Received: by 10.223.176.5 with SMTP id f5csp927244wra; Tue, 6 Feb 2018 09:36:05 -0800 (PST) X-Google-Smtp-Source: AH8x225ksfxYmr0dvVkVGIdhF7rEKkAP/BwMpDp9HeLtpjK3+4yaoX/GdonMbmb5OnX5CG8kTgMX X-Received: by 2002:a17:902:5a88:: with SMTP id r8-v6mr2993218pli.289.1517938565876; Tue, 06 Feb 2018 09:36:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517938565; cv=none; d=google.com; s=arc-20160816; b=Ba87zVVL/i0dGfzzfc9YSvPe+Zsi2YAXAnqAtL54mLxBFCKw9rjc9TNfEEXuK29U5r 6ZOL/izwTaHXW5P1SQ9jpDg3G551yjWcWLliX3kV3zQj+DXQVtPgGhc94Gq2uNH5ateO s8ePmQ7t9R5bPkon+ZuATW4I8GY+Lpj4hjL1Z5dal7Ztrju4aQ7O8ANWHC9XlSM3Qav8 W0ajkCP4pDBs0wbDZuTi0/r/jAfxz1CU1FH85NxVfZTMXCCqJx2KTfkAmjxQKwNNDUAq 9ekXHF7+48LJvXoopACX8XWIDOTkZxeaAUnfQPJKVThjxJPUwdPc7Tn+NKewig7adiwx 691g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:to:from :dkim-signature:arc-authentication-results; bh=LDqT38V5DXgoja9/63gBE7FhSoWq3x7MkvecY6PXbQQ=; b=vslbCtQzyiiQ2aYzqvU1qytt7dY1fR3X7KDaVZW973g3Wb8eAfUXLb9ET2x7/3hJCk EP6vyaAC+bfTFX03Sch62npRebd7jXU8PhoRYEb31EEnEb+aAzcrGClJL7mhbVOn0dqw XeQedYVFYLBmIqiub9BUX2uc+qEmw038P5f2VIBR767eszJfFfpy0k42Xdb7BMm6/CS0 BuwFTMBilkePD2T0yoB+lKZF442LVyvCfoY+CJijMxckVIAAev+1ItRJpdVYo2rVV3YU ClyYaREZnC2PLNkGG8pZrrLhvBXu+sxAlwpHQenX5hx1R1l2IgtoOVq+rDlmOBNG3kh0 +Uhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=OGzBjiTQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l6-v6si325132pln.269.2018.02.06.09.35.51; Tue, 06 Feb 2018 09:36:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.co.uk header.s=amazon201209 header.b=OGzBjiTQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.co.uk Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753185AbeBFRdp (ORCPT + 99 others); Tue, 6 Feb 2018 12:33:45 -0500 Received: from smtp-fw-9102.amazon.com ([207.171.184.29]:17659 "EHLO smtp-fw-9102.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752907AbeBFRcO (ORCPT ); Tue, 6 Feb 2018 12:32:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1517938334; x=1549474334; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=LDqT38V5DXgoja9/63gBE7FhSoWq3x7MkvecY6PXbQQ=; b=OGzBjiTQBYq5C8GWasX6x8zzbrIfsHOrAYccK6B9gbTxdpAv+ZN+tlI6 qJGp8h5duUfTD2TBJ2tQHXTRRKluNynRPeZx/EBJFg8gK082UU4ia/Tau dLaiGD767teUopZ2upoq8Hx/H/w4uzmB+IZKo/xesLAUXfQcJzPvnl3Ti 4=; X-IronPort-AV: E=Sophos;i="5.46,469,1511827200"; d="scan'208";a="593672675" Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO email-inbound-relay-2c-87a10be6.us-west-2.amazon.com) ([10.47.22.38]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 06 Feb 2018 17:30:06 +0000 Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (pdx2-ws-svc-lb17-vlan3.amazon.com [10.247.140.70]) by email-inbound-relay-2c-87a10be6.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id w16HTkYl112685 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Feb 2018 17:29:47 GMT Received: from uc8d3ff76b9bc5848a9cc.ant.amazon.com (localhost [127.0.0.1]) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Debian-3) with ESMTP id w16HTj4k020659; Tue, 6 Feb 2018 17:29:45 GMT Received: (from dwmw@localhost) by uc8d3ff76b9bc5848a9cc.ant.amazon.com (8.15.2/8.15.2/Submit) id w16HTjpA020658; Tue, 6 Feb 2018 17:29:45 GMT From: David Woodhouse To: Paolo Bonzini , Jim Mattson , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, KarimAllah Ahmed , gregkh@linuxfoundation.org, stable@vger.kernel.org Subject: [PATCH 2/9] KVM: nVMX: mark vmcs12 pages dirty on L2 exit Date: Tue, 6 Feb 2018 17:29:34 +0000 Message-Id: <1517938181-15317-3-git-send-email-dwmw@amazon.co.uk> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1517938181-15317-1-git-send-email-dwmw@amazon.co.uk> References: <1517938181-15317-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Matlack The host physical addresses of L1's Virtual APIC Page and Posted Interrupt descriptor are loaded into the VMCS02. The CPU may write to these pages via their host physical address while L2 is running, bypassing address-translation-based dirty tracking (e.g. EPT write protection). Mark them dirty on every exit from L2 to prevent them from getting out of sync with dirty tracking. Also mark the virtual APIC page and the posted interrupt descriptor dirty when KVM is virtualizing posted interrupt processing. Signed-off-by: David Matlack Reviewed-by: Paolo Bonzini Signed-off-by: Radim Krčmář (cherry picked from commit c9f04407f2e0b3fc9ff7913c65fcfcb0a4b61570) Signed-off-by: David Woodhouse --- arch/x86/kvm/vmx.c | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index fd890af..9408ae8 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -4736,6 +4736,28 @@ static bool vmx_get_enable_apicv(void) return enable_apicv; } +static void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu) +{ + struct vmcs12 *vmcs12 = get_vmcs12(vcpu); + gfn_t gfn; + + /* + * Don't need to mark the APIC access page dirty; it is never + * written to by the CPU during APIC virtualization. + */ + + if (nested_cpu_has(vmcs12, CPU_BASED_TPR_SHADOW)) { + gfn = vmcs12->virtual_apic_page_addr >> PAGE_SHIFT; + kvm_vcpu_mark_page_dirty(vcpu, gfn); + } + + if (nested_cpu_has_posted_intr(vmcs12)) { + gfn = vmcs12->posted_intr_desc_addr >> PAGE_SHIFT; + kvm_vcpu_mark_page_dirty(vcpu, gfn); + } +} + + static void vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); @@ -4743,18 +4765,15 @@ static void vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) void *vapic_page; u16 status; - if (vmx->nested.pi_desc && - vmx->nested.pi_pending) { - vmx->nested.pi_pending = false; - if (!pi_test_and_clear_on(vmx->nested.pi_desc)) - return; - - max_irr = find_last_bit( - (unsigned long *)vmx->nested.pi_desc->pir, 256); + if (!vmx->nested.pi_desc || !vmx->nested.pi_pending) + return; - if (max_irr == 256) - return; + vmx->nested.pi_pending = false; + if (!pi_test_and_clear_on(vmx->nested.pi_desc)) + return; + max_irr = find_last_bit((unsigned long *)vmx->nested.pi_desc->pir, 256); + if (max_irr != 256) { vapic_page = kmap(vmx->nested.virtual_apic_page); if (!vapic_page) { WARN_ON(1); @@ -4770,6 +4789,8 @@ static void vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) vmcs_write16(GUEST_INTR_STATUS, status); } } + + nested_mark_vmcs12_pages_dirty(vcpu); } static inline bool kvm_vcpu_trigger_posted_interrupt(struct kvm_vcpu *vcpu) @@ -8026,6 +8047,18 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu) vmcs_read32(VM_EXIT_INTR_ERROR_CODE), KVM_ISA_VMX); + /* + * The host physical addresses of some pages of guest memory + * are loaded into VMCS02 (e.g. L1's Virtual APIC Page). The CPU + * may write to these pages via their host physical address while + * L2 is running, bypassing any address-translation-based dirty + * tracking (e.g. EPT write protection). + * + * Mark them dirty on every exit from L2 to prevent them from + * getting out of sync with dirty tracking. + */ + nested_mark_vmcs12_pages_dirty(vcpu); + if (vmx->nested.nested_run_pending) return false; -- 2.7.4