Commit 14c2bf81 authored by Wei Huang's avatar Wei Huang Committed by Paolo Bonzini
Browse files

KVM: SVM: Fix #GP handling for doubly-nested virtualization 



Under the case of nested on nested (L0, L1, L2 are all hypervisors),
we do not support emulation of the vVMLOAD/VMSAVE feature, the
L0 hypervisor can inject the proper #VMEXIT to inform L1 of what is
happening and L1 can avoid invoking the #GP workaround.  For this
reason we turns on guest VM's X86_FEATURE_SVME_ADDR_CHK bit for KVM
running inside VM to receive the notification and change behavior.

Similarly we check if vcpu is under guest mode before emulating the
vmware-backdoor instructions. For the case of nested on nested, we
let the guest handle it.

Co-developed-by: default avatarBandan Das <bsd@redhat.com>
Signed-off-by: default avatarBandan Das <bsd@redhat.com>
Signed-off-by: default avatarWei Huang <wei.huang2@amd.com>
Tested-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20210126081831.570253-5-wei.huang2@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 3b9c723e

arch/x86/kvm/svm/svm.c

+18 −2
Original line number Diff line number Diff line
@@ -933,6 +933,9 @@ static __init void svm_set_cpu_caps(void) 


		if (npt_enabled)

			kvm_cpu_cap_set(X86_FEATURE_NPT);



		/* Nested VM can receive #VMEXIT instead of triggering #GP */

		kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);

	}



	/* CPUID 0x80000008 */
@@ -2202,6 +2205,11 @@ static int svm_instr_opcode(struct kvm_vcpu *vcpu) 


static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)

{

	const int guest_mode_exit_codes[] = {

		[SVM_INSTR_VMRUN] = SVM_EXIT_VMRUN,

		[SVM_INSTR_VMLOAD] = SVM_EXIT_VMLOAD,

		[SVM_INSTR_VMSAVE] = SVM_EXIT_VMSAVE,

	};

	int (*const svm_instr_handlers[])(struct vcpu_svm *svm) = {

		[SVM_INSTR_VMRUN] = vmrun_interception,

		[SVM_INSTR_VMLOAD] = vmload_interception,
@@ -2209,6 +2217,13 @@ static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode) 
	};

	struct vcpu_svm *svm = to_svm(vcpu);



	if (is_guest_mode(vcpu)) {

		svm->vmcb->control.exit_code = guest_mode_exit_codes[opcode];

		svm->vmcb->control.exit_info_1 = 0;

		svm->vmcb->control.exit_info_2 = 0;



		return nested_svm_vmexit(svm);

	} else

		return svm_instr_handlers[opcode](svm);

}
@@ -2244,6 +2259,7 @@ static int gp_interception(struct vcpu_svm *svm) 
		 * VMware backdoor emulation on #GP interception only handles

		 * IN{S}, OUT{S}, and RDPMC.

		 */

		if (!is_guest_mode(vcpu))

			return kvm_emulate_instruction(vcpu,

				EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);

	} else