[RHEL7,COMMIT] ms/KVM: x86: VMX: Intercept #GP to support access to VMware backdoor ports

Submitted by Konstantin Khorenko on May 8, 2018, 9:26 a.m.

Details

Message ID 201805080926.w489QPbB001504@finist_ce7.work
State New
Series "ms/KVM: x86: VMX: Intercept #GP to support access to VMware backdoor ports"
Headers show

Commit Message

Konstantin Khorenko May 8, 2018, 9:26 a.m.
The commit is pushed to "branch-rh7-3.10.0-693.21.1.vz7.47.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-693.21.1.vz7.47.5
------>
commit 5913113d472c71298794b35e7cf4d8029ccd4fc9
Author: Liran Alon <liran.alon@oracle.com>
Date:   Tue May 8 12:26:24 2018 +0300

    ms/KVM: x86: VMX: Intercept #GP to support access to VMware backdoor ports
    
    If KVM enable_vmware_backdoor module parameter is set,
    the commit change VMX to now intercept #GP instead of being directly
    deliviered from CPU to guest.
    
    It is done to support access to VMware backdoor I/O ports
    even if TSS I/O permission denies it.
    In that case:
    1. A #GP will be raised and intercepted.
    2. #GP intercept handler will simulate I/O port access instruction.
    3. I/O port access instruction simulation will allow access to VMware
    backdoor ports specifically even if TSS I/O permission bitmap denies it.
    
    Note that the above change introduce slight performance hit as now #GPs
    are not deliviered directly from CPU to guest but instead
    cause #VMExit and instruction emulation.
    However, this behavior is introduced only when enable_vmware_backdoor
    KVM module parameter is set.
    
    Signed-off-by: Liran Alon <liran.alon@oracle.com>
    Reviewed-by: Nikita Leshenko <nikita.leshchenko@oracle.com>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
    Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
    
    (cherry picked from commit 9e86948041f2ec6b7868d4849181cb7bb1bdee70)
    Signed-off-by: Jan Dakinevich <jan.dakinevich@virtuozzo.com>
---
 arch/x86/kvm/vmx.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Patch hide | download patch | download mbox

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 7a566de088de..c3b7b7ecfb3e 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1012,6 +1012,11 @@  static inline bool is_invalid_opcode(u32 intr_info)
 	return is_exception_n(intr_info, UD_VECTOR);
 }
 
+static inline bool is_gp_fault(u32 intr_info)
+{
+	return is_exception_n(intr_info, GP_VECTOR);
+}
+
 static inline bool is_external_interrupt(u32 intr_info)
 {
 	return (intr_info & (INTR_INFO_INTR_TYPE_MASK | INTR_INFO_VALID_MASK))
@@ -1665,6 +1670,14 @@  static void update_exception_bitmap(struct kvm_vcpu *vcpu)
 
 	eb = (1u << PF_VECTOR) | (1u << UD_VECTOR) | (1u << MC_VECTOR) |
 	     (1u << NM_VECTOR) | (1u << DB_VECTOR) | (1u << AC_VECTOR);
+	/*
+	 * Guest access to VMware backdoor ports could legitimately
+	 * trigger #GP because of TSS I/O permission bitmap.
+	 * We intercept those #GP and allow access to them anyway
+	 * as VMware does.
+	 */
+	if (enable_vmware_backdoor)
+		eb |= (1u << GP_VECTOR);
 	if ((vcpu->guest_debug &
 	     (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP)) ==
 	    (KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_SW_BP))
@@ -5288,6 +5301,17 @@  static int handle_exception(struct kvm_vcpu *vcpu)
 	if (intr_info & INTR_INFO_DELIVER_CODE_MASK)
 		error_code = vmcs_read32(VM_EXIT_INTR_ERROR_CODE);
 
+	if (!vmx->rmode.vm86_active && is_gp_fault(intr_info)) {
+		WARN_ON_ONCE(!enable_vmware_backdoor);
+		er = emulate_instruction(vcpu,
+			EMULTYPE_VMWARE | EMULTYPE_NO_UD_ON_FAIL);
+		if (er == EMULATE_USER_EXIT)
+			return 0;
+		else if (er != EMULATE_DONE)
+			kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
+		return 1;
+	}
+
 	/*
 	 * The #PF with PFEC.RSVD = 1 indicates the guest is accessing
 	 * MMIO, it is better to report an internal error.