diff options
| author |   Alexey Kardashevskiy <aik@amd.com> | 2023-06-15 16:37:55 +1000 |
|---|---|---|
| committer |   Sean Christopherson <seanjc@google.com> | 2023-07-28 16:13:13 -0700 |
| commit | 90cbf6d914ad7856ca1145dee02babb9eab7bec1 (patch) | |
| tree | 4ed1f91e291c6778bb1ea3aaf49a6f0300f69293 /arch/x86/kvm/svm/sev.c | |
| parent | KVM: SEV: Enable data breakpoints in SEV-ES (diff) | |
| download | wireguard-linux-90cbf6d914ad7856ca1145dee02babb9eab7bec1.tar.xz wireguard-linux-90cbf6d914ad7856ca1145dee02babb9eab7bec1.zip | |
KVM: SEV-ES: Eliminate #DB intercept when DebugSwap enabled
Disable #DB for SEV-ES guests when DebugSwap is enabled. There is no point
in such intercept as KVM does not allow guest debug for SEV-ES guests.
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
Link: https://lore.kernel.org/r/20230615063757.3039121-8-aik@amd.com
[sean: add comment as to why KVM disables #DB intercept iff DebugSwap=1]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'arch/x86/kvm/svm/sev.c')
| -rw-r--r-- | arch/x86/kvm/svm/sev.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b7cd0cc4a19c..b35cd670ce66 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2997,6 +2997,17 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_READ); vmcb_set_intercept(&vmcb->control, INTERCEPT_DR7_WRITE); recalc_intercepts(svm); + } else { + /* + * Disable #DB intercept iff DebugSwap is enabled. KVM doesn't + * allow debugging SEV-ES guests, and enables DebugSwap iff + * NO_NESTED_DATA_BP is supported, so there's no reason to + * intercept #DB when DebugSwap is enabled. For simplicity + * with respect to guest debug, intercept #DB for other VMs + * even if NO_NESTED_DATA_BP is supported, i.e. even if the + * guest can't DoS the CPU with infinite #DB vectoring. + */ + clr_exception_intercept(svm, DB_VECTOR); } /* Can't intercept XSETBV, HV can't modify XCR0 directly */ |