On Tue, Feb 12, 2019 at 12:12 PM Singh, Brijesh <brijesh.singh@xxxxxxx> wrote: > On 2/12/19 11:41 AM, Jim Mattson wrote: > > On Tue, Feb 12, 2019 at 6:44 AM Singh, Brijesh <brijesh.singh@xxxxxxx> wrote: > >> > >> Errata#1090: > >> > >> On a nested data page fault when CR.SMAP=1 and the guest data read > >> generates a SMAP violation, GuestInstrBytes field of the VMCB on a > >> VMEXIT will incorrectly return 0h instead the correct guest > >> instruction bytes Do you mean Errata #1096? (https://www.amd.com/system/files/TechDocs/55449_Fam_17h_M_00h-0Fh_Rev_Guide.pdf v1.12 pg 61) > >> > >> Recommend Workaround: > >> > >> To determine what instruction the guest was executing the hypervisor > >> will have to decode the instruction at the instruction pointer. > >> > >> The recommended workaround can not be implemented for the SEV > >> guest because guest memory is encrypted with the guest specific key, > >> and instruction decoder will not be able to decode the instruction > >> bytes. If we hit this errata in the SEV guest then inject #GP into > >> the guest and log the message. > >> > >> Cc: Jim Mattson <jmattson@xxxxxxxxxx> > >> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx> > >> Cc: Borislav Petkov <bp@xxxxxxxxx> > >> Cc: Joerg Roedel <joro@xxxxxxxxxx> > >> Cc: "Radim Krčmář" <rkrcmar@xxxxxxxxxx> > >> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> > >> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx> > > > > This was ... > > Reported-by: Venkatesh Srinivas <venkateshs@xxxxxxxxxx> > > > > I will add the tag in next rev. > > > > I'm curious why you chose to inject #GP rather than, say, requesting a > > guest shutdown. Is the guest #GP handler expected to be able to > > recover from this? > > > > > We will *not* be able to recover from this, I wanted to abort the > guest and I should admit that I was not ware of requesting a SHUTDOWN > method so decided to inject #GP so that guest does not continue. > Browsing further, I see that kvm_make_request(KVM_REQ_TRIPLE_FAULT, > vcpu) can be used to request a SHUTDOWN. I will use it in next > rev. thanks for the hint . > > -Brijeshh Should the pr_err() be ratelimited? Otherwise a guest suppressing #GP could spam the host dmesg. Thanks, -- vs;
