Re: [PATCH 03/28] KVM: nSVM: inject exceptions via svm_check_nested_events

[Paolo Bonzini]

On 06/03/21 02:39, Sean Christopherson wrote:
> Unless KVM (L0) knowingly wants to override L1, e.g. KVM_GUESTDBG_* cases, KVM
> shouldn't do a damn thing except forward the exception to L1 if L1 wants the
> exception.
>
> ud_interception() and gp_interception() do quite a bit before forwarding the
> exception, and in the case of #UD, it's entirely possible the #UD will never get
> forwarded to L1.  #GP is even more problematic because it's a contributory
> exception, and kvm_multiple_exception() is not equipped to check and handle
> nested intercepts before vectoring the exception, which means KVM will
> incorrectly escalate a #GP->#DF and #GP->#DF->Triple Fault instead of exiting
> to L1.  That's a wee bit problematic since KVM also has a soon-to-be-fixed bug
> where it kills L1 on a Triple Fault in L2...

I agree with the #GP problem, but this is on purpose.  For example, if 
L1 CPUID has MOVBE and it is being emulated via #UD, L1 would be right 
to set MOVBE in L2's CPUID and expect it not to cause a #UD.  The same 
is true for the VMware #GP interception case.

Maxim is also working on this, the root cause is that 
kvm_multiple_exception()'s escalation of contributory exceptions to #DF 
and triple fault is incorrect in the case of nested virtualization.

Paolo