| Message ID | 20220120010719.711476-10-seanjc@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: SVM: Fix and clean up "can emulate" mess | expand |
On 20/01/2022 01:07, Sean Christopherson wrote: > Inject a #GP instead of synthesizing triple fault to try to avoid killing > the guest if emulation of an SEV guest fails due to encountering the SMAP > erratum. The injected #GP may still be fatal to the guest, e.g. if the > userspace process is providing critical functionality, but KVM should > make every attempt to keep the guest alive. > > Signed-off-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> > --- > arch/x86/kvm/svm/svm.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index a4b02a6217fd..88f5bbb0e6a1 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -4357,7 +4357,21 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, > is_user = svm_get_cpl(vcpu) == 3; > if (smap && (!smep || is_user)) { > pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n"); > - kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); > + > + /* > + * If the fault occurred in userspace, arbitrarily inject #GP > + * to avoid killing the guest and to hopefully avoid confusing > + * the guest kernel too much, e.g. injecting #PF would not be > + * coherent with respect to the guest's page tables. Request > + * triple fault if the fault occurred in the kernel as there's > + * no fault that KVM can inject without confusing the guest. > + * In practice, the triple fault is moot as no sane SEV kernel > + * will execute from user memory while also running with SMAP=1. > + */ > + if (is_user) > + kvm_inject_gp(vcpu, 0); > + else > + kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); > } > > resume_guest:
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index a4b02a6217fd..88f5bbb0e6a1 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4357,7 +4357,21 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, is_user = svm_get_cpl(vcpu) == 3; if (smap && (!smep || is_user)) { pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n"); - kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); + + /* + * If the fault occurred in userspace, arbitrarily inject #GP + * to avoid killing the guest and to hopefully avoid confusing + * the guest kernel too much, e.g. injecting #PF would not be + * coherent with respect to the guest's page tables. Request + * triple fault if the fault occurred in the kernel as there's + * no fault that KVM can inject without confusing the guest. + * In practice, the triple fault is moot as no sane SEV kernel + * will execute from user memory while also running with SMAP=1. + */ + if (is_user) + kvm_inject_gp(vcpu, 0); + else + kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); } resume_guest:
Inject a #GP instead of synthesizing triple fault to try to avoid killing the guest if emulation of an SEV guest fails due to encountering the SMAP erratum. The injected #GP may still be fatal to the guest, e.g. if the userspace process is providing critical functionality, but KVM should make every attempt to keep the guest alive. Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/svm/svm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)