Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2994982imm; Sun, 13 May 2018 01:45:35 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoksnKa2HEeXuNPAg2Lk5rMpBhaqsKnaYgXbQAq3AIrP9+hAFlv7ZmVWe8CXoD5yajSbOp9 X-Received: by 2002:a63:2547:: with SMTP id l68-v6mr5059066pgl.40.1526201135883; Sun, 13 May 2018 01:45:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526201135; cv=none; d=google.com; s=arc-20160816; b=fqHmnHSNWlLbUOn/hnFmsmhQJ1a/lEmYIpM+8hiR/uDyZTqkkNnlfqYY2580SBQXVN hwMNL1tQlpQOrrocimS9VgZKKrLAiW+zYscXTctzyDTvD7OM/VLVoc1smwW+2ZhH6Sku vvE+mECSELlvAzpw7cdvvNRhx/34OILcSp3pjzkHPrH01kvd0jdOYBi4YFPaJRB+SUks uaQmEhXlVAQLwq8Qe9+9ePIN6bg1DhgabTaKlW8ukmRkM3fISlV9mGLhWbDsRSvAIMK9 pF8wAK06aFXOV1wWcrVaVjexxA8cP2AgZCErn0bKqx5MIOmN8T4bZ4AbRDxiHUUGdb5g q+6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=+He2S9bPcvyG+fT9jQ3TyG/d2gN7yaGJHpQMjHiES9U=; b=Q5g2EWseIxNIjPur1LhY5fX2glzu9kpA9j4NfJGoa5I4nJ6DQjuxKS7dHyfycweVYg 7QQ5AzqyvVuln6MDxVLy6/QcwOlH18PJKDfw8nOKRpOE0gTUVKcV2G+wbd4ltW8spPb7 Uj8a0Vd7b8tljddqihQV2gSjaVLfjg/NhM8E6QF2EQ6FH6oXNHgU8eLJ2d1Yk99JUBHE eSZOu/E/uLVBjJ5EvEqV3pREHPtmhVhO1nAXgm3A6T8m2OZwjexUyIU1SGeh6Uqj5IVS ijnEwW5Iata/c1ENP0PamjVsoyVpLEzMUxhU5REntRSoAErEAIMYSFbpk+WrmrEXmG1f hhtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=c/cSwF5W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g8-v6si7834069pli.75.2018.05.13.01.45.21; Sun, 13 May 2018 01:45:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=c/cSwF5W; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751859AbeEMIo5 (ORCPT + 99 others); Sun, 13 May 2018 04:44:57 -0400 Received: from mail-ot0-f193.google.com ([74.125.82.193]:46500 "EHLO mail-ot0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751165AbeEMIoz (ORCPT ); Sun, 13 May 2018 04:44:55 -0400 Received: by mail-ot0-f193.google.com with SMTP id t1-v6so11013093ott.13; Sun, 13 May 2018 01:44:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+He2S9bPcvyG+fT9jQ3TyG/d2gN7yaGJHpQMjHiES9U=; b=c/cSwF5WMxXNnCL6nAZfYYDMA5rjKUCihGjkX7XrAu+UsmqPz6ozWYNg69rJQ0UZk2 9idXQE6vd4l77K82YdRxliMZHdhPgE7IOOfG1XbLqkWG57VC6wQdz2g9r5WpLF/ciiRI MCZgxli6X5vENaHWw10QvZXvNOPfg1Q6N7QYJMJTXxCUTLnHI1XuiEhpmjC6vRx9DBCy Ypdi48dVZDFybmfJWyYFZQ5phPObVIvK7m7r0mg4vatQ3xIKJtZQdK2KUAkzWEeKxsNW Eb1lRYyQBvdKzi/sjbpmWHonHRkQY6yGMANu2aM+CfPxPoVE4gCYehqyRktWbUehidyH 65hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+He2S9bPcvyG+fT9jQ3TyG/d2gN7yaGJHpQMjHiES9U=; b=sfZg7UyaPq7s4ytEoDJCgfjl0pTnRibOSVCFUOXSzrLDxT4VpWjw9M+dnwBHmGxdG+ Hg/9qSUutO0HWedJMewurwOmToZBdD8GbcWYKXVn8WZ6D8+zK7mlbSVuIEcOkIbd9Cep QoQ4U6xyaR3BwAj5ONaoThED+mIKgyuM43/4SiI+frXmK57kJWuCjuaF6Vc6lvCP9wV9 5WoPiR7aKydUuiYZu6j8YSvBvt7stOgCWXDFabzimxnY+3lqj6pl3HEglCWk5LqsqNej 3VxDzr7wxSv+KEzUmdIoUHiyWDtvXeOpyzOvnp66GD9rb/UTXIz47SGm4KZUV6n9w1gT XyWQ== X-Gm-Message-State: ALKqPweMRy9QYF39r+m7J8ZDh64uqY5LK4JP/oPb8GKbSL2Uh8TlFWGi xzzNTvj4rpNa2jXnsZ4GBME6vS+cXcdcxOSSRGk= X-Received: by 2002:a9d:282b:: with SMTP id m40-v6mr3623638otb.203.1526201095101; Sun, 13 May 2018 01:44:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.70.211 with HTTP; Sun, 13 May 2018 01:44:54 -0700 (PDT) In-Reply-To: References: From: Wanpeng Li Date: Sun, 13 May 2018 16:44:54 +0800 Message-ID: Subject: Re: [PATCH 2/2] KVM: X86: Fix loss of CR3_PCID_INVD bit when guest writes CR3 To: Liran Alon Cc: Radim Krcmar , Paolo Bonzini , LKML , kvm , Junaid Shahid Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-05-13 16:03 GMT+08:00 Liran Alon : > > ----- kernellwp@gmail.com wrote: > >> From: Wanpeng Li >> >> SDM volume 3, section 4.10.4: >> >> * MOV to CR3. The behavior of the instruction depends on the value of >> CR4.PCIDE: >> =E2=80=94 If CR4.PCIDE =3D 1 and bit 63 of the instruction=E2=80=99s sou= rce operand is >> 1, the >> instruction is not required to invalidate any TLB entries or entries >> in >> paging-structure caches. >> >> The CR3_PCID_INVD bit should not be removed if CR4.PCIDE =3D 1 when >> guest writes >> CR3, this patch fixes it. >> >> Cc: Paolo Bonzini >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> Cc: Junaid Shahid >> Signed-off-by: Wanpeng Li >> --- >> arch/x86/kvm/x86.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 9a90668..438f140 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -849,11 +849,13 @@ EXPORT_SYMBOL_GPL(kvm_set_cr4); >> >> int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned long cr3) >> { >> + unsigned long cr3_check =3D cr3; >> + >> #ifdef CONFIG_X86_64 >> bool pcid_enabled =3D kvm_read_cr4_bits(vcpu, X86_CR4_PCIDE); >> >> if (pcid_enabled) >> - cr3 &=3D ~CR3_PCID_INVD; >> + cr3_check &=3D ~CR3_PCID_INVD; >> #endif >> >> if (cr3 =3D=3D kvm_read_cr3(vcpu) && !pdptrs_changed(vcpu)) { >> @@ -863,7 +865,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned >> long cr3) >> } >> >> if (is_long_mode(vcpu) && >> - (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) >> + (cr3_check & rsvd_bits(cpuid_maxphyaddr(vcpu), 63))) >> return 1; >> else if (is_pae(vcpu) && is_paging(vcpu) && >> !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3)) >> -- >> 2.7.4 > > This commit doesn't seem correct to me. > > According to Intel SDM "MOV=E2=80=94Move to/from Control Registers": > "If CR4.PCIDE =3D 1, bit 63 of the source operand to MOV to CR3 determine= s whether the instruction > invalidates entries in the TLBs and the paging-structure caches > (see Section 4.10.4.1, =E2=80=9COperations that Invalidate TLBs and Pagin= g-Structure Caches,=E2=80=9D > in the Intel=C2=AE 64 and IA-32 Architectures Software Developer=E2=80=99= s Manual, Volume 3A). > The instruction does not modify bit 63 of CR3, which is reserved and alwa= ys 0." > > However, after this commit kvm_set_cr3() will update vcpu->arch.cr3 to ha= ve bit CR3_PCID_INVD set. > Which is wrong as it should be reserved and always 0. You are right, thanks Liran. Regards, Wanpeng Li