| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7d94b9d9-d167-177b-7fc5-b6c93ea3555e@redhat.com>
Date: Wed, 23 Jun 2021 14:32:08 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Xiaoyao Li <xiaoyao.li@...el.com>
Subject: Re: [PATCH] KVM: nVMX: Handle split-lock #AC exceptions that happen
in L2
On 22/06/21 19:22, Sean Christopherson wrote:
> Mark #ACs that won't be reinjected to the guest as wanted by L0 so that
> KVM handles split-lock #AC from L2 instead of forwarding the exception to
> L1. Split-lock #AC isn't yet virtualized, i.e. L1 will treat it like a
> regular #AC and do the wrong thing, e.g. reinject it into L2.
>
> Fixes: e6f8b6c12f03 ("KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest")
> Cc: Xiaoyao Li <xiaoyao.li@...el.com>
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
> ---
> arch/x86/kvm/vmx/nested.c | 3 +++
> arch/x86/kvm/vmx/vmcs.h | 5 +++++
> arch/x86/kvm/vmx/vmx.c | 4 ++--
> arch/x86/kvm/vmx/vmx.h | 1 +
> 4 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 183fd9d62fc5..fa3f50f0a3fa 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -5833,6 +5833,9 @@ static bool nested_vmx_l0_wants_exit(struct kvm_vcpu *vcpu,
> else if (is_breakpoint(intr_info) &&
> vcpu->guest_debug & KVM_GUESTDBG_USE_SW_BP)
> return true;
> + else if (is_alignment_check(intr_info) &&
> + !vmx_guest_inject_ac(vcpu))
> + return true;
> return false;
> case EXIT_REASON_EXTERNAL_INTERRUPT:
> return true;
> diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h
> index de3b04d4b587..4b9957e2bf5b 100644
> --- a/arch/x86/kvm/vmx/vmcs.h
> +++ b/arch/x86/kvm/vmx/vmcs.h
> @@ -117,6 +117,11 @@ static inline bool is_gp_fault(u32 intr_info)
> return is_exception_n(intr_info, GP_VECTOR);
> }
>
> +static inline bool is_alignment_check(u32 intr_info)
> +{
> + return is_exception_n(intr_info, AC_VECTOR);
> +}
> +
> static inline bool is_machine_check(u32 intr_info)
> {
> return is_exception_n(intr_info, MC_VECTOR);
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index ab6f682645d7..46d9ce39249d 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -4743,7 +4743,7 @@ static int handle_machine_check(struct kvm_vcpu *vcpu)
> * - Guest has #AC detection enabled in CR0
> * - Guest EFLAGS has AC bit set
> */
> -static inline bool guest_inject_ac(struct kvm_vcpu *vcpu)
> +bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu)
> {
> if (!boot_cpu_has(X86_FEATURE_SPLIT_LOCK_DETECT))
> return true;
> @@ -4851,7 +4851,7 @@ static int handle_exception_nmi(struct kvm_vcpu *vcpu)
> kvm_run->debug.arch.exception = ex_no;
> break;
> case AC_VECTOR:
> - if (guest_inject_ac(vcpu)) {
> + if (vmx_guest_inject_ac(vcpu)) {
> kvm_queue_exception_e(vcpu, AC_VECTOR, error_code);
> return 1;
> }
> diff --git a/arch/x86/kvm/vmx/vmx.h b/arch/x86/kvm/vmx/vmx.h
> index 5740f8e2aa23..3979a947933a 100644
> --- a/arch/x86/kvm/vmx/vmx.h
> +++ b/arch/x86/kvm/vmx/vmx.h
> @@ -376,6 +376,7 @@ void vmx_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
> void vmx_set_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg);
> u64 construct_eptp(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level);
>
> +bool vmx_guest_inject_ac(struct kvm_vcpu *vcpu);
> void vmx_update_exception_bitmap(struct kvm_vcpu *vcpu);
> void vmx_update_msr_bitmap(struct kvm_vcpu *vcpu);
> bool vmx_nmi_blocked(struct kvm_vcpu *vcpu);
>
Queued with Cc to stable, thanks.
Paolo
Powered by blists - more mailing lists