Hi Mike,

On Tue, Jul 21, 2020 at 09:01:44PM +0000, Mike Stunes wrote:

I’m running into an MMIO-related bug when I try testing this on our hypervisor.

During boot, probe_roms (arch/x86/kernel/probe_roms.c) uses
romchecksum over the video ROM and extension ROM regions. In my test
VM, the video ROM romchecksum starts at virtual address
0xffff8880000c0000 and has length 65536. But, at address
0xffff8880000c4000, we switch from being video-ROM-backed to being
unbacked by anything.

With SEV-ES enabled, our platform handles reads and writes to unbacked
memory by treating them as MMIO. So, the read from 0xffff8880000c4000
causes a #VC, which is handled by do_early_exception.

In handling the #VC, vc_slow_virt_to_phys fails for that address. My
understanding is that the #VC handler should then add an entry to the
page tables and retry the faulting access. Somehow, that isn’t
happening. From the hypervisor side, it looks like the guest is
looping somehow. (I think the VCPU is mostly unhalted and making
progress, but the guest never gets past that romchecksum.) The guest
never actually makes an MMIO vmgexit for that address.

That sounds like your guest is in a page-fault loop, but I can't yet
explain why. Can you please find out the instruction which is causing
the #VC exception?

If a page-fault happens during #VC emulation it is forwared to the
page-fault handler, so this should work. But somehow this isn't
happening or the page-fault handler can't map the faulting address.


Regards,

	Joerg