Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp4052493pxv; Tue, 13 Jul 2021 09:38:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2FqfZ16GiL5OZtfocDrNvNo3wHH+uytoZpmD1II+RRKtuC3CYYgg68xbBkpyP3bH02pE+ X-Received: by 2002:a17:906:4d08:: with SMTP id r8mr6543619eju.464.1626194308790; Tue, 13 Jul 2021 09:38:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626194308; cv=none; d=google.com; s=arc-20160816; b=QIb5Goe3uePj1D8aAH96w0JgA/VXBApilb+uaktHn3epXe8LD6nxDq7EhQyJg784R3 LWBYFAsXiG+45NxyvjpGxWMaR/59aBUBH/cD7eSyPF1Syblx5y/Qa+0L55sCzg+flyvJ DS6j0c8adiSyA8k7YmMwcNSPGArik7bZyh3LAmkdWG4ThtHdrTIUXlAqbt2aPcN6Mzcw Ff/DuQcwLeS6YgCOCkc2W76brqs3VZ7mi3DvC3IeIIOjWGwswmc5dw+Yc6R4XTG7I8oP sw/80NL4aidpoHSdnYBYMMNWLrPzXJZ0RYB55HVjbvPqzAfGHFx0CTqAh2o2kVRJKEh5 tWWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:reply-to:dkim-signature; bh=wiSZeaOJz6E5eaSw6IcwZw34ds4nUby2LO6OctxjAfc=; b=jw0VVLkKOTh5A2TSyR8zTXnR6XRtlqyz9chTETR3h4/ReQfj/8cbZB1rnHEt4DFu/D rMP8HYAdZbivPnOo5mIMe3WhG/BsDQnopgQsLD0TSHBipHBlu7bSVYMEiEOltE9h4b6N jq2dQoP2wgECPrm6bfT4hW8NLHxlgcqA7JktScA3uplLBrLYOlw57JoA58/cQY2vcDtL QgWIpC+u7IXnluEZSTKnhvpClc+mJdC9rvQJtJUl0zUkThSGjNZaf1Px0q7G7RvK5/Ax 04AQ64qIXpit5vlFwgsOwdWri3Q0XaF+L6Wpfxs9SgDZxAPOedTGn+m7gI4KOmInmU3Y VZ+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JlLgNaat; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o21si21501697edc.577.2021.07.13.09.38.02; Tue, 13 Jul 2021 09:38:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JlLgNaat; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233038AbhGMQiy (ORCPT + 99 others); Tue, 13 Jul 2021 12:38:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235293AbhGMQij (ORCPT ); Tue, 13 Jul 2021 12:38:39 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3758FC05BD34 for ; Tue, 13 Jul 2021 09:35:00 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id o12-20020a5b050c0000b02904f4a117bd74so27735310ybp.17 for ; Tue, 13 Jul 2021 09:35:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=reply-to:date:in-reply-to:message-id:mime-version:references :subject:from:to:cc; bh=wiSZeaOJz6E5eaSw6IcwZw34ds4nUby2LO6OctxjAfc=; b=JlLgNaatfTImrlLKDteCXIQCOvCb7D/zd/Eu4BP8cEmHg7r7VjKchWZkJwwyg08wAe aCHxM1JMig6P15Ukgg4qRI7XmC0/FhSLV8og8HvomKXEpPzVYK7x7byEbdHBk0cjwrMy BhSwQF2jP7TF/4PczCGUhGmF+ICPxtxma149TzwxP8LwjQ/5/UpPeSZIYCBExWDGAKxH gg7yF4UJOwYieLGaWNNPWQzqOqraVbPqBexeoeQlBg3WqgQ/pMjMIxmc3veB8GR7Twx/ +SOXWsMXyaRaLIQRiEZWiF+lTDWhzNx4F0M9LHtA8itikEIR1y1klXAV8e4S2pYVZ9cQ Uc+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:reply-to:date:in-reply-to:message-id :mime-version:references:subject:from:to:cc; bh=wiSZeaOJz6E5eaSw6IcwZw34ds4nUby2LO6OctxjAfc=; b=fvIHHdkB7klHQhDQh2hY3upiONu9Us/J/b2ThcOIft+YEOrRWcT7QtgJOseFwJHnpG jy75vmzc8ilzxKjz1ozZnw9MjVAVraJsM0htgWqXuj9SaS3hPOEaPGqKHNL/msMH1Xom G6lhiSrC6eTYetpjVV4HePLipg5UqCYLSkrgo1+7fwaczHHqNORHcBMrWfSXu1MXE6RP N3dImAz9jmRKl1hvEGtiZZCDvf4D4l0smL4sBRx3T2HOOW+6ZaodguW7vJmu1wiFfvuE QSexkNz4Vu76GKzZWzK5gXCgd0YG3PFHvIc68K1JCj7+zvKdw89yFzNALWkH4Y7Iw+ay 9LpA== X-Gm-Message-State: AOAM530fgSAuovp/Xs82kKC53sgKEpKCtyQZa20AM2XuDNf/TcJuIm6A psaqIBXs5/nc/hpVOf2/aOG5CSuktYU= X-Received: from seanjc798194.pdx.corp.google.com ([2620:15c:90:200:825e:11a1:364b:8109]) (user=seanjc job=sendgmr) by 2002:a25:afcd:: with SMTP id d13mr6691400ybj.504.1626194099437; Tue, 13 Jul 2021 09:34:59 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 13 Jul 2021 09:33:22 -0700 In-Reply-To: <20210713163324.627647-1-seanjc@google.com> Message-Id: <20210713163324.627647-45-seanjc@google.com> Mime-Version: 1.0 References: <20210713163324.627647-1-seanjc@google.com> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog Subject: [PATCH v2 44/46] KVM: SVM: Emulate #INIT in response to triple fault shutdown From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Reiji Watanabe Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Emulate a full #INIT instead of simply initializing the VMCB if the guest hits a shutdown. Initializing the VMCB but not other vCPU state, much of which is mirrored by the VMCB, results in incoherent and broken vCPU state. Ideally, KVM would not automatically init anything on shutdown, and instead put the vCPU into e.g. KVM_MP_STATE_UNINITIALIZED and force userspace to explicitly INIT or RESET the vCPU. Even better would be to add KVM_MP_STATE_SHUTDOWN, since technically NMI can break shutdown (and SMI on Intel CPUs). But, that ship has sailed, and emulating #INIT is the next best thing as that has at least some connection with reality since there exist bare metal platforms that automatically INIT the CPU if it hits shutdown. Fixes: 46fe4ddd9dbb ("[PATCH] KVM: SVM: Propagate cpu shutdown events to userspace") Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 10 +++++++--- arch/x86/kvm/x86.c | 1 + 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index ea4bea428078..285587a7fe80 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -2058,11 +2058,15 @@ static int shutdown_interception(struct kvm_vcpu *vcpu) return -EINVAL; /* - * VMCB is undefined after a SHUTDOWN intercept - * so reinitialize it. + * VMCB is undefined after a SHUTDOWN intercept. INIT the vCPU to put + * the VMCB in a known good state. Unfortuately, KVM doesn't have + * KVM_MP_STATE_SHUTDOWN and can't add it without potentially breaking + * userspace. At a platform view, INIT is acceptable behavior as + * there exist bare metal platforms that automatically INIT the CPU + * in response to shutdown. */ clear_page(svm->vmcb); - init_vmcb(vcpu); + kvm_vcpu_reset(vcpu, true); kvm_run->exit_reason = KVM_EXIT_SHUTDOWN; return 0; diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 3aa952edd5f4..f35dd8192c32 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10901,6 +10901,7 @@ void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) if (init_event) kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu); } +EXPORT_SYMBOL_GPL(kvm_vcpu_reset); void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) { -- 2.32.0.93.g670b81a890-goog