Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3627186pxk; Tue, 29 Sep 2020 01:49:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjDmK44uE27W/IUAT3hPDpN3zykBBGEDXi0SOB5ubIUrfK2wDUv/n5aK5CEj/7ec8kWsK7 X-Received: by 2002:a17:907:72c2:: with SMTP id du2mr2898408ejc.512.1601369359422; Tue, 29 Sep 2020 01:49:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601369359; cv=none; d=google.com; s=arc-20160816; b=XPJmKAlirazw2opZODCmwaqVar+arrmHfUDryhgVMBIynDUCXOO2Ij4WtkcHQ6ZuK8 TbhXLesi+2zs86/P8uoRE6o+nSSBLfGRuOwihNg5FK90IVn+VEl4ugYjokIpllJ5F0hd vWILE13VgV9frQp6KMZxn3Rxjl4tLpw14Pbi776YUv/8sowzETbUtnSOAHnvEdl1GGpa p3ucjdHGJC49mQgFVTRwudLDzKQJINXYBWicJgdcvYlaBxyx2QkDi7Fm7n/jFMPa3AFL 3b3CQ61agm1+hW+n6DGY1r3RXLsf7L5xpVPLobaABsuvC5nnqrmf1V3v789eRZNwJGNq ifSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=tqasPU0VTgDOjftRYb33fkCM/mcGSCP5hFAdcfFu3Qs=; b=Pq9xFtjeFdggkImuag0s9UfZRD1Z3DHbNFZ84ThkJEDaUMobsV+2q9s4C5ksXT7MHi kDQUw9qZxy5qqJWnKv0Y9SwWjR+DVS3YtdaRHqDnPFbXjtVbz+9QWfgorlhR3o8rnBC2 dXt/9w7GZ5NOxTuSYc6/UBeA29r0db4CrBCGGJVI6R3hfIMu4BkM1ZgwmfcDTtJz5YEp ii95AQJvVIV3qFYVmWt1BixErjTqJc0c8BZFvLwF3DEuu3lmRQb6jYJnu38le5XGS6Wc QkCrg9UdjWujaj6XRWLzBgZwrfZUruRfj4Oc7DgyUMf2z7b20aPADUfxWKngasZhw5Yn ESZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h4jfakIb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b2si2543788edf.162.2020.09.29.01.48.56; Tue, 29 Sep 2020 01:49:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=h4jfakIb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727843AbgI2IqN (ORCPT + 99 others); Tue, 29 Sep 2020 04:46:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39610 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725372AbgI2IqK (ORCPT ); Tue, 29 Sep 2020 04:46:10 -0400 Received: from mail-il1-x143.google.com (mail-il1-x143.google.com [IPv6:2607:f8b0:4864:20::143]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B281C061755; Tue, 29 Sep 2020 01:46:10 -0700 (PDT) Received: by mail-il1-x143.google.com with SMTP id y2so4098240ila.0; Tue, 29 Sep 2020 01:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tqasPU0VTgDOjftRYb33fkCM/mcGSCP5hFAdcfFu3Qs=; b=h4jfakIbLmtoIZQgwfODLpQOqZ0D/JGDiYXFXyAr0LUfWzYyrEq3Cy+ZLYglTWamnm cB3/fOLECvQ8m1qVZM7ym0vkm+us7YSrLOX0nkaCiqQJe8IQQnY+HSLqh4SMURBiY2XQ 8TAYDbfs2tbezgMkMwFslBpqEB93TmQjWEB5+fSNjbn+JzCqDqpQcBjCEbaZpRgc5PjU 8joKadQFZj/bS3e1reM1Tjg89620OIUbmLOM0kYu7ivMRM3IUQ56+hc5FfifoIX/zaC0 7X1fmVpX0JWXAzrgKbtcGUUJSBJQWSAlps0Wwh4qkjEbAZYK1sZ1lnHVqu7ZC11WFzUw cu+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tqasPU0VTgDOjftRYb33fkCM/mcGSCP5hFAdcfFu3Qs=; b=PNMqjTq8Y8NwdKyzo3DFoXK5Mm/AE4npqXP62DNKPI89sCFSqr2l4ivcqFMLDyJEQJ YgTc9LVYkDo46OU/CCAiY4v3AvhXiRGsSINFfxG33fCY0N5WnJq4wJx4LsqcS/sGcFYj AvWDEIlc9psWCswHpaX4XilsP7I7+Z7V4lgNOWSWc3UCfbkEK5OYJi4QUVVcgOv+dquI RxfnU0bNivmr6x2bz1cftoO9J2HBQ9jxINRzeRBXwFL8cikJLS7bP1+1e19ho3gxVk1i edd3beZ2FigouL44wU+zS1jNH7bR3Qc7UqCHJrd42cTVzN9qfpX8i9b8+bL93RixYhzN MdwQ== X-Gm-Message-State: AOAM5332Iwh6eWinzRbTaZH+LcVkDkLgZFTwGHf60kokmpabiO8GyWLY MIEmXvyQrENiADOgZSlOSGoTfdHiv8c+odnyvrs= X-Received: by 2002:a05:6e02:13c4:: with SMTP id v4mr1983118ilj.94.1601369169786; Tue, 29 Sep 2020 01:46:09 -0700 (PDT) MIME-Version: 1.0 References: <20200928083047.3349-1-jiangshanlai@gmail.com> <20200928162417.GA28825@linux.intel.com> <20200929083250.GM353@linux.intel.com> In-Reply-To: <20200929083250.GM353@linux.intel.com> From: Lai Jiangshan Date: Tue, 29 Sep 2020 16:45:58 +0800 Message-ID: Subject: Re: [RFC PATCH 1/2] kvm/x86: intercept guest changes to X86_CR4_LA57 To: Sean Christopherson Cc: LKML , kvm@vger.kernel.org, Lai Jiangshan , Yu Zhang , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , "H. Peter Anvin" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 29, 2020 at 4:32 PM Sean Christopherson wrote: > > On Tue, Sep 29, 2020 at 01:32:45PM +0800, Lai Jiangshan wrote: > > On Tue, Sep 29, 2020 at 12:24 AM Sean Christopherson > > wrote: > > > > > > On Mon, Sep 28, 2020 at 04:30:46PM +0800, Lai Jiangshan wrote: > > > > From: Lai Jiangshan > > > > > > > > When shadowpaping is enabled, guest should not be allowed > > > > to toggle X86_CR4_LA57. And X86_CR4_LA57 is a rarely changed > > > > bit, so we can just intercept all the attempts to toggle it > > > > no matter shadowpaping is in used or not. > > > > > > > > Fixes: fd8cb433734ee ("KVM: MMU: Expose the LA57 feature to VM.") > > > > Cc: Sean Christopherson > > > > Cc: Yu Zhang > > > > Cc: Paolo Bonzini > > > > Signed-off-by: Lai Jiangshan > > > > --- > > > > No test to toggle X86_CR4_LA57 in guest since I can't access to > > > > any CPU supports it. Maybe it is not a real problem. > > > > > > > > > Hello > > > > Thanks for reviewing. > > > > > LA57 doesn't need to be intercepted. It can't be toggled in 64-bit mode > > > (causes a #GP), and it's ignored in 32-bit mode. That means LA57 can only > > > take effect when 64-bit mode is enabled, at which time KVM will update its > > > MMU context accordingly. > > > > > > > Oh, I missed that part which is so obvious that the patch > > seems impertinent. > > > > But X86_CR4_LA57 is so fundamental that it makes me afraid to > > give it over to guests. And it is rarely changed too. At least, > > there is no better reason to give it to the guest than > > intercepting it. > > > > There might be another reason that this patch is still needed with > > an updated changelog. > > > > When a user (via VMM such as qemu) launches a VM with LA57 disabled > > in its cpuid on a LA57 enabled host. The hypervisor, IMO, needs to > > intercept guest's changes to X86_CR4_LA57 even when the guest is still > > in the non-paging mode. Otherwise the hypervisor failed to detective > > such combination when the guest changes paging mode later. > > > > Anyway, maybe it is still not a real problem. > > Oof, the above is a KVM bug, though in a more generic manner. All reserved > bits should be intercepted, not just LA57. LA57 is the only affected bit at > the moment, but proper support is needed as the follow-on patch to let the > guest toggle FSGSBASE would introduce the same bug. > > Sadly, fixing this is a bit of a mess. Well, fixing LA57 is easy, e.g. this > patch will do the trick. But actually refreshing the CR4 guest/host mask when > the guest's CPUID is updated is a pain, and that's what's needed for proper > FSGSBASE support. > > I'll send a series, bookended by these two RFC patches, with patches to Thanks for illustrating deep inside. I'm looking forward to the series. > intercept CR4 reserved bits smushed in between. I agree there's no point in > letting the guest write LA57 directly, it's almost literally a once-per-boot > thing. I wouldn't be surprised if intercepting it is a net win (but still > inconsequential), e.g. due to the MMU having to grab CR4 out of the VMCS.