Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3101129imm;
        Sun, 13 May 2018 04:20:20 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpRIr5npk/EKXz1K7CyBUnD56AP40CMwyNKwN5EkTSGkCh0YLVaNc5HMpGws8w1qrjSs43b
X-Received: by 2002:a17:902:3103:: with SMTP id w3-v6mr5180912plb.37.1526210420906;
        Sun, 13 May 2018 04:20:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526210420; cv=none;
        d=google.com; s=arc-20160816;
        b=JYGNujYX7eSuvmdsXq+6+1I44kabYkBQ4w0gS/X98hfbFgSJM2yUpXCJJQEXZmEXBb
         saRqSyLhY9XvpMifN2qIOyA6/G0FFts5h70ketbiYArtMY8zteR35bnjXy9ts/jxQDg1
         6/3p2RY0smIXTT58Kfttfgx+BhX8z48b46oW2GZF6CxKPRq1MATdcY95IZ+aMxmMPd3s
         grVpsjLDWkLUSd6i8ae/EWUgSXMljlJeYE8IuNdOf3o27hj912Qeg84y8zews04Mf9tx
         5cPaNCQHDDuECHmRTPe0qlvA54yazT4ivIb8dmQS9j3VNoGep7zulYK0h5PqS2NF0NuV
         cLtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-disposition
         :content-transfer-encoding:subject:cc:to:from:date:message-id
         :mime-version:dkim-signature:arc-authentication-results;
        bh=moxrrnkSqEQV8CsP6+jZGU75dBOytEvXZaAIzjG0toc=;
        b=kKOSTXUTBSi08I6Fe7rH7l76ESZrkfTt86sk2+MZyrA/06k/zZFadaWsakfRTogPzM
         GqFo+N+kFLkj0YgSxrwO3HB5cgrBmRWCUIKYVaxFmtTXWzDoCHVrdH8JaR0KPwRwdtpa
         1Tcb/MrYP/IvvO246rrWgrgeKDTC8Cb64iQAdGeV62ca/4tT1swKvwj1gq6NAnXgwHZD
         0n27AZKKG4s9jMyHwAlzcwkGWYR+m1NtmcKKOXN5Sth0ALCiJjhQqU61T04jCH2RC4dh
         ccvso3x5MpBSwBRpwHp0mn0ckv8eRDklLogDn1iarA4dKGB3jSLwZNBLdhXG4Fh6rr8Y
         kQag==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=a3jdPp9f;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m5-v6si4793973pgv.191.2018.05.13.04.20.05;
        Sun, 13 May 2018 04:20:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=a3jdPp9f;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751381AbeEMLTz (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Sun, 13 May 2018 07:19:55 -0400
Received: from aserp2120.oracle.com ([141.146.126.78]:48252 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750941AbeEMLTy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 13 May 2018 07:19:54 -0400
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w4DBFuFu108300;
        Sun, 13 May 2018 11:19:29 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version :
 message-id : date : from : to : cc : subject : content-type :
 content-transfer-encoding; s=corp-2017-10-26;
 bh=moxrrnkSqEQV8CsP6+jZGU75dBOytEvXZaAIzjG0toc=;
 b=a3jdPp9faxUMhyXC1JOkjlPRwlaoVb+M69efmSjU3TtO9ZT+pEQzM9vLtHbYevSJkTJF
 zc5/fAdrnB47703Dop6kspPPk1rSOPB62OjdSooOOQQm0uBaoqkcQtx8i4VgSnonN3t+
 cPcduC4S404c6XhhuuFdP0j6X4ur/z7VWVUJX0KbqBllrhlhPsNkHtKQ9iORbqqKxqhS
 IsURyuZh/dzuYwXKDxt3t3E2AE2tBjwAAG9HT2wJSuV8fW9sOktUy705pGWDaw6UhyqJ
 K7LYBHfySjwr1Ojq0/ZoarsHRHDuhnJsj0hsc9QTN5OeEgx4yg+/qKlBnjpYK+9LtA02 XQ== 
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74])
        by aserp2120.oracle.com with ESMTP id 2hx29vs4re-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Sun, 13 May 2018 11:19:29 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235])
        by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w4DBJSUa006938
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Sun, 13 May 2018 11:19:28 GMT
Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16])
        by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w4DBJSFE000777;
        Sun, 13 May 2018 11:19:28 GMT
MIME-Version: 1.0
Message-ID: <b227f6aa-20a8-4c5f-ac10-9bc220914857@default>
Date:   Sun, 13 May 2018 04:19:27 -0700 (PDT)
From:   Liran Alon <liran.alon@oracle.com>
To:     <kernellwp@gmail.com>
Cc:     <rkrcmar@redhat.com>, <pbonzini@redhat.com>,
        <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>,
        <junaids@google.com>
Subject: Re: [PATCH v2] KVM: X86: Fix CR3 reserve bits
X-Mailer: Zimbra on Oracle Beehive
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8891 signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=611
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1711220000 definitions=main-1805130118
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


----- kernellwp@gmail.com wrote:

> From: Wanpeng Li <wanpengli@tencent.com>
>=20
> MSB of CR3 is a reserved bit if the PCIDE bit is not set in CR4.=20
> It should be checked when PCIDE bit is not set, however commit=20
> 'd1cd3ce900441 ("KVM: MMU: check guest CR3 reserved bits based on=20
> its physical address width")' removes the bit 63 checking=20
> unconditionally. This patch fixes it by checking bit 63 of CR3=20
> when PCIDE bit is not set in CR4.
>=20
> Fixes: d1cd3ce900441 (KVM: MMU: check guest CR3 reserved bits based on
> its physical address width)
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Radim Kr=C4=8Dm=C3=A1=C5=99 <rkrcmar@redhat.com>
> Cc: Junaid Shahid <junaids@google.com>
> Cc: Liran Alon <liran.alon@oracle.com>
> Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
> ---
> v1 -> v2:
>  * remove CR3_PCID_INVD in rsvd when PCIDE is 1 instead of=20
>    removing CR3_PCID_INVD in new_value
>=20
>  arch/x86/kvm/emulate.c | 4 +++-
>  arch/x86/kvm/x86.c     | 2 +-
>  2 files changed, 4 insertions(+), 2 deletions(-)
>=20
> diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
> index b3705ae..143b7ae 100644
> --- a/arch/x86/kvm/emulate.c
> +++ b/arch/x86/kvm/emulate.c
> @@ -4189,7 +4189,9 @@ static int check_cr_write(struct
> x86_emulate_ctxt *ctxt)
>  =09=09=09=09maxphyaddr =3D eax & 0xff;
>  =09=09=09else
>  =09=09=09=09maxphyaddr =3D 36;
> -=09=09=09rsvd =3D rsvd_bits(maxphyaddr, 62);
> +=09=09=09rsvd =3D rsvd_bits(maxphyaddr, 63);
> +=09=09=09if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_PCIDE)
> +=09=09=09=09rsvd &=3D ~CR3_PCID_INVD;
>  =09=09}
> =20
>  =09=09if (new_val & rsvd)
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 87e4805..9a90668 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -863,7 +863,7 @@ int kvm_set_cr3(struct kvm_vcpu *vcpu, unsigned
> long cr3)
>  =09}
> =20
>  =09if (is_long_mode(vcpu) &&
> -=09    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 62)))
> +=09    (cr3 & rsvd_bits(cpuid_maxphyaddr(vcpu), 63)))
>  =09=09return 1;
>  =09else if (is_pae(vcpu) && is_paging(vcpu) &&
>  =09=09   !load_pdptrs(vcpu, vcpu->arch.walk_mmu, cr3))
> --=20
> 2.7.4

Reviewed-by: Liran Alon <liran.alon@oracle.com>