| Message ID | 20220120010719.711476-7-seanjc@google.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: SVM: Fix and clean up "can emulate" mess | expand |
On 20/01/2022 01:07, Sean Christopherson wrote: > WARN if KVM attempts to emulate in response to #UD or #GP for SEV guests, > i.e. if KVM intercepts #UD or #GP, as emulation on any fault except #NPF > is impossible since KVM cannot read guest private memory to get the code > stream, and the CPU's DecodeAssists feature only provides the instruction > bytes on #NPF. > > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > arch/x86/kvm/svm/svm.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > index 994224ae2731..ed2ca875b84b 100644 > --- a/arch/x86/kvm/svm/svm.c > +++ b/arch/x86/kvm/svm/svm.c > @@ -4267,6 +4267,9 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, > if (!sev_guest(vcpu->kvm)) > return true; > > + /* #UD and #GP should never be intercepted for SEV guests. */ > + WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP)); What about EMULTYPE_TRAP_UD_FORCED? Otherwise Reviewed-by: Liam Merwick <liam.merwick@oracle.com> > + > /* > * Emulation is impossible for SEV-ES guests as KVM doesn't have access > * to guest register state.
On Thu, Jan 20, 2022, Liam Merwick wrote: > On 20/01/2022 01:07, Sean Christopherson wrote: > > WARN if KVM attempts to emulate in response to #UD or #GP for SEV guests, > > i.e. if KVM intercepts #UD or #GP, as emulation on any fault except #NPF > > is impossible since KVM cannot read guest private memory to get the code > > stream, and the CPU's DecodeAssists feature only provides the instruction > > bytes on #NPF. > > > > Signed-off-by: Sean Christopherson <seanjc@google.com> > > --- > > arch/x86/kvm/svm/svm.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > > index 994224ae2731..ed2ca875b84b 100644 > > --- a/arch/x86/kvm/svm/svm.c > > +++ b/arch/x86/kvm/svm/svm.c > > @@ -4267,6 +4267,9 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, > > if (!sev_guest(vcpu->kvm)) > > return true; > > + /* #UD and #GP should never be intercepted for SEV guests. */ > > + WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP)); > > What about EMULTYPE_TRAP_UD_FORCED? Hmm, yeah, it's worth adding, there's no additional cost. I was thinking it was a modifier to EMULTYPE_TRAP_UD, but it's a replacement specifically to bypass the EmulateOnUD check (which I should have remembered since I added the type...).
On 1/20/22 18:04, Sean Christopherson wrote: >>> + WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP)); >> What about EMULTYPE_TRAP_UD_FORCED? > Hmm, yeah, it's worth adding, there's no additional cost. I was thinking it was > a modifier to EMULTYPE_TRAP_UD, but it's a replacement specifically to bypass > the EmulateOnUD check (which I should have remembered since I added the type...). > Added on top: diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d5fe71862bcb..85bbfba1fa07 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4269,7 +4269,9 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, return true; /* #UD and #GP should never be intercepted for SEV guests. */ - WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP)); + WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | + EMULTYPE_TRAP_UD_FORCED | + EMULTYPE_VMWARE_GP)); /* * Emulation is impossible for SEV-ES guests as KVM doesn't have access Paolo
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 994224ae2731..ed2ca875b84b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4267,6 +4267,9 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, if (!sev_guest(vcpu->kvm)) return true; + /* #UD and #GP should never be intercepted for SEV guests. */ + WARN_ON_ONCE(emul_type & (EMULTYPE_TRAP_UD | EMULTYPE_VMWARE_GP)); + /* * Emulation is impossible for SEV-ES guests as KVM doesn't have access * to guest register state.
WARN if KVM attempts to emulate in response to #UD or #GP for SEV guests, i.e. if KVM intercepts #UD or #GP, as emulation on any fault except #NPF is impossible since KVM cannot read guest private memory to get the code stream, and the CPU's DecodeAssists feature only provides the instruction bytes on #NPF. Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/svm/svm.c | 3 +++ 1 file changed, 3 insertions(+)