Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp1058922rwo;
        Wed, 2 Aug 2023 08:09:35 -0700 (PDT)
X-Google-Smtp-Source: APBJJlFdcqJgWLPi2J3nFMxDPE8UONy9cJ01MrAefgXDzMjywbZxuxgn6QWJdVfMRiglkG5MZltI
X-Received: by 2002:a92:c566:0:b0:345:df7f:efc4 with SMTP id b6-20020a92c566000000b00345df7fefc4mr18466117ilj.27.1690988974507;
        Wed, 02 Aug 2023 08:09:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690988974; cv=none;
        d=google.com; s=arc-20160816;
        b=y9o0zV7XZq3DYw+eK8QYPA20A/Xd96iwP3QcJCrbNQY3/uk1apeNza8+anDAaDhUlo
         AZMyRxxl+YltcfuOFEXtM/y3GQP1Er4RII2tTb7dEsXUt/csF1s0at6p25O/chfjkSbf
         KH+j1k9MewKMpGx6s5EjHwOutKt+ulCq69FZnG/vgSdGVyX+25TVRwFbBN/yg14WToWx
         6pnbm/0vG7/6dog5G4L2QROD9nvVsIf7XgfmwOPr5uji3XihS8HNJCtKtv0HSJ37XRjB
         6HWFfi9HJqa7KenASfNSg8qJitFb8bWQhyccq3RE8jCctnmRhUwXpCjpwpvI5fUxIMCm
         uGLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:dkim-signature;
        bh=LWQhgcpOHDr1rw8y2Xbv/aNJIPmCPmv4Y4vUkSeErdM=;
        fh=65LNyp2zdCZ+Ty/jRC9aXrhGXVvu9gFWoPqq6fW1vt0=;
        b=WhT6U18ZJ/c6jCmjVjSPKuDKabnHMt91GOzquZ6HOmOkakZnI3m9H8Qdxu9parAt3I
         CKjlKQ2VFM0na9PkSN/QXK/BgS+dy/yFQb1QCWZ9CXbH/KoJxo8sx03WsWtquHFiI5TU
         2EkrWbc0AAfwM+8uDUde5x+JUdcYemPgkSP18GXMF5kH8QGFhToUQGOq/6bo/PpST4wI
         ZWO59g46KGEuDCoyrqkED0H0EPDQGxotgO3COd2pMKBHwnYXAHr92FuiaJEkHDW0InZM
         zhXPssCJRWzk2DFsSoqYaKZ7E0XLywCdAGOLjN9RyMb9Rny2aUbwyxd3FLu0a0jnwvG2
         P1Gg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=qhpzbe5S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v14-20020a63f20e000000b00563796a3ec6si10605357pgh.570.2023.08.02.08.09.21;
        Wed, 02 Aug 2023 08:09:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20221208 header.b=qhpzbe5S;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234633AbjHBOBj (ORCPT <rfc822;anuragsharmaalwar@gmail.com>
        + 99 others); Wed, 2 Aug 2023 10:01:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48246 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233910AbjHBOBg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Aug 2023 10:01:36 -0400
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44E1A2119
        for <linux-kernel@vger.kernel.org>; Wed,  2 Aug 2023 07:01:35 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id 3f1490d57ef6-c647150c254so1729979276.1
        for <linux-kernel@vger.kernel.org>; Wed, 02 Aug 2023 07:01:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1690984894; x=1691589694;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=LWQhgcpOHDr1rw8y2Xbv/aNJIPmCPmv4Y4vUkSeErdM=;
        b=qhpzbe5SFqOiIrHvQHgOqDoxegwElVej3r0xmxwLd7SQG26HPdgavSHYZak5haXn9H
         U2y0MbkYKjUUoIEop6x4GmtgEWy4X+ks6QSZ7elCQFh0Hws/FnbZ4c35mRi4TvSy0OSq
         en/oMx6ixoQO5YXiQoJUwVrO79aK3kMZPWkxxa5SQCS2XGh32xSlFQbEueGyeBGfVjl9
         7emEzrJhp9MnBpKQDwqxXLupfKVS946VBgivBYdx3hitHZL+2WiHcKbQkAVCOYp/YbsM
         J7QmMs5q2nFKRn1/OVlAj5aaMCgTZrMjxi0as2SRoKyIF0VQBUKpk/cdKRxsmbGI1zu6
         TArA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690984894; x=1691589694;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=LWQhgcpOHDr1rw8y2Xbv/aNJIPmCPmv4Y4vUkSeErdM=;
        b=GYNlwim9F9aAaYYZZrdxIYnVYoO2ZmamWlSMZ3Gx+P87fp12/7jC/ThbjEMRpEz67L
         Crx0SoBnOOtkq3HETXsV3Y8tYcGEy4O15AiStJN8f51KqkJsmTmlbgXgIreG8nRddnWE
         c260JqK2W62ArRiNpcYpdKjkWBjgRLPpxutU2cL/WvmJSNbiSHMywl/MVijFHa/rgCBI
         93p6dy4gEk7Ybd26mc8DTGq2YsDUP3UsM73RF76swBrflaRyPGhZn6ZoBEqysQcE+Cpc
         vYYTBitJdh389HuOvGfdaVfi4t0yU4sUXYDoJANSs6ep601Xe9x6Bvs1f8IGmr99UYj2
         j5Kg==
X-Gm-Message-State: ABy/qLapJrk2YwT2K875fLLJbloWltb+t9LLgfjf8axEuD7yIezVNTvU
        /17w19hUicfkdfM5YvUynIVrSePiSA8=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:11cb:b0:d16:7ccc:b406 with SMTP id
 n11-20020a05690211cb00b00d167cccb406mr187562ybu.5.1690984894557; Wed, 02 Aug
 2023 07:01:34 -0700 (PDT)
Date:   Wed, 2 Aug 2023 07:01:32 -0700
In-Reply-To: <ZMpEUVsv5hSmrcH8@iZuf6hx7901barev1c282cZ>
Mime-Version: 1.0
References: <8eb933fd-2cf3-d7a9-32fe-2a1d82eac42a@mail.ustc.edu.cn>
 <ZMfFaF2M6Vrh/QdW@google.com> <4ebb3e20-a043-8ad3-ef6c-f64c2443412c@amd.com>
 <544b7f95-4b34-654d-a57b-3791a6f4fd5f@mail.ustc.edu.cn> <ZMpEUVsv5hSmrcH8@iZuf6hx7901barev1c282cZ>
Message-ID: <ZMphvF+0H9wHQr5B@google.com>
Subject: Re: [Question] int3 instruction generates a #UD in SEV VM
From:   Sean Christopherson <seanjc@google.com>
To:     Wu Zongyo <wuzongyo@mail.ustc.edu.cn>
Cc:     Tom Lendacky <thomas.lendacky@amd.com>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org,
        linux-coco@lists.linux.dev
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
        USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Aug 02, 2023, Wu Zongyo wrote:
> On Mon, Jul 31, 2023 at 11:45:29PM +0800, wuzongyong wrote:
> > 
> > On 2023/7/31 23:03, Tom Lendacky wrote:
> > > On 7/31/23 09:30, Sean Christopherson wrote:
> > >> On Sat, Jul 29, 2023, wuzongyong wrote:
> > >>> Hi,
> > >>> I am writing a firmware in Rust to support SEV based on project td-shim[1].
> > >>> But when I create a SEV VM (just SEV, no SEV-ES and no SEV-SNP) with the firmware,
> > >>> the linux kernel crashed because the int3 instruction in int3_selftest() cause a
> > >>> #UD.
> > >>
> > >> ...
> > >>
> > >>> BTW, if a create a normal VM without SEV by qemu & OVMF, the int3 instruction always generates a
> > >>> #BP.
> > >>> So I am confused now about the behaviour of int3 instruction, could anyone help to explain the behaviour?
> > >>> Any suggestion is appreciated!
> > >>
> > >> Have you tried my suggestions from the other thread[*]?
> > Firstly, I'm sorry for sending muliple mails with the same content. I thought the mails I sent previously 
> > didn't be sent successfully.
> > And let's talk the problem here.
> > >>
> > >>    : > > I'm curious how this happend. I cannot find any condition that would
> > >>    : > > cause the int3 instruction generate a #UD according to the AMD's spec.
> > >>    :
> > >>    : One possibility is that the value from memory that gets executed diverges from the
> > >>    : value that is read out be the #UD handler, e.g. due to patching (doesn't seem to
> > >>    : be the case in this test), stale cache/tlb entries, etc.
> > >>    :
> > >>    : > > BTW, it worked nomarlly with qemu and ovmf.
> > >>    : >
> > >>    : > Does this happen every time you boot the guest with your firmware? What
> > >>    : > processor are you running on?
> > >>    :
> > Yes, every time.
> > The processor I used is EPYC 7T83.
> > >>    : And have you ruled out KVM as the culprit?  I.e. verified that KVM is NOT injecting
> > >>    : a #UD.  That obviously shouldn't happen, but it should be easy to check via KVM
> > >>    : tracepoints.
> > >
> > > I have a feeling that KVM is injecting the #UD, but it will take instrumenting KVM to see which path the #UD is being injected from.
> > >
> > > Wu Zongyo, can you add some instrumentation to figure that out if the trace points towards KVM injecting the #UD?
> > Ok, I will try to do that.
> You're right. The #UD is injected by KVM.
> 
> The path I found is:
>     svm_vcpu_run
>         svm_complete_interrupts
> 	    kvm_requeue_exception // vector = 3
> 	        kvm_make_request
> 
>     vcpu_enter_guest
>         kvm_check_and_inject_events
> 	    svm_inject_exception
> 	        svm_update_soft_interrupt_rip
> 		    __svm_skip_emulated_instruction
> 		        x86_emulate_instruction
> 			    svm_can_emulate_instruction
> 			        kvm_queue_exception(vcpu, UD_VECTOR)
> 
> Does this mean a #PF intercept occur when the guest try to deliver a
> #BP through the IDT? But why?

I doubt it's a #PF.  A #NPF is much more likely, though it could be something
else entirely, but I'm pretty sure that would require bugs in both the host and
guest.

What is the last exit recorded by trace_kvm_exit() before the #UD is injected?