Commit 14c2bf81 authored by Wei Huang's avatar Wei Huang Committed by Paolo Bonzini

KVM: SVM: Fix #GP handling for doubly-nested virtualization

Under the case of nested on nested (L0, L1, L2 are all hypervisors),
we do not support emulation of the vVMLOAD/VMSAVE feature, the
L0 hypervisor can inject the proper #VMEXIT to inform L1 of what is
happening and L1 can avoid invoking the #GP workaround.  For this
reason we turns on guest VM's X86_FEATURE_SVME_ADDR_CHK bit for KVM
running inside VM to receive the notification and change behavior.

Similarly we check if vcpu is under guest mode before emulating the
vmware-backdoor instructions. For the case of nested on nested, we
let the guest handle it.
Co-developed-by: default avatarBandan Das <bsd@redhat.com>
Signed-off-by: default avatarBandan Das <bsd@redhat.com>
Signed-off-by: default avatarWei Huang <wei.huang2@amd.com>
Tested-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20210126081831.570253-5-wei.huang2@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 3b9c723e
...@@ -933,6 +933,9 @@ static __init void svm_set_cpu_caps(void) ...@@ -933,6 +933,9 @@ static __init void svm_set_cpu_caps(void)
if (npt_enabled) if (npt_enabled)
kvm_cpu_cap_set(X86_FEATURE_NPT); kvm_cpu_cap_set(X86_FEATURE_NPT);
/* Nested VM can receive #VMEXIT instead of triggering #GP */
kvm_cpu_cap_set(X86_FEATURE_SVME_ADDR_CHK);
} }
/* CPUID 0x80000008 */ /* CPUID 0x80000008 */
...@@ -2202,6 +2205,11 @@ static int svm_instr_opcode(struct kvm_vcpu *vcpu) ...@@ -2202,6 +2205,11 @@ static int svm_instr_opcode(struct kvm_vcpu *vcpu)
static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode) static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)
{ {
const int guest_mode_exit_codes[] = {
[SVM_INSTR_VMRUN] = SVM_EXIT_VMRUN,
[SVM_INSTR_VMLOAD] = SVM_EXIT_VMLOAD,
[SVM_INSTR_VMSAVE] = SVM_EXIT_VMSAVE,
};
int (*const svm_instr_handlers[])(struct vcpu_svm *svm) = { int (*const svm_instr_handlers[])(struct vcpu_svm *svm) = {
[SVM_INSTR_VMRUN] = vmrun_interception, [SVM_INSTR_VMRUN] = vmrun_interception,
[SVM_INSTR_VMLOAD] = vmload_interception, [SVM_INSTR_VMLOAD] = vmload_interception,
...@@ -2209,7 +2217,14 @@ static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode) ...@@ -2209,7 +2217,14 @@ static int emulate_svm_instr(struct kvm_vcpu *vcpu, int opcode)
}; };
struct vcpu_svm *svm = to_svm(vcpu); struct vcpu_svm *svm = to_svm(vcpu);
return svm_instr_handlers[opcode](svm); if (is_guest_mode(vcpu)) {
svm->vmcb->control.exit_code = guest_mode_exit_codes[opcode];
svm->vmcb->control.exit_info_1 = 0;
svm->vmcb->control.exit_info_2 = 0;
return nested_svm_vmexit(svm);
} else
return svm_instr_handlers[opcode](svm);
} }
/* /*
...@@ -2244,7 +2259,8 @@ static int gp_interception(struct vcpu_svm *svm) ...@@ -2244,7 +2259,8 @@ static int gp_interception(struct vcpu_svm *svm)
* VMware backdoor emulation on #GP interception only handles * VMware backdoor emulation on #GP interception only handles
* IN{S}, OUT{S}, and RDPMC. * IN{S}, OUT{S}, and RDPMC.
*/ */
return kvm_emulate_instruction(vcpu, if (!is_guest_mode(vcpu))
return kvm_emulate_instruction(vcpu,
EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE); EMULTYPE_VMWARE_GP | EMULTYPE_NO_DECODE);
} else } else
return emulate_svm_instr(vcpu, opcode); return emulate_svm_instr(vcpu, opcode);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment