Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752189AbdHDOmI (ORCPT ); Fri, 4 Aug 2017 10:42:08 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51282 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751384AbdHDOmG (ORCPT ); Fri, 4 Aug 2017 10:42:06 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 70A3CC058EAF Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=david@redhat.com Subject: Re: [PATCH v7 3/3] KVM: nVMX: Emulate EPTP switching for the L1 hypervisor To: Bandan Das , kvm@vger.kernel.org Cc: pbonzini@redhat.com, rkrcmar@redhat.com, jmattson@google.com, linux-kernel@vger.kernel.org References: <20170803195443.24911-1-bsd@redhat.com> <20170803195443.24911-4-bsd@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Message-ID: Date: Fri, 4 Aug 2017 16:42:02 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170803195443.24911-4-bsd@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Fri, 04 Aug 2017 14:42:06 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2327 Lines: 85 Looks very good to me now. :) > /* > @@ -7820,6 +7834,88 @@ static int handle_preemption_timer(struct kvm_vcpu *vcpu) > return 1; > } > > +static bool valid_ept_address(struct kvm_vcpu *vcpu, u64 address) > +{ > + struct vcpu_vmx *vmx = to_vmx(vcpu); > + u64 mask = address & 0x7; > + int maxphyaddr = cpuid_maxphyaddr(vcpu); > + > + /* Check for memory type validity */ > + switch (mask) { > + case 0: > + if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_UC_BIT)) > + return false; > + break; > + case 6: > + if (!(vmx->nested.nested_vmx_ept_caps & VMX_EPTP_WB_BIT)) > + return false; > + break; KVM always sets 6 without checking. But there is also a TODO left in construct_eptp(). But we could hit this case probably only in very strange environments (e.g. revoking it for our L1, so it cannot use WB memory for L2). So we should be safe by requiring WB for now. >From 0ac06e7242d25ba1b66e4e6e2b20dbfa21ba4308 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Fri, 4 Aug 2017 16:40:32 +0200 Subject: [PATCH v1] KVM: VMX: require EPT WB (Write Back) memory type support Signed-off-by: David Hildenbrand --- arch/x86/kvm/vmx.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 78c66a7..a2f8475 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1192,6 +1192,11 @@ static inline bool cpu_has_vmx_ept_4levels(void) return vmx_capability.ept & VMX_EPT_PAGE_WALK_4_BIT; } +static inline bool cpu_has_vmx_ept_wb_bit(void) +{ + return vmx_capability.ept & VMX_EPTP_WB_BIT; +} + static inline bool cpu_has_vmx_ept_ad_bits(void) { return vmx_capability.ept & VMX_EPT_AD_BIT; @@ -4260,7 +4265,6 @@ static u64 construct_eptp(struct kvm_vcpu *vcpu, unsigned long root_hpa) { u64 eptp; - /* TODO write the value reading from MSR */ eptp = VMX_EPT_DEFAULT_MT | VMX_EPT_DEFAULT_GAW << VMX_EPT_GAW_EPTP_SHIFT; if (enable_ept_ad_bits && @@ -6579,7 +6583,8 @@ static __init int hardware_setup(void) init_vmcs_shadow_fields(); if (!cpu_has_vmx_ept() || - !cpu_has_vmx_ept_4levels()) { + !cpu_has_vmx_ept_4levels() || + !cpu_has_vmx_ept_wb_bit()) { enable_ept = 0; enable_unrestricted_guest = 0; enable_ept_ad_bits = 0; -- 2.9.4 -- Thanks, David