This patchset aims to add the virtualization of split lock detection for guest, while containing the fix of X86_FEATURE_SPLIT_LOCK_DETECT that KVM needs to ensure the existence of feature through this flag. Whether or not we advertise split lock detection to guest, we have to make a choice between not burning the old guest and preventing DoS attack from guest since we cannot identify whether a guest is malicious. Since sld_warn mode allows userspace applications to do split lock, we extend the same policy to guest that regards guest as user space application and use handle_user_split_lock() to handle unexpected #AC caused by split lock. To prevent DoS attack from either host or guest, we must use split_lock_detec=fatal in host. BTW, Andy, We will talk to Intel hardware architect about the suggestion of MSR_TEST_CTRL sticky/lock bit[1] if you think it's OK. [1]: https://lore.kernel.org/kvm/20200204060353.GB31665@xxxxxxxxxxxxxxx/ Xiaoyao Li (8): x86/split_lock: Export handle_user_split_lock() x86/split_lock: Ensure X86_FEATURE_SPLIT_LOCK_DETECT means the existence of feature x86/split_lock: Cache the value of MSR_TEST_CTRL in percpu data x86/split_lock: Add and export split_lock_detect_enabled() and split_lock_detect_fatal() kvm: x86: Emulate split-lock access as a write kvm: vmx: Extend VMX's #AC interceptor to handle split lock #AC happens in guest kvm: x86: Emulate MSR IA32_CORE_CAPABILITIES x86: vmx: virtualize split lock detection arch/x86/include/asm/cpu.h | 12 ++++- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kernel/cpu/intel.c | 82 +++++++++++++++++++++---------- arch/x86/kernel/traps.c | 2 +- arch/x86/kvm/cpuid.c | 5 +- arch/x86/kvm/vmx/vmx.c | 86 +++++++++++++++++++++++++++++++-- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 41 +++++++++++++++- 8 files changed, 194 insertions(+), 36 deletions(-) -- 2.23.0
