On 1/20/22 02:07, Sean Christopherson wrote:
Revert an amusing/embarassing goof reported by Liam Merwick, where KVM
attempts to determine if RIP is backed by a valid memslot without first
translating RIP to its associated GPA/GFN. Fix the underlying bug that
was "fixed" by the misguided memslots check by (a) never rejecting
emulation for !SEV guests and (b) using the #NPF error code to determine
if the fault happened on the code fetch or on guest page tables, which is
effectively what the memslots check attempted to do.
Further clean up, harden, and document SVM's "can emulate" helper, and
fix a #GP interception SEV bug found in the process of doing so.
Sean Christopherson (9):
KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests
Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
KVM: SVM: Don't intercept #GP for SEV guests
KVM: SVM: Explicitly require DECODEASSISTS to enable SEV support
KVM: x86: Pass emulation type to can_emulate_instruction()
KVM: SVM: WARN if KVM attempts emulation on #UD or #GP for SEV guests
KVM: SVM: Inject #UD on attempted emulation for SEV guest w/o insn
buffer
KVM: SVM: Don't apply SEV+SMAP workaround on code fetch or PT access
KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/kvm/svm/sev.c | 9 +-
arch/x86/kvm/svm/svm.c | 162 ++++++++++++++++++++++----------
arch/x86/kvm/vmx/vmx.c | 7 +-
arch/x86/kvm/x86.c | 11 ++-
virt/kvm/kvm_main.c | 1 -
6 files changed, 135 insertions(+), 58 deletions(-)
base-commit: edb9e50dbe18394d0fc9d0494f5b6046fc912d33
Queued, thanks.
Paolo
