Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1158076ybb; Fri, 20 Mar 2020 14:33:15 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuQe8svgXA9fURwKzxrjgGQhk012WP4k9P68MqhpewZTJASoKwYCQhzYr+ew3E9YX4sYluc X-Received: by 2002:aca:d553:: with SMTP id m80mr8431118oig.30.1584739995211; Fri, 20 Mar 2020 14:33:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584739995; cv=none; d=google.com; s=arc-20160816; b=s9s5D84cTYQWvTb+JCWDAj7yf7REZhYbFPS/knnkAoQxhQxr1cGnob3tQZV5WvImuD 5f9WVNCR9IUrykcIkYNHnSDPamUvuQncAF3/Gw/4WtErPSj/GDbOnftx7vphj2IcJyC3 gAIIpRC5lg4xDjlehtyOFr7YAb+QlnkelS+0ZtJu5gpMBPNFVGQaCXuF+O9NKQVJiPO5 CT09nF4k0QNapfkM4R2CSX2VKuOxOZ7E/u+pJZdFA8WPExMRCzOfvAgbr97aW/ymlX8O oisSZECDo1Ag4Zl2zKN0Vgs9MRJBebqirMdwUhapQH28Eh3OeGBCyoIdMsVMbe7yMD1E 75BQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=ynPFaUUV8IJECchEEMq4nhR16ss2azELn23ZgAffMUY=; b=rgyaffaaG1teXhv6wh6Fd1Z2+6C+qyDsQXupN5kJ7RxIBgg7yZFFN1WEU66Jd+imqI 86dV/Xwm+0DqwfN2pFwHylOYM3wKAbtASxHjO6QF3pNAGpJBWSjPBLvCQu42O7RShGqC Mliguqy2YL3V8iBKDVWOQtSsv7r9h0rNMlc6q5vNK0hyge4wZwJpkOUbXfX2QwEmmf/j vET0XvNDAsTvX8/vkfwziJSkuHFSVfkKpxue/XvM3Em6Xw3fpytIGSh9EcqyFr57a0/D TAfGkvX+fcuioRwCPKoLwnpH5KweKFY7K+6iTPfQrtZrHkeJN0H7+AowhnX9KSFVWB7N BAAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r17si3591870otq.138.2020.03.20.14.33.02; Fri, 20 Mar 2020 14:33:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727154AbgCTV2q (ORCPT + 99 others); Fri, 20 Mar 2020 17:28:46 -0400 Received: from mga01.intel.com ([192.55.52.88]:48429 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726801AbgCTV2p (ORCPT ); Fri, 20 Mar 2020 17:28:45 -0400 IronPort-SDR: 0ipUewx6+zIQBPiXVQD1qgMqrFy4zt+4IqsFRdj4uDwsAj3vZLitDYTaBTWWiFGWzdGQ05pW5E BMu6P2a1CFfQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Mar 2020 14:28:44 -0700 IronPort-SDR: fOUdOCVPOd9Y/euvkM9selB/KqaDxpYao/cv4Z0YvWhCl4SeisZogmRTBqP1Ulxhv10c1yj8lc R0/JyD6v6XOA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,286,1580803200"; d="scan'208";a="269224409" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.202]) by fmsmga004.fm.intel.com with ESMTP; 20 Mar 2020 14:28:44 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Ben Gardon , Junaid Shahid , Liran Alon , Boris Ostrovsky , John Haxby , Miaohe Lin , Tom Lendacky Subject: [PATCH v3 04/37] KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT Date: Fri, 20 Mar 2020 14:28:00 -0700 Message-Id: <20200320212833.3507-5-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200320212833.3507-1-sean.j.christopherson@intel.com> References: <20200320212833.3507-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Junaid Shahid Free all roots when emulating INVVPID for L1 and EPT is disabled, as outstanding changes to the page tables managed by L1 need to be recognized. Because L1 and L2 share an MMU when EPT is disabled, and because VPID is not tracked by the MMU role, all roots in the current MMU (root_mmu) need to be freed, otherwise a future nested VM-Enter or VM-Exit could do a fast CR3 switch (without a flush/sync) and consume stale SPTEs. Fixes: 5c614b3583e7b ("KVM: nVMX: nested VPID emulation") Signed-off-by: Junaid Shahid [sean: ported to upstream KVM, reworded the comment and changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 9624cea4ed9f..bc74fbbf33c6 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5250,6 +5250,20 @@ static int handle_invvpid(struct kvm_vcpu *vcpu) return kvm_skip_emulated_instruction(vcpu); } + /* + * Sync the shadow page tables if EPT is disabled, L1 is invalidating + * linear mappings for L2 (tagged with L2's VPID). Free all roots as + * VPIDs are not tracked in the MMU role. + * + * Note, this operates on root_mmu, not guest_mmu, as L1 and L2 share + * an MMU when EPT is disabled. + * + * TODO: sync only the affected SPTEs for INVDIVIDUAL_ADDR. + */ + if (!enable_ept) + kvm_mmu_free_roots(vcpu, &vcpu->arch.root_mmu, + KVM_MMU_ROOTS_ALL); + return nested_vmx_succeed(vcpu); } -- 2.24.1