Received: by 10.223.176.5 with SMTP id f5csp2378539wra;
        Mon, 5 Feb 2018 03:06:43 -0800 (PST)
X-Google-Smtp-Source: AH8x224VjSg/hOfCexnapuZ2lkmSOWFUymlgD4b3XZ86g6lWYG/8YHYtLplfuN8Q2TCzXqJfK7jy
X-Received: by 10.98.80.20 with SMTP id e20mr48156804pfb.148.1517828803676;
        Mon, 05 Feb 2018 03:06:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517828803; cv=none;
        d=google.com; s=arc-20160816;
        b=O6JuFxXU4v4tThxnbNkwE+8iKlhQs2wz7wX9fP8TiNtX86DqygxR1EHx79uAvegwKn
         6et+lMKSRgm38aKc15InzxV0WyFGjOByCn88gissNEymjsxnJl3GhVKYxcBhit9GvSD8
         AKaytaIKAf76epItqeJWQZVCgUedV/U9q3D9NnQuby6ofwKFRVTZmTNnVV51sXHBoopU
         VClQMF2xR30E5IT4yMPlqekvLCqGhrhKqvJxSlZlVoorbzbP0vqc3m7QO8o+Z8dA3jyJ
         2ekqlBSgu0yjo/YhYmb6AtbdbrRVWENELZrIv/R5TpD83JISchyVb+Xpeuo2E6DIgl7k
         iYbQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=9PLRZ/BB838KTHd1q130RV46vYC7sNHrEIgrh4Pkcqc=;
        b=xTzMdIEGYWAdHk3CjleNsdRp8Z6sZctuZtvht9o9gKM2KmxlfDO7CSSy3UT0aR5Rb7
         m1l19XZhygJxHjE1vGXXEJiE7RAW+TCJW9X+zl1qxFc1js7CxNvIMNNh0PwlidDARifb
         Tc5Qzd8Ym5u7hODEyYZ0uy3NS/FvYuMJA3dow9a4LLRkP5l7qI/TIi2KmH5usp38dAFZ
         IZgQiC83YSO4Ie5cGMpt2PQGDczuRTbSw1cordkZvV669PnycrtbwGicfNpLcnxvIWA2
         eHBolVaaYxBNY+KSoDgB7GbIFcSjvC1xN4JqvVjfoSDK1tdKIllvnslxuEEdNxsMPPF5
         UPeQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GfC5pVJ6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id bi1-v6si2732152plb.279.2018.02.05.03.06.28;
        Mon, 05 Feb 2018 03:06:43 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=GfC5pVJ6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752710AbeBELFm (ORCPT <rfc822;chrisloverchio@gmail.com>
        + 99 others); Mon, 5 Feb 2018 06:05:42 -0500
Received: from mail-pg0-f67.google.com ([74.125.83.67]:42803 "EHLO
        mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750949AbeBELFf (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Feb 2018 06:05:35 -0500
Received: by mail-pg0-f67.google.com with SMTP id m28so1671678pgc.9;
        Mon, 05 Feb 2018 03:05:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=9PLRZ/BB838KTHd1q130RV46vYC7sNHrEIgrh4Pkcqc=;
        b=GfC5pVJ6/jGBYDi2/QI4MnukUDY+IJtYZD3eBc1Lfkk9MWe7rtrYqkaWGTRYX5jNUn
         o2PLb/5LNvG9xLFAkGvOXZ8bYdJ0YyNJufsMLzDwDTZrIVjEA+9wPZwdVYJIutUJbKLc
         kM6i1smm7RUfPIT6Z0NcNdbLAc+yMyOoyBBDFjl1KrOTf59csp/NIWlReUi+S952J9Fg
         +FQimji77KrQ9L7nd8EzNmVLpvW3nHpDGFSyJ/4/elghpyxjppn7s1h/NsXI3v9x1gXb
         a90euLpdulvgZUkaZ3IeQFQsuN5VY7to1CZp6FIfEqN1SaEXBcB/V+y+Vp2M1AFJpTjz
         8dpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=9PLRZ/BB838KTHd1q130RV46vYC7sNHrEIgrh4Pkcqc=;
        b=sIKDnVDuw82IY+SJXYCWZ+WYnT4JUdvFst1VsfpjiKmxnesK5hIFEEahHGOG0UWpsh
         8sPj033nKqh6hN33y77uClTlyTXhg1KVYYOfod1NNy/XvppRPIQyLsDyoyFTNt1VZY9Q
         QA7CHWcw9KHEwvWvQTHBN7w6cbM8cJ8K4sm6CeZzR/8kyOOsPloGknnhtRjAuZjb1rWF
         GlFC/wIk+dzrPO7CnFdrU624Ve7pTqbwZCUai/f+zym59jQPUg85WlgmobzoqbM/TljT
         b7TGKZZtb/pLe4TP7qSxA1Tb1d7zuVe0lchyjZlxnjfbgP8hNiWZqsKg/nxoNKLmuQLk
         27tg==
X-Gm-Message-State: AKwxytfujY6HtxczVTTGy1ZoQKzBP05SGLQNwz+xigDDZEPf4JRZFjLw
        iakOYQzpS7BAZb4YgZ+unkUpmA==
X-Received: by 10.98.0.17 with SMTP id 17mr10480821pfa.63.1517828735227;
        Mon, 05 Feb 2018 03:05:35 -0800 (PST)
Received: from localhost.localdomain ([203.205.141.123])
        by smtp.googlemail.com with ESMTPSA id j3sm15117696pfh.39.2018.02.05.03.05.33
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Mon, 05 Feb 2018 03:05:34 -0800 (PST)
From:   Wanpeng Li <kernellwp@gmail.com>
X-Google-Original-From: Wanpeng Li <wanpengli@tencent.com>
To:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>
Subject: [PATCH] KVM: nVMX: Fix CR4 after VMLAUNCH/VMRESUME failure
Date:   Mon,  5 Feb 2018 03:04:46 -0800
Message-Id: <1517828686-29070-1-git-send-email-wanpengli@tencent.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Wanpeng Li <wanpengli@tencent.com>

In L0, Haswell client host:

 nested_vmx_exit_reflected failed vm entry 7
 WARNING: CPU: 6 PID: 6797 at kvm/arch/x86/kvm//vmx.c:6206 handle_desc+0x2d/0x40 [kvm_intel]
 CPU: 6 PID: 6797 Comm: qemu-system-x86 Tainted: G        W  OE    4.15.0+ #4
 RIP: 0010:handle_desc+0x2d/0x40 [kvm_intel]
 Call Trace:
  vmx_handle_exit+0xbd/0xe20 [kvm_intel]
  ? kvm_arch_vcpu_ioctl_run+0xcde/0x1c00 [kvm]
  kvm_arch_vcpu_ioctl_run+0xd5a/0x1c00 [kvm]
  kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
  ? kvm_vcpu_ioctl+0x3e9/0x720 [kvm]
  ? __fget+0xfc/0x210
  ? __fget+0xfc/0x210
  do_vfs_ioctl+0xa4/0x6a0
  ? __fget+0x11d/0x210
  SyS_ioctl+0x79/0x90
  entry_SYSCALL_64_fastpath+0x25/0x9c

This can be reproduced by running kvm-unit-tests/run_tests.sh vmx_controls in 
L1. UMIP CPUID bit is exposed to the L1 UMIP aware guest since it is emulated 
by enabling descriptor-table exits on L0. There is a vmentry fail when 
L0 tries to run L2 directly, the L1 guest architectural CR4 is not restored 
after this failure since commit 4f350c6dbcb (kvm: nVMX: Handle deferred early 
VMLAUNCH/VMRESUME failure properly). The L2 is kvm-unit-tests which will not 
write CR4 w/ X86_CR4_UMIP bit. After another L1 access descriptor vmexit, we 
check L2's architectural CR4 instead of L1's architectural CR4. This patch 
fixes it by restoring L1's architectural CR4 after L0's VMLAUNCH/VMRESUME 
failure.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
---
 arch/x86/kvm/vmx.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 23789c9..9fc0492 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -11633,6 +11633,7 @@ static void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
 	 */
 	nested_vmx_failValid(vcpu, VMXERR_ENTRY_INVALID_CONTROL_FIELD);
 
+	vcpu->arch.cr4 = vmcs12->host_cr4;
 	load_vmcs12_mmu_host_state(vcpu, vmcs12);
 
 	/*
-- 
2.7.4