* [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry
@ 2016-12-19 20:48 David Matlack
2016-12-20 3:15 ` Kyle Huey
0 siblings, 1 reply; 5+ messages in thread
From: David Matlack @ 2016-12-19 20:48 UTC (permalink / raw)
To: kvm; +Cc: pbonzini, rkrcmar, me, David Matlack
kvm_skip_emulated_instruction() should not be called after emulating
a VM-entry failure during or after loading guest state
(nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed
some number of bytes past vmcs->host_rip.
Fixes: eb2775621701e6ee3ea2a474437d04e93ccdcb2f
Signed-off-by: David Matlack <dmatlack@google.com>
---
arch/x86/kvm/vmx.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index c41d7ff..0e7ad72 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -10474,12 +10474,12 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
!nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)) {
nested_vmx_entry_failure(vcpu, vmcs12,
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
- goto out;
+ return 1;
}
if (vmcs12->vmcs_link_pointer != -1ull) {
nested_vmx_entry_failure(vcpu, vmcs12,
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_VMCS_LINK_PTR);
- goto out;
+ return 1;
}
/*
@@ -10499,7 +10499,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME))) {
nested_vmx_entry_failure(vcpu, vmcs12,
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
- goto out;
+ return 1;
}
}
@@ -10517,7 +10517,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
nested_vmx_entry_failure(vcpu, vmcs12,
EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
- goto out;
+ return 1;
}
}
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry
2016-12-19 20:48 [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry David Matlack
@ 2016-12-20 3:15 ` Kyle Huey
2016-12-20 15:24 ` Radim Krčmář
0 siblings, 1 reply; 5+ messages in thread
From: Kyle Huey @ 2016-12-20 3:15 UTC (permalink / raw)
To: David Matlack; +Cc: kvm list, Paolo Bonzini, Radim Krčmář
On Mon, Dec 19, 2016 at 12:48 PM, David Matlack <dmatlack@google.com> wrote:
> kvm_skip_emulated_instruction() should not be called after emulating
> a VM-entry failure during or after loading guest state
> (nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed
> some number of bytes past vmcs->host_rip.
Ah, I see. Sorry for that regression.
These paths are supposed to trigger TF-induced singlestep exceptions
though. Quoting from the Intel SDM (Vol 3, Chapter 26)
"EFLAGS.TF = 1 causes a VM-entry instruction to generate a single-step
debug exception only if failure of one of the checks in Section 26.1
and Section 26.2 causes control to pass to the following instruction.
A VM-entry does not generate a single-step debug exception in any of
the following cases: (1) the instruction generates a fault; (2)
failure of one of the checks in Section 26.3 or in loading MSRs causes
processor state to be loaded from the hoststate area of the VMCS; or
(3) the instruction passes all checks in Section 26.1, Section 26.2,
and Section 26.3 and there is no failure in loading MSRs"
- Kyle
> Fixes: eb2775621701e6ee3ea2a474437d04e93ccdcb2f
> Signed-off-by: David Matlack <dmatlack@google.com>
> ---
> arch/x86/kvm/vmx.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index c41d7ff..0e7ad72 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -10474,12 +10474,12 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
> !nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)) {
> nested_vmx_entry_failure(vcpu, vmcs12,
> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
> - goto out;
> + return 1;
> }
> if (vmcs12->vmcs_link_pointer != -1ull) {
> nested_vmx_entry_failure(vcpu, vmcs12,
> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_VMCS_LINK_PTR);
> - goto out;
> + return 1;
> }
>
> /*
> @@ -10499,7 +10499,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
> ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME))) {
> nested_vmx_entry_failure(vcpu, vmcs12,
> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
> - goto out;
> + return 1;
> }
> }
>
> @@ -10517,7 +10517,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
> ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
> nested_vmx_entry_failure(vcpu, vmcs12,
> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
> - goto out;
> + return 1;
> }
> }
>
> --
> 2.8.0.rc3.226.g39d4020
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry
2016-12-20 3:15 ` Kyle Huey
@ 2016-12-20 15:24 ` Radim Krčmář
2016-12-20 17:47 ` Radim Krčmář
0 siblings, 1 reply; 5+ messages in thread
From: Radim Krčmář @ 2016-12-20 15:24 UTC (permalink / raw)
To: Kyle Huey; +Cc: David Matlack, kvm list, Paolo Bonzini
2016-12-19 19:15-0800, Kyle Huey:
> On Mon, Dec 19, 2016 at 12:48 PM, David Matlack <dmatlack@google.com> wrote:
>> kvm_skip_emulated_instruction() should not be called after emulating
>> a VM-entry failure during or after loading guest state
>> (nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed
>> some number of bytes past vmcs->host_rip.
>
> Ah, I see. Sorry for that regression.
>
> These paths are supposed to trigger TF-induced singlestep exceptions
> though. Quoting from the Intel SDM (Vol 3, Chapter 26)
>
> "EFLAGS.TF = 1 causes a VM-entry instruction to generate a single-step
> debug exception only if failure of one of the checks in Section 26.1
> and Section 26.2 causes control to pass to the following instruction.
> A VM-entry does not generate a single-step debug exception in any of
> the following cases: (1) the instruction generates a fault; (2)
> failure of one of the checks in Section 26.3 or in loading MSRs causes
> processor state to be loaded from the hoststate area of the VMCS; or
> (3) the instruction passes all checks in Section 26.1, Section 26.2,
> and Section 26.3 and there is no failure in loading MSRs"
Changed cases are in section 26.3 => not generating #DB is correct,
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
Sorry for missing that while applying, I wonder if there is a reason why
we didn't check them after enter_guest_mode() ...
>> Fixes: eb2775621701e6ee3ea2a474437d04e93ccdcb2f
>> Signed-off-by: David Matlack <dmatlack@google.com>
>> ---
>> arch/x86/kvm/vmx.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index c41d7ff..0e7ad72 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -10474,12 +10474,12 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>> !nested_guest_cr4_valid(vcpu, vmcs12->guest_cr4)) {
>> nested_vmx_entry_failure(vcpu, vmcs12,
>> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
>> - goto out;
>> + return 1;
>> }
>> if (vmcs12->vmcs_link_pointer != -1ull) {
>> nested_vmx_entry_failure(vcpu, vmcs12,
>> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_VMCS_LINK_PTR);
>> - goto out;
>> + return 1;
>> }
>>
>> /*
>> @@ -10499,7 +10499,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>> ia32e != !!(vmcs12->guest_ia32_efer & EFER_LME))) {
>> nested_vmx_entry_failure(vcpu, vmcs12,
>> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
>> - goto out;
>> + return 1;
>> }
>> }
>>
>> @@ -10517,7 +10517,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>> ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
>> nested_vmx_entry_failure(vcpu, vmcs12,
>> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
>> - goto out;
>> + return 1;
>> }
>> }
>>
>> --
>> 2.8.0.rc3.226.g39d4020
>>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry
2016-12-20 15:24 ` Radim Krčmář
@ 2016-12-20 17:47 ` Radim Krčmář
2016-12-20 22:59 ` David Matlack
0 siblings, 1 reply; 5+ messages in thread
From: Radim Krčmář @ 2016-12-20 17:47 UTC (permalink / raw)
To: Kyle Huey; +Cc: David Matlack, kvm list, Paolo Bonzini
2016-12-20 16:24+0100, Radim Krčmář:
> 2016-12-19 19:15-0800, Kyle Huey:
> > On Mon, Dec 19, 2016 at 12:48 PM, David Matlack <dmatlack@google.com> wrote:
> >> kvm_skip_emulated_instruction() should not be called after emulating
> >> a VM-entry failure during or after loading guest state
> >> (nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed
> >> some number of bytes past vmcs->host_rip.
> >
> > Ah, I see. Sorry for that regression.
> >
> > These paths are supposed to trigger TF-induced singlestep exceptions
> > though. Quoting from the Intel SDM (Vol 3, Chapter 26)
> >
> > "EFLAGS.TF = 1 causes a VM-entry instruction to generate a single-step
> > debug exception only if failure of one of the checks in Section 26.1
> > and Section 26.2 causes control to pass to the following instruction.
> > A VM-entry does not generate a single-step debug exception in any of
> > the following cases: (1) the instruction generates a fault; (2)
> > failure of one of the checks in Section 26.3 or in loading MSRs causes
> > processor state to be loaded from the hoststate area of the VMCS; or
> > (3) the instruction passes all checks in Section 26.1, Section 26.2,
> > and Section 26.3 and there is no failure in loading MSRs"
>
> Changed cases are in section 26.3 => not generating #DB is correct,
>
> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
>
> Sorry for missing that while applying, I wonder if there is a reason why
> we didn't check them after enter_guest_mode() ...
>
> >> @@ -10517,7 +10517,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
> >> ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
> >> nested_vmx_entry_failure(vcpu, vmcs12,
> >> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
> >> - goto out;
> >> + return 1;
My attention is in shambles these days ... this one looks like it is in
section 26.2.2 and should therefore be
nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);
goto out;
Not a problem of this patch though, I'll go for a minor refactoring
after a beer.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry
2016-12-20 17:47 ` Radim Krčmář
@ 2016-12-20 22:59 ` David Matlack
0 siblings, 0 replies; 5+ messages in thread
From: David Matlack @ 2016-12-20 22:59 UTC (permalink / raw)
To: Radim Krčmář; +Cc: Kyle Huey, kvm list, Paolo Bonzini
On Tue, Dec 20, 2016 at 9:47 AM, Radim Krčmář <rkrcmar@redhat.com> wrote:
> 2016-12-20 16:24+0100, Radim Krčmář:
>> 2016-12-19 19:15-0800, Kyle Huey:
>> > On Mon, Dec 19, 2016 at 12:48 PM, David Matlack <dmatlack@google.com> wrote:
>> >> kvm_skip_emulated_instruction() should not be called after emulating
>> >> a VM-entry failure during or after loading guest state
>> >> (nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed
>> >> some number of bytes past vmcs->host_rip.
>> >
>> > Ah, I see. Sorry for that regression.
>> >
>> > These paths are supposed to trigger TF-induced singlestep exceptions
>> > though. Quoting from the Intel SDM (Vol 3, Chapter 26)
>> >
>> > "EFLAGS.TF = 1 causes a VM-entry instruction to generate a single-step
>> > debug exception only if failure of one of the checks in Section 26.1
>> > and Section 26.2 causes control to pass to the following instruction.
>> > A VM-entry does not generate a single-step debug exception in any of
>> > the following cases: (1) the instruction generates a fault; (2)
>> > failure of one of the checks in Section 26.3 or in loading MSRs causes
>> > processor state to be loaded from the hoststate area of the VMCS; or
>> > (3) the instruction passes all checks in Section 26.1, Section 26.2,
>> > and Section 26.3 and there is no failure in loading MSRs"
>>
>> Changed cases are in section 26.3 => not generating #DB is correct,
>>
>> Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
>>
>> Sorry for missing that while applying, I wonder if there is a reason why
>> we didn't check them after enter_guest_mode() ...
I think this would be a nice cleanup.
>>
>> >> @@ -10517,7 +10517,7 @@ static int nested_vmx_run(struct kvm_vcpu *vcpu, bool launch)
>> >> ia32e != !!(vmcs12->host_ia32_efer & EFER_LME)) {
>> >> nested_vmx_entry_failure(vcpu, vmcs12,
>> >> EXIT_REASON_INVALID_STATE, ENTRY_FAIL_DEFAULT);
>> >> - goto out;
>> >> + return 1;
>
> My attention is in shambles these days ... this one looks like it is in
> section 26.2.2 and should therefore be
>
> nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_HOST_STATE_FIELD);
> goto out;
I agree. Good catch.
>
> Not a problem of this patch though, I'll go for a minor refactoring
> after a beer.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-12-20 23:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-19 20:48 [PATCH] KVM: nVMX: fix instruction skipping during emulated vm-entry David Matlack
2016-12-20 3:15 ` Kyle Huey
2016-12-20 15:24 ` Radim Krčmář
2016-12-20 17:47 ` Radim Krčmář
2016-12-20 22:59 ` David Matlack
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.