1. Patchew
  2. linux
  3. [PATCH v4 0/2] kvm: sev: Add SNP guest request throttling
  4. View patch

[PATCH v4 2/2] The ccp driver can be overloaded even with guest request rate limits. The return value of -EBUSY means that there is no firmware error to report back to user space, so the guest VM would see this as exitinfo2 = 0. The false success can trick the guest to update its message sequence number when it shouldn't have.

Dionna Glaze posted 2 patches 9 months ago
There is a newer version of this series
[PATCH v4 2/2] The ccp driver can be overloaded even with guest request rate limits. The return value of -EBUSY means that there is no firmware error to report back to user space, so the guest VM would see this as exitinfo2 = 0. The false success can trick the guest to update its message sequence number when it shouldn't have.
Posted by Dionna Glaze 9 months ago 
Instead, when ccp returns -EBUSY, that is reported to userspace as the
throttling return value.

Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Peter Gonda <pgonda@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Sean Christopherson <seanjc@google.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 arch/x86/kvm/svm/sev.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index ddbfdce9dc18..5901a7f59f88 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4065,6 +4065,11 @@ static int snp_handle_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t resp_
 	 * the PSP is dead and commands are timing out.
 	 */
 	ret = sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &fw_err);
+	if (ret == -EBUSY) {
+		svm_vmgexit_no_action(svm, SNP_GUEST_ERR(SNP_GUEST_VMM_ERR_BUSY, fw_err));
+		ret = 1;
+		goto out_unlock;
+	}
 	if (ret && !fw_err)
 		goto out_unlock;
 
-- 
2.49.0.1045.g170613ef41-goog
Re: [PATCH v4 2/2] The ccp driver can be overloaded even with guest request rate limits. The return value of -EBUSY means that there is no firmware error to report back to user space, so the guest VM would see this as exitinfo2 = 0. The false success can trick the guest to update its message sequence number when it shouldn't have.
Posted by Dionna Amalie Glaze 9 months ago 
On Wed, May 14, 2025 at 11:42 AM Dionna Glaze <dionnaglaze@google.com> wrote:
>
> Instead, when ccp returns -EBUSY, that is reported to userspace as the
> throttling return value.
>

Ah, disregard this email. Globbed one too many patch files.


-- 
-Dionna Glaze, PhD, CISSP, CCSP (she/her)

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.