| Message ID | 20210302174515.2812275-1-seanjc@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM: x86: Emulate L2 triple fault without killing L1 | expand |
On Tue, Mar 02, 2021, Paolo Bonzini wrote: > On 02/03/21 18:45, Sean Christopherson wrote: > > If KVM (L0) intercepts #GP, but L1 does not, then L2 can kill L1 by > > triggering triple fault. On both VMX and SVM, if the CPU hits a fault > > while vectoring an injected #DF (or I supposed any #DF), any intercept > > from the hypervisor takes priority over triple fault. #PF is unlikely to > > be intercepted by L0 but not L1. The bigger problem is #GP, which is > > intercepted on both VMX and SVM if enable_vmware_backdoor=1, and is also > > now intercepted for the lovely VMRUN/VMLOAD/VMSAVE errata. > > > > Based on kvm/queue, commit fe5f0041c026 ("KVM/SVM: Move vmenter.S exception > > fixups out of line"). x86.c and svm/nested.c conflict with kvm/master. > > They are minor and straighforward, but let me know if you want me to post > > a version based on kvm/master for easier inclusion into 5.12. > > I think it would be too intrusive. Let's stick this in 5.13 only. Hmm, agreed, especially since most of the paths are not properly tested. In that case, probably best to also drop stable@kernel.org?
On 02/03/21 18:45, Sean Christopherson wrote: > If KVM (L0) intercepts #GP, but L1 does not, then L2 can kill L1 by > triggering triple fault. On both VMX and SVM, if the CPU hits a fault > while vectoring an injected #DF (or I supposed any #DF), any intercept > from the hypervisor takes priority over triple fault. #PF is unlikely to > be intercepted by L0 but not L1. The bigger problem is #GP, which is > intercepted on both VMX and SVM if enable_vmware_backdoor=1, and is also > now intercepted for the lovely VMRUN/VMLOAD/VMSAVE errata. > > Based on kvm/queue, commit fe5f0041c026 ("KVM/SVM: Move vmenter.S exception > fixups out of line"). x86.c and svm/nested.c conflict with kvm/master. > They are minor and straighforward, but let me know if you want me to post > a version based on kvm/master for easier inclusion into 5.12. > > Sean Christopherson (2): > KVM: x86: Handle triple fault in L2 without killing L1 > KVM: nSVM: Add helper to synthesize nested VM-Exit without collateral > > arch/x86/include/asm/kvm_host.h | 1 + > arch/x86/kvm/lapic.c | 2 +- > arch/x86/kvm/svm/nested.c | 57 ++++++++------------------------- > arch/x86/kvm/svm/svm.c | 6 +--- > arch/x86/kvm/svm/svm.h | 9 ++++++ > arch/x86/kvm/vmx/nested.c | 9 ++++++ > arch/x86/kvm/x86.c | 29 +++++++++++++---- > arch/x86/kvm/x86.h | 2 ++ > 8 files changed, 60 insertions(+), 55 deletions(-) > Queued, thanks. Paolo
If KVM (L0) intercepts #GP, but L1 does not, then L2 can kill L1 by triggering triple fault. On both VMX and SVM, if the CPU hits a fault while vectoring an injected #DF (or I supposed any #DF), any intercept from the hypervisor takes priority over triple fault. #PF is unlikely to be intercepted by L0 but not L1. The bigger problem is #GP, which is intercepted on both VMX and SVM if enable_vmware_backdoor=1, and is also now intercepted for the lovely VMRUN/VMLOAD/VMSAVE errata. Based on kvm/queue, commit fe5f0041c026 ("KVM/SVM: Move vmenter.S exception fixups out of line"). x86.c and svm/nested.c conflict with kvm/master. They are minor and straighforward, but let me know if you want me to post a version based on kvm/master for easier inclusion into 5.12. Sean Christopherson (2): KVM: x86: Handle triple fault in L2 without killing L1 KVM: nSVM: Add helper to synthesize nested VM-Exit without collateral arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/lapic.c | 2 +- arch/x86/kvm/svm/nested.c | 57 ++++++++------------------------- arch/x86/kvm/svm/svm.c | 6 +--- arch/x86/kvm/svm/svm.h | 9 ++++++ arch/x86/kvm/vmx/nested.c | 9 ++++++ arch/x86/kvm/x86.c | 29 +++++++++++++---- arch/x86/kvm/x86.h | 2 ++ 8 files changed, 60 insertions(+), 55 deletions(-)