Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3883534ybb; Mon, 23 Mar 2020 09:26:09 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsFqaYwtgzTqw3FDR4ehK1VqO1Wn4X7LKsuIUOSd9M5rC5s01LAh4zdLWD/g+/lNirMzqU1 X-Received: by 2002:aca:646:: with SMTP id 67mr132771oig.4.1584980769252; Mon, 23 Mar 2020 09:26:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584980769; cv=none; d=google.com; s=arc-20160816; b=rjgUbfm2WlOPtCTej6x8taiEMTyvFCObxgWGFzwI2yt3tx490xN8DEtJ2YXMz3l9t4 bkL1DtyPLz6ZIpTXgE1OGFnz0JMB+0WisFCCq5Dc46mYGIgJNwqQMjabH/MvGAy3mpc1 P7Mn4W4m8Y1voUZZibwrp179iAUT6gIE4MCmK44cKmOeG5nBwc63x4upPE8MYto9YsZv pAXu4u+x5BTSSe2Z1b7QhRDLQ/xPUPL0ny/WibES28w+DwfiXN1jXyTnVn8o70HzbIek RiM4td/RcBfYFGNerKWUpXoICEC3f7FqPHb9w1fNTsXqNZ/V9ULeVzhUPenJZ8fVUFq0 6r8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=szMpm1YHgB+ek/GLf0Q9znil+A6chCIsHv9XnjC6wnU=; b=ffEjpr9ipwLjF3KP4VIxYy0dk++57KJUMlgQb6jgjd94uNcmrMykaPbX/+wmoBEkbr x+f0Te0AEWaLNA9eUIQlZvKsKyVCMTXbIXkmtkPZNsEmXxUEIOVkhGIzRbV1EOCE2DTj RTJfQAAEFM3E0D1XzQUTiAAwyZcfTMeqZg/YeI5sY2XarKacgtQmQzX6AwtEubMqpx9+ wCrcqz1Cu2GCJAYT67bo9fq2U96rufS68LYcjZRb3YJre0A97dqQ5R9k2keJWm8j8V94 JsOrOmUr2cgAUOKO/zB3twTjztCkBsyOwRwYV+7IuUWuCX+RwKoaxcWl2/37ux7E0Mj2 koFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hK+AE+H5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m126si7301128oig.177.2020.03.23.09.25.53; Mon, 23 Mar 2020 09:26:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=hK+AE+H5; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727445AbgCWQYi (ORCPT + 99 others); Mon, 23 Mar 2020 12:24:38 -0400 Received: from mail-io1-f65.google.com ([209.85.166.65]:44399 "EHLO mail-io1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727318AbgCWQYi (ORCPT ); Mon, 23 Mar 2020 12:24:38 -0400 Received: by mail-io1-f65.google.com with SMTP id v3so14711920iot.11 for ; Mon, 23 Mar 2020 09:24:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=szMpm1YHgB+ek/GLf0Q9znil+A6chCIsHv9XnjC6wnU=; b=hK+AE+H5QEe79Ixitmvqv2R3HJWBBiY+uk5cy6vqPzyp6RRYzVKOY1yI6KN9ITyiDl rHVf7JZXS+6XiwgQCmg3Qk2K1zUoxMyRqBFZO3ShH1a3vIdyQ+6ui55W9Y1WgD3AV80G 4FsIYQ8PNslp31hPnLuC/M29GplL1v6q7549yAHCOdLUNCM3bnev4A1n4NRGDqdRa545 jBfx/r7xmzNAVda7gngzIjz/zjmlf8NcJIDD4XIh8IBejiDVjZiV5/uq3gvdYBdrCkwU ubfJWq5Vz0UltwxYBvtUqzhL7INCSnCsNez4NvSYbOz0WVZiGmzDeC8oHxHfnt+qkbHc A8Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=szMpm1YHgB+ek/GLf0Q9znil+A6chCIsHv9XnjC6wnU=; b=W/frVIw6/YO9qcqLx/eaKqXeZP8Be6v4nQOkgpdUQTUuLNYwxBa3d/PdOX/mEwWLPD eNjO52F1yfZdtufTG27AMxx9Kb7GqTMWzl6kl0YHoUcYvF7nA5xl7afYfr/SHVEXYZap HOULXgGwzDXQk+FV0P4KOIWvqzgxKM072cTOBywYLYo3Q2YSLqYMNxSu0AZo1jBUk3U9 EZaIykriJaxmriBHwocJhFif+6Oz4+VbZti2mKtt/pxrfwWKozzef8d5PS15/PIQFgRN +D40aSeSBEDVq5TDaX6zLgdoMd4iRndqUqY4ChvwdD8HdpBtZSUMoWQ033bmtVTvfFHW X5NQ== X-Gm-Message-State: ANhLgQ1WrUhC+UaV/aMPDNx2wRt0+urltz5PzW3nsiVJp4rehEpS7Ecb QBLcxfeTE3PoWZW1t/a6EojQXgqPwy30n6Dae0NQvA== X-Received: by 2002:a6b:c408:: with SMTP id y8mr2864354ioa.12.1584980676836; Mon, 23 Mar 2020 09:24:36 -0700 (PDT) MIME-Version: 1.0 References: <20200320212833.3507-1-sean.j.christopherson@intel.com> <20200320212833.3507-4-sean.j.christopherson@intel.com> In-Reply-To: <20200320212833.3507-4-sean.j.christopherson@intel.com> From: Jim Mattson Date: Mon, 23 Mar 2020 09:24:25 -0700 Message-ID: Subject: Re: [PATCH v3 03/37] KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm list , LKML , Ben Gardon , Junaid Shahid , Liran Alon , Boris Ostrovsky , John Haxby , Miaohe Lin , Tom Lendacky Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 20, 2020 at 2:29 PM Sean Christopherson wrote: > > Free all L2 (guest_mmu) roots when emulating INVEPT for L1. Outstanding > changes to the EPT tables managed by L1 need to be recognized, and > relying on KVM to always flush L2's EPTP context on nested VM-Enter is > dangerous. > > Similar to handle_invpcid(), rely on kvm_mmu_free_roots() to do a remote > TLB flush if necessary, e.g. if L1 has never entered L2 then there is > nothing to be done. > > Nuking all L2 roots is overkill for the single-context variant, but it's > the safe and easy bet. A more precise zap mechanism will be added in > the future. Add a TODO to call out that KVM only needs to invalidate > affected contexts. > > Fixes: b119019847fbc ("kvm: nVMX: Remove unnecessary sync_roots from handle_invept") The bug existed well before the commit indicated in the "Fixes" line.