| Message ID | 20221025124741.228045-1-mlevitsk@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | SMM emulation and interrupt shadow fixes | expand |
On 10/25/22 14:47, Maxim Levitsky wrote: > This patch series is a result of long debug work to find out why > sometimes guests with win11 secure boot > were failing during boot. > > During writing a unit test I found another bug, turns out > that on rsm emulation, if the rsm instruction was done in real > or 32 bit mode, KVM would truncate the restored RIP to 32 bit. > > I also refactored the way we write SMRAM so it is easier > now to understand what is going on. > > The main bug in this series which I fixed is that we > allowed #SMI to happen during the STI interrupt shadow, > and we did nothing to both reset it on #SMI handler > entry and restore it on RSM. I have now sent out the final/new version of the first 8 patches and will review these tomorrow. Thanks for your patience. :) Paolo
On Thu, 2022-10-27 at 18:49 +0200, Paolo Bonzini wrote: > On 10/25/22 14:47, Maxim Levitsky wrote: > > This patch series is a result of long debug work to find out why > > sometimes guests with win11 secure boot > > were failing during boot. > > > > During writing a unit test I found another bug, turns out > > that on rsm emulation, if the rsm instruction was done in real > > or 32 bit mode, KVM would truncate the restored RIP to 32 bit. > > > > I also refactored the way we write SMRAM so it is easier > > now to understand what is going on. > > > > The main bug in this series which I fixed is that we > > allowed #SMI to happen during the STI interrupt shadow, > > and we did nothing to both reset it on #SMI handler > > entry and restore it on RSM. > > I have now sent out the final/new version of the first 8 patches and > will review these tomorrow. Thanks for your patience. :) > > Paolo > Thank you very much!! Best regards, Maxim Levitsky
On 10/27/22 19:06, Maxim Levitsky wrote: > On Thu, 2022-10-27 at 18:49 +0200, Paolo Bonzini wrote: >> On 10/25/22 14:47, Maxim Levitsky wrote: >>> This patch series is a result of long debug work to find out why >>> sometimes guests with win11 secure boot >>> were failing during boot. >>> >>> During writing a unit test I found another bug, turns out >>> that on rsm emulation, if the rsm instruction was done in real >>> or 32 bit mode, KVM would truncate the restored RIP to 32 bit. >>> >>> I also refactored the way we write SMRAM so it is easier >>> now to understand what is going on. >>> >>> The main bug in this series which I fixed is that we >>> allowed #SMI to happen during the STI interrupt shadow, >>> and we did nothing to both reset it on #SMI handler >>> entry and restore it on RSM. >> >> I have now sent out the final/new version of the first 8 patches and >> will review these tomorrow. Thanks for your patience. :) >> >> Paolo >> > Thank you very much!! Queued, thanks. Note that some emulator patches should go in stable releases so I have reordered them in front. Paolo
On Fri, Oct 28, 2022, Paolo Bonzini wrote: > On 10/27/22 19:06, Maxim Levitsky wrote: > > On Thu, 2022-10-27 at 18:49 +0200, Paolo Bonzini wrote: > > > On 10/25/22 14:47, Maxim Levitsky wrote: > > > > This patch series is a result of long debug work to find out why > > > > sometimes guests with win11 secure boot > > > > were failing during boot. > > > > > > > > During writing a unit test I found another bug, turns out > > > > that on rsm emulation, if the rsm instruction was done in real > > > > or 32 bit mode, KVM would truncate the restored RIP to 32 bit. > > > > > > > > I also refactored the way we write SMRAM so it is easier > > > > now to understand what is going on. > > > > > > > > The main bug in this series which I fixed is that we > > > > allowed #SMI to happen during the STI interrupt shadow, > > > > and we did nothing to both reset it on #SMI handler > > > > entry and restore it on RSM. > > > > > > I have now sent out the final/new version of the first 8 patches and > > > will review these tomorrow. Thanks for your patience. :) > > > > > > Paolo > > > > > Thank you very much!! > > Queued, thanks. Note that some emulator patches should go in stable > releases so I have reordered them in front. Can you fix patch 04 (also patch 04 in your series[*]) before pushing to kvm/queue? The unused variable breaks CONFIG_KVM_WERROR=y builds. arch/x86/kvm/smm.c: In function ‘emulator_leave_smm’: arch/x86/kvm/smm.c:567:33: error: unused variable ‘efer’ [-Werror=unused-variable] 567 | unsigned long cr0, cr4, efer; | ^~~~ arch/x86/kvm/smm.c:567:28: error: unused variable ‘cr4’ [-Werror=unused-variable] 567 | unsigned long cr0, cr4, efer; | [*] https://lore.kernel.org/all/Y1xNso2nYZkSSZ0T@google.com
This patch series is a result of long debug work to find out why sometimes guests with win11 secure boot were failing during boot. During writing a unit test I found another bug, turns out that on rsm emulation, if the rsm instruction was done in real or 32 bit mode, KVM would truncate the restored RIP to 32 bit. I also refactored the way we write SMRAM so it is easier now to understand what is going on. The main bug in this series which I fixed is that we allowed #SMI to happen during the STI interrupt shadow, and we did nothing to both reset it on #SMI handler entry and restore it on RSM. V4: - rebased on top of patch series from Paolo which allows smm support to be disabled by Kconfig option. - addressed review feedback. I included these patches in the series for reference. Best regards, Maxim Levitsky Maxim Levitsky (15): bug: introduce ASSERT_STRUCT_OFFSET KVM: x86: emulator: em_sysexit should update ctxt->mode KVM: x86: emulator: introduce emulator_recalc_and_set_mode KVM: x86: emulator: update the emulation mode after rsm KVM: x86: emulator: update the emulation mode after CR0 write KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format KVM: x86: smm: check for failures on smm entry KVM: x86: smm: add structs for KVM's smram layout KVM: x86: smm: use smram structs in the common code KVM: x86: smm: use smram struct for 32 bit smram load/restore KVM: x86: smm: use smram struct for 64 bit smram load/restore KVM: svm: drop explicit return value of kvm_vcpu_map KVM: x86: SVM: use smram structs KVM: x86: SVM: don't save SVM state to SMRAM when VM is not long mode capable KVM: x86: smm: preserve interrupt shadow in SMRAM Paolo Bonzini (8): KVM: x86: start moving SMM-related functions to new files KVM: x86: move SMM entry to a new file KVM: x86: move SMM exit to a new file KVM: x86: do not go through ctxt->ops when emulating rsm KVM: allow compiling out SMM support KVM: x86: compile out vendor-specific code if SMM is disabled KVM: x86: remove SMRAM address space if SMM is not supported KVM: x86: do not define KVM_REQ_SMI if SMM disabled arch/x86/include/asm/kvm-x86-ops.h | 2 + arch/x86/include/asm/kvm_host.h | 29 +- arch/x86/kvm/Kconfig | 11 + arch/x86/kvm/Makefile | 1 + arch/x86/kvm/emulate.c | 458 +++---------- arch/x86/kvm/kvm_cache_regs.h | 5 - arch/x86/kvm/kvm_emulate.h | 47 +- arch/x86/kvm/lapic.c | 14 +- arch/x86/kvm/lapic.h | 7 +- arch/x86/kvm/mmu/mmu.c | 1 + arch/x86/kvm/smm.c | 637 ++++++++++++++++++ arch/x86/kvm/smm.h | 160 +++++ arch/x86/kvm/svm/nested.c | 3 + arch/x86/kvm/svm/svm.c | 43 +- arch/x86/kvm/vmx/nested.c | 1 + arch/x86/kvm/vmx/vmcs12.h | 5 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/x86.c | 353 +--------- include/linux/build_bug.h | 9 + tools/testing/selftests/kvm/x86_64/smm_test.c | 2 + 20 files changed, 1031 insertions(+), 768 deletions(-) create mode 100644 arch/x86/kvm/smm.c create mode 100644 arch/x86/kvm/smm.h