All of lore.kernel.org
 help / color / mirror / Atom feed
From: Wei Huang <wei.huang2@amd.com>
To: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, pbonzini@redhat.com,
	vkuznets@redhat.com, mlevitsk@redhat.com, seanjc@google.com,
	joro@8bytes.org, bp@alien8.de, tglx@linutronix.de,
	mingo@redhat.com, x86@kernel.org, jmattson@google.com,
	wanpengli@tencent.com, bsd@redhat.com, dgilbert@redhat.com,
	luto@amacapital.net, wei.huang2@amd.com
Subject: [PATCH v3 0/4] Handle #GP for SVM execution instructions
Date: Tue, 26 Jan 2021 03:18:27 -0500	[thread overview]
Message-ID: <20210126081831.570253-1-wei.huang2@amd.com> (raw)

While running SVM related instructions (VMRUN/VMSAVE/VMLOAD), some AMD
CPUs check EAX against reserved memory regions (e.g. SMM memory on host)
before checking VMCB's instruction intercept. If EAX falls into such
memory areas, #GP is triggered before #VMEXIT. This causes unexpected #GP
under nested virtualization. To solve this problem, this patchset makes
KVM trap #GP and emulate these SVM instuctions accordingly.

Also newer AMD CPUs will change this behavior by triggering #VMEXIT
before #GP. This change is indicated by CPUID_0x8000000A_EDX[28]. Under
this circumstance, #GP interception is not required. This patchset supports
the new feature.

This patchset has been verified with vmrun_errata_test and vmware_backdoor
tests of kvm_unit_test on the following configs. Also it was verified that
vmware_backdoor can be turned on under nested on nested.
  * Current CPU: nested, nested on nested
  * New CPU with X86_FEATURE_SVME_ADDR_CHK: nested, nested on nested

v2->v3:
  * Change the decode function name to x86_decode_emulated_instruction()
  * Add a new variable, svm_gp_erratum_intercept, to control interception
  * Turn on VM's X86_FEATURE_SVME_ADDR_CHK feature in svm_set_cpu_caps()
  * Fix instruction emulation for vmware_backdoor under nested-on-nested
  * Minor comment fixes

v1->v2:
  * Factor out instruction decode for sharing
  * Re-org gp_interception() handling for both #GP and vmware_backdoor
  * Use kvm_cpu_cap for X86_FEATURE_SVME_ADDR_CHK feature support
  * Add nested on nested support

Thanks,
-Wei

Wei Huang (4):
  KVM: x86: Factor out x86 instruction emulation with decoding
  KVM: SVM: Add emulation support for #GP triggered by SVM instructions
  KVM: SVM: Add support for SVM instruction address check change
  KVM: SVM: Support #GP handling for the case of nested on nested

 arch/x86/include/asm/cpufeatures.h |   1 +
 arch/x86/kvm/svm/svm.c             | 128 +++++++++++++++++++++++++----
 arch/x86/kvm/x86.c                 |  62 ++++++++------
 arch/x86/kvm/x86.h                 |   2 +
 4 files changed, 152 insertions(+), 41 deletions(-)

-- 
2.27.0


             reply	other threads:[~2021-01-26 17:48 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-26  8:18 Wei Huang [this message]
2021-01-26  8:18 ` [PATCH v3 1/4] KVM: x86: Factor out x86 instruction emulation with decoding Wei Huang
2021-01-26  8:18 ` [PATCH v3 2/4] KVM: SVM: Add emulation support for #GP triggered by SVM instructions Wei Huang
2021-01-26 11:34   ` Paolo Bonzini
2021-01-26 11:50   ` Maxim Levitsky
2021-01-26  8:18 ` [PATCH v3 3/4] KVM: SVM: Add support for SVM instruction address check change Wei Huang
2021-01-26 11:52   ` Maxim Levitsky
2021-01-26 15:39     ` Wei Huang
2021-01-26  8:18 ` [PATCH v3 4/4] KVM: SVM: Support #GP handling for the case of nested on nested Wei Huang
2021-01-26 11:39   ` Paolo Bonzini
2021-01-26 11:59   ` Maxim Levitsky
2021-01-26 11:39 ` [PATCH v3 0/4] Handle #GP for SVM execution instructions Paolo Bonzini
2021-01-26 15:05   ` Wei Huang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210126081831.570253-1-wei.huang2@amd.com \
    --to=wei.huang2@amd.com \
    --cc=bp@alien8.de \
    --cc=bsd@redhat.com \
    --cc=dgilbert@redhat.com \
    --cc=jmattson@google.com \
    --cc=joro@8bytes.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@redhat.com \
    --cc=mlevitsk@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    --cc=tglx@linutronix.de \
    --cc=vkuznets@redhat.com \
    --cc=wanpengli@tencent.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.