[PATCH v2] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit

From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Xiaoyao Li <xiaoyao.li@intel.com>,
	Oliver Upton <oupton@google.com>,
	Krish Sadhukhan <krish.sadhukhan@oracle.com>,
	Miaohe Lin <linmiaohe@huawei.com>
Subject: [PATCH v2] KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
Date: Mon,  8 Jun 2020 12:18:57 -0700	[thread overview]
Message-ID: <20200608191857.30319-1-sean.j.christopherson@intel.com> (raw)

Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON,
when determining whether a nested VM-Exit should be reflected into L1 or
handled by KVM in L0.

For better or worse, the switch statements nested_vmx_l0_wants_exit()
and nested_vmx_l1_wants_exit() default to reflecting the VM-Exit into L1
for any nested VM-Exit without dedicated logic.  Because the case
statements only contain the basic exit reason, any VM-Exit with modifier
bits set will be reflected to L1, even if KVM intended to handle it in
L0.

Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY,
i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to
L1, as "failed VM-Entry" is the only modifier that KVM can currently
encounter.  The SMM modifiers will never be generated as KVM doesn't
support/employ a SMI Transfer Monitor.  Ditto for "exit from enclave",
as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to
enter an enclave in a KVM guest (L1 or L2).

Note, the original version of this fix[*] is functionally equivalent and
far more suited to backporting as the affected code was refactored since
the original patch was posted.

[*] https://lkml.kernel.org/r/20200227174430.26371-1-sean.j.christopherson@intel.com

Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit")
Cc: Jim Mattson <jmattson@google.com>
Cc: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: stable@vger.kernel.org
Cc: Oliver Upton <oupton@google.com>
Cc: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---

Another wounded soldier. 

Oliver, Krish, and Miaohe all provided reviews for v1, but I didn't feel
comfortable adding the tags to v2 because this is far from a straight
rebase.

v2: Rebased to kvm/queue, commit fb7333dfd812 ("KVM: SVM: fix calls ...").

 arch/x86/kvm/vmx/nested.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index bcb50724be38..adb11b504d5c 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5672,7 +5672,7 @@ static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
 {
 	u32 intr_info;
 
-	switch (exit_reason) {
+	switch ((u16)exit_reason) {
 	case EXIT_REASON_EXCEPTION_NMI:
 		intr_info = vmx_get_intr_info(vcpu);
 		if (is_nmi(intr_info))
@@ -5733,7 +5733,7 @@ static bool nested_vmx_l1_wants_exit(struct kvm_vcpu *vcpu, u32 exit_reason)
 	struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
 	u32 intr_info;
 
-	switch (exit_reason) {
+	switch ((u16)exit_reason) {
 	case EXIT_REASON_EXCEPTION_NMI:
 		intr_info = vmx_get_intr_info(vcpu);
 		if (is_nmi(intr_info))
-- 
2.26.0

