)]}' { "commit": "ad5b353240c8837109d1bcc6c3a9a501d7f6a960", "tree": "ea5b8abca9f129f4d085108c6538e98a950124f0", "parents": [ "a655276a594978a4887520c1241cf6ac49d6230b" ], "author": { "name": "Tom Lendacky", "email": "thomas.lendacky@amd.com", "time": "Thu Dec 02 12:52:05 2021 -0600" }, "committer": { "name": "Paolo Bonzini", "email": "pbonzini@redhat.com", "time": "Sun Dec 05 03:02:04 2021 -0500" }, "message": "KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure\n\nCurrently, an SEV-ES guest is terminated if the validation of the VMGEXIT\nexit code or exit parameters fails.\n\nThe VMGEXIT instruction can be issued from userspace, even though\nuserspace (likely) can\u0027t update the GHCB. To prevent userspace from being\nable to kill the guest, return an error through the GHCB when validation\nfails rather than terminating the guest. For cases where the GHCB can\u0027t be\nupdated (e.g. the GHCB can\u0027t be mapped, etc.), just return back to the\nguest.\n\nThe new error codes are documented in the lasest update to the GHCB\nspecification.\n\nFixes: 291bd20d5d88 (\"KVM: SVM: Add initial support for a VMGEXIT VMEXIT\")\nSigned-off-by: Tom Lendacky \u003cthomas.lendacky@amd.com\u003e\nMessage-Id: \u003cb57280b5562893e2616257ac9c2d4525a9aeeb42.1638471124.git.thomas.lendacky@amd.com\u003e\nSigned-off-by: Paolo Bonzini \u003cpbonzini@redhat.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "2cef6c5a52c2a71a550393c78111dfd3242f47d1", "old_mode": 33188, "old_path": "arch/x86/include/asm/sev-common.h", "new_id": "6acaf5af0a3d0657ed48b876c95ef0ad73358c71", "new_mode": 33188, "new_path": "arch/x86/include/asm/sev-common.h" }, { "type": "modify", "old_id": "94bde57df72e4908e1dafb60bce9af646c2b85c1", "old_mode": 33188, "old_path": "arch/x86/kvm/svm/sev.c", "new_id": "7656a2c5662a68425716469b4f94cb164368cb01", "new_mode": 33188, "new_path": "arch/x86/kvm/svm/sev.c" } ] }