1. Patchew
  2. linux
  3. View series

[PATCH v2 0/4] KVM: SVM: Fix unexpected #UD on INT3 in SEV guests

Sean Christopherson posted 4 patches 2 years, 3 months ago 
arch/x86/include/asm/kvm-x86-ops.h |  2 +-
arch/x86/include/asm/kvm_host.h    |  4 +--
arch/x86/kvm/svm/sev.c             |  2 +-
arch/x86/kvm/svm/svm.c             | 55 +++++++++++++++++-------------
arch/x86/kvm/svm/svm.h             |  1 +
arch/x86/kvm/vmx/vmx.c             | 12 +++----
arch/x86/kvm/x86.c                 | 22 ++++++++----
7 files changed, 58 insertions(+), 40 deletions(-)
[PATCH v2 0/4] KVM: SVM: Fix unexpected #UD on INT3 in SEV guests
Posted by Sean Christopherson 2 years, 3 months ago 
Fix a bug where KVM injects a bogus #UD for SEV guests when trying to skip
an INT3 as part of re-injecting the associated #BP that got kinda sorta
intercepted due to a #NPF occuring while vectoring/delivering the #BP.

Patch 1 is the main fix.  It's a little ugly, but suitable for backporting.

Patch 2 is a tangentially related cleanup to make NRIPS a requirement for
enabling SEV, e.g. so that we don't ever get "bug" reports of SEV guests
not working when NRIPS is disabled.

Patches 3 and 4 clean up the hack from patch 1, but are most definitely
not stable material (hence the slightly ugly fix).

Verified the original bug by toggling the NX hugepage mitigation to force
a #NPF when devliering #BP in the guest.

v2:
 - Actually fix the bug. [Tom]
 - Do the bigger cleanup I avoided in v1.

v1: https://lore.kernel.org/all/20230810234919.145474-1-seanjc@google.com

Sean Christopherson (4):
  KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
  KVM: SVM: Require nrips support for SEV guests (and beyond)
  KVM: x86: Refactor can_emulate_instruction() return to be more
    expressive
  KVM: SVM: Treat all "skip" emulation for SEV guests as outright
    failures

 arch/x86/include/asm/kvm-x86-ops.h |  2 +-
 arch/x86/include/asm/kvm_host.h    |  4 +--
 arch/x86/kvm/svm/sev.c             |  2 +-
 arch/x86/kvm/svm/svm.c             | 55 +++++++++++++++++-------------
 arch/x86/kvm/svm/svm.h             |  1 +
 arch/x86/kvm/vmx/vmx.c             | 12 +++----
 arch/x86/kvm/x86.c                 | 22 ++++++++----
 7 files changed, 58 insertions(+), 40 deletions(-)


base-commit: fff2e47e6c3b8050ca26656693caa857e3a8b740
-- 
2.42.0.rc2.253.gd59a3bf2b4-goog
Re: [PATCH v2 0/4] KVM: SVM: Fix unexpected #UD on INT3 in SEV guests
Posted by Sean Christopherson 2 years, 2 months ago 
On Thu, 24 Aug 2023 18:36:17 -0700, Sean Christopherson wrote:
> Fix a bug where KVM injects a bogus #UD for SEV guests when trying to skip
> an INT3 as part of re-injecting the associated #BP that got kinda sorta
> intercepted due to a #NPF occuring while vectoring/delivering the #BP.
> 
> Patch 1 is the main fix.  It's a little ugly, but suitable for backporting.
> 
> Patch 2 is a tangentially related cleanup to make NRIPS a requirement for
> enabling SEV, e.g. so that we don't ever get "bug" reports of SEV guests
> not working when NRIPS is disabled.
> 
> [...]

Applied 3-4 to kvm-x86 svm (1-2 went into v6.6).

[3/4] KVM: x86: Refactor can_emulate_instruction() return to be more expressive
      https://github.com/kvm-x86/linux/commit/aeb904f6b9f1
[4/4] KVM: SVM: Treat all "skip" emulation for SEV guests as outright failures
      https://github.com/kvm-x86/linux/commit/006829954096

--
https://github.com/kvm-x86/linux/tree/next
Re: [PATCH v2 0/4] KVM: SVM: Fix unexpected #UD on INT3 in SEV guests
Posted by Sean Christopherson 2 years, 3 months ago 
On Thu, 24 Aug 2023 18:36:17 -0700, Sean Christopherson wrote:
> Fix a bug where KVM injects a bogus #UD for SEV guests when trying to skip
> an INT3 as part of re-injecting the associated #BP that got kinda sorta
> intercepted due to a #NPF occuring while vectoring/delivering the #BP.
> 
> Patch 1 is the main fix.  It's a little ugly, but suitable for backporting.
> 
> Patch 2 is a tangentially related cleanup to make NRIPS a requirement for
> enabling SEV, e.g. so that we don't ever get "bug" reports of SEV guests
> not working when NRIPS is disabled.
> 
> [...]

Applied 1 and 2 to kvm-x86 svm, the more aggressive cleanup can definitely wait
until 6.7.

[1/4] KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
      https://github.com/kvm-x86/linux/commit/cb49631ad111
[2/4] KVM: SVM: Require nrips support for SEV guests (and beyond)
      https://github.com/kvm-x86/linux/commit/80d0f521d59e

--
https://github.com/kvm-x86/linux/tree/next
https://github.com/kvm-x86/linux/tree/fixes
Re: [PATCH v2 0/4] KVM: SVM: Fix unexpected #UD on INT3 in SEV guests
Posted by Tom Lendacky 2 years, 3 months ago 
On 8/25/23 14:02, Sean Christopherson wrote:
> On Thu, 24 Aug 2023 18:36:17 -0700, Sean Christopherson wrote:
>> Fix a bug where KVM injects a bogus #UD for SEV guests when trying to skip
>> an INT3 as part of re-injecting the associated #BP that got kinda sorta
>> intercepted due to a #NPF occuring while vectoring/delivering the #BP.
>>
>> Patch 1 is the main fix.  It's a little ugly, but suitable for backporting.
>>
>> Patch 2 is a tangentially related cleanup to make NRIPS a requirement for
>> enabling SEV, e.g. so that we don't ever get "bug" reports of SEV guests
>> not working when NRIPS is disabled.
>>
>> [...]
> 
> Applied 1 and 2 to kvm-x86 svm, the more aggressive cleanup can definitely wait
> until 6.7.
> 
> [1/4] KVM: SVM: Don't inject #UD if KVM attempts to skip SEV guest insn
>        https://github.com/kvm-x86/linux/commit/cb49631ad111
> [2/4] KVM: SVM: Require nrips support for SEV guests (and beyond)
>        https://github.com/kvm-x86/linux/commit/80d0f521d59e

Thanks, Sean!

I'm taking it through our testing and will let know if anything pops up. 
Since you have a recreate I don't expect anything, though.

Thanks,
Tom

> 
> --
> https://github.com/kvm-x86/linux/tree/next
> https://github.com/kvm-x86/linux/tree/fixes

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.