arch/x86/kvm/svm/sev.c | 98 ++++++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 80 +++++++++++++++++++++++++++++++++- arch/x86/kvm/svm/svm.h | 11 +++++ 3 files changed, 187 insertions(+), 2 deletions(-)
This series adds support for decrypting an SEV-ES/SEV-SNP VMSA in
dump_vmcb() when the guest policy allows debugging.
It also contains some updates to dump_vmcb() to dump additional guest
register state, print the type of guest, print the vCPU id, and adds a
mutex to prevent interleaving of the dump_vmcb() messages when multiple
vCPU threads call dump_vmcb(). These last patches can be dropped if not
desired.
The series is based off of and tested against the KVM tree:
https://git.kernel.org/pub/scm/virt/kvm/kvm.git next
e335300095c3 ("Merge tag 'loongarch-kvm-6.15' of git://git...")
Tom Lendacky (5):
KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled
KVM: SVM: Dump guest register state in dump_vmcb()
KVM: SVM: Add the type of VM for which the VMCB/VMSA is being dumped
KVM: SVM: Include the vCPU ID when dumping a VMCB
KVM: SVM: Add a mutex to dump_vmcb() to prevent concurrent output
arch/x86/kvm/svm/sev.c | 98 ++++++++++++++++++++++++++++++++++++++++++
arch/x86/kvm/svm/svm.c | 80 +++++++++++++++++++++++++++++++++-
arch/x86/kvm/svm/svm.h | 11 +++++
3 files changed, 187 insertions(+), 2 deletions(-)
base-commit: e335300095c370149aada9783df2d7bf5b0db7c7
--
2.46.2
On Thu, 20 Mar 2025 08:26:48 -0500, Tom Lendacky wrote:
> This series adds support for decrypting an SEV-ES/SEV-SNP VMSA in
> dump_vmcb() when the guest policy allows debugging.
>
> It also contains some updates to dump_vmcb() to dump additional guest
> register state, print the type of guest, print the vCPU id, and adds a
> mutex to prevent interleaving of the dump_vmcb() messages when multiple
> vCPU threads call dump_vmcb(). These last patches can be dropped if not
> desired.
>
> [...]
Applied to kvm-x86 svm, with Tom's fixups. Please double check I didn't botch
those, the last few days have been a never ending comedy of errors on my end.
Thanks!
[1/5] KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled
https://github.com/kvm-x86/linux/commit/962e2b6152ef
[2/5] KVM: SVM: Dump guest register state in dump_vmcb()
https://github.com/kvm-x86/linux/commit/22f5c2003a18
[3/5] KVM: SVM: Add the type of VM for which the VMCB/VMSA is being dumped
https://github.com/kvm-x86/linux/commit/db2645096105
[4/5] KVM: SVM: Include the vCPU ID when dumping a VMCB
https://github.com/kvm-x86/linux/commit/0e6b677de730
[5/5] KVM: SVM: Add a mutex to dump_vmcb() to prevent concurrent output
https://github.com/kvm-x86/linux/commit/468c27ae0215
--
https://github.com/kvm-x86/linux/tree/next
On 4/25/25 18:23, Sean Christopherson wrote: > On Thu, 20 Mar 2025 08:26:48 -0500, Tom Lendacky wrote: >> This series adds support for decrypting an SEV-ES/SEV-SNP VMSA in >> dump_vmcb() when the guest policy allows debugging. >> >> It also contains some updates to dump_vmcb() to dump additional guest >> register state, print the type of guest, print the vCPU id, and adds a >> mutex to prevent interleaving of the dump_vmcb() messages when multiple >> vCPU threads call dump_vmcb(). These last patches can be dropped if not >> desired. >> >> [...] > > Applied to kvm-x86 svm, with Tom's fixups. Please double check I didn't botch > those, the last few days have been a never ending comedy of errors on my end. Everything looks good. Thanks! Tom > > Thanks! > > [1/5] KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled > https://github.com/kvm-x86/linux/commit/962e2b6152ef > [2/5] KVM: SVM: Dump guest register state in dump_vmcb() > https://github.com/kvm-x86/linux/commit/22f5c2003a18 > [3/5] KVM: SVM: Add the type of VM for which the VMCB/VMSA is being dumped > https://github.com/kvm-x86/linux/commit/db2645096105 > [4/5] KVM: SVM: Include the vCPU ID when dumping a VMCB > https://github.com/kvm-x86/linux/commit/0e6b677de730 > [5/5] KVM: SVM: Add a mutex to dump_vmcb() to prevent concurrent output > https://github.com/kvm-x86/linux/commit/468c27ae0215 > > -- > https://github.com/kvm-x86/linux/tree/next
On Thu, Mar 20, 2025 at 08:26:48AM -0500, Tom Lendacky wrote:
> This series adds support for decrypting an SEV-ES/SEV-SNP VMSA in
> dump_vmcb() when the guest policy allows debugging.
I would really really love to have that so
Acked-by: Borislav Petkov (AMD) <bp@alien8.de>
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On 3/20/25 9:17 AM, Borislav Petkov wrote: > On Thu, Mar 20, 2025 at 08:26:48AM -0500, Tom Lendacky wrote: >> This series adds support for decrypting an SEV-ES/SEV-SNP VMSA in >> dump_vmcb() when the guest policy allows debugging. > > I would really really love to have that so > > Acked-by: Borislav Petkov (AMD) <bp@alien8.de> Me too. Tested-by: Kim Phillips <kim.phillips@amd.com> Thanks, Kim kvm_amd: SEV-SNP vCPU1 VMCB 00000000759a48a5, last attempted VMRUN on CPU 7 kvm_amd: VMCB Control Area: kvm_amd: cr_read: 0000 kvm_amd: cr_write: 0000 kvm_amd: dr_read: 0080 kvm_amd: dr_write: 0080 kvm_amd: exceptions: 00060002 kvm_amd: intercepts: bccc8007 0111ce43 kvm_amd: pause filter count: 3000 kvm_amd: pause filter threshold:128 kvm_amd: iopm_base_pa: 0000000148e44000 kvm_amd: msrpm_base_pa: 0000000276e3e000 kvm_amd: tsc_offset: ffff6b01ea8aa6f6 kvm_amd: asid: 3 kvm_amd: tlb_ctl: 0 kvm_amd: int_ctl: 07000200 kvm_amd: int_vector: 00000000 kvm_amd: int_state: 00000000 kvm_amd: exit_code: ffffffff kvm_amd: exit_info1: 0000000000000000 kvm_amd: exit_info2: 0000000000000000 kvm_amd: exit_int_info: 00000000 kvm_amd: exit_int_info_err: 00000000 kvm_amd: nested_ctl: 7 kvm_amd: nested_cr3: 000000022fc06000 kvm_amd: avic_vapic_bar: 0000000000000000 kvm_amd: ghcb: 00000000bfeda000 kvm_amd: event_inj: 00000000 kvm_amd: event_inj_err: 00000000 kvm_amd: virt_ext: 3 kvm_amd: next_rip: 0000000000000000 kvm_amd: avic_backing_page: 0000000000000000 kvm_amd: avic_logical_id: 0000000000000000 kvm_amd: avic_physical_id: 0000000000000000 kvm_amd: vmsa_pa: 00000005d35c0000 kvm_amd: allowed_sev_features:8000000000000001 kvm_amd: guest_sev_features: 0000000000000081 kvm_amd: VMCB State Save Area: kvm_amd: es: s: 0000 a: 0092 l: 0000ffff b: 0000000000000000 kvm_amd: cs: s: 9900 a: 009a l: 0000ffff b: 0000000000099000 kvm_amd: ss: s: 0000 a: 0092 l: 0000ffff b: 0000000000000000 kvm_amd: ds: s: 0000 a: 0092 l: 0000ffff b: 0000000000000000 kvm_amd: fs: s: 0000 a: 0092 l: 0000ffff b: 0000000000000000 kvm_amd: gs: s: 0000 a: 0092 l: 0000ffff b: 0000000000000000 kvm_amd: gdtr: s: 0000 a: 0000 l: 0000ffff b: 0000000000000000 kvm_amd: ldtr: s: 0000 a: 0082 l: 0000ffff b: 0000000000000000 kvm_amd: idtr: s: 0000 a: 0000 l: 0000ffff b: 0000000000000000 kvm_amd: tr: s: 0000 a: 0083 l: 0000ffff b: 0000000000000000 kvm_amd: vmpl: 0 cpl: 0 efer: 0000000000001000 kvm_amd: cr0: 0000000060000010 cr2: 0000000000000000 kvm_amd: cr3: 0000000000000000 cr4: 0000000000000040 kvm_amd: dr6: 00000000ffff0ff0 dr7: 0000000000000400 kvm_amd: rip: 0000000000000050 rflags: 0000000000000002 kvm_amd: rsp: 0000000000000000 rax: 0000000000000000 kvm_amd: star: 0000000000000000 lstar: 0000000000000000 kvm_amd: cstar: 0000000000000000 sfmask: 0000000000000000 kvm_amd: kernel_gs_base: 0000000000000000 sysenter_cs: 0000000000000000 kvm_amd: sysenter_esp: 0000000000000000 sysenter_eip: 0000000000000000 kvm_amd: gpat: 0007040600070406 dbgctl: 0000000000000000 kvm_amd: br_from: 0000000000000000 br_to: 0000000000000000 kvm_amd: excp_from: 0000000000000000 excp_to: 0000000000000000 kvm_amd: sev_features 0000000000000081 kvm_amd: rax: 0000000000000000 rbx: 0000000000000000 kvm_amd: rcx: 0000000000000000 rdx: 0000000000000000 kvm_amd: rsi: 0000000000000000 rdi: 0000000000000000 kvm_amd: rbp: 0000000000000000 rsp: 0000000000000000 kvm_amd: r8: 0000000000000000 r9: 0000000000000000 kvm_amd: r10: 0000000000000000 r11: 0000000000000000 kvm_amd: r12: 0000000000000000 r13: 0000000000000000 kvm_amd: r14: 0000000000000000 r15: 0000000000000000 kvm_amd: xcr0: 0000000000000001 xss: 0000000000000000
© 2016 - 2025 Red Hat, Inc.