Closed Icegrave0391 closed 3 months ago
Hi, I would like to disable trapping CR0 write in SEV-ES.
Host-OS: Linux-5.14-rc2 SEV-ES Guest-OS: Linux-6.6.0
I found the svm_set_intercept(svm, TRAP_CR0_WRITE); in kvm/svm/sev.c: sev_es_init_vmcb():
svm_set_intercept(svm, TRAP_CR0_WRITE);
kvm/svm/sev.c: sev_es_init_vmcb()
void sev_es_init_vmcb(struct vcpu_svm *svm) { ... /* Can't intercept CR register access, HV can't modify CR registers */ svm_clr_intercept(svm, INTERCEPT_CR0_READ); svm_clr_intercept(svm, INTERCEPT_CR0_WRITE); svm_clr_intercept(svm, INTERCEPT_SELECTIVE_CR0); /* Track EFER/CR register changes */ svm_set_intercept(svm, TRAP_EFER_WRITE); svm_set_intercept(svm, TRAP_CR0_WRITE); svm_set_intercept(svm, TRAP_CR4_WRITE); svm_set_intercept(svm, TRAP_CR8_WRITE); ... }
I tried to disable this using svm_clr_intercept. However, during booting, the kernel will crash non-deterministically:
svm_clr_intercept
[ 7.169427] BUG: unable to handle page fault for address: 0000563e16d10000 [ 7.170540] #PF: supervisor read access in user mode [ 7.171208] #PF: error_code(0x0000) - not-present page [ 7.171884] IDT: 0xfffffe0000000000 (limit=0xfff) GDT: 0xfffffe0000001000 (limit=0x7f) [ 7.172935] LDTR: NULL [ 7.173259] TR: 0x40 -- base=0xfffffe0000003000 limit=0x4087 [ 7.174023] PGD 8000181351067 P4D 8000181351067 PUD 8000181b0d067 PMD 800018179f067 PTE 0 [ 7.175106] Oops: 0000 [#6] SMP NOPTI [ 7.175625] CPU: 0 PID: 482 Comm: snap Tainted: G D 6.6.0 #17 [ 7.176623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 7.177662] RIP: 0033:0x563e15ef3461 [ 7.178163] Code: c3 0f 1f 84 00 00 00 00 00 48 39 f3 0f 8d e0 01 00 00 8b 3c da 4c 8d 43 01 4c 39 c1 0f 86 d4 05 00 00 4c 8d 0c da 4d 8d 49 08 <41> 39 39 73 cf 48 8bf [ 7.180598] RSP: 002b:00007fff5789ff90 EFLAGS: 00010202 [ 7.181289] RAX: 0000563e16e9bb40 RBX: 00000000000014df RCX: 0000000000004306 [ 7.182230] RDX: 0000563e16d05900 RSI: 0000000000004305 RDI: 0000000000212ee0 [ 7.183169] RBP: 00007fff578a0080 R08: 00000000000014e0 R09: 0000563e16d10000 [ 7.184107] R10: 0000000000000000 R11: 0000000000000206 R12: 00007fff578a0010 [ 7.185050] R13: 0000fffffffffff6 R14: 0000563e16ee1ac0 R15: 00007fff5789fbc0 [ 7.185990] FS: 00007f113a3b7740 GS: 0000000000000000 [ 7.186697] CR2: 0000563e16d10000 [ 7.187150] ---[ end trace 0000000000000000 ]--- [ 7.187766] RIP: 0033:0x7f4a5c52848e [ 7.188246] RSP: 002b:00007ffdd89c06e0 EFLAGS: 00010213 [ 7.188962] RAX: 0000000000000000 RBX: 00005565a6534400 RCX: 00000000000001e1 [ 7.189901] RDX: 00005565a654c6c0 RSI: 0000000000001e10 RDI: 0000000000000000 [ 7.190849] RBP: 00007ffdd89c0760 R08: 0000000000000000 R09: 00005565a6534400 [ 7.191794] R10: 00007ffdd89c0770 R11: 0000000000000000 R12: 00007ffdd89c0758 [ 7.192786] R13: 00005565a6534400 R14: 00005565a6662860 R15: 00007ffdd89c0760 [ 7.193726] FS: 00007f113a3b7740(0000) GS:ffff88846fc00000(0000) knlGS:0000000000000000 [ 7.194784] CS: 0033 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.195549] CR2: 0000563e16d10000 CR3: 000800018241e000 CR4: 00000000003506f0 [ 7.196513] note: snap[482] exited with irqs disabled [ 7.239403] BUG: unable to handle page fault for address: 00005565a656dbe8 [ 7.240506] #PF: supervisor read access in user mode [ 7.241168] #PF: error_code(0x0000) - not-present page [ 7.241837] IDT: 0xfffffe0000000000 (limit=0xfff) GDT: 0xfffffe0000001000 (limit=0x7f) [ 7.242869] LDTR: NULL [ 7.243184] TR: 0x40 -- base=0xfffffe0000003000 limit=0x4087 [ 7.243919] PGD 80001816c2067 P4D 80001816c2067 PUD 80001839c6067 PMD 800018444d067 PTE 84080001879be025 [ 7.245194] Oops: 0000 [#7] SMP NOPTI [ 7.245713] CPU: 0 PID: 484 Comm: (d-logind) Tainted: G D 6.6.0 #17 [ 7.246711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 [ 7.247733] RIP: 0033:0x7f4a5c52848e [ 7.248223] Code: 0f af d3 48 39 1c 16 0f 85 cd 00 00 00 41 8b 51 24 e9 23 ff ff ff 66 0f 1f 44 00 00 8b 77 28 e8 88 da ff ff 41 89 02 41 89 c0 <41> 89 41 28 e9 7c fff [ 7.250632] RSP: 002b:00007ffdd89c06e0 EFLAGS: 00010217 [ 7.251312] RAX: 0000000000000000 RBX: 00005565a656dbc0 RCX: 00000000000001e1 [ 7.252240] RDX: 00005565a65b6540 RSI: 0000000000001e10 RDI: 0000000000000000 [ 7.253170] RBP: 00007ffdd89c0760 R08: 0000000000000000 R09: 00005565a656dbc0 [ 7.254097] R10: 00007ffdd89c0770 R11: 0000000000000000 R12: 00007ffdd89c0758 [ 7.255029] R13: 00005565a656dbc0 R14: 00005565a6661fe0 R15: 00007ffdd89c0760 [ 7.255956] FS: 00007f4a5b8d1400 GS: 0000000000000000 [ 7.256657] CR2: 00005565a656dbe8 [ 7.257104] ---[ end trace 0000000000000000 ]--- [ 7.257713] RIP: 0033:0x7f4a5c52848e [ 7.258184] RSP: 002b:00007ffdd89c06e0 EFLAGS: 00010213 [ 7.258865] RAX: 0000000000000000 RBX: 00005565a6534400 RCX: 00000000000001e1 [ 7.259789] RDX: 00005565a654c6c0 RSI: 0000000000001e10 RDI: 0000000000000000 [ 7.260762] RBP: 00007ffdd89c0760 R08: 0000000000000000 R09: 00005565a6534400 [ 7.261685] R10: 00007ffdd89c0770 R11: 0000000000000000 R12: 00007ffdd89c0758 [ 7.262608] R13: 00005565a6534400 R14: 00005565a6662860 R15: 00007ffdd89c0760 [ 7.263527] FS: 00007f4a5b8d1400(0000) GS:ffff88846fc00000(0000) knlGS:0000000000000000 [ 7.264582] CS: 0033 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.265320] CR2: 00005565a656dbe8 CR3: 000800018388a000 CR4: 00000000003506f0
Are there any suggestions?
Hi, I would like to disable trapping CR0 write in SEV-ES.
Host-OS: Linux-5.14-rc2 SEV-ES Guest-OS: Linux-6.6.0
I found the
svm_set_intercept(svm, TRAP_CR0_WRITE);
inkvm/svm/sev.c: sev_es_init_vmcb()
:I tried to disable this using
svm_clr_intercept
. However, during booting, the kernel will crash non-deterministically:Are there any suggestions?