Re: [PATCH] x86/sev: Improve handling of writes to intercepted GUEST_TSC_FREQ

[Nikunj A Dadhania]

Tom Lendacky <thomas.lendacky@xxxxxxx> writes:

> On 7/15/25 04:13, Nikunj A Dadhania wrote:
>> Borislav Petkov <bp@xxxxxxxxx> writes:
>> 
>>> On Mon, Jul 14, 2025 at 09:36:04AM -0700, Sean Christopherson wrote:
>>>> Or as Tom suggested, return ES_EXCEPTION and let the kernel's normal machinery
>>>> WARN on the bad WRMSR.
>>>
>>> Ack.
>> 
>> That will panic the SNP guest instead of #GP:
>> 
>> root@ubuntu:~# wrmsr 0xc0010134 0
>> [   20.804335] ------------[ cut here ]------------
>> [   20.804336] WARNING: arch/x86/coco/sev/vc-handle.c:383 at vc_handle_exitcode.part.0+0xc1b/0x1090, CPU#0: wrmsr/607
>> ...
>> [   20.804507] SEV: Unsupported exception in #VC instruction emulation - can't continue
>> [   20.804508] ------------[ cut here ]------------
>> [   20.804508] kernel BUG at arch/x86/coco/sev/vc-handle.c:123!
>> [   20.804514] Oops: invalid opcode: 0000 [#1] SMP NOPTI
>
> Did you fill in the context with the #GP, i.e., ctxt->fi.vector and
> ctxt->fi.error_code?

Ah OK, I didn't know that; after populating the X86_TRAP_GP, SNP guest
does not panic anymore.

+       if (WARN_ON_ONCE(write)) {
+               ctxt->fi.vector = X86_TRAP_GP;
+               ctxt->fi.error_code = 0;
+               return ES_EXCEPTION;
+       }



$ wrmsr 0xc0010134 100
wrmsr: CPU 0 cannot set MSR 0x00000001 to 0x0000000000000064

$ wrmsr 0x10 100
wrmsr: CPU 0 cannot set MSR 0x00000010 to 0x0000000000000064

I have sent an updated patch.

Regards,
Nikunj