On Wed, Oct 14, 2020 at 04:44:57PM -0700, Jim Mattson wrote: > On Fri, Oct 9, 2020 at 9:17 AM Jim Mattson <jmattson@xxxxxxxxxx> wrote: > > > > On Fri, Jul 10, 2020 at 8:48 AM Mohammed Gamal <mgamal@xxxxxxxxxx> wrote: > > > @@ -5308,6 +5314,18 @@ static int handle_ept_violation(struct kvm_vcpu *vcpu) > > > PFERR_GUEST_FINAL_MASK : PFERR_GUEST_PAGE_MASK; > > > > > > vcpu->arch.exit_qualification = exit_qualification; > > > + > > > + /* > > > + * Check that the GPA doesn't exceed physical memory limits, as that is > > > + * a guest page fault. We have to emulate the instruction here, because > > > + * if the illegal address is that of a paging structure, then > > > + * EPT_VIOLATION_ACC_WRITE bit is set. Alternatively, if supported we > > > + * would also use advanced VM-exit information for EPT violations to > > > + * reconstruct the page fault error code. > > > + */ > > > + if (unlikely(kvm_mmu_is_illegal_gpa(vcpu, gpa))) > > > + return kvm_emulate_instruction(vcpu, 0); > > > + > > > > Is kvm's in-kernel emulator up to the task? What if the instruction in > > question is AVX-512, or one of the myriad instructions that the > > in-kernel emulator can't handle? Ice Lake must support the advanced > > VM-exit information for EPT violations, so that would seem like a > > better choice. > > > Anyone? Using "advanced info" if it's supported seems like the way to go. Outright requiring it is probably overkill; if userspace wants to risk having to kill a (likely broken) guest, so be it.
