Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp726182ybt; Fri, 10 Jul 2020 10:44:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqKp9iFGbhm0dAjXoSRL5fEMJAKTJc8sJmDHsjmqXGdCWML0mQSW8wGt1cZ7SL0ERV2wt4 X-Received: by 2002:a17:906:4b46:: with SMTP id j6mr12845161ejv.403.1594403094775; Fri, 10 Jul 2020 10:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594403094; cv=none; d=google.com; s=arc-20160816; b=wgOk7zPZC9JMHLOn6c0ngCmfyZAZKGQHhL/dyBiwTfVwt/jYKnjxCNGdNArC+HtwWV OZ0UZbnu1bBI9aVVeos0T0WfxS2t7Rv1M1NqlkznN0mu++OHdDBvMzwMQDUlr3tqx7Zh ulYFbStVFdVbfvoWSR+s7RljX6HIrRynyipUceEnvtJ9WeUKipPrRFunqkndqaWYgYkQ zT88E+Gx8raKQVs9SaNeFqC647eW35jr3fs5KRsa4+PufKKtUHiZekufJ/dNcWp9vkUH KOxNUMVFBUNDN0Rk2ZA63KudZZ/xlbEoMBM4oEqTGO0t0Rj9SNMl/iGh/mkXk6qjUqY7 JpfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=7T4TcT2qNwd8q//O8oeeKh44NiN7UalnMtay1RITTRY=; b=nxGgsXxBemHatBxz29wa9H96XbptnOSGjUCd5ffsIbvshW5zwqjrnDdERlcwPHtkb9 bnJgW6wrU6WF+RHgMmvS9cW8xf46ykSrgoqe2k/Nt1uflcAGDw3I/G3QjsVKKT2hcbTj 4Eka+enF6XYimHle6RYiwxPbpvy5PKs5F3I42Xy6f7SrOx3GWPlRel6MVPUwb/qz9GXv kTGymNzUiHv5G1uIyE01PXhTVipOOg1CRoIvifitgfTfeur8Lnkbaid9TcaVE3LL0IeT GB6JxEK7sUSZxFcBebXf1cJx+ckUksGDWjt2m9Qm/L0yPP4QOXacFB2BhFDR/jxhzwf4 y+qg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gqZnUZmj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u6si4142919ejt.460.2020.07.10.10.44.31; Fri, 10 Jul 2020 10:44:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=gqZnUZmj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728386AbgGJRlc (ORCPT + 99 others); Fri, 10 Jul 2020 13:41:32 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:54934 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728262AbgGJRlb (ORCPT ); Fri, 10 Jul 2020 13:41:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1594402890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7T4TcT2qNwd8q//O8oeeKh44NiN7UalnMtay1RITTRY=; b=gqZnUZmjM2Fe/lT5G3swUzgeTIQsfDOiRI/HRNfwlY6opG0Q9ftbQvZunTZmajzvnGr/VD gHSqnY+2AYA2+CbONUypNhqEIHuCr3qS9yUjZuekwwI7rDtO78f4znfTKOpD9KPLK7iMxc BVbocoi4KfhfHuqFwvqU7FHlAdEUBTU= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-68-XF3EN_DgO9ukbKDmKDmI3g-1; Fri, 10 Jul 2020 13:41:28 -0400 X-MC-Unique: XF3EN_DgO9ukbKDmKDmI3g-1 Received: by mail-wr1-f71.google.com with SMTP id z1so6677234wrn.18 for ; Fri, 10 Jul 2020 10:41:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7T4TcT2qNwd8q//O8oeeKh44NiN7UalnMtay1RITTRY=; b=mCLjvBSWCqos+PbTvk0vrRr6G0ddzUTzn2tslecndYbfnUBiU/hkkCgke7DajNxDAd SZNbu6EJECSklmKKeQh8kMPUpkYqVD1TJllmFlQa2aPGc/Yj714/sZVxNBukVf7OataC ESWuxuXbd12GT8tfx/GT9ysVZePEwMdqHQxqAZuxV8Hvp1LoUBsA6zjY6BUDfsDtF9su MoMLFdw6xssWQpL3BYKXwqA7Vp/9OxjMTk4zbupoB6XH5n/AWhsARG7yhVuoPq57A6p/ QG5oaWKWuyffRV2kcKsnV1LxL3/xOiw7uxLoz3Wxo3+dKVTBzSfGxCoSfjm3i/nmVo9h X71w== X-Gm-Message-State: AOAM531EyhBJNNy/yvGzVlMZ1P40ulmCrCzQtSmVYQT7LVmo3ujZeg6r UmvwtYFsfPJv09FBMzqnpBa4qkNqRoZpJQsLRqGNLavBfQ3/LMr4hitDiXKmgUo0t7aqfoNLYgl 8WWTPbzgRk92iwb2lUjL5xouj X-Received: by 2002:adf:ded2:: with SMTP id i18mr69328398wrn.109.1594402887030; Fri, 10 Jul 2020 10:41:27 -0700 (PDT) X-Received: by 2002:adf:ded2:: with SMTP id i18mr69328381wrn.109.1594402886824; Fri, 10 Jul 2020 10:41:26 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:9541:9439:cb0f:89c? ([2001:b07:6468:f312:9541:9439:cb0f:89c]) by smtp.gmail.com with ESMTPSA id j14sm11250889wrs.75.2020.07.10.10.41.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 10 Jul 2020 10:41:26 -0700 (PDT) Subject: Re: [PATCH v3 3/9] KVM: x86: mmu: Add guest physical address check in translate_gpa() To: Mohammed Gamal , kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, vkuznets@redhat.com, sean.j.christopherson@intel.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org References: <20200710154811.418214-1-mgamal@redhat.com> <20200710154811.418214-4-mgamal@redhat.com> From: Paolo Bonzini Message-ID: <2cb33bf8-f4f9-6a5b-ca72-d2dbcafc436d@redhat.com> Date: Fri, 10 Jul 2020 19:41:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20200710154811.418214-4-mgamal@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/07/20 17:48, Mohammed Gamal wrote: > In case of running a guest with 4-level page tables on a 5-level page > table host, it might happen that a guest might have a physical address > with reserved bits set, but the host won't see that and trap it. > > Hence, we need to check page faults' physical addresses against the guest's > maximum physical memory and if it's exceeded, we need to add > the PFERR_RSVD_MASK bits to the PF's error code. > > Also make sure the error code isn't overwritten by the page table walker. > New commit message: KVM: x86: mmu: Add guest physical address check in translate_gpa() Intel processors of various generations have supported 36, 39, 46 or 52 bits for physical addresses. Until IceLake introduced MAXPHYADDR==52, running on a machine with higher MAXPHYADDR than the guest more or less worked, because software that relied on reserved address bits (like KVM) generally used bit 51 as a marker and therefore the page faults where generated anyway. Unfortunately this is not true anymore if the host MAXPHYADDR is 52, and this can cause problems when migrating from a MAXPHYADDR<52 machine to one with MAXPHYADDR==52. Typically, the latter are machines that support 5-level page tables, so they can be identified easily from the LA57 CPUID bit. When that happens, the guest might have a physical address with reserved bits set, but the host won't see that and trap it. Hence, we need to check page faults' physical addresses against the guest's maximum physical memory and if it's exceeded, we need to add the PFERR_RSVD_MASK bits to the page fault error code. This patch does this for the MMU's page walks. The next patches will ensure that the correct exception and error code is produced whenever no host-reserved bits are set in page table entries. Paolo