This is a note to let you know that I've just added the patch titled
KVM: nSVM: fix running nested guests when npt=0
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-nsvm-fix-running-nested-guests-when-npt-0.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From a04aead144fd938c2d9869eb187e5b9ea0009bae Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Date: Thu, 18 Feb 2021 07:16:59 -0500
Subject: KVM: nSVM: fix running nested guests when npt=0
From: Paolo Bonzini <pbonzini@xxxxxxxxxx>
commit a04aead144fd938c2d9869eb187e5b9ea0009bae upstream.
In case of npt=0 on host, nSVM needs the same .inject_page_fault tweak
as VMX has, to make sure that shadow mmu faults are injected as vmexits.
It is not clear why this is needed at all, but for now keep the same
code as VMX and we'll fix it for both.
Based on a patch by Maxim Levitsky <mlevitsk@xxxxxxxxxx>.
Fixes: 7c86663b68ba ("KVM: nSVM: inject exceptions via svm_check_nested_events")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/svm/nested.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -51,6 +51,23 @@ static void nested_svm_inject_npf_exit(s
nested_svm_vmexit(svm);
}
+static void svm_inject_page_fault_nested(struct kvm_vcpu *vcpu, struct x86_exception *fault)
+{
+ struct vcpu_svm *svm = to_svm(vcpu);
+ WARN_ON(!is_guest_mode(vcpu));
+
+ if (vmcb_is_intercept(&svm->nested.ctl, INTERCEPT_EXCEPTION_OFFSET + PF_VECTOR) &&
+ !svm->nested.nested_run_pending) {
+ svm->vmcb->control.exit_code = SVM_EXIT_EXCP_BASE + PF_VECTOR;
+ svm->vmcb->control.exit_code_hi = 0;
+ svm->vmcb->control.exit_info_1 = fault->error_code;
+ svm->vmcb->control.exit_info_2 = fault->address;
+ nested_svm_vmexit(svm);
+ } else {
+ kvm_inject_page_fault(vcpu, fault);
+ }
+}
+
static u64 nested_svm_get_tdp_pdptr(struct kvm_vcpu *vcpu, int index)
{
struct vcpu_svm *svm = to_svm(vcpu);
@@ -446,6 +463,9 @@ int enter_svm_guest_mode(struct vcpu_svm
if (ret)
return ret;
+ if (!npt_enabled)
+ svm->vcpu.arch.mmu->inject_page_fault = svm_inject_page_fault_nested;
+
svm_set_gif(svm, true);
return 0;
Patches currently in stable-queue which might be from pbonzini@xxxxxxxxxx are
queue-5.10/kvm-nsvm-fix-running-nested-guests-when-npt-0.patch
queue-5.10/kvm-x86-restore-all-64-bits-of-dr6-and-dr7-during-rs.patch
queue-5.10/kvm-nsvm-don-t-strip-host-s-c-bit-from-guest-s-cr3-w.patch
queue-5.10/x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch
queue-5.10/kvm-svm-intercept-invpcid-when-it-s-disabled-to-inje.patch
queue-5.10/kvm-x86-mmu-expand-collapsible-spte-zap-for-tdp-mmu-.patch
queue-5.10/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch
