Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1845824ybn; Thu, 26 Sep 2019 03:07:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqycjqZ6dAnuiZs/hsCisNwZUg5VrTABTkVTpBhCfzZREINcO8rck2PmJVU+fLal94ZFyP0R X-Received: by 2002:a17:906:938b:: with SMTP id l11mr2295115ejx.67.1569492466453; Thu, 26 Sep 2019 03:07:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1569492466; cv=none; d=google.com; s=arc-20160816; b=yY9DU3DCyP9fXMjSA4QLjhfajV8WTxwxocrNthreMhq+ZyUEbHfWclzyj74v1ugvtU /9yMDkZxCS/XiqZWd6UM58JpABK6u0OJ+CEy9sMYlX9Qx2sCUDisskVf4ImdKTbZ/2nI GIO7XTuDWdas6YNNx30L+G+3y5TDqwc/HVRCyh64cvcFUAkycIeYSKgjK7pgRgpct8Da RfSSVi4E0j62NnLV0zfVoe5xuiGBHxbUFLFavBCBn35DJL+hRKCqFfR5uSErk+YfNfox MvVpBVZUmgyUZfb2g0a34kn0jHYSWBG8dyNrbEHgIlg8crusFCGtbdszgkR+IbAzbYLt xBzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=g4/xuxSmWl76M0e2JgrpaUXPD+Ns9UygHRa/6EFUfgQ=; b=W0SRDqqBACvbtcgAzGhyyAkRpam32DfiEubdsnRg6onYQprkTQaUlGO7WsX5HfxrqW UKOFyU7GPsF2AVf7tYhlznElhaTXA+xrKpdb64lwfe4COMeGg3Z9FQ4ZhOrG1RDPR1Xx H7f4DfBfqTGtMjA5A/RBbnS2XtkjIg6gV1g+kqUX6vhZBczOP1fITIXdga0+/bZPxnz3 SFzd47jZ2tx6mYX/gTicVgrjX9cRshGNmxYveXffEQpp/x5uZR7eLGrPVsUIJTP3u0cf 9z4pGwMORa3dMMKidOys9FmN3k4LR2nq055FwfoIyiudDRA5c8FKPpJxIZasBybNVAOU QFzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=e4OsdQH0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 29si757417eje.235.2019.09.26.03.07.22; Thu, 26 Sep 2019 03:07:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=e4OsdQH0; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387482AbfIYXze (ORCPT + 99 others); Wed, 25 Sep 2019 19:55:34 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:33464 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728647AbfIYXze (ORCPT ); Wed, 25 Sep 2019 19:55:34 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x8PNsGsb154963; Wed, 25 Sep 2019 23:55:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=corp-2019-08-05; bh=g4/xuxSmWl76M0e2JgrpaUXPD+Ns9UygHRa/6EFUfgQ=; b=e4OsdQH0vRejMjXJgbgajX8o7UJcErvjofKPUCO5ViQcTpTaaWisjcli8oWDiRyQbo+o ctz+97WWWFJesUrBOYtNTTNK/J5kxIZKNL7jl9YHRI5VRMSWP4Lo1XPixWqwBhItUaK8 i8SA1SzNgClRS++bW1Myf41x8AcdlR+OtpNQz98TIfeXch+n0VX57IGL7iI5eQ5Pm9R0 0CqytJhMH9scVr6IKMsFHRewyni2J2bMMhtdrXmUBElPvdwH72rJFNVSkfTLiUJJAZ15 7Y0nayMn20a0QqAM2jT30naZOJtNYrDo00lG0e54OhP+5edrthg01V2qi3cn5LbR9Gf0 Rw== Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2130.oracle.com with ESMTP id 2v5b9tyxsk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Sep 2019 23:55:19 +0000 Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x8PNsAvJ015460; Wed, 25 Sep 2019 23:55:19 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3020.oracle.com with ESMTP id 2v82qaumma-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Sep 2019 23:55:18 +0000 Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x8PNtHdB027924; Wed, 25 Sep 2019 23:55:17 GMT Received: from dhcp-10-132-91-76.usdhcp.oraclecorp.com (/10.132.91.76) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 25 Sep 2019 16:55:17 -0700 Subject: Re: [PATCH] KVM: nVMX: cleanup and fix host 64-bit mode checks To: Jim Mattson , Paolo Bonzini Cc: LKML , kvm list , Sean Christopherson References: <1569429286-35157-1-git-send-email-pbonzini@redhat.com> From: Krish Sadhukhan Message-ID: <3460bd57-6fdd-f73c-9ce0-c97d4cc85f63@oracle.com> Date: Wed, 25 Sep 2019 16:55:15 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9391 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=3 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909250196 X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9391 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909250196 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/25/2019 09:47 AM, Jim Mattson wrote: > On Wed, Sep 25, 2019 at 9:34 AM Paolo Bonzini wrote: >> KVM was incorrectly checking vmcs12->host_ia32_efer even if the "load >> IA32_EFER" exit control was reset. Also, some checks were not using >> the new CC macro for tracing. >> >> Cleanup everything so that the vCPU's 64-bit mode is determined >> directly from EFER_LMA and the VMCS checks are based on that, which >> matches section 26.2.4 of the SDM. >> >> Cc: Sean Christopherson >> Cc: Jim Mattson >> Cc: Krish Sadhukhan >> Fixes: 5845038c111db27902bc220a4f70070fe945871c >> Signed-off-by: Paolo Bonzini >> --- >> arch/x86/kvm/vmx/nested.c | 53 ++++++++++++++++++++--------------------------- >> 1 file changed, 22 insertions(+), 31 deletions(-) >> >> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c >> index 70d59d9304f2..e108847f6cf8 100644 >> --- a/arch/x86/kvm/vmx/nested.c >> +++ b/arch/x86/kvm/vmx/nested.c >> @@ -2664,8 +2664,26 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu, >> CC(!kvm_pat_valid(vmcs12->host_ia32_pat))) >> return -EINVAL; >> >> - ia32e = (vmcs12->vm_exit_controls & >> - VM_EXIT_HOST_ADDR_SPACE_SIZE) != 0; >> +#ifdef CONFIG_X86_64 >> + ia32e = !!(vcpu->arch.efer & EFER_LMA); >> +#else >> + if (CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE)) >> + return -EINVAL; > This check is redundant, since it is checked in the else block below. Should we be re-using is_long_mode() instead of duplicating the code ? > >> + >> + ia32e = false; >> +#endif >> + >> + if (ia32e) { >> + if (CC(!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE)) || >> + CC(!(vmcs12->host_cr4 & X86_CR4_PAE))) >> + return -EINVAL; >> + } else { >> + if (CC(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) || >> + CC(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) || >> + CC(vmcs12->host_cr4 & X86_CR4_PCIDE) || >> + CC(((vmcs12->host_rip) >> 32) & 0xffffffff)) > The mask shouldn't be necessary. > >> + return -EINVAL; >> + } >> >> if (CC(vmcs12->host_cs_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) || >> CC(vmcs12->host_ss_selector & (SEGMENT_RPL_MASK | SEGMENT_TI_MASK)) || >> @@ -2684,35 +2702,8 @@ static int nested_vmx_check_host_state(struct kvm_vcpu *vcpu, >> CC(is_noncanonical_address(vmcs12->host_gs_base, vcpu)) || >> CC(is_noncanonical_address(vmcs12->host_gdtr_base, vcpu)) || >> CC(is_noncanonical_address(vmcs12->host_idtr_base, vcpu)) || >> - CC(is_noncanonical_address(vmcs12->host_tr_base, vcpu))) >> - return -EINVAL; >> - >> - if (!(vmcs12->host_ia32_efer & EFER_LMA) && >> - ((vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) || >> - (vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE))) { >> - return -EINVAL; >> - } >> - >> - if ((vmcs12->host_ia32_efer & EFER_LMA) && >> - !(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE)) { >> - return -EINVAL; >> - } >> - >> - if (!(vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) && >> - ((vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) || >> - (vmcs12->host_cr4 & X86_CR4_PCIDE) || >> - (((vmcs12->host_rip) >> 32) & 0xffffffff))) { >> - return -EINVAL; >> - } >> - >> - if ((vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) && >> - ((!(vmcs12->host_cr4 & X86_CR4_PAE)) || >> - (is_noncanonical_address(vmcs12->host_rip, vcpu)))) { >> - return -EINVAL; >> - } >> -#else >> - if (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE || >> - vmcs12->vm_exit_controls & VM_EXIT_HOST_ADDR_SPACE_SIZE) >> + CC(is_noncanonical_address(vmcs12->host_tr_base, vcpu)) || >> + CC(is_noncanonical_address(vmcs12->host_rip, vcpu))) >> return -EINVAL; >> #endif >> >> -- >> 1.8.3.1 >> > Reviewed-by: Jim Mattson