Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3013346imm; Sun, 13 May 2018 02:10:08 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpHtDuRWkBJDrt88AdVr7i0mQyMpB8H02XKUAyMr/V6SMOS8702RDB+hhrJwvrH4qOGzDZp X-Received: by 2002:a63:6185:: with SMTP id v127-v6mr4834535pgb.441.1526202608600; Sun, 13 May 2018 02:10:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526202608; cv=none; d=google.com; s=arc-20160816; b=miF0+8Mbkf9JNGt5frMoCVavqfnn1zar8n2GJ85NqW4iQqKKvB/EBPwQISLT1dYJ2Q HTV898taJSi9B1NK+6rwN0Er59p9/LhV30oSNgwvZHoYRZ7Twyo2d+zyqOnku628c+cL BXCYeloXk5rP88Jk9qrN2HRk4SkZ7MRAgUL4u1wh5UjP84zCXtWSVWEkfu+L4PnIhpZm 9Do+qQqkbFUKd/XhJU6/zG5DXDMEonKpynirUCRp8r9c4ItDL+pStPp8RRZ8snQSnAEu ZhTPcx6EzbU+ch+XUEo/nSurQvhudJwyTY5QWnCPwe8XI6t3efnt1sU/+Kgu/HVuPV8K Jk7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:subject:cc:to:from:date:message-id :mime-version:dkim-signature:arc-authentication-results; bh=kPdNYUi5hdBJrMrltMFhjkVMqOedDNMmpLO/50cd7aM=; b=yOVlGQ2QFugsEJsGaxoxsXFH/kDOwq1nLyqScqogNS3HhjVXJiKxJHG5se3sIoVrbp aeH7zSnK54quWLDgYCWm7R5ortm/E6kUCv3ScuBNF6Ew91sCz0qsHyZz0RAFAv+jhQ6v WK/N+ztZX+vSrYuuwhY/2OgbNzMQhVGHjC0bP9PNuPp7po2Jz1AMAFhKeSu4hcnlKz7y 9ZGp9TAEtGxz/n4ExCLPi2xXhfnEnX1mmpC2MaWzHDfdVds6DcCLnwHwe/GSDYodLuWN kbe4LCvmMvC24TcU8kWDeD08r9v2nngOa+zbrRaIu2MzWFREnE3WdnmuwrTI1xnHUlmq /9sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=skBQzngV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 9-v6si7065875plb.415.2018.05.13.02.09.53; Sun, 13 May 2018 02:10:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=skBQzngV; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751293AbeEMJJo (ORCPT + 99 others); Sun, 13 May 2018 05:09:44 -0400 Received: from userp2120.oracle.com ([156.151.31.85]:40424 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750850AbeEMJJn (ORCPT ); Sun, 13 May 2018 05:09:43 -0400 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4D96MOE180757; Sun, 13 May 2018 09:09:18 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version : message-id : date : from : to : cc : subject : content-type : content-transfer-encoding; s=corp-2017-10-26; bh=kPdNYUi5hdBJrMrltMFhjkVMqOedDNMmpLO/50cd7aM=; b=skBQzngVim9PS3Q4iR0nV8nYQX+LJ7hnyt0ub9WydmVYu3QbiNjX8c2IabMgHxLgYdUO lu3i/FVFRG6KkDyKLnLZFOqIBM84xEn5b2ei6rZ0i+C4GLemg1v/iR1Y/gxi4VfjhOsw 2c01g2trPzqiDfSQcIW52cbQ2ulbgfjJ3d6LtGQjzYJDQD9T+t8/hdC38VkRWvPEbmwk nmwh0hbQgUK+KcfbPN08pTGAa9d0M7zN906c+OxefExoDGgB+z3iG/wDdJe3oQdQwE0Q /oT4W+yoWN+KS26K/5q5gvqpChJKFg40B+QLXDfx9jeQzNH4qm4F662Pxy4t9w0vsd0K JA== Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp2120.oracle.com with ESMTP id 2hx29vs028-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 09:09:18 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w4D99HlD009497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 13 May 2018 09:09:18 GMT Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w4D99HxT020385; Sun, 13 May 2018 09:09:17 GMT MIME-Version: 1.0 Message-ID: <1712698c-9539-4d62-b92f-53c937b1749b@default> Date: Sun, 13 May 2018 02:09:16 -0700 (PDT) From: Liran Alon To: Cc: , , , , Subject: Re: [PATCH 1/2] KVM: X86: Fix CR3 reserve bits X-Mailer: Zimbra on Oracle Beehive Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8891 signatures=668698 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=855 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805130095 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ----- kernellwp@gmail.com wrote: > 2018-05-13 16:28 GMT+08:00 Liran Alon : > > > > ----- kernellwp@gmail.com wrote: > > > >> 2018-05-13 15:53 GMT+08:00 Liran Alon : > >> > > >> > ----- kernellwp@gmail.com wrote: > >> > > >> >> From: Wanpeng Li > >> >> > >> >> MSB of CR3 is a reserved bit if the PCIDE bit is not set in > CR4. > >> >> It should be checked when PCIDE bit is not set, however commit > >> >> 'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based > on > >> >> its physical address width")' removes the bit 63 checking > >> >> unconditionally. This patch fixes it by checking bit 63 of CR3 > >> >> when PCIDE bit is not set in CR4. > >> >> > >> >> Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits > based > >> on > >> >> its physical address width) > >> >> Cc: Paolo Bonzini > >> >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 > >> >> Cc: Junaid Shahid > >> >> Signed-off-by: Wanpeng Li > >> >> --- > >> >> arch/x86/kvm/emulate.c | 4 +++- > >> >> arch/x86/kvm/x86.c | 2 +- > >> >> 2 files changed, 4 insertions(+), 2 deletions(-) > >> >> > >> >> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c > >> >> index b3705ae..b21f427 100644 > >> >> --- a/arch/x86/kvm/emulate.c > >> >> +++ b/arch/x86/kvm/emulate.c > >> >> @@ -4189,7 +4189,9 @@ static int check_cr_write(struct > >> >> x86_emulate_ctxt *ctxt) > >> >> maxphyaddr =3D eax & 0xff; > >> >> else > >> >> maxphyaddr =3D 36; > >> >> - rsvd =3D rsvd_bits(maxphyaddr, 62); > >> >> + if (ctxt->ops->get_cr(ctxt, 4) & > >> X86_CR4_PCIDE) > >> >> + new_val &=3D ~CR3_PCID_INVD; > >> >> + rsvd =3D rsvd_bits(maxphyaddr, 63); > >> > > >> > I would prefer instead to do this: > >> > if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) > >> > rsvd &=3D ~CR3_PCID_INVD; > >> > It makes more sense as opposed to temporary removing the > >> CR3_PCID_INVD bit from new_val. > >> > >> It tries the same way > >> > https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__git.kernel.org_pub= _scm_virt_kvm_kvm.git_commit_-3Fid-3Dc19986fea873f3c745122bf79013a872a190f2= 12&d=3DDwIFaQ&c=3DRoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=3DJk6Q8nNzk= Q6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=3Dr52WDgKBorUHwe_B_5Nw2Le_F_E0ne8lqqWW= 6n-3bSg&s=3DufTcXvhhAMkY3XP6gAx-HiKCT8ynPWo2fs2z9DqCzM4&e=3D > >> pointed out. > >> > >> Regards, > >> Wanpeng Li > > > > Yes but there it makes sense as new CR3 value should not have bit 63 > set in vcpu->arch.cr3. >=20 > When X86_CR4_PCIDE =3D=3D 0 and CR3 63 bit is set, a #GP is missing in > your suggestion. >=20 > Regards, > Wanpeng Li Why? I suggest the following change: - rsvd =3D rsvd_bits(maxphyaddr, 62); + rsvd =3D rsvd_bits(maxphyaddr, 63); + if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) + rsvd &=3D ~CR3_PCID_INVD; In this case, if PCIDE=3D0 then bit 63 is set in rsvd and therefore check_c= r_write() will emulate_gp() as needed.