Re: [PATCH 0/9] KVM: SVM: Fix and clean up "can emulate" mess

From: Liam Merwick
Date: Fri Jan 21 2022 - 03:31:28 EST

Next message: Zhang Qiao: "Re: [Question] set_cpus_allowed_ptr() call failed at cpuset_attach()"
Previous message: kernel test robot: "[RFC PATCH] virtio-crypto: virtio_crypto_rsa_do_req() can be static"
In reply to: Liam Merwick: "Re: [PATCH 0/9] KVM: SVM: Fix and clean up "can emulate" mess"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 20/01/2022 16:58, Liam Merwick wrote:

On 20/01/2022 01:07, Sean Christopherson wrote:

Revert an amusing/embarassing goof reported by Liam Merwick, where KVM
attempts to determine if RIP is backed by a valid memslot without first
translating RIP to its associated GPA/GFN. Fix the underlying bug that
was "fixed" by the misguided memslots check by (a) never rejecting
emulation for !SEV guests and (b) using the #NPF error code to determine
if the fault happened on the code fetch or on guest page tables, which is
effectively what the memslots check attempted to do.

Further clean up, harden, and document SVM's "can emulate" helper, and
fix a #GP interception SEV bug found in the process of doing so.

FYI: I've applied all 9 commits to a 5.15 based branch (applied cleanly)
and the 3 stable candidates to a 5.4 based branch (applied with minor
contextual conflicts) and have been running my SEV test case (sysbench)
and kvm-unit-tests without issues for a number of hours now.

Tested-by: Liam Merwick <liam.merwick@xxxxxxxxxx>

Sean Christopherson (9):
   KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
   Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
   KVM: SVM: Don't intercept #GP for SEV guests
   KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support
   KVM: x86: Pass emulation type to can_emulate_instruction()
   KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests
   KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn
     buffer
   KVM: SVM: Don't apply SEV+SMAP workaround on code fetch or PT access
   KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode

arch/x86/include/asm/kvm_host.h |   3 +-
arch/x86/kvm/svm/sev.c          |   9 +-
arch/x86/kvm/svm/svm.c          | 162 ++++++++++++++++++++++----------
arch/x86/kvm/vmx/vmx.c          |   7 +-
arch/x86/kvm/x86.c              | 11 ++-
virt/kvm/kvm_main.c             |   1 -
6 files changed, 135 insertions(+), 58 deletions(-)

base-commit: edb9e50dbe18394d0fc9d0494f5b6046fc912d33

Next message: Zhang Qiao: "Re: [Question] set_cpus_allowed_ptr() call failed at cpuset_attach()"
Previous message: kernel test robot: "[RFC PATCH] virtio-crypto: virtio_crypto_rsa_do_req() can be static"
In reply to: Liam Merwick: "Re: [PATCH 0/9] KVM: SVM: Fix and clean up "can emulate" mess"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]