Rework the handling of !visible guest root gfns to wait until the guest actually tries to access memory before synthesizing a fault. KVM currently just immediately synthesizes triple fault, which causes problems for nVMX and nSVM as immediately injecting a fault causes KVM to try and forward the fault to L1 (as a VM-Exit) before completing nested VM-Enter, e.g. if L1 runs L2 with a "bad" nested TDP root. To get around the conundrum of not wanting to shadow garbage, load a dummy root, backed by the zero page, into CR3/EPTP/nCR3, and then inject an appropriate page fault when the guest (likely) hits a !PRESENT fault. Note, KVM's behavior is still not strictly correct with respect to x86 architecture, the primary goal is purely to prevent triggering KVM's WARN at will. No real world guest intentionally loads CR3 (or EPTP or nCR3) with a GPA that points at MMIO and expects it to work (and KVM has a long and storied history of punting on emulated MMIO corner cases). I didn't Cc any of this for stable because syzkaller is really the only thing that I expect to care, and the whole dummy root thing isn't exactly risk free. If someone _really_ wants to squash the WARN in LTS kernels, the way to do that would be to exempt triple fault shutdown VM-Exits from the sanity checks in nVMX and nSVM, i.e. sweep the problem under the rug. I have a KUT test for this that'll I'll post next week (I said that about v1 and then forgot). v2: - Finish writing the changelog for patch 3. [Yu] - Use KVM_REQ_MMU_FREE_OBSOLETE_ROOTS instead of directly unloading all roots. [Yu] v1: https://lore.kernel.org/all/20230722012350.2371049-1-seanjc@xxxxxxxxxx Sean Christopherson (5): KVM: x86/mmu: Add helper to convert root hpa to shadow page KVM: x86/mmu: Harden new PGD against roots without shadow pages KVM: x86/mmu: Harden TDP MMU iteration against root w/o shadow page KVM: x86/mmu: Disallow guest from using !visible slots for page tables KVM: x86/mmu: Use dummy root, backed by zero page, for !visible guest roots arch/x86/kvm/mmu/mmu.c | 94 ++++++++++++++++++--------------- arch/x86/kvm/mmu/mmu_internal.h | 10 ++++ arch/x86/kvm/mmu/paging_tmpl.h | 18 ++++++- arch/x86/kvm/mmu/spte.h | 12 +++++ arch/x86/kvm/mmu/tdp_iter.c | 11 ++-- arch/x86/kvm/mmu/tdp_mmu.c | 2 +- 6 files changed, 98 insertions(+), 49 deletions(-) base-commit: fdf0eaf11452d72945af31804e2a1048ee1b574c -- 2.41.0.487.g6d72f3e995-goog
