On 06/03/21 02:39, Sean Christopherson wrote:
Unless KVM (L0) knowingly wants to override L1, e.g. KVM_GUESTDBG_* cases, KVM shouldn't do a damn thing except forward the exception to L1 if L1 wants the exception. ud_interception() and gp_interception() do quite a bit before forwarding the exception, and in the case of #UD, it's entirely possible the #UD will never get forwarded to L1. #GP is even more problematic because it's a contributory exception, and kvm_multiple_exception() is not equipped to check and handle nested intercepts before vectoring the exception, which means KVM will incorrectly escalate a #GP->#DF and #GP->#DF->Triple Fault instead of exiting to L1. That's a wee bit problematic since KVM also has a soon-to-be-fixed bug where it kills L1 on a Triple Fault in L2...
I agree with the #GP problem, but this is on purpose. For example, if L1 CPUID has MOVBE and it is being emulated via #UD, L1 would be right to set MOVBE in L2's CPUID and expect it not to cause a #UD. The same is true for the VMware #GP interception case.
Maxim is also working on this, the root cause is that kvm_multiple_exception()'s escalation of contributory exceptions to #DF and triple fault is incorrect in the case of nested virtualization.
Paolo
