2018-03-16 09:11-0700, Liran Alon:
>
> ----- rkrcmar@xxxxxxxxxx wrote:
>
> > 2018-03-12 13:12+0200, Liran Alon:
> > > If KVM enable_vmware_backdoor module parameter is set,
> > > the commit change VMX to now intercept #GP instead of being
> > directly
> > > deliviered from CPU to guest.
> > >
> > > It is done to support access to VMware backdoor I/O ports
> > > even if TSS I/O permission denies it.
> > > In that case:
> > > 1. A #GP will be raised and intercepted.
> > > 2. #GP intercept handler will simulate I/O port access instruction.
> > > 3. I/O port access instruction simulation will allow access to
> > VMware
> > > backdoor ports specifically even if TSS I/O permission bitmap denies
> > it.
> > >
> > > Note that the above change introduce slight performance hit as now
> > #GPs
> > > are not deliviered directly from CPU to guest but instead
> > > cause #VMExit and instruction emulation.
> > > However, this behavior is introduced only when
> > enable_vmware_backdoor
> > > KVM module parameter is set.
> > >
> > > Signed-off-by: Liran Alon <liran.alon@xxxxxxxxxx>
> > > Reviewed-by: Nikita Leshenko <nikita.leshchenko@xxxxxxxxxx>
> > > Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> > > Signed-off-by: Krish Sadhukhan <krish.sadhukhan@xxxxxxxxxx>
> > > Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> > > ---
> > > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> > > @@ -6141,6 +6154,17 @@ static int handle_exception(struct kvm_vcpu
> > *vcpu)
> > > if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
> > > error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
> > >
> > > + if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
> >
> > Do we have some guarantees that the backdoor ports are never going to
> > be
> > used while vmx->rmode.vm86_active?
>
> It's not because I can guarantee backdoor port not used in that mode.
> It's because in that case, handle_exception() will call handle_rmode_exception()
> which will call emulate_instruction() in case #GP(0) (Which should always be the
> case when accessing VMware backdoor port).
Ah, right, I had a misconception about EMULTYPE_VMWARE, thanks.
