Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp1357873ybf;
        Thu, 27 Feb 2020 09:25:52 -0800 (PST)
X-Google-Smtp-Source: APXvYqwC10R1J3wFaejv2bugkSg/OqKV8mJVPDs48wylvoaGKpsv7fdLA9STv3CZB7PrNx7Td9hu
X-Received: by 2002:aca:f584:: with SMTP id t126mr97665oih.132.1582824352130;
        Thu, 27 Feb 2020 09:25:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582824352; cv=none;
        d=google.com; s=arc-20160816;
        b=q2pf9ZGCa+hbSzIkZHkSMnKRCfJIACdEa5DAM+7G/cfUlWRN5zAQ80Up7L88JLRtvF
         dOeVtX6JIWShQgtENAOg2UpEsjkzzYdNOBjOPjjaqIfDfmm7obqvCQr5pC51r+UhBqqS
         tW1eTMtwk7pEQbxLEuFLcnW2y1/XHHJHRPxJEe95xZO8RZKtsjtyGM71Xwnmp3EPGSqj
         YL/+I0H2E5s2YfdKJSVzVbwr2AjhYUxkVa0OED13SZZN2/zlbaq3QkAATWo0KD70WL+K
         p5MGbBoL9tpAcXgayopJuPU9qHMpPRojdRgFcnz0dtJyup2dlC2u0QwEhGIkZDzlAZCl
         0LFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=Gjp4z4++70DlRdyoFwoW1wXA2SmQC4OgN2YnpC8FfY0=;
        b=AjjnHCMQ7Er4eM3o7swe03jbKwPTUl4BzsH5AjA/DI3XD+VTp3+Kgic29BHYxQIJnR
         Nzp5j7t6P/fwvAlfZkLtqd+JGxoTDa6j45zL5F5UKFVPCow1haHx39uYkzKa9v8h5YMu
         3WUKPabHPs9av3I19GKENOurqJYAs2Ca9QtZT73rUVxs7pDt2DNFk5Xvbvnx9eA4ENhS
         ZNNwTU9QddkQASNu3ODtyydWx0G4H4g5Ow/eWDyDkfnOLtFu4hex6VpKphB5Ex6+5UW6
         4IsfKxl7E1CfkIl51Svz8/bht9SqRh6d276L69KkiiFnqpu2Sdvr4e/SkonplOK1s0rr
         oQjg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MHBomGOo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j20si234442oii.80.2020.02.27.09.25.40;
        Thu, 27 Feb 2020 09:25:52 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MHBomGOo;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730043AbgB0RXi (ORCPT <rfc822;wxiaokuan@gmail.com> + 99 others);
        Thu, 27 Feb 2020 12:23:38 -0500
Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:52870 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1729894AbgB0RXi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Feb 2020 12:23:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1582824216;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=Gjp4z4++70DlRdyoFwoW1wXA2SmQC4OgN2YnpC8FfY0=;
        b=MHBomGOoRD/7LgV8bXtFl/R7xjrs+mHM41goUid9xnXO5BJ7zAmRSpIQMG5ExCJsdAzF51
        2+lNohmhtf1NttgMNkCJQtZym/65ZuxgSG6/zKNHyjXrut4yuWUZOaXOz5QWteo5V4dCaM
        JQkPvyRYrGfOhWSEfPN2V87uEOrolxM=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-299-MIUn5VExOQGbEy_dwFFG-A-1; Thu, 27 Feb 2020 12:23:32 -0500
X-MC-Unique: MIUn5VExOQGbEy_dwFFG-A-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 73BA5800D54;
        Thu, 27 Feb 2020 17:23:30 +0000 (UTC)
Received: from millenium-falcon.redhat.com (unknown [10.36.118.42])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 6A13A1001B2C;
        Thu, 27 Feb 2020 17:23:23 +0000 (UTC)
From:   Mohammed Gamal <mgamal@redhat.com>
To:     kvm@vger.kernel.org, pbonzini@redhat.com
Cc:     sean.j.christopherson@intel.com, vkuznets@redhat.com,
        wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org,
        linux-kernel@vger.kernel.org, Mohammed Gamal <mgamal@redhat.com>
Subject: [PATCH 0/5] KVM: Support guest MAXPHYADDR < host MAXPHYADDR
Date:   Thu, 27 Feb 2020 19:23:01 +0200
Message-Id: <20200227172306.21426-1-mgamal@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

When EPT/NPT is enabled, KVM does not really look at guest physical=20
address size. Address bits above maximum physical memory size are reserve=
d.=20
Because KVM does not look at these guest physical addresses, it currently=
=20
effectively supports guest physical address sizes equal to the host.

This can be problem when having a mixed setup of machines with 5-level pa=
ge=20
tables and machines with 4-level page tables, as live migration can chang=
e=20
MAXPHYADDR while the guest runs, which can theoretically introduce bugs.

In this patch series we add checks on guest physical addresses in EPT=20
violation/misconfig and NPF vmexits and if needed inject the proper=20
page faults in the guest.

A more subtle issue is when the host MAXPHYADDR is larger than that of th=
e
guest. Page faults caused by reserved bits on the guest won't cause an EP=
T
violation/NPF and hence we also check guest MAXPHYADDR and add PFERR_RSVD=
_MASK
error code to the page fault if needed.


Mohammed Gamal (5):
  KVM: x86: Add function to inject guest page fault with reserved bits
    set
  KVM: VMX: Add guest physical address check in EPT violation and
    misconfig
  KVM: SVM: Add guest physical address check in NPF interception
  KVM: x86: mmu: Move translate_gpa() to mmu.c
  KVM: x86: mmu: Add guest physical address check in translate_gpa()

 arch/x86/include/asm/kvm_host.h |  6 ------
 arch/x86/kvm/mmu/mmu.c          | 10 ++++++++++
 arch/x86/kvm/mmu/paging_tmpl.h  |  2 +-
 arch/x86/kvm/svm.c              |  7 +++++++
 arch/x86/kvm/vmx/vmx.c          | 13 +++++++++++++
 arch/x86/kvm/x86.c              | 14 ++++++++++++++
 arch/x86/kvm/x86.h              |  1 +
 7 files changed, 46 insertions(+), 7 deletions(-)

--=20
2.21.1