public inbox for kvm@vger.kernel.org
 help / color / mirror / Atom feed
From: Sean Christopherson <seanjc@google.com>
To: Wu Zongyo <wuzongyo@mail.ustc.edu.cn>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	x86@kernel.org, linux-coco@lists.linux.dev
Subject: Re: [Question] int3 instruction generates a #UD in SEV VM
Date: Wed, 2 Aug 2023 07:01:32 -0700	[thread overview]
Message-ID: <ZMphvF+0H9wHQr5B@google.com> (raw)
In-Reply-To: <ZMpEUVsv5hSmrcH8@iZuf6hx7901barev1c282cZ>

On Wed, Aug 02, 2023, Wu Zongyo wrote:
> On Mon, Jul 31, 2023 at 11:45:29PM +0800, wuzongyong wrote:
> > 
> > On 2023/7/31 23:03, Tom Lendacky wrote:
> > > On 7/31/23 09:30, Sean Christopherson wrote:
> > >> On Sat, Jul 29, 2023, wuzongyong wrote:
> > >>> Hi,
> > >>> I am writing a firmware in Rust to support SEV based on project td-shim[1].
> > >>> But when I create a SEV VM (just SEV, no SEV-ES and no SEV-SNP) with the firmware,
> > >>> the linux kernel crashed because the int3 instruction in int3_selftest() cause a
> > >>> #UD.
> > >>
> > >> ...
> > >>
> > >>> BTW, if a create a normal VM without SEV by qemu & OVMF, the int3 instruction always generates a
> > >>> #BP.
> > >>> So I am confused now about the behaviour of int3 instruction, could anyone help to explain the behaviour?
> > >>> Any suggestion is appreciated!
> > >>
> > >> Have you tried my suggestions from the other thread[*]?
> > Firstly, I'm sorry for sending muliple mails with the same content. I thought the mails I sent previously 
> > didn't be sent successfully.
> > And let's talk the problem here.
> > >>
> > >>    : > > I'm curious how this happend. I cannot find any condition that would
> > >>    : > > cause the int3 instruction generate a #UD according to the AMD's spec.
> > >>    :
> > >>    : One possibility is that the value from memory that gets executed diverges from the
> > >>    : value that is read out be the #UD handler, e.g. due to patching (doesn't seem to
> > >>    : be the case in this test), stale cache/tlb entries, etc.
> > >>    :
> > >>    : > > BTW, it worked nomarlly with qemu and ovmf.
> > >>    : >
> > >>    : > Does this happen every time you boot the guest with your firmware? What
> > >>    : > processor are you running on?
> > >>    :
> > Yes, every time.
> > The processor I used is EPYC 7T83.
> > >>    : And have you ruled out KVM as the culprit?  I.e. verified that KVM is NOT injecting
> > >>    : a #UD.  That obviously shouldn't happen, but it should be easy to check via KVM
> > >>    : tracepoints.
> > >
> > > I have a feeling that KVM is injecting the #UD, but it will take instrumenting KVM to see which path the #UD is being injected from.
> > >
> > > Wu Zongyo, can you add some instrumentation to figure that out if the trace points towards KVM injecting the #UD?
> > Ok, I will try to do that.
> You're right. The #UD is injected by KVM.
> 
> The path I found is:
>     svm_vcpu_run
>         svm_complete_interrupts
> 	    kvm_requeue_exception // vector = 3
> 	        kvm_make_request
> 
>     vcpu_enter_guest
>         kvm_check_and_inject_events
> 	    svm_inject_exception
> 	        svm_update_soft_interrupt_rip
> 		    __svm_skip_emulated_instruction
> 		        x86_emulate_instruction
> 			    svm_can_emulate_instruction
> 			        kvm_queue_exception(vcpu, UD_VECTOR)
> 
> Does this mean a #PF intercept occur when the guest try to deliver a
> #BP through the IDT? But why?

I doubt it's a #PF.  A #NPF is much more likely, though it could be something
else entirely, but I'm pretty sure that would require bugs in both the host and
guest.

What is the last exit recorded by trace_kvm_exit() before the #UD is injected?

  reply	other threads:[~2023-08-02 14:01 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-29  3:15 [Question] int3 instruction generates a #UD in SEV VM wuzongyong
2023-07-31 14:30 ` Sean Christopherson
2023-07-31 15:03   ` Tom Lendacky
2023-07-31 15:45     ` wuzongyong
2023-08-02 11:56       ` Wu Zongyo
2023-08-02 14:01         ` Sean Christopherson [this message]
2023-08-02 14:25           ` Tom Lendacky
2023-08-02 14:33             ` Tom Lendacky
2023-08-02 15:04               ` Sean Christopherson
2023-08-02 15:26                 ` Tom Lendacky
2023-08-02 15:35                   ` Sean Christopherson
2023-08-02 20:03               ` Tom Lendacky
2023-08-03  3:27                 ` Wu Zongyo
2023-08-03  8:44                   ` Wu Zongyo
2023-08-03 14:34                     ` Sean Christopherson
2023-08-04  2:33                       ` Wu Zongyo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZMphvF+0H9wHQr5B@google.com \
    --to=seanjc@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=thomas.lendacky@amd.com \
    --cc=wuzongyo@mail.ustc.edu.cn \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox