Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5416434yba;
        Wed, 8 May 2019 13:00:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxhMoqVlHZmn82VVrNwOiVRdkZL2UrcYehqMqSvQh4EWoENz5VlflxLrF/ewRWB1T9KI2WF
X-Received: by 2002:a17:902:820c:: with SMTP id x12mr48498566pln.199.1557345650785;
        Wed, 08 May 2019 13:00:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1557345650; cv=none;
        d=google.com; s=arc-20160816;
        b=ozSWq84WvWr0iYR7uMbTcKqF9ce22f0UipktNmB3C8eWMmJWEML46kUEwx7cyY176s
         j+Fv63k1HH8GeztEMLwqIrNy6lj4il1HI5/SdLp365IlrIbb63eJaDy39C6FrMaX5nDC
         bvsTJrmVg0BjUt3cA3t6a86B2XqEuAqcmNFqYZS2sjF+mKJbhjMB2kC1icXCQk4n1qPw
         oIeM0hiWR1WkpY6gueB3PKqPyQxfcNScfJ3sp70zKUZZ5LAFBIPceZ80tgsa48KASt4e
         YmqhzLxlCh7g9QjnHFdE+42yNoIfRSBEgdjch+Iztsrv9t7+SeJAiuzyZhtYEG+H0H9I
         kwIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=LXuwbV2MomMhbfyVRrBaEuMWaMX3B/IUoMF1tjnif/4=;
        b=jKvbjN+FmRQSVFOOjPn3eUqcggbD9OS9Y9EEblV0inIi5pVMxFniC8JSD9aFh+zNHG
         Q4bkxwQhENjKQqHRmO5bnAQ7BA0Sf+dstOSewoP03QTIAS+G9dgyJJNQtlVYWUyNmB36
         UWe5WLQq4kXxSexLAR6ZSMt4gqziS1lghvwnqa0rdK+pID6S42wtaEIglSQCrm3Y9Eki
         7G1RmmfErF1sugqCpZfDtoE9zxqX+/K3qrS3QKFCrmaUk+VMCcHKuVb4QvN0N8lYX7w0
         QLiOUYIiSdQ8oZctRn+nCXFzWLaoT+0OdLDzjUW+Y14Fr9zqx5nh4rgYSXHdAxTmhEey
         D1aw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=F8u8ZwXk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id n189si12916104pgn.581.2019.05.08.13.00.26;
        Wed, 08 May 2019 13:00:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=F8u8ZwXk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727175AbfEHRx2 (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Wed, 8 May 2019 13:53:28 -0400
Received: from mail-lj1-f194.google.com ([209.85.208.194]:34854 "EHLO
        mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726634AbfEHRx2 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 8 May 2019 13:53:28 -0400
Received: by mail-lj1-f194.google.com with SMTP id m20so9036364lji.2
        for <linux-kernel@vger.kernel.org>; Wed, 08 May 2019 10:53:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=LXuwbV2MomMhbfyVRrBaEuMWaMX3B/IUoMF1tjnif/4=;
        b=F8u8ZwXk2F2XX1EmUFc4kMkf/eW28sPItGSkR2bYWu6rAGtelSzq8Dq1VxeMkGahCs
         cCU18fvMfZ5DQu8IdRpt3bN7ZLsMWXXW+qqR4DxUAQ87flufGAog4FeAtBRgzim9Rnxf
         TJevNLvCGQIObgV2l+7raw39c8QfIUsFQomYV4WyNp3HAobTuT7fSWpOf2sZlFlbGCHa
         FVjMbUAWUxgQ36En9+dEELEou9dMHunmjTUvJaMNCYK90nwe2PPk/kFFAyrAf6bL55Yc
         cZCBT5QdzR24NlIR43JDCs+XW/ylRLZ2PFOufrIxCf30X2GiNYsJMsMCXJbugm1FFN7e
         CRLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=LXuwbV2MomMhbfyVRrBaEuMWaMX3B/IUoMF1tjnif/4=;
        b=kX5O+Gd5rJwESoHifBQxa6I+vZaGinZthdW/wHrctns1shRc42o/XagiVKXImWbNkM
         fpciB3WCnH49mHywLcsJPnHQ1J96YQkjBXeaCr1H76W0jl/LXzqAWMzbpKlVcBt6OTo0
         zw341uQgSIEPtyJTX12OVjd6Z6FV9nWfwcQ0riZJwUevM/WTHcYGRp6bn8Np+htteacq
         /qUPHjM1GhWbonxVykIxtFni12w6oHB5IN/oEg8k7ZkZV7hi2r4JhWXxNIVbs4TeBGtf
         DN6L7r5o38xzCBUhsdO9lP/Ncsyq3zuke0PbJK8KyK4x/wLPED35e9iXKzT+y89/Qmze
         OKhA==
X-Gm-Message-State: APjAAAXrm8h2czlTNmwe8f8tjOoUe5xczj0LWsNqW06rmuWLBgEuRbA3
        Fu1m+ihI80bo3UDlazzrXGte/VgK4YPTiT2hmRFy0w==
X-Received: by 2002:a2e:95c7:: with SMTP id y7mr9330668ljh.29.1557338004342;
 Wed, 08 May 2019 10:53:24 -0700 (PDT)
MIME-Version: 1.0
References: <1557317799-39866-1-git-send-email-pbonzini@redhat.com> <20190508142023.GA13834@linux.intel.com>
In-Reply-To: <20190508142023.GA13834@linux.intel.com>
From:   Aaron Lewis <aaronlewis@google.com>
Date:   Wed, 8 May 2019 10:53:12 -0700
Message-ID: <CAAAPnDE0ujH4eTX=4umTTEmUMyaZ7M0B3qxWa7oUUD-Ls7Ta+A@mail.gmail.com>
Subject: Re: [PATCH v2] kvm: nVMX: Set nested_run_pending in
 vmx_set_nested_state after checks complete
To:     Sean Christopherson <sean.j.christopherson@intel.com>
Cc:     Paolo Bonzini <pbonzini@redhat.com>, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org, Peter Shier <pshier@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <sean.j.christopherson@intel.com>
Date: Wed, May 8, 2019 at 7:20 AM
To: Paolo Bonzini
Cc: <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>, Peter
Shier, Aaron Lewis

> On Wed, May 08, 2019 at 02:16:39PM +0200, Paolo Bonzini wrote:
> > From: Aaron Lewis <aaronlewis@google.com>
>
> If this is actually attributed to Aaron it needs his SOB.
>
> > nested_run_pending=1 implies we have successfully entered guest mode.
> > Move setting from external state in vmx_set_nested_state() until after
> > all other checks are complete.
>
> It'd be helpful to at least mention the flag is consumed by
> nested_vmx_enter_non_root_mode().
>
> > Based on a patch by Aaron Lewis.
> >
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
>
> For the code itself:
>
> Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
>
> >  arch/x86/kvm/vmx/nested.c | 10 ++++++----
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> > index cec77f30f61c..e58caff92694 100644
> > --- a/arch/x86/kvm/vmx/nested.c
> > +++ b/arch/x86/kvm/vmx/nested.c
> > @@ -5420,9 +5420,6 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
> >       if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
> >               return 0;
> >
> > -     vmx->nested.nested_run_pending =
> > -             !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
> > -
> >       if (nested_cpu_has_shadow_vmcs(vmcs12) &&
> >           vmcs12->vmcs_link_pointer != -1ull) {
> >               struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);
> > @@ -5446,9 +5443,14 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
> >               return -EINVAL;
> >
> >       vmx->nested.dirty_vmcs12 = true;
> > +     vmx->nested.nested_run_pending =
> > +             !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
> > +
> >       ret = nested_vmx_enter_non_root_mode(vcpu, false);
> > -     if (ret)
> > +     if (ret) {
> > +             vmx->nested.nested_run_pending = 0;
> >               return -EINVAL;
> > +     }
> >
> >       return 0;
> >  }
> > --
> > 1.8.3.1
> >

nested_run_pending is also checked in
nested_vmx_check_vmentry_postreqs
(https://elixir.bootlin.com/linux/v5.1/source/arch/x86/kvm/vmx/nested.c#L2709)
so I think the setting needs to be moved to just prior to that call
with Paolo's rollback along with another for if the prereqs and
postreqs fail.  I put a patch together below:

------------------------------------

nested_run_pending=1 implies we have successfully entered guest mode.
Move setting from external state in vmx_set_nested_state() until after
all other checks are complete.

Signed-off-by: Aaron Lewis <aaronlewis@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
---
 arch/x86/kvm/vmx/nested.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index 6401eb7ef19c..cf1f810223d2 100644
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5460,9 +5460,6 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
  if (!(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
  return 0;

- vmx->nested.nested_run_pending =
- !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
-
  if (nested_cpu_has_shadow_vmcs(vmcs12) &&
      vmcs12->vmcs_link_pointer != -1ull) {
  struct vmcs12 *shadow_vmcs12 = get_shadow_vmcs12(vcpu);
@@ -5480,14 +5477,21 @@ static int vmx_set_nested_state(struct kvm_vcpu *vcpu,
  return -EINVAL;
  }

+ vmx->nested.nested_run_pending =
+ !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
+
  if (nested_vmx_check_vmentry_prereqs(vcpu, vmcs12) ||
-     nested_vmx_check_vmentry_postreqs(vcpu, vmcs12, &exit_qual))
+     nested_vmx_check_vmentry_postreqs(vcpu, vmcs12, &exit_qual)) {
+     vmx->nested.nested_run_pending = 0;
  return -EINVAL;
+ }

  vmx->nested.dirty_vmcs12 = true;
  ret = nested_vmx_enter_non_root_mode(vcpu, false);
- if (ret)
+ if (ret) {
+ vmx->nested.nested_run_pending = 0;
  return -EINVAL;
+ }

  return 0;
 }