Received: by 10.223.185.116 with SMTP id b49csp1070943wrg;
        Sun, 11 Feb 2018 03:57:26 -0800 (PST)
X-Google-Smtp-Source: AH8x224enpGwioKjPgr64aWaPLnv8yorzR1KjNQIuHwPPWMQ59EmxyhSucpssNcDyxAXgBbSerO+
X-Received: by 10.98.232.24 with SMTP id c24mr8470847pfi.227.1518350246177;
        Sun, 11 Feb 2018 03:57:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518350246; cv=none;
        d=google.com; s=arc-20160816;
        b=CVCB1468ZlTQ+Cb7mIz143j+BJMpkWZdxeUsNYvoHzNqsihCh0W5RQYQqKQBWqz9fE
         bAoQHXVaTJQ2EqiinTvCjS5OJFHDLHjQuSPl2t22CK/Hdiuo+7Nf4szRzyPDh15b4D3C
         IWeB3zjgYTi/eDujhylvmOd6Js8NJxOo0t/7JIOzQxE0uspCa2LDpkAwcs99WjyRY7qT
         VWZOBbT9EpNkb7mogguFKd+DhN18hsHtWsKBJXQZ6Jk+cW2iaU7tCa/WoyEytopnL/jt
         ulf2h9HMy7uIhuB7b1/OZr5RpUnDMkbI4Vh9YhzwvBj9B/TIPjYWvMn/GupvTKyd4zjn
         J8qA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=9JQhBkdVwI5bCnudHOf13rHVqMihmqGNugUaY+gErXw=;
        b=R/U1V1J5UgcBTX4idl7QRpel/pU/FaJ40cH+AsQLNOgl5ZBV+zuf7mI87iAfktatWO
         +fMhYQAtKtE0mBAcM5jG9M75VsnNGl2a/Opbd0lfS+90W5HYAsfAvaFI+SVkofTQ1Y5N
         8S4QbnaEm7VJm/ACZ6Mj4XBjQ26g3CJoLUima35bs+uyg1ENmT25i0lOj+yskNIrV42Z
         NTGt+eBu6i6Xd5+1qYZ8OxlsfHVf5oih8eILYDm6X7cR+7iLf6/3CzI8brh5aoZJAhai
         cYaEvWaMmnrRXDQaoDv3Nc82qSCpVvOSoFkkujiswp+mi7mzcCRM32G8/jzmmwBWURDF
         p4Ww==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=pY5dq7Gk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l8si3882705pgq.35.2018.02.11.03.57.12;
        Sun, 11 Feb 2018 03:57:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=pY5dq7Gk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753285AbeBKL4f (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Sun, 11 Feb 2018 06:56:35 -0500
Received: from mail-oi0-f47.google.com ([209.85.218.47]:38973 "EHLO
        mail-oi0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753045AbeBKL4d (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 11 Feb 2018 06:56:33 -0500
Received: by mail-oi0-f47.google.com with SMTP id j188so9221630oib.6;
        Sun, 11 Feb 2018 03:56:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=9JQhBkdVwI5bCnudHOf13rHVqMihmqGNugUaY+gErXw=;
        b=pY5dq7Gk3t4Bgv8wr3Q7IekWE7tqDNsoADQX1Tzf2BNSPS+Q9BfYjWQFTrUdvOBiVl
         E+uJgX8Z5nY53W3htL4MfMGTl4iAWVTr8Ffm3gaBpalzcs+wIFwBCmGHPaGevi2BdD8K
         McqWI1QBUp90/+ib1Gzq3sKLVgo2Gr4VSvhFgsY1CVZDdXyuzcfs+GJpsetw+8TvOERJ
         yG3R6Qm+k/UxeSODb9pY8kggVMqrdgdtMlmwoddXoEvDi/j8N0oh/ynkPdtb2q54guH1
         wabEPRWl/TUJQSb0TVAL8pKJ22USzjqN9Hgyiy2tNmsW0nuApWd2WOlxgKFGVRJTGyRz
         yXsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=9JQhBkdVwI5bCnudHOf13rHVqMihmqGNugUaY+gErXw=;
        b=m+drHZXDiR7t/U59BMiZxgGtbEga15egxykduOAbhfOfkT1sTbpytLy/K0p+T6aj83
         l6d2ulVbrptLLGQjclRJh3gzho7LlfS8MSEoX6yXzY81HU1bROJYBqc2NMBXgbiinUNn
         p0NEQcT9WusIJWvcLO1MGjLXtCkpve+zXEwbrsKbLFDqVneYAxLQO0xCmkzRIPvMSPpO
         Kthh1EDJmH4viMmfMgi0CNu0MRQUzlI68Xj7hm8EA+d3GfkBBEHKZlJKWY6IAw6+7ZhE
         cyqa+EB0ns0LhwaGLGqUahSgQ1HFzGkhWbFzHKhh4DPVzNCfpvFfRqgMqAw/B+x29+Y6
         LWJQ==
X-Gm-Message-State: APf1xPALwLza1mmqORlrU++7pjw3AvIgoTZMDynXwx0Rc2mpkgEIAjOI
        RT7SiIeJ40e0AzqfbJh6mkf7Omo/zFCW+a4E0ws=
X-Received: by 10.202.171.207 with SMTP id u198mr5825576oie.253.1518350192470;
 Sun, 11 Feb 2018 03:56:32 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.10.129 with HTTP; Sun, 11 Feb 2018 03:56:32 -0800 (PST)
In-Reply-To: <CALMp9eR0gaYuYbxKs6oWFJj+ciCtHtU+pnF4pLHmbdf2wnUuPw@mail.gmail.com>
References: <1517828686-29070-1-git-send-email-wanpengli@tencent.com>
 <CALMp9eQNB+2KLAR2Tv+By2oTthRLvAQMmJiEs61kFNrZDct3_g@mail.gmail.com>
 <CALMp9eSXvMmRj15q26_=VpJhYfUL_gHP-ce4h9bCv0N55JtT1w@mail.gmail.com>
 <CANRm+Cx_KVftOfeGWjqn_1P=j8R-NsNcH7w+pA9gCouM_4FDRw@mail.gmail.com>
 <CALMp9eRHzmU3Kfr0cxhy2Hrr-RybnjrsKHByoV27TdYffuuC3w@mail.gmail.com>
 <CANRm+CyqV6s6etBAveNTG2WjfMZrfuuN+HpF9Ub1ex=JjyA1yw@mail.gmail.com>
 <CALMp9eQ+wJyxQfru1j8i6CmBzvsYEPrK2wx94JFZ0M3rWSV0+g@mail.gmail.com>
 <CANRm+Cx9vBGNgk0Gfc=tNVR49hxwexD7U-NmtBadXy0AadA1fg@mail.gmail.com> <CALMp9eR0gaYuYbxKs6oWFJj+ciCtHtU+pnF4pLHmbdf2wnUuPw@mail.gmail.com>
From:   Wanpeng Li <kernellwp@gmail.com>
Date:   Sun, 11 Feb 2018 19:56:32 +0800
Message-ID: <CANRm+CwsT_sL0kbO9ZKW4HJdmRw9sSKpwZAoOjpWBeWXZ-Q7-g@mail.gmail.com>
Subject: Re: [PATCH] KVM: nVMX: Fix CR4 after VMLAUNCH/VMRESUME failure
To:     Jim Mattson <jmattson@google.com>
Cc:     kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Radim Krcmar <rkrcmar@redhat.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

2018-02-08 23:29 GMT+08:00 Jim Mattson <jmattson@google.com>:
> Consider the following scenario:
>
> L1 has never successfully executed VMLAUNCH. It has written 0 to
> vmcs12's host CR3 field using VMWRITE, but the current host CR3 value

Writes 0 to cr3 can't be detected during vmentry checks by hardware.

> is actually 3e7000. It has written some illegal control field that the
> L0 KVM doesn't check itself, but defers to the hardware checks on
> vmcs02 instead. So, when L1 tries to execute VMLAUNCH, L0 follows this
> path for "VM-entry to vmcs02 failed due to invalid control field(s)."
> Your change would set CR3 to 0, which is incorrect. CR3 should
> actually be set to 3e7000. Now, if L0 is sane and using EPT, then it
> can find the correct L1 CR3 value in vmcs01's Guest CR3 field, but if
> for some reason L0 is using shadow paging to execute L1, that won't
> work. Similarly, the correct L1 CR4 value should be in vmcs01's CR4
> read shadow field.
>
> You can't just assume that L1 has written values to the vmcs12 host
> fields that actually match the current host values. There is nothing
> in the architecture that would require this behavior.
>
> On Wed, Feb 7, 2018 at 10:22 PM, Wanpeng Li <kernellwp@gmail.com> wrote:
>> 2018-02-08 0:57 GMT+08:00 Jim Mattson <jmattson@google.com>:
>>> vmcs12->host_cr[34] does not contain the up-to-date values when L1 is
>>> running. L1 can vmwrite any values there. We know at this point that
>>
>> It will incur a vmexit to emulate L1 vmwrites vmcs12->host_cr[34] even
>> if vmcs shadow is enabled since host_cr[34] is not shadowed in the
>> bitmap, why it is not up-to-date when L1 is running?
>>
>> Regards,
>> Wanpeng Li
>>
>>> they are legal (because we checked them), but that's about it. If the
>>> VMLAUNCH/VMRESUME of vmcs12 fails for "invalid control field," there
>>> is no VM-exit from L2 to L1, and these fields are not loaded. Instead,
>>> execution just falls through to the next instruction with VMFailValid
>>> semantics.
>>>
>>> On Wed, Feb 7, 2018 at 12:31 AM, Wanpeng Li <kernellwp@gmail.com> wrote:
>>>> 2018-02-07 0:58 GMT+08:00 Jim Mattson <jmattson@google.com>:
>>>>> On Mon, Feb 5, 2018 at 4:57 PM, Wanpeng Li <kernellwp@gmail.com> wrote:
>>>>>
>>>>>> This is effective one, what I restore in this patch is
>>>>>> achitectural/guest visible.
>>>>>
>>>>> This patch doesn't "restore" the guest visible CR4 to its value at the
>>>>> time of VMLAUNCH/VMRESUME. It loads a new CR4 value from the vmcs12.
>>>>> That behavior is incorrect.
>>>>
>>>> You have another pointing out about this.
>>>> https://lkml.org/lkml/2018/2/5/518 vmcs12->host_cr3/host_cr4 has the
>>>> up-to-date value when L1 is running, it is still up-to-date after
>>>> vmexit due to L1 executes VMLAUNCH/VMRESUME, I think the value stays
>>>> the same before L0 emulates the VMLAUNCH/VMRESUME, according to below
>>>> comments, why vmcs12->host_cr3/cr4 is not the value which we should
>>>> restore?
>>>>
>>>> * After an early L2 VM-entry failure, we're now back
>>>> * in L1 which thinks it just finished a VMLAUNCH or
>>>> * VMRESUME instruction
>>>>
>>>> Regards,
>>>> Wanpeng Li