1 files changed, 88 insertions, 0 deletions

diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0084-KVM-X86-Restart-the-guest-when-insn_len-is-zero-and-.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0084-KVM-X86-Restart-the-guest-when-insn_len-is-zero-and-.patch
new file mode 100644
index 00000000..984f10e2
--- /dev/null
+++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0084-KVM-X86-Restart-the-guest-when-insn_len-is-zero-and-.patch
@@ -0,0 +1,88 @@
+From cc62d922be657a89f3c8afbfd97f5cfc37a5a036 Mon Sep 17 00:00:00 2001
+From: Brijesh Singh <brijesh.singh@amd.com>
+Date: Mon, 4 Dec 2017 10:57:40 -0600
+Subject: [PATCH 84/95] KVM: X86: Restart the guest when insn_len is zero and
+ SEV is enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On AMD platforms, under certain conditions insn_len may be zero on #NPF.
+This can happen if a guest gets a page-fault on data access but the HW
+table walker is not able to read the instruction page (e.g instruction
+page is not present in memory).
+
+Typically, when insn_len is zero, x86_emulate_instruction() walks the
+guest page table and fetches the instruction bytes from guest memory.
+When SEV is enabled, the guest memory is encrypted with guest-specific
+key hence hypervisor will not able to fetch the instruction bytes.
+In those cases we simply restart the guest.
+
+I have encountered this issue when running kernbench inside the guest.
+
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: "Radim Krčmář" <rkrcmar@redhat.com>
+Cc: Joerg Roedel <joro@8bytes.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: x86@kernel.org
+Cc: kvm@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com>
+---
+ arch/x86/kvm/mmu.c | 10 ++++++++++
+ arch/x86/kvm/svm.c |  6 ++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index 1408d79..fcab730 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -4987,6 +4987,16 @@ int kvm_mmu_page_fault(struct kvm_vcpu *vcpu, gva_t cr2, u64 error_code,
+ 	if (mmio_info_in_cache(vcpu, cr2, direct))
+ 		emulation_type = 0;
+ emulate:
++	/*
++	 * On AMD platforms, under certain conditions insn_len may be zero on #NPF.
++	 * This can happen if a guest gets a page-fault on data access but the HW
++	 * table walker is not able to read the instruction page (e.g instruction
++	 * page is not present in memory). In those cases we simply restart the
++	 * guest.
++	 */
++	if (unlikely(insn && !insn_len))
++		return 1;
++
+ 	er = x86_emulate_instruction(vcpu, cr2, emulation_type, insn, insn_len);
+ 
+ 	switch (er) {
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
+index 331b127..399ad5e 100755
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -2487,7 +2487,8 @@ static int pf_interception(struct vcpu_svm *svm)
+ 	u64 error_code = svm->vmcb->control.exit_info_1;
+ 
+ 	return kvm_handle_page_fault(&svm->vcpu, error_code, fault_address,
+-			svm->vmcb->control.insn_bytes,
++			static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
++			svm->vmcb->control.insn_bytes : NULL,
+ 			svm->vmcb->control.insn_len);
+ }
+ 
+@@ -2498,7 +2499,8 @@ static int npf_interception(struct vcpu_svm *svm)
+ 
+ 	trace_kvm_page_fault(fault_address, error_code);
+ 	return kvm_mmu_page_fault(&svm->vcpu, fault_address, error_code,
+-			svm->vmcb->control.insn_bytes,
++			static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
++			svm->vmcb->control.insn_bytes : NULL,
+ 			svm->vmcb->control.insn_len);
+ }
+ 
+-- 
+2.7.4
+