Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3017572imm; Sun, 13 May 2018 02:15:18 -0700 (PDT) X-Google-Smtp-Source: AB8JxZrh0hcfRTfhNe2CgVV1AZVxr+XpG9iOPykZpo3ypHxWhDvHubwynt6PdSzZyadgWcKcgxPx X-Received: by 2002:a63:2a89:: with SMTP id q131-v6mr4871460pgq.379.1526202918762; Sun, 13 May 2018 02:15:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526202918; cv=none; d=google.com; s=arc-20160816; b=xVQPKnhxYAyehJZCZHMJm4okrdGdy0zRhIdMPs5zcw4f8IomLz3o74ji7QtCoCuv12 RaNJNg4tWWa1JiaA0P4vHbVkc5xQneNDEabRSSTbVEnU6FP/uEg8PK2nQcrZ06MI6DFf F0UL6ieQOTBiRzng0tXCPF2QycsBVuUWP+bfNdtsDe5pdve0k1ds4LB9axNyr3uJnZzT hF+tD1UUylaPpz3b7shrs7+aPZImKWIQOIxvcUcwTw2n1r/O/lcRNWHCGmJIw3bnC5oW 7UYhx5qmzKc2u7SKkseYSrECSc8NB368qN50mP6z3s39QSbIS7GgBIxX5LqRm8tYpWXx P8bQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=fdg7gE9YRLRlbBJny44sIsorhxZABpqfdUWHrb46m4A=; b=YuFPykRbcLPn2PB1e4rcHKtFmBVLjpwnnoYhZx/tW6t67IdTZ1uksraEkrEHOocngD p6k2zfpYZxorsEMuKeegzkKcmAiDIBVgHUDcITa/NrGKDqcGm9X6pZcp3oeRfCSN7xoP /torYDskvrJPrPWOveqW7MrPNNLkJLkm4r16S6DBTDaisra1yJk7kIeI+9+BYmd9/KXv Sc5E8AldjD9i/OWQK36xXmwNfHEbO5svf74L8iTdUmegMZA0JXunJclux9owRgF0IkLK YXUeW+M48MhgwpamSjFaS2BQ0/WEluz6UsmLZ6L+8464dyqhebtkkgq68eJ7c2PMZVeK /IpA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ScMOR7wH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l3-v6si7216064pfa.368.2018.05.13.02.15.04; Sun, 13 May 2018 02:15:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ScMOR7wH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751851AbeEMJOx (ORCPT + 99 others); Sun, 13 May 2018 05:14:53 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:45773 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751052AbeEMJOv (ORCPT ); Sun, 13 May 2018 05:14:51 -0400 Received: by mail-oi0-f66.google.com with SMTP id b130-v6so8202602oif.12; Sun, 13 May 2018 02:14:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=fdg7gE9YRLRlbBJny44sIsorhxZABpqfdUWHrb46m4A=; b=ScMOR7wHOS+dgN+DwsSu/BkDPyowj8by9LWfgCGo6z0ce4N0VxnqvzMOguLLUJzweB vXuR7KekJ8H3Ldeu59cTuhu2BW26wfoGQmke2SGH/1vb/ejgKL603JMc8BLMsRW7QVlE pmqOX2EdfkH5Grt/RfogZfMoQlqsCTXAWbzK1L3yMJk5RD4u+XuP4gX9t3jXuR+dGJR6 p1rZNwLxKAQ4Y3k3tO2BW0LNvmeh7+8vCOhGtKZfPYPGtu3Hq5xFnvFr7MVCUMDUqZBa 0kpIZ55mB5YWPKO26P0rgJhK3dEgMLN3ccm56nCTrx2XkM4HHsSygfPsHnEg2mgH1Iq2 5bGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=fdg7gE9YRLRlbBJny44sIsorhxZABpqfdUWHrb46m4A=; b=WSHWfQyFXzhu8+OXIohmq4amPUZ7ovdUW9oySsdhoSAx+EMWhsCLTrOlCyIQsSN+df e/cD6pOZjSgpxmYcCOjNJ9verc+C6YVdscYiXv6MfusaIrwzOh2RS5pNTuoBYlP5/K+a bBXsLVd17QV+BbaGT/EDFVtnAr4Wxobbld75tAP7JlzZjRjsT5cI4YHOXpb0S9XaFKUx WMABG9t8YGiFN0YAwvE5Grx9E3E5YJv+/KfIG/JNQawst2mg7rQkBYBqfHVucXATU6bp qLmt5M+BWB66uCqJIy+cSU0v8VbrWKPQ0Ib+4v2AOWW2taziGkkBuJ7gi5NcsgwehqOG TenQ== X-Gm-Message-State: ALKqPwdWApSWSEw/xC474hkeehOTBmp912YNKfq7lMTzlzXnbvK977ip 92ZF5gToJbkunwon069x+tEHpWz/H5tu619UNrU= X-Received: by 2002:aca:b2c6:: with SMTP id b189-v6mr3828466oif.186.1526202891101; Sun, 13 May 2018 02:14:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.70.211 with HTTP; Sun, 13 May 2018 02:14:50 -0700 (PDT) In-Reply-To: <1712698c-9539-4d62-b92f-53c937b1749b@default> References: <1712698c-9539-4d62-b92f-53c937b1749b@default> From: Wanpeng Li Date: Sun, 13 May 2018 17:14:50 +0800 Message-ID: Subject: Re: [PATCH 1/2] KVM: X86: Fix CR3 reserve bits To: Liran Alon Cc: Radim Krcmar , Paolo Bonzini , LKML , kvm , Junaid Shahid Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-05-13 17:09 GMT+08:00 Liran Alon : > > ----- kernellwp@gmail.com wrote: > >> 2018-05-13 16:28 GMT+08:00 Liran Alon : >> > >> > ----- kernellwp@gmail.com wrote: >> > >> >> 2018-05-13 15:53 GMT+08:00 Liran Alon : >> >> > >> >> > ----- kernellwp@gmail.com wrote: >> >> > >> >> >> From: Wanpeng Li >> >> >> >> >> >> MSB of CR3 is a reserved bit if the PCIDE bit is not set in >> CR4. >> >> >> It should be checked when PCIDE bit is not set, however commit >> >> >> 'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based >> on >> >> >> its physical address width")' removes the bit 63 checking >> >> >> unconditionally. This patch fixes it by checking bit 63 of CR3 >> >> >> when PCIDE bit is not set in CR4. >> >> >> >> >> >> Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits >> based >> >> on >> >> >> its physical address width) >> >> >> Cc: Paolo Bonzini >> >> >> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 >> >> >> Cc: Junaid Shahid >> >> >> Signed-off-by: Wanpeng Li >> >> >> --- >> >> >> arch/x86/kvm/emulate.c | 4 +++- >> >> >> arch/x86/kvm/x86.c | 2 +- >> >> >> 2 files changed, 4 insertions(+), 2 deletions(-) >> >> >> >> >> >> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c >> >> >> index b3705ae..b21f427 100644 >> >> >> --- a/arch/x86/kvm/emulate.c >> >> >> +++ b/arch/x86/kvm/emulate.c >> >> >> @@ -4189,7 +4189,9 @@ static int check_cr_write(struct >> >> >> x86_emulate_ctxt *ctxt) >> >> >> maxphyaddr =3D eax & 0xff; >> >> >> else >> >> >> maxphyaddr =3D 36; >> >> >> - rsvd =3D rsvd_bits(maxphyaddr, 62); >> >> >> + if (ctxt->ops->get_cr(ctxt, 4) & >> >> X86_CR4_PCIDE) >> >> >> + new_val &=3D ~CR3_PCID_INVD; >> >> >> + rsvd =3D rsvd_bits(maxphyaddr, 63); >> >> > >> >> > I would prefer instead to do this: >> >> > if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) >> >> > rsvd &=3D ~CR3_PCID_INVD; >> >> > It makes more sense as opposed to temporary removing the >> >> CR3_PCID_INVD bit from new_val. >> >> >> >> It tries the same way >> >> >> https://urldefense.proofpoint.com/v2/url?u=3Dhttps-3A__git.kernel.org_pu= b_scm_virt_kvm_kvm.git_commit_-3Fid-3Dc19986fea873f3c745122bf79013a872a190f= 212&d=3DDwIFaQ&c=3DRoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=3DJk6Q8nNz= kQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=3Dr52WDgKBorUHwe_B_5Nw2Le_F_E0ne8lqqW= W6n-3bSg&s=3DufTcXvhhAMkY3XP6gAx-HiKCT8ynPWo2fs2z9DqCzM4&e=3D >> >> pointed out. >> >> >> >> Regards, >> >> Wanpeng Li >> > >> > Yes but there it makes sense as new CR3 value should not have bit 63 >> set in vcpu->arch.cr3. >> >> When X86_CR4_PCIDE =3D=3D 0 and CR3 63 bit is set, a #GP is missing in >> your suggestion. >> >> Regards, >> Wanpeng Li > > Why? > > I suggest the following change: > - rsvd =3D rsvd_bits(maxphyaddr, 62); > + rsvd =3D rsvd_bits(maxphyaddr, 63); > + if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE) > + rsvd &=3D ~CR3_PCID_INVD; > > In this case, if PCIDE=3D0 then bit 63 is set in rsvd and therefore check= _cr_write() will emulate_gp() as needed. Ok, I misread your first reply, will send out v2. Regards, Wanpeng Li