ccp is busy, report throttled to guest From: Dionna Glaze To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Thomas Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Borislav Petkov X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755490064437467206?= X-GMAIL-MSGID: =?utf-8?q?1755490064437467206?= The ccp driver can be overloaded even with 1 HZ throttling. The return value of -EBUSY means that there is no firmware error to report back to user space, so the guest VM would see this as exitinfo2 = 0. The false success can trick the guest to update its the message sequence number when it shouldn't have. Instead, when ccp returns -EBUSY, that is reported to userspace as the throttling return value. Cc: Thomas Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Borislav Petkov Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index cd9372ce6fc2..7da1cc300d7b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3642,7 +3642,14 @@ static void snp_handle_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t goto unlock; rc = sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &err); - if (rc) + + /* + * The ccp driver can return -EBUSY if the PSP is overloaded, so signal + * the request has been throttled. + */ + if (rc == -EBUSY) + rc = SNP_GUEST_REQ_THROTTLED; + else if (rc) /* use the firmware error code */ rc = err; @@ -3713,7 +3720,14 @@ static void snp_handle_ext_guest_request(struct vcpu_svm *svm, gpa_t req_gpa, gp if (sev->snp_certs_len) data_npages = sev->snp_certs_len >> PAGE_SHIFT; - if (rc) { + /* + * The ccp driver can return -EBUSY if the PSP is overloaded, so signal + * the request has been throttled. + */ + if (rc == -EBUSY) { + rc = SNP_GUEST_REQ_THROTTLED; + goto cleanup; + } else if (rc) { /* * If buffer length is small then return the expected * length in rbx.