Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1158481ybb; Fri, 20 Mar 2020 14:33:47 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuunaAom5ChDSo0njfdfrlilUb1vsD8yTeU7/tUBNFRHIKaMReyNfJwk8/oPdFX9GOj6JkV X-Received: by 2002:aca:c390:: with SMTP id t138mr8008202oif.117.1584740027799; Fri, 20 Mar 2020 14:33:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584740027; cv=none; d=google.com; s=arc-20160816; b=kb5U1qhn+0k64DPRAZtGfZ/PG0SMqaBGjtBg9dIH3oyrX/zlfFItIaKVbiliCAaNJL canbAi/vFM2di7RbBN6OZadePuM5H2PRo/FDMlgh7w+CZhEmaaw3NMIsxzNOK/qOllVC nV50iAAAZ/lp50eK8yVdkRubLS8VVWu7jfClWNlRRK880hULbTjRDkMUec3N66LDtERP tIFWXw+4JpTaaInlThMnRLDsVuu8NToHhG47LlRSPvKt3SPSSs5ONmaYtZGcfZCJWUX4 sioQLdkW6cmBP7NCaB1yR4VF9qusIP4fbPWCf0ghVZmPh6nHkDRsE/1OYMy3C4w13pcm OcQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=7OpL91I4/LTBO6KlrOajiEM1WNbJELfmzntbfeReQBk=; b=QfcuOkZDN9aHKtekLN/NFrRXHT3Lat0yhDhwC6pAC5+Z5gvE7Pw9w7e6hzRT72oB4p XR+7zMkkClHKfihOR5WIJJnyRZcStPApF1czB1ZaDJxkrQVo84aBcu7kZFoU4ChFyYnB 3txAYSa8AQjAofF70wtxBzJzY4PwsjjWT3oIhSR6sVodiEIMHin6ph8AvBnsS/VEE6bG T3miAhiYZqtzMMYH5jiKIJDSVmbOgFrQPVkrjXGfXKQETmEihkmOBIQzw1QLFG25eciF pQt4R9mTs1TIvu7MKhsNbFOx2h6JeJ6QewPVSa+9DhmW5Vv4HrezBDmmfWQyFyJKwOIH ghnw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y9si3673717oia.47.2020.03.20.14.33.35; Fri, 20 Mar 2020 14:33:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727708AbgCTVbp (ORCPT + 99 others); Fri, 20 Mar 2020 17:31:45 -0400 Received: from mga01.intel.com ([192.55.52.88]:48428 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726997AbgCTV2o (ORCPT ); Fri, 20 Mar 2020 17:28:44 -0400 IronPort-SDR: tnL6tuAWNevl0qJiqtU2E0A/1l2fWbHkkfUUlzqhF9mIyBhT3csFq2t6n7gBbVepIpm6f8xqxd Ba18/J4IOfDg== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Mar 2020 14:28:44 -0700 IronPort-SDR: GgzhgFJ4XUl5noxICaWa2SN0uxpcn1W6h3igoCoQQ8L+cl+A/zk9pac6Qip3Q1JpBZux4IzanA 0YvTWbv4RuWA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,286,1580803200"; d="scan'208";a="269224402" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.202]) by fmsmga004.fm.intel.com with ESMTP; 20 Mar 2020 14:28:43 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Ben Gardon , Junaid Shahid , Liran Alon , Boris Ostrovsky , John Haxby , Miaohe Lin , Tom Lendacky Subject: [PATCH v3 03/37] KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 Date: Fri, 20 Mar 2020 14:27:59 -0700 Message-Id: <20200320212833.3507-4-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200320212833.3507-1-sean.j.christopherson@intel.com> References: <20200320212833.3507-1-sean.j.christopherson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Free all L2 (guest_mmu) roots when emulating INVEPT for L1. Outstanding changes to the EPT tables managed by L1 need to be recognized, and relying on KVM to always flush L2's EPTP context on nested VM-Enter is dangerous. Similar to handle_invpcid(), rely on kvm_mmu_free_roots() to do a remote TLB flush if necessary, e.g. if L1 has never entered L2 then there is nothing to be done. Nuking all L2 roots is overkill for the single-context variant, but it's the safe and easy bet. A more precise zap mechanism will be added in the future. Add a TODO to call out that KVM only needs to invalidate affected contexts. Fixes: b119019847fbc ("kvm: nVMX: Remove unnecessary sync_roots from handle_invept") Reported-by: Jim Mattson Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/nested.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index f3774cef4fd4..9624cea4ed9f 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -5160,12 +5160,12 @@ static int handle_invept(struct kvm_vcpu *vcpu) if (!nested_vmx_check_eptp(vcpu, operand.eptp)) return nested_vmx_failValid(vcpu, VMXERR_INVALID_OPERAND_TO_INVEPT_INVVPID); + + /* TODO: sync only the target EPTP context. */ fallthrough; case VMX_EPT_EXTENT_GLOBAL: - /* - * TODO: Sync the necessary shadow EPT roots here, rather than - * at the next emulated VM-entry. - */ + kvm_mmu_free_roots(vcpu, &vcpu->arch.guest_mmu, + KVM_MMU_ROOTS_ALL); break; default: BUG_ON(1); -- 2.24.1