2018-03-12 13:12+0200, Liran Alon:
> If KVM enable_vmware_backdoor module parameter is set,
> the commit change VMX to now intercept #GP instead of being directly
> deliviered from CPU to guest.
>
> It is done to support access to VMware backdoor I/O ports
> even if TSS I/O permission denies it.
> In that case:
> 1. A #GP will be raised and intercepted.
> 2. #GP intercept handler will simulate I/O port access instruction.
> 3. I/O port access instruction simulation will allow access to VMware
> backdoor ports specifically even if TSS I/O permission bitmap denies it.
>
> Note that the above change introduce slight performance hit as now #GPs
> are not deliviered directly from CPU to guest but instead
> cause #VMExit and instruction emulation.
> However, this behavior is introduced only when enable_vmware_backdoor
> KVM module parameter is set.
>
> Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
> Reviewed-by: Nikita Leshenko <nikita.leshchenko@xxxxxxxxxx>
> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> ---
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> @@ -6141,6 +6154,17 @@ static int handle_exception(struct kvm_vcpu *vcpu)
> if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
> error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
>
> + if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
Do we have some guarantees that the backdoor ports are never going to be
used while vmx->rmode.vm86_active?
Thanks.
> + WARN_ON_ONCE(!enable_vmware_backdoor);
> + er = emulate_instruction(vcpu,
> + EMULTYPE_VMWARE | EMULTYPE_NO_UD_ON_FAIL);
> + if (er == EMULATE_USER_EXIT)
> + return 0;
> + else if (er != EMULATE_DONE)
> + kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
> + return 1;
> + }
> +
> /*
> * The #PF with PFEC.RSVD = 1 indicates the guest is accessing
> * MMIO, it is better to report an internal error.
> --
> 1.9.1
>
