On 02/03/21 18:45, Sean Christopherson wrote:
If KVM (L0) intercepts #GP, but L1 does not, then L2 can kill L1 by
triggering triple fault. On both VMX and SVM, if the CPU hits a fault
while vectoring an injected #DF (or I supposed any #DF), any intercept
from the hypervisor takes priority over triple fault. #PF is unlikely to
be intercepted by L0 but not L1. The bigger problem is #GP, which is
intercepted on both VMX and SVM if enable_vmware_backdoor=1, and is also
now intercepted for the lovely VMRUN/VMLOAD/VMSAVE errata.
Based on kvm/queue, commit fe5f0041c026 ("KVM/SVM: Move vmenter.S exception
fixups out of line"). x86.c and svm/nested.c conflict with kvm/master.
They are minor and straighforward, but let me know if you want me to post
a version based on kvm/master for easier inclusion into 5.12.
I think it would be too intrusive. Let's stick this in 5.13 only.
Paolo
Sean Christopherson (2):
KVM: x86: Handle triple fault in L2 without killing L1
KVM: nSVM: Add helper to synthesize nested VM-Exit without collateral
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/lapic.c | 2 +-
arch/x86/kvm/svm/nested.c | 57 ++++++++-------------------------
arch/x86/kvm/svm/svm.c | 6 +---
arch/x86/kvm/svm/svm.h | 9 ++++++
arch/x86/kvm/vmx/nested.c | 9 ++++++
arch/x86/kvm/x86.c | 29 +++++++++++++----
arch/x86/kvm/x86.h | 2 ++
8 files changed, 60 insertions(+), 55 deletions(-)
