Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2982887imm; Sun, 13 May 2018 01:29:25 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpZrGsR7LhZvyJCxBs6kGk6UFbTYNWUZRN+PHfUKFQan2CljdMOJIqY6aETu415H8MQassL X-Received: by 2002:a17:902:bd46:: with SMTP id b6-v6mr5288560plx.170.1526200165429; Sun, 13 May 2018 01:29:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526200165; cv=none; d=google.com; s=arc-20160816; b=QZqV5JD5O4vFwMewE84lYIxpqApkZ3O6eKDSJy1mZRtZG3hJ1E6iBnxiweT61rqxuD XAIuRwIxmPtNW9FGUsJ0XEev6/med0PnD+ZMtEWocbZZ7m+z9PV+tx8agDPolxfmTgiV SXscS0TPKsPcRNz4rU5rvuKEmkGmOt5+Q7oHiGcYqDw2iMiLOiH3Q88FvU4n7fTC2Qhp hbJ8IPYSdeBVlgklxzIL/QdpZ2vieuUwYUAgvq1QSKN3n9fgqe6i2shekWkW2eOHEa0l SoD1B94uJGTuKBqWFJX/Muq1n4RNvkxUb3lxrVEp7sGlcE/9y+cNfSWXv7BKyZMvuzsU 6IHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:subject:cc:to:from:date:message-id :mime-version:dkim-signature:arc-authentication-results; bh=7iZ4s5/5ChFyYpMOXIQM4eXD4BIzP0Vzrx7R8puAUX8=; b=wkYrt8IEEHap7mYruQ8cy+URyKpIaPj8K1x7VCS8KI/hPuYxy6Cl18F3MM4zUC4gHX Uf4TOiuewhSypIn4J5wLuByKB3u3Y5+coWlr0nxHexikCpzzEZraWm5hSC/tDgAmfTP7 ikdp4jiJ/yVRkTzIg0lWk3V9bF298jeX/iUeuJasPRGCbztaXAoZk9axsvZ4EaBBJnCa r2B0DEVuzxzWxnHSqZ7irrZ6S1rK+ifNo0AdKHiTuFVBQXRVMFs2vLGBhYk5HQdGRrJV 0dQfKUDfdhWv6wZLqaejV0jcqguK00rraMPu1xXPhocp+BArXABqggTS9lElbEnnukOi tkLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=DNvjh7Nh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y15-v6si6176982pli.354.2018.05.13.01.29.10; Sun, 13 May 2018 01:29:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=DNvjh7Nh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751182AbeEMI26 (ORCPT + 99 others); Sun, 13 May 2018 04:28:58 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:52638 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750850AbeEMI25 (ORCPT ); Sun, 13 May 2018 04:28:57 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4D8SVpt014445; Sun, 13 May 2018 08:28:31 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version : message-id : date : from : to : cc : subject : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=7iZ4s5/5ChFyYpMOXIQM4eXD4BIzP0Vzrx7R8puAUX8=; b=DNvjh7NhwCpI6xr4LXwTsIW4kO5nwOBak10RLNYkcGuamF/GwM020SMhoNFGve9gYE0r Ex0fAx82GckZUIxXS91MGMdfB0rc1PNR5AynlEEADmAaGYd0mOY11s86BNEgcglYVI2j dC3ivgf9XSfQvJyf74euEJWL9CU686uW2nPMPzc75KmKeOfyY05pkN5xWNqUVX3KxXsL Mg0s6fwK3k/V6LYG2qfkV9LAY5Qz9BY+rQ8Kc5jdj2iMWWShRjI0gTXnBUSJvQI6X4R/ xbhXKWpvi/EHc0fN03iJLdFHH6jHqaf7u1N+KnX8xzkqvA0ssl8Ii9q8mn1Kfgoq3tC8 mw== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2hx29vrwef-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 08:28:31 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w4D8SU6i008832 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 08:28:30 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w4D8STIq002216; Sun, 13 May 2018 08:28:30 GMT MIME-Version: 1.0 Message-ID: <6c3c9a5b-ccf3-4702-8832-b44a98822966@default> Date: Sun, 13 May 2018 01:28:29 -0700 (PDT) From: Liran Alon To: Cc: , , , , Subject: Re: [PATCH 1/2] KVM: X86: Fix CR3 reserve bits X-Mailer: Zimbra on Oracle Beehive Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8891 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=719 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805130089 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- kernellwp@gmail.com wrote: > 2018-05-13 15:53 GMT+08:00 Liran Alon : > > > > ----- kernellwp@gmail.com wrote: > > > >> From: Wanpeng Li > >> > >> MSB of CR3 is a reserved bit if the PCIDE bit is not set in CR4. > >> It should be checked when PCIDE bit is not set, however commit > >> 'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based on > >> its physical address width")' removes the bit 63 checking > >> unconditionally. This patch fixes it by checking bit 63 of CR3 > >> when PCIDE bit is not set in CR4. > >> > >> Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits based > on > >> its physical address width) > >> Cc: Paolo Bonzini > >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 > >> Cc: Junaid Shahid > >> Signed-off-by: Wanpeng Li > >> --- > >> arch/x86/kvm/emulate.c | 4 +++- > >> arch/x86/kvm/x86.c | 2 +- > >> 2 files changed, 4 insertions(+), 2 deletions(-) > >> > >> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c > >> index b3705ae..b21f427 100644 > >> --- a/arch/x86/kvm/emulate.c > >> +++ b/arch/x86/kvm/emulate.c > >> @@ -4189,7 +4189,9 @@ static int check_cr_write(struct > >> x86_emulate_ctxt *ctxt) > >> maxphyaddr =3D eax & 0xff; > >> else > >> maxphyaddr =3D 36; > >> - rsvd =3D rsvd_bits(maxphyaddr, 62); > >> + if (ctxt->ops->get_cr(ctxt, 4) & > X86_CR4_PCIDE) > >> + new_val &=3D ~CR3_PCID_INVD; > >> + rsvd =3D rsvd_bits(maxphyaddr, 63); > > > > I would prefer instead to do this: > > if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) > > rsvd &=3D ~CR3_PCID_INVD; > > It makes more sense as opposed to temporary removing the > CR3_PCID_INVD bit from new_val. >=20 > It tries the same way > https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__git.kernel.org_pub= _scm_virt_kvm_kvm.git_commit_-3Fid-3Dc19986fea873f3c745122bf79013a872a190f2= 12&d=3DDwIFaQ&c=3DRoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=3DJk6Q8nNzk= Q6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=3Dr52WDgKBorUHwe_B_5Nw2Le_F_E0ne8lqqWW= 6n-3bSg&s=3DufTcXvhhAMkY3XP6gAx-HiKCT8ynPWo2fs2z9DqCzM4&e=3D > pointed out. >=20 > Regards, > Wanpeng Li Yes but there it makes sense as new CR3 value should not have bit 63 set in= vcpu->arch.cr3. >=20 > > > >> } > >> > >> if (new_val & rsvd) > >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > >> index 87e4805..9a90668 100644 > >> --- a/arch/x86/kvm/x86.c > >> +++ b/arch/x86/kvm/x86.c > >> @@ -863,7 +863,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, > unsigned > >> long cr3) > >> } > >> > >> if (is_long_mode(vcpu) && > >> - (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62))) > >> + (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) > >> return 1; > >> else if (is_pae(vcpu) && is_paging(vcpu) && > >> !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) > >> -- > >> 2.7.4