On Wed, Oct 16, 2019 at 04:08:14PM +0200, Paolo Bonzini wrote: > SIGBUS (actually a new KVM_EXIT_INTERNAL_ERROR result from KVM_RUN is > better, but that's the idea) is for when you're debugging guests. > Global disable (or alternatively, disable SMT) is for production use. Alternatively, for guests without split-lock #AC enabled, what if KVM were to emulate the faulting instruction with split-lock detection temporarily disabled? The emulator can presumably handle all such lock instructions, and an unhandled instruction would naturally exit to userspace. The latency of VM-Enter+VM-Exit should be enough to guard against DoS from a malicious guest. KVM could also artificially rate-limit a guest that is generating copious amounts of split-lock #ACs.
