Patch "KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode" has been added to the 5.16-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 12 Feb 2022 00:46:30 -0500

This is a note to let you know that I've just added the patch titled

    KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode

to the 5.16-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-svm-don-t-kill-sev-guest-if-smap-erratum-trigger.patch
and it can be found in the queue-5.16 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 30787caa18b567cd44014737dc5e88d87fdfbc9c
Author: Sean Christopherson <seanjc@xxxxxxxxxx>
Date:   Thu Jan 20 01:07:19 2022 +0000

    KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode
    
    [ Upstream commit cdf85e0c5dc766fc7fc779466280e454a6d04f87 ]
    
    Inject a #GP instead of synthesizing triple fault to try to avoid killing
    the guest if emulation of an SEV guest fails due to encountering the SMAP
    erratum.  The injected #GP may still be fatal to the guest, e.g. if the
    userspace process is providing critical functionality, but KVM should
    make every attempt to keep the guest alive.
    
    Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
    Reviewed-by: Liam Merwick <liam.merwick@xxxxxxxxxx>
    Message-Id: <20220120010719.711476-10-seanjc@xxxxxxxxxx>
    Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 3efada37272c0..d6a4acaa65742 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4530,7 +4530,21 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, void *insn, int i
 	is_user = svm_get_cpl(vcpu) == 3;
 	if (smap && (!smep || is_user)) {
 		pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");
-		kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
+
+		/*
+		 * If the fault occurred in userspace, arbitrarily inject #GP
+		 * to avoid killing the guest and to hopefully avoid confusing
+		 * the guest kernel too much, e.g. injecting #PF would not be
+		 * coherent with respect to the guest's page tables.  Request
+		 * triple fault if the fault occurred in the kernel as there's
+		 * no fault that KVM can inject without confusing the guest.
+		 * In practice, the triple fault is moot as no sane SEV kernel
+		 * will execute from user memory while also running with SMAP=1.
+		 */
+		if (is_user)
+			kvm_inject_gp(vcpu, 0);
+		else
+			kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);
 	}
 
 	return false;






