From: Sean Christopherson <seanjc@google.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: kvm@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Wanpeng Li <wanpengli@tencent.com>,
Joerg Roedel <joro@8bytes.org>, "H. Peter Anvin" <hpa@zytor.com>,
Jim Mattson <jmattson@google.com>, Ingo Molnar <mingo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, Borislav Petkov <bp@alien8.de>,
"open list:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation
Date: Thu, 26 Aug 2021 16:01:06 +0000 [thread overview]
Message-ID: <YSe6wphK9b8KSkXW@google.com> (raw)
In-Reply-To: <20210826095750.1650467-2-mlevitsk@redhat.com>
On Thu, Aug 26, 2021, Maxim Levitsky wrote:
> If we are emulating an invalid guest state, we don't have a correct
> exit reason, and thus we shouldn't do anything in this function.
>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
This should have Cc: stable. I believe userspace could fairly easily trick KVM
into "handling" a spurious IRQ, e.g. trigger SIGALRM and stuff invalid state.
For all those evil folks running CPUs that are almost old enough to drive :-)
> ---
> arch/x86/kvm/vmx/vmx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index fada1055f325..0c2c0d5ae873 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -6382,6 +6382,9 @@ static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu)
> {
> struct vcpu_vmx *vmx = to_vmx(vcpu);
>
> + if (vmx->emulation_required)
> + return;
Rather than play whack-a-mole with flows consuming stale state, I'd much prefer
to synthesize a VM-Exit(INVALID_GUEST_STATE). Alternatively, just skip ->run()
entirely by adding hooks in vcpu_enter_guest(), but that's a much larger change
and probably not worth the risk at this juncture.
---
arch/x86/kvm/vmx/vmx.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 32e3a8b35b13..12fe63800889 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -6618,10 +6618,21 @@ static fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu)
vmx->loaded_vmcs->soft_vnmi_blocked))
vmx->loaded_vmcs->entry_time = ktime_get();
- /* Don't enter VMX if guest state is invalid, let the exit handler
- start emulation until we arrive back to a valid state */
- if (vmx->emulation_required)
+ /*
+ * Don't enter VMX if guest state is invalid, let the exit handler
+ * start emulation until we arrive back to a valid state. Synthesize a
+ * consistency check VM-Exit due to invalid guest state and bail.
+ */
+ if (unlikely(vmx->emulation_required)) {
+ vmx->fail = 0;
+ vmx->exit_reason.full = EXIT_REASON_INVALID_STATE;
+ vmx->exit_reason.failed_vmentry = 1;
+ kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_1);
+ vmx->exit_qualification = ENTRY_FAIL_DEFAULT;
+ kvm_register_mark_available(vcpu, VCPU_EXREG_EXIT_INFO_2);
+ vmx->exit_intr_info = 0;
return EXIT_FASTPATH_NONE;
+ }
trace_kvm_entry(vcpu);
--
or the beginnings of an aggressive refactor...
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index cf8fb6eb676a..a4fe0f78898a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -9509,6 +9509,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
goto cancel_injection;
}
+ if (unlikely(static_call(kvm_x86_emulation_required)(vcpu)))
+ return static_call(kvm_x86_emulate_invalid_guest_state)(vcpu);
+
preempt_disable();
static_call(kvm_x86_prepare_guest_switch)(vcpu);
> +
> if (vmx->exit_reason.basic == EXIT_REASON_EXTERNAL_INTERRUPT)
> handle_external_interrupt_irqoff(vcpu);
> else if (vmx->exit_reason.basic == EXIT_REASON_EXCEPTION_NMI)
> --
> 2.26.3
>
next prev parent reply other threads:[~2021-08-26 16:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 9:57 [PATCH 0/2] KVM: SMM fixes for nVMX Maxim Levitsky
2021-08-26 9:57 ` [PATCH 1/2] KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation Maxim Levitsky
2021-08-26 16:01 ` Sean Christopherson [this message]
2021-08-30 12:27 ` Maxim Levitsky
2021-09-06 10:09 ` Paolo Bonzini
2021-09-06 21:07 ` Maxim Levitsky
2021-09-07 6:50 ` Paolo Bonzini
2021-08-26 9:57 ` [PATCH 2/2] VMX: nSVM: enter protected mode prior to returning to nested guest from SMM Maxim Levitsky
2021-08-26 16:23 ` Sean Christopherson
2021-08-30 12:45 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YSe6wphK9b8KSkXW@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.