Received: by 10.223.185.116 with SMTP id b49csp1185567wrg; Wed, 21 Feb 2018 13:44:09 -0800 (PST) X-Google-Smtp-Source: AH8x227ktOFmh4TBsQOZ+qZ6mTH0nvHMvy+xjRdcsnfHCassDDd/JZRZ24L2A0ftLEHAzMO7pyCP X-Received: by 10.98.182.8 with SMTP id j8mr4578996pff.166.1519249449268; Wed, 21 Feb 2018 13:44:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519249449; cv=none; d=google.com; s=arc-20160816; b=YWxlMAAr3f5pC7Vg0LH6KRncdA89C5yTFBaa17NRanmFLwt5sB2eY1PVt4B/EsAlXc /UpOBdIwgJHombEzIVvH4kCNz+0O61rhQDi1y4xl8xSjty7kaqNKMpzzzu84COd+HaOE aZyaNf/9U9KmCLrsItlkZsyRobxajWTOtXP68kOTKb6VFvnX84PkilJRkATc9NYnlGb4 ImiUZOwoxrYCpKvHE1op7fw1BRp6aCaTuHbuJ3cBbQUN/RXNnp2Jc7uvImw3wbQRXceQ Q2qF2HQAiZFg2tXsvM9DjioTnSsvwmpgiKlAvDnD83m/dBttK8ZvuSw4jHtHoi6QFQ+W Gy5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=LcLDfkr9sUSgcF5bZZx3ol5kTYb8HijIsOrppxD2Ch4=; b=WVdZOS1osMikbkEuVt7DBlk+3MugliSjQi+jbWu03jg5CGWDi1pFMHbq6fHk+5w8Vd Dcg0b+Doo7exHLt38hYThgfsx7VAvOyd/rb9JfZPnlH0q4lI4ndRwCiEwyx96XYZ81xX MPNUUMVXBmpUPMzNzsqhBY55BqwBeArrdTsvaNfH+IDxse/XVsMi1W1wWMpvVJGvecIZ MQJp1NZ0NCZsmrB3jGg6qp14qBrZCsQlMOgLxq0vIrz4Du2W3onRqM+XCBEHN9ufIVyZ moVF63viX01xEk7P9GM0EmYifPxa22Y4K716O3PJI9q2ZTe5y1ISH+iDi6IMEkqvtay1 IyMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=rZmk7vRS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z69si1860349pfl.299.2018.02.21.13.43.54; Wed, 21 Feb 2018 13:44:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=rZmk7vRS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751485AbeBUVlv (ORCPT + 99 others); Wed, 21 Feb 2018 16:41:51 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:50283 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751332AbeBUVlr (ORCPT ); Wed, 21 Feb 2018 16:41:47 -0500 Received: by mail-wm0-f67.google.com with SMTP id k87so147498wmi.0; Wed, 21 Feb 2018 13:41:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LcLDfkr9sUSgcF5bZZx3ol5kTYb8HijIsOrppxD2Ch4=; b=rZmk7vRS+Ez80JLu9WDewUxQThE6hL0ACQTLLqmbL04V526vAbD1bKKSOfsqGvoVpd /fIXieGfDjrT9i9n9PoHsBay0Fa4iIepUDeGTQUXbzDXtYq6B2ZsB9qb1dS9OB8OmAng eFnmD8jXAZP2LaghTFnBvoS3ZIsfFeHrR2POtJm+i+orU2+P7FVtXfoFERttSmFuXUyd k0k5Ckh/NLraqpaL3x4cCa66pnvuf94X+k88ha830thDSaFlybiqn8+sS27JbYhmq4oX a31AjaW/V9hF1t2D/+2ZSdgKSR4Tf5wsNJ+sG4dgs6ZeZtCNRVMakrnT28aC90pbrSM6 rhnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=LcLDfkr9sUSgcF5bZZx3ol5kTYb8HijIsOrppxD2Ch4=; b=d4/crTwygbl8wul5OWEyHdetbyRwXJ33AbqEnm2jTGP/stQvuB1+1r/3spXZSgK6EV ngA6ElQgmfYS/7EZPwaXh77fl3m8gS8FRGVi3scvfuftLUzLizgQ7fiqtkyTE2QhTWJ9 BJVibKxkKpjh7kOcadz/Xe7Mz5SEOF5DfpUFG2oFwfMexuYOI7VwuDgRUdNBpwGQp0/6 h/4eYPVuBbnRa+8a+o9vkfv3AI2sYH+/OIM2H/oZ5Yjs0CFyGewMI3a4ghneMNwQtUmX ctsbmWhojAWt2kkVZQd2iaTjAFvhj2xmtPcFUHQSjYaeC9S8AJ6kwIUIfrecmDeZ4zNR gdog== X-Gm-Message-State: APf1xPALIyNXTFA/bWPLFRJT3odde6vZkyrYTyNSOYVIzw90qoSODiQ1 l9LOppZPMfj9VtGmy2oswCQtx19l X-Received: by 10.28.172.130 with SMTP id v124mr3318054wme.16.1519249305360; Wed, 21 Feb 2018 13:41:45 -0800 (PST) Received: from 640k.localdomain.localdomain (94-36-191-219.adsl-ull.clienti.tiscali.it. [94.36.191.219]) by smtp.gmail.com with ESMTPSA id j132sm2827364wmd.27.2018.02.21.13.41.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2018 13:41:44 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: x86@kernel.org, =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , KarimAllah Ahmed , David Woodhouse , Jim Mattson , Thomas Gleixner , Ingo Molnar , stable@vger.kernel.org Subject: [PATCH 2/3] KVM: nVMX: fix wrong condition for SPEC_CTRL and PRED_CMD MSRs Date: Wed, 21 Feb 2018 22:41:36 +0100 Message-Id: <1519249297-73718-3-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1519249297-73718-1-git-send-email-pbonzini@redhat.com> References: <1519249297-73718-1-git-send-email-pbonzini@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We need to change the default all-1s bitmap if the MSRs are _not_ intercepted. However, the code was disabling the intercept when it was _enabled_ in the VMCS01. This is not causing bigger trouble, because vmx_vcpu_run checks the VMCS02's MSR bitmap and would do the right thing even if fed garbage... but it's obviously a bug and it can cause extra MSR reads and writes when running nested guests. Fixes: d28b387fb74da95d69d2615732f50cceb38e9a4d Fixes: 15d45071523d89b3fb7372e2135fbd72f6af9506 Cc: x86@kernel.org Cc: Radim Krčmář Cc: KarimAllah Ahmed Cc: David Woodhouse Cc: Jim Mattson Cc: Thomas Gleixner Cc: Ingo Molnar Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- arch/x86/kvm/vmx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 5caeb8dc5bda..af89d377681d 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -10235,7 +10235,7 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, return false; if (!nested_cpu_has_virt_x2apic_mode(vmcs12) && - !pred_cmd && !spec_ctrl) + pred_cmd && spec_ctrl) return false; page = kvm_vcpu_gpa_to_page(vcpu, vmcs12->msr_bitmap); @@ -10278,13 +10278,13 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, MSR_TYPE_W); } - if (spec_ctrl) + if (!spec_ctrl) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_SPEC_CTRL, MSR_TYPE_R | MSR_TYPE_W); - if (pred_cmd) + if (!pred_cmd) nested_vmx_disable_intercept_for_msr( msr_bitmap_l1, msr_bitmap_l0, MSR_IA32_PRED_CMD, -- 1.8.3.1