Received: by 10.223.176.5 with SMTP id f5csp2039034wra; Thu, 8 Feb 2018 07:30:53 -0800 (PST) X-Google-Smtp-Source: AH8x2253adIfYBPkLE/CETEHtDJ+vx4EttVQ8Auc8pnQkEJUaaMHuyUfbIMqp6lEn3QzUR0Uf/5S X-Received: by 10.99.167.14 with SMTP id d14mr837157pgf.150.1518103853726; Thu, 08 Feb 2018 07:30:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518103853; cv=none; d=google.com; s=arc-20160816; b=nLOfyg82P7/FxZoOpwuCN6qLFuQ/K1IpEzvPTuTefR49UTOoUVlbGwEK9k8fRv3dz/ R0dmgGObdRAGS47vDzDqaw0EUwo/JxKstOZXH+OXbEVTlgDUQbmvZP2YwQ/1tXFCvaHK ASecl+H7cNlMXGFLBcK6UMZd4czILf/P0uRLMa+R/AddifgUl1VD7zUkD9FMrLDk99LJ nn5uuWnQK79jiWukctLTHjCoo0rXwxWDAt7Th6T0WJjOw923ccYBstUdxDlEYpn+StCq UhtonxWAks3MCuo7MYpk+LesZZw0chdOHHuQwtdhEZ9AmWxr/Gb66BykjxV/ZNw5LtKf zmKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=tkWKm/B8EXAq1/MqhFxK+K7JMpj74KkX9yTQ4KFQ7Mw=; b=XaE2iJz2rU+8i7rSPW5saSJyQQCkit9YX52mjoaUJgYW+4WS0ScxX0rMhjZYJo7vky pUiJBJcAoXUOTWZ79g1jrx7Q2aV7dsXraD/TYN98ibMh591hiw8kqV4YNEnplpzOSkDX W8v0M5BElwI+Sg51gVFW7QlGIxSBGHo49P8sg9Z1RVsdMlsGgm15EqXc/q5d8HlROijG v6/Dcw98tOYtK2bS7DX7QF8qbwXFqSJ6wSejCSIKP3fokODRb6/py5d7LGFANxGgU0MN LRTuPsMMxOuSPG/m7yVdtLKjh5oh5gFLmga+JEWOLVgjleR02vhcOPLrgmuqMauR3gXm cjyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=U8Wos3x6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g12-v6si114612pla.338.2018.02.08.07.30.37; Thu, 08 Feb 2018 07:30:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=U8Wos3x6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750929AbeBHP3R (ORCPT + 99 others); Thu, 8 Feb 2018 10:29:17 -0500 Received: from mail-io0-f178.google.com ([209.85.223.178]:33993 "EHLO mail-io0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752285AbeBHP3I (ORCPT ); Thu, 8 Feb 2018 10:29:08 -0500 Received: by mail-io0-f178.google.com with SMTP id c17so6190966iod.1 for ; Thu, 08 Feb 2018 07:29:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=tkWKm/B8EXAq1/MqhFxK+K7JMpj74KkX9yTQ4KFQ7Mw=; b=U8Wos3x6AXl4YqoY9iibwMiLLJFnOboHjcTAJig6K0inwx1wyuXMTnzLabl8h9kHSb yquKepf8arExFL7u4tLGBVz8afBzVddjF1tak3CMftYtWJUELKdvWnHrjCHfWIqaRAxS lOOXKCOLa9ZllGLyLSN2Cy2+BGQ2Ygj6Mg3i824BEH3vAl+1Hcmgyy8Zk5W3GVOof4Sy QGZnpxlwyIlMZxQY27r6CCPrr5/+zDnJESw+ynn4uPR65RA1mvPKfg+mkIVC2YvbodEI ivY2EEDJzS7gzlQP/c7kRGw+2+nqh9etoI1pAgnNA1p0SEPWOfBkH9W0l+YGT6/7D34C DgHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tkWKm/B8EXAq1/MqhFxK+K7JMpj74KkX9yTQ4KFQ7Mw=; b=omWCMS7d4EB90oEfc35RWn4wT4uLLzswhjwETMlX6RYGhSlImO8unToOnpTp0NGQhc 2Bn1PD46ndvTuco0cfh/mLu2MgCBCT4RD8UsT/14w83XVliO/dj8hAkuX2gTk9EUHcWI VOpM7p9v4+dvTKYySiJOyrX6YYVzVNEkyOa+8xqeVk9ZHZn1XUvySV8gKytkalcIFsOY PY+Dm4UktDf/SrIrYt1y4BfPIWiwGX5i6O+vorgWSzDs8AR1MEYblTn3vwEZY1v8aXrU 2Ddw1nYmEJ/RSG6Q0a0l+3Mg2fdUV+jTKA44iiPmUc5NGMq2xtLUjEyG+uWfqLNY7N6L JWJQ== X-Gm-Message-State: APf1xPAY63jZrceX878a3Di4gs8cF5MEXIqkRHzMN0lLmzQqNl3IY1BM S8m45b2vMBQoJr4x71SRoDUTZALmPPBrd5YiiSXqmoDg X-Received: by 10.107.160.21 with SMTP id j21mr1336246ioe.186.1518103747164; Thu, 08 Feb 2018 07:29:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.128.7 with HTTP; Thu, 8 Feb 2018 07:29:06 -0800 (PST) In-Reply-To: References: <1517828686-29070-1-git-send-email-wanpengli@tencent.com> From: Jim Mattson Date: Thu, 8 Feb 2018 07:29:06 -0800 Message-ID: Subject: Re: [PATCH] KVM: nVMX: Fix CR4 after VMLAUNCH/VMRESUME failure To: Wanpeng Li Cc: kvm list , LKML , Radim Krcmar , Paolo Bonzini Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Consider the following scenario: L1 has never successfully executed VMLAUNCH. It has written 0 to vmcs12's host CR3 field using VMWRITE, but the current host CR3 value is actually 3e7000. It has written some illegal control field that the L0 KVM doesn't check itself, but defers to the hardware checks on vmcs02 instead. So, when L1 tries to execute VMLAUNCH, L0 follows this path for "VM-entry to vmcs02 failed due to invalid control field(s)." Your change would set CR3 to 0, which is incorrect. CR3 should actually be set to 3e7000. Now, if L0 is sane and using EPT, then it can find the correct L1 CR3 value in vmcs01's Guest CR3 field, but if for some reason L0 is using shadow paging to execute L1, that won't work. Similarly, the correct L1 CR4 value should be in vmcs01's CR4 read shadow field. You can't just assume that L1 has written values to the vmcs12 host fields that actually match the current host values. There is nothing in the architecture that would require this behavior. On Wed, Feb 7, 2018 at 10:22 PM, Wanpeng Li wrote: > 2018-02-08 0:57 GMT+08:00 Jim Mattson : >> vmcs12->host_cr[34] does not contain the up-to-date values when L1 is >> running. L1 can vmwrite any values there. We know at this point that > > It will incur a vmexit to emulate L1 vmwrites vmcs12->host_cr[34] even > if vmcs shadow is enabled since host_cr[34] is not shadowed in the > bitmap, why it is not up-to-date when L1 is running? > > Regards, > Wanpeng Li > >> they are legal (because we checked them), but that's about it. If the >> VMLAUNCH/VMRESUME of vmcs12 fails for "invalid control field," there >> is no VM-exit from L2 to L1, and these fields are not loaded. Instead, >> execution just falls through to the next instruction with VMFailValid >> semantics. >> >> On Wed, Feb 7, 2018 at 12:31 AM, Wanpeng Li wrote: >>> 2018-02-07 0:58 GMT+08:00 Jim Mattson : >>>> On Mon, Feb 5, 2018 at 4:57 PM, Wanpeng Li wrote: >>>> >>>>> This is effective one, what I restore in this patch is >>>>> achitectural/guest visible. >>>> >>>> This patch doesn't "restore" the guest visible CR4 to its value at the >>>> time of VMLAUNCH/VMRESUME. It loads a new CR4 value from the vmcs12. >>>> That behavior is incorrect. >>> >>> You have another pointing out about this. >>> https://lkml.org/lkml/2018/2/5/518 vmcs12->host_cr3/host_cr4 has the >>> up-to-date value when L1 is running, it is still up-to-date after >>> vmexit due to L1 executes VMLAUNCH/VMRESUME, I think the value stays >>> the same before L0 emulates the VMLAUNCH/VMRESUME, according to below >>> comments, why vmcs12->host_cr3/cr4 is not the value which we should >>> restore? >>> >>> * After an early L2 VM-entry failure, we're now back >>> * in L1 which thinks it just finished a VMLAUNCH or >>> * VMRESUME instruction >>> >>> Regards, >>> Wanpeng Li