On Thu, Apr 21, 2022, Chenyi Qiang wrote:
> +#ifndef __x86_64__
> +# error This test is 64-bit only
No need, all of KVM selftests are 64-bit only.
> +#endif
> +
> +#define VCPU_ID 0
> +#define ARBITRARY_IO_PORT 0x2000
> +
> +/* The virtual machine object. */
> +static struct kvm_vm *vm;
> +
> +static void l2_guest_code(void)
> +{
> + /*
> + * Generate an exit to L0 userspace, i.e. main(), via I/O to an
> + * arbitrary port.
> + */
I think we can test a "real" triple fault without too much effort by abusing
vcpu->run->request_interrupt_window. E.g. map the run struct into L2, clear
PIN_BASED_EXT_INTR_MASK in vmcs12, and then in l2_guest_code() do:
asm volatile("cli");
run->request_interrupt_window = true;
asm volatile("sti; ud2");
asm volatile("inb %%dx, %%al"
: : [port] "d" (ARBITRARY_IO_PORT) : "rax");
The STI shadow will block the IRQ-window VM-Exit until after the ud2, i.e. until
after the triple fault is pending.
And then main() can
1. verify it got KVM_EXIT_IRQ_WINDOW_OPEN with a pending triple fault
2. clear the triple fault and re-enter L1+l2
3. continue with the existing code, e.g. verify it got KVM_EXIT_IO, stuff a
pending triple fault, etc...
That said, typing that out makes me think we should technically handle/prevent this
in KVM since triple fault / shutdown is kinda sorta just a special exception.
Heh, and a potentially bad/crazy idea would be to use a reserved/magic vector in
kvm_vcpu_events.exception to save/restore triple fault, e.g. we could steal
NMI_VECTOR.
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index f2d0ee9296b9..d58c0cfd3cd3 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4743,7 +4743,8 @@ static int kvm_vcpu_ready_for_interrupt_injection(struct kvm_vcpu *vcpu)
return (kvm_arch_interrupt_allowed(vcpu) &&
kvm_cpu_accept_dm_intr(vcpu) &&
!kvm_event_needs_reinjection(vcpu) &&
- !vcpu->arch.exception.pending);
+ !vcpu->arch.exception.pending &&
+ !kvm_test_request(KVM_REQ_TRIPLE_FAULT, vcpu));
}
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
