On 12/02/19 18:41, Jim Mattson wrote: > On Tue, Feb 12, 2019 at 6:44 AM Singh, Brijesh <brijesh.singh@xxxxxxx> wrote: >> >> Errata#1090: >> >> On a nested data page fault when CR.SMAP=1 and the guest data read >> generates a SMAP violation, GuestInstrBytes field of the VMCB on a >> VMEXIT will incorrectly return 0h instead the correct guest >> instruction bytes . >> >> Recommend Workaround: >> >> To determine what instruction the guest was executing the hypervisor >> will have to decode the instruction at the instruction pointer. >> >> The recommended workaround can not be implemented for the SEV >> guest because guest memory is encrypted with the guest specific key, >> and instruction decoder will not be able to decode the instruction >> bytes. If we hit this errata in the SEV guest then inject #GP into >> the guest and log the message. Actually this is not the workaround that KVM is implementing; KVM is simply retrying the instruction after fixing the page fault. This would cause an infinite loop in the guest if the instruction is actually MMIO, however in that case KVM will get an RSVD page fault rather than a SMAP page fault and the errata would not be triggered. So why is this patch needed? Thanks, Paolo
