KVM: x86: Document an erratum in KVM_SET_VCPU_EVENTS on Intel CPUs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Document a flaw in KVM's ABI which lets userspace attempt to inject a
"bad" hardware exception event, and thus induce VM-Fail on Intel CPUs.
Fixing the flaw is a fool's errand, as AMD doesn't sanity check the
validity of the error code, Intel CPUs that support CET relax the check
for Protected Mode, userspace can change the mode after queueing an
exception, KVM ignores the error code when emulating Real Mode exceptions,
and so on and so forth.

The VM-Fail itself doesn't harm KVM or the kernel beyond triggering a
ratelimited pr_warn(), so just document the oddity.

Link: https://lore.kernel.org/r/20240802200420.330769-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

Sean Christopherson 1 year ago 0e3b70aa 90a87721

+12

1 changed file

expand all

Documentation

virt

kvm

x86

errata.rst

+12

Documentation/virt/kvm/x86/errata.rst

··· 33 33 to be present likely predates these CPUID feature bits, and therefore 34 34 doesn't know to check for them anyway. 35 35 36 + ``KVM_SET_VCPU_EVENTS`` issue 37 + ----------------------------- 38 + 39 + Invalid KVM_SET_VCPU_EVENTS input with respect to error codes *may* result in 40 + failed VM-Entry on Intel CPUs. Pre-CET Intel CPUs require that exception 41 + injection through the VMCS correctly set the "error code valid" flag, e.g. 42 + require the flag be set when injecting a #GP, clear when injecting a #UD, 43 + clear when injecting a soft exception, etc. Intel CPUs that enumerate 44 + IA32_VMX_BASIC[56] as '1' relax VMX's consistency checks, and AMD CPUs have no 45 + restrictions whatsoever. KVM_SET_VCPU_EVENTS doesn't sanity check the vector 46 + versus "has_error_code", i.e. KVM's ABI follows AMD behavior. 47 + 36 48 Nested virtualization features 37 49 ------------------------------ 38 50