From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Joerg Roedel <joro@8bytes.org>, Borislav Petkov <bp@alien8.de>,
Sean Christopherson <seanjc@google.com>,
x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)),
"H. Peter Anvin" <hpa@zytor.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel@vger.kernel.org, Jim Mattson <jmattson@google.com>,
Wanpeng Li <wanpengli@tencent.com>,
Ingo Molnar <mingo@redhat.com>,
Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH 0/3] KVM: SMM fixes
Date: Wed, 7 Jul 2021 15:50:57 +0300 [thread overview]
Message-ID: <20210707125100.677203-1-mlevitsk@redhat.com> (raw)
Hi!
I did first round of testing of SMM by flooding the guest with SMIs,
and running nested guests in it, and I found out that SMM
breaks nested KVM due to a refactoring change
that was done in 5.12 kernel. Fix for this is in patch 1.
I also fixed another issue I noticed in this patch which is purely
theoretical but nevertheless should be fixed. This is patch 2.
I also propose to add (mostly for debug for now) a module param
that can make the KVM to avoid intercepting #SMIs on SVM.
(Intel doesn't have such intercept I think)
The default is still to intercept #SMI so nothing is changed by
default.
This allows to test the case in which SMI are not intercepted,
by L1 without running Windows (which doesn't intercept #SMI).
In addition to that I found out that on bare metal, at least
on two Zen2 machines I have, the CPU ignores SMI interception and
never VM exits when SMI is received. As I guessed earlier
this must have been done for security reasons.
Note that bug that I fixed in patch 1, should crash VMs very soon
on bare metal as well, if the CPU were to honour the SMI intercept.
as long as there are some SMIs generated while the system is running.
I tested this on bare metal by using local APIC to send SMIs
to all real CPUs, and also used ioport 0xB2 to send SMIs.
In both cases my system slowed to a crawl but didn't show
any SMI vmexits (SMI intercept was enabled).
In a VM I also used ioport 0xB2 to generate a flood of SMIs,
which allowed me to reproduce this bug (and with intercept_smi=0
module parameter I can reproduce the bug that Vitaly fixed in
his series as well while just running nested KVM).
Note that while doing nested migration I am still able to cause
severe hangs of the L1 when I run the SMI stress test in L1
and a nested VM. VM isn't fully hung but its GUI stops responding,
and I see lots of cpu lockups errors in dmesg.
This seems to happen regardless of #SMI interception in the L1
(with Vitaly's patches applied of course)
Best regards,
Maxim Levitsky
Maxim Levitsky (3):
KVM: SVM: #SMI interception must not skip the instruction
KVM: SVM: remove INIT intercept handler
KVM: SVM: add module param to control the #SMI interception
arch/x86/kvm/svm/nested.c | 4 ++++
arch/x86/kvm/svm/svm.c | 18 +++++++++++++++---
arch/x86/kvm/svm/svm.h | 1 +
3 files changed, 20 insertions(+), 3 deletions(-)
--
2.26.3
next reply other threads:[~2021-07-07 12:51 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 12:50 Maxim Levitsky [this message]
2021-07-07 12:50 ` [PATCH 1/3] KVM: SVM: #SMI interception must not skip the instruction Maxim Levitsky
2021-07-07 12:50 ` [PATCH 2/3] KVM: SVM: remove INIT intercept handler Maxim Levitsky
2021-07-07 12:51 ` [PATCH 3/3] KVM: SVM: add module param to control the #SMI interception Maxim Levitsky
2021-07-08 17:24 ` [PATCH 0/3] KVM: SMM fixes Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210707125100.677203-1-mlevitsk@redhat.com \
--to=mlevitsk@redhat.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.