[PATCH V2 0/4] KVM: X86: Correctly populate nested page fault

[Kevin Cheng]

This series fixes how KVM populates error information whne injecting
nested page faults (NPF on SVM, EPT violations on VMX) to L1 during
instruction emulation, and adds a selftest to exercise these paths.

When a nested page fault occurs, L1 needs to know whether the fault
happened during the page table walk (on a PT page) or on the final
data page translation. Two issues exist today:

  1. SVM: The page table walker does not set
  PFERR_GUEST_{PAGE,FINAL}_MASK bits in the error code, and
  nested_svm_inject_page_fault() hardcodes the PFERR_GUEST_FINAL_MASK
  error code.

  2. VMX: nested_ept_inject_page_fault() OR's bit 7-8 from the original
  exit qualification, which has no relation to the synthesized EPT
  violation regardless of whether it was originally an EPT violation or
  not.

Patch 1 widens x86_exception.error_code from u16 to u64 so it can carry
the PFERR_GUEST_* bits (bits 32-33).

Patch 2 sets PFERR_GUEST_PAGE_MASK and PFERR_GUEST_FINAL_MASK in the
walker at the kvm_translate_gpa() failure sites, and updates
nested_svm_inject_npf_exit() to use the walker-provided error code.

Patch 3 removes the OR with the hardware exit qualification in
nested_ept_inject_page_fault(), and populates EPT_VIOLATION_GVA_IS_VALID
and EPT_VIOLATION_GVA_TRANSLATED in the walker alongside the NPF bits.

Patch 4 adds a selftest covering both SVM and VMX with three scenarios:
  - Final data page unmapped (final translation fault)
  - Page table page unmapped (page walk fault)
  - Final data page write-protected (protection violation)
  - Page table page write-protected (protection violation)

v1 -> v2:
  - Split out the widening of the x86_exception error code into a
    separate patch as per Sean.
  - Added a WARN if both PFERR_GUEST_* bits are set and force the
    exit_info_1 to PFERR_GUEST_FINAL_MASK if this occurs.
  - Removed the selftest TDP helpers as per Sean
  - Added a patch to populate the EPT violation bits for VMX nested page
    faults as per Sean.
  - Expanded the added selftest to support VMX and also added a test
    case for write protected pages using the INS instruction.

base-commit: 183bb0ce8c77b0fd1fb25874112bc8751a461e49

Kevin Cheng (4):
  KVM: x86: Widen x86_exception's error_code to 64 bits
  KVM: SVM: Fix nested NPF injection to set
    PFERR_GUEST_{PAGE,FINAL}_MASK
  KVM: VMX: Don't consult original exit qualification for nested EPT
    violation injection
  KVM: selftests: Add nested page fault injection test

 arch/x86/include/asm/kvm_host.h               |   2 +
 arch/x86/kvm/kvm_emulate.h                    |   2 +-
 arch/x86/kvm/mmu/paging_tmpl.h                |  44 ++-
 arch/x86/kvm/svm/nested.c                     |  19 +-
 arch/x86/kvm/vmx/nested.c                     |   3 -
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../selftests/kvm/x86/nested_npf_test.c       | 374 ++++++++++++++++++
 7 files changed, 422 insertions(+), 23 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/nested_npf_test.c

--
2.53.0.414.gf7e9f6c205-goog