Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2965297imm; Sun, 13 May 2018 01:04:52 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpkaGh6d0IEnMNhPvdOQ+XsIMV9nEGzAeHxo3UFclVyqOJR4VrxCTbHIt0LCFPloarsy46R X-Received: by 2002:a63:90c4:: with SMTP id a187-v6mr4752158pge.189.1526198692472; Sun, 13 May 2018 01:04:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526198692; cv=none; d=google.com; s=arc-20160816; b=kVcEwiocOtuaT8CdmW6u02OSpO7fiJ9dXx118U7xlWwMisZOFT9wHe5uauDYVz3P3G ZFvV7uJXQCGOr10ZKnXFRY5yakiKstK4R5t5XpQkqNiXqN2KDc/03z3B7VUXwUp9Tz7r RMxNS4K11cBoVc6vVr4Rzu9+S/Mk1dMYMr7orOdJvFRjq39qgMSQXNTxUNZslojt2CJO YjqADYJJrFV//KzoTypsE7Wu7fnkag9Lyn8jHcPp/S9aCJ7xpHu+gKx9cjw+0PXyP8vt ywyst6OLOM6F4FoTyqb3JeXxGS78GofK9TZmO2Xz4Q1eqgsji7qbwBAYJI+OEhzfb8jY TdvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:subject:cc:to:from:date:message-id :mime-version:dkim-signature:arc-authentication-results; bh=8VwGzVchuMpd9M3zliHeuybGdFLc00LS6XH9vo/M0wA=; b=dP4MLftSuYLbwb40/EJSI4EIwXcjo0CLb0wkGjwqh0oJXY+BJn/ON4JHXHXn+KvxKO qwjKUTbGMqOq/iqv+QPRvptifklcin98C693hKdK7n+pBrCktrD46OBMBD/0hqXe8Ic1 rUQQ3CCVeUoMuLS0F+RRz9+B0uPjhGiPF68ZCVubgFnrPEAiyRO742DvyY+7kUbs3Jpc cnU7COPkVaddiUPpZz1Cnv978HaWLl/mencQih53e0yRjKSm6xuHezAPXOeI3sQPPX1G /yfS9f1U+EZgdvB7O6cuje4HUUhm2anqs9Z4aIvKEMWhA64ISKVLV3I69f/8rLdlVWB/ zERQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=E73v0tqB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z128-v6si5673505pgb.28.2018.05.13.01.04.37; Sun, 13 May 2018 01:04:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=E73v0tqB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751378AbeEMIEW (ORCPT + 99 others); Sun, 13 May 2018 04:04:22 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:32806 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751022AbeEMIEU (ORCPT ); Sun, 13 May 2018 04:04:20 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4D80mqS141675; Sun, 13 May 2018 08:03:55 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version : message-id : date : from : to : cc : subject : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=8VwGzVchuMpd9M3zliHeuybGdFLc00LS6XH9vo/M0wA=; b=E73v0tqBArKCoAZAjfZcyuDBeG09ua1hDOB4bIsi1pxVTKCYNz8ksOZN45hPocwjckbP 2ZD5lcudwh6EB/WmS+okcsY/kvTexSFqPC2QVnSBBDhnk3KRJjbvUt0tcmhV3lkgm1GR hob+zKt7gAqdM3VCU9jBQE18Y6csMq6YWzyw2wbj+eQj5wILDlTtE4lXP6VZLT7f7PdI Lw5gpREJnNiTr9OZebk/OJQGPKdpUdnfDNejar6AnWq7PTNpu16hfKXgl0l90H1QVAiE 3zEipL105jopXw1fBoh8eRZQuB37bchLJMEp60f/WSlvh09ZzRVtvvusZ1oDURHPxhds 8w== Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2120.oracle.com with ESMTP id 2hx29vrv4g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 08:03:55 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w4D83sTo000594 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 08:03:54 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w4D83rrY010414; Sun, 13 May 2018 08:03:54 GMT MIME-Version: 1.0 Message-ID: Date: Sun, 13 May 2018 01:03:53 -0700 (PDT) From: Liran Alon To: Cc: , , , , Subject: Re: [PATCH 2/2] KVM: X86: Fix loss of CR3_PCID_INVD bit when guest writes CR3 X-Mailer: Zimbra on Oracle Beehive Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8891 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=937 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805130085 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- kernellwp@gmail.com wrote: > From: Wanpeng Li >=20 > SDM volume 3, section 4.10.4: >=20 > * MOV to CR3. The behavior of the instruction depends on the value of > CR4.PCIDE: > =E2=80=94 If CR4.PCIDE =3D 1 and bit 63 of the instruction=E2=80=99s sour= ce operand is > 1, the=20 > instruction is not required to invalidate any TLB entries or entries > in=20 > paging-structure caches. >=20 > The CR3_PCID_INVD bit should not be removed if CR4.PCIDE =3D 1 when > guest writes=20 > CR3, this patch fixes it. >=20 > Cc: Paolo Bonzini > Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 > Cc: Junaid Shahid > Signed-off-by: Wanpeng Li > --- > arch/x86/kvm/x86.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 9a90668..438f140 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -849,11 +849,13 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); > =20 > int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) > { > +=09unsigned long cr3_check =3D cr3; > + > #ifdef CONFIG_X86_64 > =09bool pcid_enabled =3D kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE); > =20 > =09if (pcid_enabled) > -=09=09cr3 &=3D ~CR3_PCID_INVD; > +=09=09cr3_check &=3D ~CR3_PCID_INVD; > #endif > =20 > =09if (cr3 =3D=3D kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) { > @@ -863,7 +865,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned > long cr3) > =09} > =20 > =09if (is_long_mode(vcpu) && > -=09 (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) > +=09 (cr3_check & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) > =09=09return 1; > =09else if (is_pae(vcpu) && is_paging(vcpu) && > =09=09 !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) > --=20 > 2.7.4 This commit doesn't seem correct to me. According to Intel SDM "MOV=E2=80=94Move to/from Control Registers": "If CR4.PCIDE =3D 1, bit 63 of the source operand to MOV to CR3 determines = whether the instruction invalidates entries in the TLBs and the paging-structure caches (see Section 4.10.4.1, =E2=80=9COperations that Invalidate TLBs and Paging-= Structure Caches,=E2=80=9D in the Intel=C2=AE 64 and IA-32 Architectures Software Developer=E2=80=99s = Manual, Volume 3A). The instruction does not modify bit 63 of CR3, which is reserved and always= 0." However, after this commit kvm_set_cr3() will update vcpu->arch.cr3 to have= bit CR3_PCID_INVD set. Which is wrong as it should be reserved and always 0.