On Tue, 6 Apr 2021 09:40:38 +0200 Borislav Petkov wrote: > On Tue, Apr 06, 2021 at 09:44:21AM +1200, Kai Huang wrote: > > The intention was to catch KVM bug, since KVM is the only caller, and in current > > implementation KVM won't call this function if @secs is not a valid userspace > > pointer. But yes we can also return here, but in this case an exception number > > must also be specified to *trapnr so that KVM can inject to guest. It's not that > > straightforward to decide which exception should we inject, but I think #GP > > should be OK. Please see below. > > Why should you inject anything in that case? > > AFAICT, you can handle the return value in __handle_encls_ecreate() and > inject only when the return value is EFAULT. If it is another negative > error value, you pass it back up to its caller, handle_encls_ecreate() > which returns other error values like -ENOMEM too. Which means, its > callchain can stomach negative values just fine. > OK. My thinking was that, returning negative error value basically means guest will be killed. For the case access_ok() fails for @secs or other user pointers, it seems killing guest is a little it overkill, but since this code's purpose is to catch KVM bug, I think killing guest is also OK from this perspective (like -ENOMEM case, it is kernel/kvm internal error). So yes I guess we can make handle_encls_xx() to stomach negative values, and only inject upon -EFAULT.
