Re: [kvm-unit-tests PATCH v3 3/4] x86/access: Forced emulation support

[Sean Christopherson <seanjc@google.com>]

On Mon, Apr 03, 2023, Mathias Krause wrote:
> Add support to enforce access tests to be handled by the emulator, if
> supported by KVM. Exclude it from the ac_test_exec() test, though, to
> not slow it down too much.

IMO, the slowdown is nowhere near bad enought to warrant exclusion.  On bare metal
without KASAN and other debug gunk, the total runtime with EPT enabled is <6s.
With EPT disabled, it's <8s.  In a VM, they times are <16s and <26s respectively.
Those are perfectly reasonable, and forcing emulation actually makes the EPT case,
interesting.  And the KASAN/debug builds are so horrendously slow that I think we
should figure out a way to special case those kernels anyways.

If you don't object, I'll include FEP as a regular flag when applying.

One other fun thing the usage from vmx_pf_exception_test_guest(), which runs afoul
of a KVM bug.  The VMX #PF test runs the access test as an L2 guest (from KVM's
perspective), i.e. triggers emulation from L2.  KVM's emulator is goofy and checks
nested intercepts for PAUSE even on vanilla NOPs.  SVM filters out non-PAUSE instructions
on the backend, but VMX does not (VMX doesn't have any logic for PAUSE interception
and just ends up injecting a #UD).

I'll post this as a KVM patch.

diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 9ae4044f076f..1e560457bf9a 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7898,6 +7898,21 @@ static int vmx_check_intercept(struct kvm_vcpu *vcpu,
                /* FIXME: produce nested vmexit and return X86EMUL_INTERCEPTED.  */
                break;
 
+       case x86_intercept_pause:
+               /*
+                * PAUSE is a single-byte NOP with a REPE prefix, i.e. collides
+                * with vanilla NOPs in the emulator.  Apply the interception
+                * check only to actual PAUSE instructions.  Don't check
+                * PAUSE-loop-exiting, software can't expect a given PAUSE to
+                * exit, i.e. KVM is within its rights to allow L2 to execute
+                * the PAUSE.
+                */
+               if ((info->rep_prefix != REPE_PREFIX) ||
+                   !nested_cpu_has2(vmcs12, CPU_BASED_PAUSE_EXITING))
+                       return X86EMUL_CONTINUE;
+
+               break;
+
        /* TODO: check more intercepts... */
        default:
                break;