Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp976859pxb; Wed, 6 Apr 2022 05:51:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz6H28PiSZmnH+/KtunwfLYSxhOejht0G5lZdW/a/1aXKfd3l1RgYzl/P1Vr9Bh2tvB43we X-Received: by 2002:a63:f54b:0:b0:384:64d1:fa45 with SMTP id e11-20020a63f54b000000b0038464d1fa45mr6951737pgk.95.1649249469481; Wed, 06 Apr 2022 05:51:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649249469; cv=none; d=google.com; s=arc-20160816; b=Iinclr8Yg5Crb+2ENvRxMpWVMkYC3EH2NyLuMMV/hGMmH0d3UXJi3zHYdeUyBpU0e5 UCgCE1H+THPv5JqjNKJ3BKnKfK1v861R6pSws87Z2QwWCzqkOzuwYC1oA5CNuvV9PiaM htTR/8w70J625lkKibx9917+FcUQ8r4T3b9jbDjCCgCfJC8Je2pt24skl4GcYuYEUocw Q6V8ovnprT9CP2sb2NalJ1Jvv2UL/wEQQQHIjiOTlsM49i0oqFPQTrJ8X5g+VpgFH44q 46OVie1hYVps6upYt7bru+Pte4/t4Ks3Arw3peo9mPGzai0Zjnf7iTWQnQ+L+lp6z4/+ xexA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6JOmtv6Rm4jDh0GV7OKzMV/6Ac5cnRIZHSOY48wGL+U=; b=lDiOZS/rX9AQtdtq8y5+pVWgkL963ncVc+B911Qv+7Zub4O3FgFNP+M+AlV9f74oW1 xjmqrEVReng+9dKmBrtOj8H7GfwW/RNCzojOOa6ZCMaWsDP+0NhgPfwu2A65B7Fc3Ur5 M/37XppZCOXziOHPgLEyp6VSAGWjdk9dHXAxsXPVVs3L0OL6vadv44IAAhLeyyFe6xv6 DwNIs8Bt7NBDX+iE8DZlYr2feLvmjEz6VrDDKsgVX3v7k24Kl6gNGP897Docyn92Br0o ZHGUan32GGgXdoeKZiis6Lm6bLGwuBOGolBg/HVOmdA5UaebyqpS7OGTinP/vcQYw9YQ AsAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=IR7NpSrO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id ha19-20020a17090af3d300b001bf1e011e98si4505946pjb.171.2022.04.06.05.51.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 05:51:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=IR7NpSrO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5A1E05EB85F; Wed, 6 Apr 2022 02:43:39 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230432AbiDFDGA (ORCPT + 99 others); Tue, 5 Apr 2022 23:06:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1846075AbiDFCCl (ORCPT ); Tue, 5 Apr 2022 22:02:41 -0400 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE30EB82CD for ; Tue, 5 Apr 2022 16:31:25 -0700 (PDT) Received: by mail-pf1-x430.google.com with SMTP id y10so883207pfa.7 for ; Tue, 05 Apr 2022 16:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6JOmtv6Rm4jDh0GV7OKzMV/6Ac5cnRIZHSOY48wGL+U=; b=IR7NpSrOcaWXxtSNibofCxKTyR+Y1ehaqpsHYBWsLG588QCVk7fyXTNrhtWv6FZeN2 4HDgQFkk5m4kzQLr6UWhK0RjQoq+ntg9xHh9c17ebLkzzEG6C1PW/dgwNs+PxqotwjNj sTBMKqfrkpgzOefDX4j9aEhyESmeM0tv64aQXFVSLdQd04zlAbQ/OnewgnvGt5izAhek xwpsUnP7pRDkR2YZJuD5/oG7B9GuG9RD5K+bM7Ra/2kc/2hFSgL0d6EYVroT8YhB0RbO RNKIUB9VO74CVWys7kx8e5eu77BmMlRwoOaesF9yaVKJyhGwgagVzn3SjGmPi8cgQk2c Im8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6JOmtv6Rm4jDh0GV7OKzMV/6Ac5cnRIZHSOY48wGL+U=; b=S1AvJgAdYk4fQUqsQVA7dCMQgumKsxH9n9299uhL6ILnTh+PJY8srq5bxNzIlpTPUa pp0P1NVd2/R4H3N9pbfDd/dDd8ZXldUwgg03Ax3MHkcNJyMh2c4VUrO5DDW5S5+cB8VZ awhn/EPRZe4sAZr/gtUP7RabVdVWBiXZx+bs920SbIHorP1HUbzLpug8xLaD93xyxVkp vHyhNZT3cez59CYYJsJPU8P/16BTLIvbOkCkGh+p5HRO8wEGxKgT7cT6IWlajwFFo7As XbM1OsyxnnGebByH9WT5blnzNNf3bH8vPyjsd+LatsZZRDeZYTVLj5Vi1bu1Me6yf7L9 1KYA== X-Gm-Message-State: AOAM530LS5ebtAlZzi2fe8Zw9Kf8w0uhyEN9UkefddVsJKDYGATYmQep Fc0WJbSbWqNF0ffu/ppWcY/IVQ== X-Received: by 2002:a63:6645:0:b0:382:65eb:1215 with SMTP id a66-20020a636645000000b0038265eb1215mr4767387pgc.337.1649201484673; Tue, 05 Apr 2022 16:31:24 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id v22-20020a056a00149600b004fb34a7b500sm17228303pfu.203.2022.04.05.16.31.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Apr 2022 16:31:23 -0700 (PDT) Date: Tue, 5 Apr 2022 23:31:20 +0000 From: Sean Christopherson To: Chenyi Qiang Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Xiaoyao Li , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v5 1/3] KVM: X86: Save&restore the triple fault request Message-ID: References: <20220318074955.22428-1-chenyi.qiang@intel.com> <20220318074955.22428-2-chenyi.qiang@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220318074955.22428-2-chenyi.qiang@intel.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 18, 2022, Chenyi Qiang wrote: > For the triple fault sythesized by KVM, e.g. the RSM path or > nested_vmx_abort(), if KVM exits to userspace before the request is > serviced, userspace could migrate the VM and lose the triple fault. > Fix this issue by adding a new event KVM_VCPUEVENT_TRIPLE_FAULT in > get/set_vcpu_events() to track the triple fault request. > > Signed-off-by: Chenyi Qiang > --- > Documentation/virt/kvm/api.rst | 6 ++++++ > arch/x86/include/uapi/asm/kvm.h | 1 + > arch/x86/kvm/x86.c | 9 ++++++++- > 3 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst > index 691ff84444bd..9682b0a438bd 100644 > --- a/Documentation/virt/kvm/api.rst > +++ b/Documentation/virt/kvm/api.rst > @@ -1146,6 +1146,9 @@ The following bits are defined in the flags field: > fields contain a valid state. This bit will be set whenever > KVM_CAP_EXCEPTION_PAYLOAD is enabled. > > +- KVM_VCPUEVENT_TRIPLE_FAULT may be set to signal that there's a > + triple fault request waiting to be serviced. Please avoid "request" in the docs, as before, that's a KVM implemenation detail. For this one, maybe "there's a pending triple fault event"? > + > ARM/ARM64: > ^^^^^^^^^^ > > @@ -1241,6 +1244,9 @@ can be set in the flags field to signal that the > exception_has_payload, exception_payload, and exception.pending fields > contain a valid state and shall be written into the VCPU. > > +KVM_VCPUEVENT_TRIPLE_FAULT can be set in flags field to signal that a > +triple fault request should be made. And here, "to signal that KVM should synthesize a triple fault for the guest"? > + > ARM/ARM64: > ^^^^^^^^^^ > > diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h > index bf6e96011dfe..d8ef0d993e86 100644 > --- a/arch/x86/include/uapi/asm/kvm.h > +++ b/arch/x86/include/uapi/asm/kvm.h > @@ -325,6 +325,7 @@ struct kvm_reinject_control { > #define KVM_VCPUEVENT_VALID_SHADOW 0x00000004 > #define KVM_VCPUEVENT_VALID_SMM 0x00000008 > #define KVM_VCPUEVENT_VALID_PAYLOAD 0x00000010 > +#define KVM_VCPUEVENT_TRIPLE_FAULT 0x00000020 > > /* Interrupt shadow states */ > #define KVM_X86_SHADOW_INT_MOV_SS 0x01 > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 4fa4d8269e5b..fee402a700df 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4891,6 +4891,9 @@ static void kvm_vcpu_ioctl_x86_get_vcpu_events(struct kvm_vcpu *vcpu, > if (vcpu->kvm->arch.exception_payload_enabled) > events->flags |= KVM_VCPUEVENT_VALID_PAYLOAD; > > + if (kvm_check_request(KVM_REQ_TRIPLE_FAULT, vcpu)) > + events->flags |= KVM_VCPUEVENT_TRIPLE_FAULT; > + > memset(&events->reserved, 0, sizeof(events->reserved)); > } > > @@ -4903,7 +4906,8 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu, > | KVM_VCPUEVENT_VALID_SIPI_VECTOR > | KVM_VCPUEVENT_VALID_SHADOW > | KVM_VCPUEVENT_VALID_SMM > - | KVM_VCPUEVENT_VALID_PAYLOAD)) > + | KVM_VCPUEVENT_VALID_PAYLOAD > + | KVM_VCPUEVENT_TRIPLE_FAULT)) > return -EINVAL; > > if (events->flags & KVM_VCPUEVENT_VALID_PAYLOAD) { > @@ -4976,6 +4980,9 @@ static int kvm_vcpu_ioctl_x86_set_vcpu_events(struct kvm_vcpu *vcpu, > } > } > > + if (events->flags & KVM_VCPUEVENT_TRIPLE_FAULT) > + kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu); > + > kvm_make_request(KVM_REQ_EVENT, vcpu); Looks correct, but this really needs a selftest, at least for the SET path since the intent is to use that for the NOTIFY handling. Doesn't need to be super fancy, e.g. do port I/O from L2, inject a triple fault, and verify L1 sees the appropriate exit. Aha! And for the GET path, abuse KVM_X86_SET_MCE with CR4.MCE=0 to coerce KVM into making a KVM_REQ_TRIPLE_FAULT, that way there's no need to try and hit a timing window to intercept the request.