Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp2187647iof; Tue, 7 Jun 2022 22:35:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0e5KfvXleyWa62k0+/kxSbucWjNrtjC6b3dIUdQi9EWRU76DRqVtAbUegJFOCXjGWNie0 X-Received: by 2002:a17:902:f282:b0:164:a74:6236 with SMTP id k2-20020a170902f28200b001640a746236mr32800039plc.21.1654666529293; Tue, 07 Jun 2022 22:35:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654666529; cv=none; d=google.com; s=arc-20160816; b=hsSevKtt2J3zvgaFUSrCy3xthjT1ysB41ZvGooDDJXJ1/GjmGkPJUgeN8VZRSjsxxo pDyic4nAjcR8CWq427XhZ5kOUrf43+S8dwdPThT5Xgv6K6/HJnZB30sU07KAWf5w16Gy yYuX1G8bS7z4y0+NDoiKvFG9al1JfAlVCO0e5RIcL8T5/trrijmSys02D9bONN5cCkod X49r29+S//xRTC/5vma0Y15gJkCWlyxYA4hIo7Oje8LoglqCgm9zAAGUvGekPcB48ums t0heRNTbc96XzrRBvIrw4FnbJ/MOKHC92RZQ2haVp4MrEij0Xg8AKukzUD68hV4qQUzb BvAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9YwwWw1ixHQ53abTWzB8e9bxItjY3kwkgkizz7W4c7g=; b=Cxm1/fH9Jeco92CyUKaiooKUgBDtXGYL3er6mE1V4GMADHT/BS39pVPNvd3HERbj0a gEJXG7tfYrpTT+eC9NjcP6IRijURM/6WdV7ZGNsLnaHakZDu0KR/SsfK75iUTFm9/xrO lVQU+8nXUcrTMnzBLk5jI9ahyB4j7XQC26psGOZJsj2ZU/TOUyUskTJDZZACt3UyvTww qT33Ow5Ck/rFsgNsv/IS/Ce5fbUO9TCZtTt2g4qWtujoXkql5UsectOBWIQ7aXTjkOST RyXOh5/oSXl1oawQJBImxVeLBSLdCoLxTG+TtENRkDU8jGZ/H6hBQqItV2EWPlFgS7sJ kKIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yX6hh1Sq; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id j7-20020aa78007000000b004fa3a8e0084si24429632pfi.315.2022.06.07.22.35.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 22:35:29 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yX6hh1Sq; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6B868392A31; Tue, 7 Jun 2022 22:02:06 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377775AbiFGVSl (ORCPT + 99 others); Tue, 7 Jun 2022 17:18:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47502 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1359344AbiFGUWL (ORCPT ); Tue, 7 Jun 2022 16:22:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D5F2144FFB; Tue, 7 Jun 2022 11:31:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EFE05B82349; Tue, 7 Jun 2022 18:31:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50087C385A2; Tue, 7 Jun 2022 18:31:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654626687; bh=3/Sd1TFgFMuNHHWqfNjOIDCUnuVWqpZeYGhR3MVlMEs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yX6hh1Sqm0rpTrf/VSw1Sf5i60uCFiIhLoModFCLqEmtWFiLxO3nBRC9g9dGlNgFy wUDSSVMy+kXEX0AV0PUQRQ4DqjrUwAwUvHTs1OyvLGRoebk5j1TsSIUA/CkOi/rV9z QuHP1RI55LxA7uhG5ZHQ0hjef8Xj2a/OwBy9lPdM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chenyi Qiang , Sean Christopherson , Paolo Bonzini , Sasha Levin Subject: [PATCH 5.17 466/772] KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault Date: Tue, 7 Jun 2022 19:00:58 +0200 Message-Id: <20220607165002.730503757@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220607164948.980838585@linuxfoundation.org> References: <20220607164948.980838585@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson [ Upstream commit 9bd1f0efa859b61950d109b32ff8d529cc33a3ad ] Clear the IDT vectoring field in vmcs12 on next VM-Exit due to a double or triple fault. Per the SDM, a VM-Exit isn't considered to occur during event delivery if the exit is due to an intercepted double fault or a triple fault. Opportunistically move the default clearing (no event "pending") into the helper so that it's more obvious that KVM does indeed handle this case. Note, the double fault case is worded rather wierdly in the SDM: The original event results in a double-fault exception that causes the VM exit directly. Temporarily ignoring injected events, double faults can _only_ occur if an exception occurs while attempting to deliver a different exception, i.e. there's _always_ an original event. And for injected double fault, while there's no original event, injected events are never subject to interception. Presumably the SDM is calling out that a the vectoring info will be valid if a different exit occurs after a double fault, e.g. if a #PF occurs and is intercepted while vectoring #DF, then the vectoring info will show the double fault. In other words, the clause can simply be read as: The VM exit is caused by a double-fault exception. Fixes: 4704d0befb07 ("KVM: nVMX: Exiting from L2 to L1") Cc: Chenyi Qiang Signed-off-by: Sean Christopherson Message-Id: <20220407002315.78092-4-seanjc@google.com> Signed-off-by: Paolo Bonzini Signed-off-by: Sasha Levin --- arch/x86/kvm/vmx/nested.c | 32 ++++++++++++++++++++++++++++---- arch/x86/kvm/vmx/vmcs.h | 5 +++++ 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 2992db28c644..d795ac816aec 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -3695,12 +3695,34 @@ vmcs12_guest_cr4(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12) } static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu, - struct vmcs12 *vmcs12) + struct vmcs12 *vmcs12, + u32 vm_exit_reason, u32 exit_intr_info) { u32 idt_vectoring; unsigned int nr; - if (vcpu->arch.exception.injected) { + /* + * Per the SDM, VM-Exits due to double and triple faults are never + * considered to occur during event delivery, even if the double/triple + * fault is the result of an escalating vectoring issue. + * + * Note, the SDM qualifies the double fault behavior with "The original + * event results in a double-fault exception". It's unclear why the + * qualification exists since exits due to double fault can occur only + * while vectoring a different exception (injected events are never + * subject to interception), i.e. there's _always_ an original event. + * + * The SDM also uses NMI as a confusing example for the "original event + * causes the VM exit directly" clause. NMI isn't special in any way, + * the same rule applies to all events that cause an exit directly. + * NMI is an odd choice for the example because NMIs can only occur on + * instruction boundaries, i.e. they _can't_ occur during vectoring. + */ + if ((u16)vm_exit_reason == EXIT_REASON_TRIPLE_FAULT || + ((u16)vm_exit_reason == EXIT_REASON_EXCEPTION_NMI && + is_double_fault(exit_intr_info))) { + vmcs12->idt_vectoring_info_field = 0; + } else if (vcpu->arch.exception.injected) { nr = vcpu->arch.exception.nr; idt_vectoring = nr | VECTORING_INFO_VALID_MASK; @@ -3733,6 +3755,8 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu, idt_vectoring |= INTR_TYPE_EXT_INTR; vmcs12->idt_vectoring_info_field = idt_vectoring; + } else { + vmcs12->idt_vectoring_info_field = 0; } } @@ -4219,8 +4243,8 @@ static void prepare_vmcs12(struct kvm_vcpu *vcpu, struct vmcs12 *vmcs12, * Transfer the event that L0 or L1 may wanted to inject into * L2 to IDT_VECTORING_INFO_FIELD. */ - vmcs12->idt_vectoring_info_field = 0; - vmcs12_save_pending_event(vcpu, vmcs12); + vmcs12_save_pending_event(vcpu, vmcs12, + vm_exit_reason, exit_intr_info); vmcs12->vm_exit_intr_info = exit_intr_info; vmcs12->vm_exit_instruction_len = vmcs_read32(VM_EXIT_INSTRUCTION_LEN); diff --git a/arch/x86/kvm/vmx/vmcs.h b/arch/x86/kvm/vmx/vmcs.h index e325c290a816..2b9d7a7e83f7 100644 --- a/arch/x86/kvm/vmx/vmcs.h +++ b/arch/x86/kvm/vmx/vmcs.h @@ -104,6 +104,11 @@ static inline bool is_breakpoint(u32 intr_info) return is_exception_n(intr_info, BP_VECTOR); } +static inline bool is_double_fault(u32 intr_info) +{ + return is_exception_n(intr_info, DF_VECTOR); +} + static inline bool is_page_fault(u32 intr_info) { return is_exception_n(intr_info, PF_VECTOR); -- 2.35.1