Another interesting behavior of KVM is that it rewrites guest hypercall
instructions when emulated on #UD. So, if a guest uses the wrong
instruction for the vendor its running on, KVM rewrites the guest
instruction to use the correct one (i.e. VMCALL on VMX, VMMCALL on SVM).
While it may not be the end of the world for a non-nested guest that
knows its running on KVM, this is dead wrong in the context of nested
virtualization.
The nested situation could probably be seen as a bug, but I decided to
leave it as is for now in the series since there hasn't been any
complaints about it so far.
This series adds a quirk which allows userspace to opt out of hypercall
rewrites. With the quirk disabled, misbehaved guests will see a #UD
instead.
Applies to kvm/queue at the following commit:
2ca1ba339ed8 ("KVM: x86: Test case for TSC scaling and offset sync")
Note, the series depends on KVM_CAP_DISABLE_QUIRKS2 which was introduced
in the following commit on kvm/queue:
3a825326df69 ("KVM: x86: Introduce KVM_CAP_DISABLE_QUIRKS2")
Tested with the included selftest on an Intel Skylake and AMD Rome
machine.
Oliver Upton (2):
KVM: x86: Allow userspace to opt out of hypercall patching
selftests: KVM: Test KVM_X86_QUIRK_FIX_HYPERCALL_INSN
Documentation/virt/kvm/api.rst | 9 +
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/include/uapi/asm/kvm.h | 11 +-
arch/x86/kvm/x86.c | 11 ++
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 1 +
.../selftests/kvm/x86_64/fix_hypercall_test.c | 170 ++++++++++++++++++
7 files changed, 200 insertions(+), 6 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/fix_hypercall_test.c
--
2.35.1.723.g4982287a31-goog
