Commit cdf85e0c authored by Sean Christopherson's avatar Sean Christopherson Committed by Paolo Bonzini
Browse files

KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in usermode 



Inject a #GP instead of synthesizing triple fault to try to avoid killing
the guest if emulation of an SEV guest fails due to encountering the SMAP
erratum.  The injected #GP may still be fatal to the guest, e.g. if the
userspace process is providing critical functionality, but KVM should
make every attempt to keep the guest alive.

Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Reviewed-by: default avatarLiam Merwick <liam.merwick@oracle.com>
Message-Id: <20220120010719.711476-10-seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 3280cc22

arch/x86/kvm/svm/svm.c

+15 −1
Original line number Diff line number Diff line
@@ -4360,6 +4360,20 @@ static bool svm_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, 
	is_user = svm_get_cpl(vcpu) == 3;

	if (smap && (!smep || is_user)) {

		pr_err_ratelimited("KVM: SEV Guest triggered AMD Erratum 1096\n");



		/*

		 * If the fault occurred in userspace, arbitrarily inject #GP

		 * to avoid killing the guest and to hopefully avoid confusing

		 * the guest kernel too much, e.g. injecting #PF would not be

		 * coherent with respect to the guest's page tables.  Request

		 * triple fault if the fault occurred in the kernel as there's

		 * no fault that KVM can inject without confusing the guest.

		 * In practice, the triple fault is moot as no sane SEV kernel

		 * will execute from user memory while also running with SMAP=1.

		 */

		if (is_user)

			kvm_inject_gp(vcpu, 0);

		else

			kvm_make_request(KVM_REQ_TRIPLE_FAULT, vcpu);

	}