The GHCB specification recommends that SNP guest requests should be
rate limited. Add a kernel module parameter to ensure a system-wide
lower bound rate limit on a per-VM scale for all new VMs. Note that
this does not preclude the addition of a new KVM exit type for SEV-SNP
guest requests for userspace to impose any additional throttling logic.
The AMD-SP is a global resource that must be shared across VMs, so
its time should be multiplexed across VMs fairly. It is the
responsibility of the VMM to ensure all SEV-SNP VMs have a rate limit
set such that the collective set of VMs on the machine have a rate of
access that does not exceed the device's capacity.
The sev-guest device already respects the SNP_GUEST_VMM_ERR_BUSY
result code, so utilize that result to cause the guest to retry after
waiting momentarily.
Changes since v5:
* Reverted the KVM command for setting the rate limit in favor of
the module parameter solution. The default is no rate-limiting
to maintain existing behavior.
Changes since v4:
* Fixed build failure caused by rebase.
* Added ratelimit.h include.
* Added rate bounds checking to stay within ratelimit types.
Changes since v3:
* Rebased on master, changed module parameter to mem_enc_ioctl
command. Changed commit descriptions. Much time has passed.
Changes since v2:
* Rebased on v7, changed "we" wording to passive voice.
Changes since v1:
* Added missing Ccs to patches.
Dionna Glaze (2):
kvm: sev: Add SEV-SNP guest request throttling
kvm: sev: If ccp is busy, report busy to guest
arch/x86/kvm/svm/sev.c | 22 ++++++++++++++++++++++
arch/x86/kvm/svm/svm.h | 3 +++
2 files changed, 25 insertions(+)
--
2.50.0.rc0.642.g800a2b2222-goog
