| Message ID | 20210401111928.996871-1-mlevitsk@redhat.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM: x86: nSVM: fixes for SYSENTER emulation | expand |
On 01/04/21 13:19, Maxim Levitsky wrote: > This is a result of a deep rabbit hole dive in regard to why > currently the nested migration of 32 bit guests > is totally broken on AMD. > > It turns out that due to slight differences between the original AMD64 > implementation and the Intel's remake, SYSENTER instruction behaves a > bit differently on Intel, and to support migration from Intel to AMD we > try to emulate those differences away. > > Sadly that collides with virtual vmload/vmsave feature that is used in nesting. > The problem was that when it is enabled, > on migration (and otherwise when userspace reads MSR_IA32_SYSENTER_{EIP|ESP}, > wrong value were returned, which leads to #DF in the > nested guest when the wrong value is loaded back. > > The patch I prepared carefully fixes this, by mostly disabling that > SYSCALL emulation when we don't spoof the Intel's vendor ID, and if we do, > and yet somehow SVM is enabled (this is a very rare edge case), then > virtual vmload/save is force disabled. > > V2: incorporated review feedback from Paulo. > > Best regards, > Maxim Levitsky > > Maxim Levitsky (2): > KVM: x86: add guest_cpuid_is_intel > KVM: nSVM: improve SYSENTER emulation on AMD > > arch/x86/kvm/cpuid.h | 8 ++++ > arch/x86/kvm/svm/svm.c | 99 +++++++++++++++++++++++++++--------------- > arch/x86/kvm/svm/svm.h | 6 +-- > 3 files changed, 76 insertions(+), 37 deletions(-) > Queued, thanks. Paolo
This is a result of a deep rabbit hole dive in regard to why currently the nested migration of 32 bit guests is totally broken on AMD. It turns out that due to slight differences between the original AMD64 implementation and the Intel's remake, SYSENTER instruction behaves a bit differently on Intel, and to support migration from Intel to AMD we try to emulate those differences away. Sadly that collides with virtual vmload/vmsave feature that is used in nesting. The problem was that when it is enabled, on migration (and otherwise when userspace reads MSR_IA32_SYSENTER_{EIP|ESP}, wrong value were returned, which leads to #DF in the nested guest when the wrong value is loaded back. The patch I prepared carefully fixes this, by mostly disabling that SYSCALL emulation when we don't spoof the Intel's vendor ID, and if we do, and yet somehow SVM is enabled (this is a very rare edge case), then virtual vmload/save is force disabled. V2: incorporated review feedback from Paulo. Best regards, Maxim Levitsky Maxim Levitsky (2): KVM: x86: add guest_cpuid_is_intel KVM: nSVM: improve SYSENTER emulation on AMD arch/x86/kvm/cpuid.h | 8 ++++ arch/x86/kvm/svm/svm.c | 99 +++++++++++++++++++++++++++--------------- arch/x86/kvm/svm/svm.h | 6 +-- 3 files changed, 76 insertions(+), 37 deletions(-)