From: Maxim Levitsky <mlevitsk@redhat.com>
To: kvm@vger.kernel.org
Cc: Tony Luck <tony.luck@intel.com>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Wanpeng Li <wanpengli@tencent.com>,
Ingo Molnar <mingo@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-kernel@vger.kernel.org,
Rodrigo Vivi <rodrigo.vivi@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
intel-gvt-dev@lists.freedesktop.org,
Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
Joerg Roedel <joro@8bytes.org>,
Sean Christopherson <seanjc@google.com>,
David Airlie <airlied@linux.ie>, Zhi Wang <zhi.a.wang@intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Jim Mattson <jmattson@google.com>,
x86@kernel.org, Daniel Vetter <daniel@ffwll.ch>,
Borislav Petkov <bp@alien8.de>,
Zhenyu Wang <zhenyuw@linux.intel.com>,
Kan Liang <kan.liang@linux.intel.com>,
Jani Nikula <jani.nikula@linux.intel.com>,
Maxim Levitsky <mlevitsk@redhat.com>
Subject: [PATCH RESEND 29/30] KVM: VMX: implement force_intercept_exceptions_mask
Date: Mon, 7 Feb 2022 17:54:46 +0200 [thread overview]
Message-ID: <20220207155447.840194-30-mlevitsk@redhat.com> (raw)
In-Reply-To: <20220207155447.840194-1-mlevitsk@redhat.com>
All exceptions are supported. Some bugs might remain in regard to KVM own
interception of #PF but since this is strictly
debug feature this should be OK.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
arch/x86/kvm/vmx/nested.c | 8 +++++++
arch/x86/kvm/vmx/vmcs.h | 6 +++++
arch/x86/kvm/vmx/vmx.c | 47 +++++++++++++++++++++++++++++++++------
3 files changed, 54 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index c73e4d938ddc3..e89b32b1d9efb 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5902,6 +5902,14 @@ static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu,
switch ((u16)exit_reason.basic) {
case EXIT_REASON_EXCEPTION_NMI:
intr_info = vmx_get_intr_info(vcpu);
+
+ if (is_exception(intr_info)) {
+ int ex_no = intr_info & INTR_INFO_VECTOR_MASK;
+
+ if (kvm_is_exception_force_intercepted(vcpu->kvm, ex_no))
+ return true;
+ }
+
if (is_nmi(intr_info))
return true;
else if (is_page_fault(intr_info))
diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h
index e325c290a8162..d5aac5abe5cdd 100644
--- a/arch/x86/kvm/vmx/vmcs.h
+++ b/arch/x86/kvm/vmx/vmcs.h
@@ -94,6 +94,12 @@ static inline bool is_exception_n(u32 intr_info, u8 vector)
return is_intr_type_n(intr_info, INTR_TYPE_HARD_EXCEPTION, vector);
}
+static inline bool is_exception(u32 intr_info)
+{
+ return is_intr_type(intr_info, INTR_TYPE_HARD_EXCEPTION) ||
+ is_intr_type(intr_info, INTR_TYPE_SOFT_EXCEPTION);
+}
+
static inline bool is_debug(u32 intr_info)
{
return is_exception_n(intr_info, DB_VECTOR);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index fc9c4eca90a78..aec2b962707a0 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -719,6 +719,7 @@ static u32 vmx_read_guest_seg_ar(struct vcpu_vmx *vmx, unsigned seg)
void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
{
u32 eb;
+ int exc;
eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
(1u << DB_VECTOR) | (1u << AC_VECTOR);
@@ -749,7 +750,8 @@ void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
else {
int mask = 0, match = 0;
- if (enable_ept && (eb & (1u << PF_VECTOR))) {
+ if (enable_ept && (eb & (1u << PF_VECTOR)) &&
+ !kvm_is_exception_force_intercepted(vcpu->kvm, PF_VECTOR)) {
/*
* If EPT is enabled, #PF is currently only intercepted
* if MAXPHYADDR is smaller on the guest than on the
@@ -772,6 +774,10 @@ void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu)
if (vcpu->arch.xfd_no_write_intercept)
eb |= (1u << NM_VECTOR);
+ for (exc = 0 ; exc < 32 ; ++exc)
+ if (kvm_is_exception_force_intercepted(vcpu->kvm, exc) && exc != NMI_VECTOR)
+ eb |= (1u << exc);
+
vmcs_write32(EXCEPTION_BITMAP, eb);
}
@@ -4867,18 +4873,23 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
- WARN_ON_ONCE(!enable_vmware_backdoor);
-
/*
* VMware backdoor emulation on #GP interception only handles
* IN{S}, OUT{S}, and RDPMC, none of which generate a non-zero
* error code on #GP.
*/
- if (error_code) {
+
+ if (enable_vmware_backdoor && !error_code)
+ return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
+
+ if (!kvm_is_exception_force_intercepted(vcpu->kvm, GP_VECTOR))
+ WARN_ON_ONCE(!enable_vmware_backdoor);
+
+ if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
- return 1;
- }
- return kvm_emulate_instruction(vcpu, EMULTYPE_VMWARE_GP);
+ else
+ kvm_queue_exception(vcpu, GP_VECTOR);
+ return 1;
}
/*
@@ -4887,6 +4898,7 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
* See the comments in vmx_handle_exit.
*/
if ((vect_info & VECTORING_INFO_VALID_MASK) &&
+ !kvm_is_exception_force_intercepted(vcpu->kvm, PF_VECTOR) &&
!(is_page_fault(intr_info) && !(error_code & PFERR_RSVD_MASK))) {
vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR;
vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_SIMUL_EX;
@@ -4901,10 +4913,23 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
if (is_page_fault(intr_info)) {
cr2 = vmx_get_exit_qual(vcpu);
if (enable_ept && !vcpu->arch.apf.host_apf_flags) {
+ /*
+ * If we force intercept #PF and the page fault
+ * is due to the reason which we don't intercept,
+ * reflect it to the guest.
+ */
+ if (kvm_is_exception_force_intercepted(vcpu->kvm, PF_VECTOR) &&
+ (!allow_smaller_maxphyaddr ||
+ !(error_code & PFERR_PRESENT_MASK) ||
+ (error_code & PFERR_RSVD_MASK))) {
+ kvm_queue_exception_e_p(vcpu, PF_VECTOR, error_code, cr2);
+ return 1;
+ }
/*
* EPT will cause page fault only if we need to
* detect illegal GPAs.
*/
+
WARN_ON_ONCE(!allow_smaller_maxphyaddr);
kvm_fixup_and_inject_pf_error(vcpu, cr2, error_code);
return 1;
@@ -4983,6 +5008,14 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
return 1;
fallthrough;
default:
+ if (kvm_is_exception_force_intercepted(vcpu->kvm, ex_no)) {
+ if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
+ kvm_queue_exception_e(vcpu, ex_no, error_code);
+ else
+ kvm_queue_exception(vcpu, ex_no);
+ break;
+ }
+
kvm_run->exit_reason = KVM_EXIT_EXCEPTION;
kvm_run->ex.exception = ex_no;
kvm_run->ex.error_code = error_code;
--
2.26.3
next prev parent reply other threads:[~2022-02-07 16:16 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 15:54 [PATCH RESEND 00/30] My patch queue Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 01/30] KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 02/30] KVM: x86: nSVM: fix potential NULL derefernce on nested migration Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 03/30] KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 04/30] KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 05/30] KVM: x86: nSVM: expose clean bit support to the guest Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 06/30] KVM: x86: mark syntethic SMM vmexit as SVM_EXIT_SW Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 07/30] KVM: x86: nSVM: deal with L1 hypervisor that intercepts interrupts but lets L2 control them Maxim Levitsky
2022-02-08 11:33 ` Paolo Bonzini
2022-02-08 11:55 ` Maxim Levitsky
2022-02-08 12:24 ` Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 08/30] KVM: x86: lapic: don't touch irr_pending in kvm_apic_update_apicv when inhibiting it Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 09/30] KVM: x86: SVM: move avic definitions from AMD's spec to svm.h Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 10/30] KVM: x86: SVM: fix race between interrupt delivery and AVIC inhibition Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 11/30] KVM: x86: SVM: use vmcb01 in avic_init_vmcb Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 12/30] KVM: x86: SVM: allow AVIC to co-exist with a nested guest running Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 13/30] KVM: x86: lapic: don't allow to change APIC ID when apic acceleration is enabled Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 14/30] KVM: x86: lapic: don't allow to change local apic id when using older x2apic api Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 15/30] KVM: x86: SVM: remove avic's broken code that updated APIC ID Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 16/30] KVM: x86: SVM: allow to force AVIC to be enabled Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 17/30] KVM: x86: mmu: trace kvm_mmu_set_spte after the new SPTE was set Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 18/30] KVM: x86: mmu: add strict mmu mode Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 19/30] KVM: x86: mmu: add gfn_in_memslot helper Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 20/30] KVM: x86: mmu: allow to enable write tracking externally Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 21/30] x86: KVMGT: use kvm_page_track_write_tracking_enable Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 22/30] KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 23/30] KVM: x86: nSVM: implement nested LBR virtualization Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 24/30] KVM: x86: nSVM: implement nested VMLOAD/VMSAVE Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 25/30] KVM: x86: nSVM: support PAUSE filter threshold and count when cpu_pm=on Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 26/30] KVM: x86: nSVM: implement nested vGIF Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 27/30] KVM: x86: add force_intercept_exceptions_mask Maxim Levitsky
2022-02-07 15:54 ` [PATCH RESEND 28/30] KVM: SVM: implement force_intercept_exceptions_mask Maxim Levitsky
2022-02-07 15:54 ` Maxim Levitsky [this message]
2022-02-07 15:54 ` [PATCH RESEND 30/30] KVM: x86: get rid of KVM_REQ_GET_NESTED_STATE_PAGES Maxim Levitsky
2022-02-08 12:02 ` [PATCH RESEND 00/30] My patch queue Paolo Bonzini
2022-02-08 12:45 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220207155447.840194-30-mlevitsk@redhat.com \
--to=mlevitsk@redhat.com \
--cc=airlied@linux.ie \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=chang.seok.bae@intel.com \
--cc=daniel@ffwll.ch \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=intel-gvt-dev@lists.freedesktop.org \
--cc=jani.nikula@linux.intel.com \
--cc=jmattson@google.com \
--cc=joonas.lahtinen@linux.intel.com \
--cc=joro@8bytes.org \
--cc=kan.liang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=rodrigo.vivi@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
--cc=zhenyuw@linux.intel.com \
--cc=zhi.a.wang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox