From: Wei Huang <wehuang@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>, kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, vkuznets@redhat.com,
mlevitsk@redhat.com, seanjc@google.com, joro@8bytes.org,
bp@alien8.de, tglx@linutronix.de, mingo@redhat.com,
x86@kernel.org, jmattson@google.com, wanpengli@tencent.com,
bsd@redhat.com, dgilbert@redhat.com, luto@amacapital.net
Subject: Re: [PATCH v3 0/4] Handle #GP for SVM execution instructions
Date: Tue, 26 Jan 2021 09:05:22 -0600 [thread overview]
Message-ID: <4b72ebd1-ace8-f03c-2e53-1c4ece0b17d8@amd.com> (raw)
In-Reply-To: <3349e153-83ae-3c55-ee88-2036b2ce38d8@redhat.com>
On 1/26/21 5:39 AM, Paolo Bonzini wrote:
> On 26/01/21 09:18, Wei Huang wrote:
>> While running SVM related instructions (VMRUN/VMSAVE/VMLOAD), some AMD
>> CPUs check EAX against reserved memory regions (e.g. SMM memory on host)
>> before checking VMCB's instruction intercept. If EAX falls into such
>> memory areas, #GP is triggered before #VMEXIT. This causes unexpected #GP
>> under nested virtualization. To solve this problem, this patchset makes
>> KVM trap #GP and emulate these SVM instuctions accordingly.
>>
>> Also newer AMD CPUs will change this behavior by triggering #VMEXIT
>> before #GP. This change is indicated by CPUID_0x8000000A_EDX[28]. Under
>> this circumstance, #GP interception is not required. This patchset
>> supports
>> the new feature.
>>
>> This patchset has been verified with vmrun_errata_test and
>> vmware_backdoor
>> tests of kvm_unit_test on the following configs. Also it was verified
>> that
>> vmware_backdoor can be turned on under nested on nested.
>> * Current CPU: nested, nested on nested
>> * New CPU with X86_FEATURE_SVME_ADDR_CHK: nested, nested on nested
>>
>> v2->v3:
>> * Change the decode function name to x86_decode_emulated_instruction()
>> * Add a new variable, svm_gp_erratum_intercept, to control
>> interception
>> * Turn on VM's X86_FEATURE_SVME_ADDR_CHK feature in svm_set_cpu_caps()
>> * Fix instruction emulation for vmware_backdoor under nested-on-nested
>> * Minor comment fixes
>>
>> v1->v2:
>> * Factor out instruction decode for sharing
>> * Re-org gp_interception() handling for both #GP and vmware_backdoor
>> * Use kvm_cpu_cap for X86_FEATURE_SVME_ADDR_CHK feature support
>> * Add nested on nested support
>>
>> Thanks,
>> -Wei
>>
>> Wei Huang (4):
>> KVM: x86: Factor out x86 instruction emulation with decoding
>> KVM: SVM: Add emulation support for #GP triggered by SVM instructions
>> KVM: SVM: Add support for SVM instruction address check change
>> KVM: SVM: Support #GP handling for the case of nested on nested
>>
>> arch/x86/include/asm/cpufeatures.h | 1 +
>> arch/x86/kvm/svm/svm.c | 128 +++++++++++++++++++++++++----
>> arch/x86/kvm/x86.c | 62 ++++++++------
>> arch/x86/kvm/x86.h | 2 +
>> 4 files changed, 152 insertions(+), 41 deletions(-)
>>
>
> Queued, thanks.
Thanks. BTW because we use kvm_cpu_cap_set() in svm_set_cpu_caps(). This
will be reflected into the CPUID received by QEMU. QEMU needs a one-line
patch to declare the new feature. I will send it out this morning.
-Wei
>
> Paolo
>
prev parent reply other threads:[~2021-01-26 15:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 8:18 [PATCH v3 0/4] Handle #GP for SVM execution instructions Wei Huang
2021-01-26 8:18 ` [PATCH v3 1/4] KVM: x86: Factor out x86 instruction emulation with decoding Wei Huang
2021-01-26 8:18 ` [PATCH v3 2/4] KVM: SVM: Add emulation support for #GP triggered by SVM instructions Wei Huang
2021-01-26 11:34 ` Paolo Bonzini
2021-01-26 11:50 ` Maxim Levitsky
2021-01-26 8:18 ` [PATCH v3 3/4] KVM: SVM: Add support for SVM instruction address check change Wei Huang
2021-01-26 11:52 ` Maxim Levitsky
2021-01-26 15:39 ` Wei Huang
2021-01-26 8:18 ` [PATCH v3 4/4] KVM: SVM: Support #GP handling for the case of nested on nested Wei Huang
2021-01-26 11:39 ` Paolo Bonzini
2021-01-26 11:59 ` Maxim Levitsky
2021-01-26 11:39 ` [PATCH v3 0/4] Handle #GP for SVM execution instructions Paolo Bonzini
2021-01-26 15:05 ` Wei Huang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4b72ebd1-ace8-f03c-2e53-1c4ece0b17d8@amd.com \
--to=wehuang@redhat.com \
--cc=bp@alien8.de \
--cc=bsd@redhat.com \
--cc=dgilbert@redhat.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.