Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3852781pxk; Tue, 29 Sep 2020 07:51:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJznOFNK2uUF9ll/lBnTwmhiqEAJ9RoEAMc3hyOylCAAIWrMn8pyNwKWEh0Nb5TjqVzRDSx2 X-Received: by 2002:a50:ccd2:: with SMTP id b18mr3689095edj.51.1601391103705; Tue, 29 Sep 2020 07:51:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601391103; cv=none; d=google.com; s=arc-20160816; b=NdJcY+EoZcr/Q/9BAErRKHQ/MPwwJBLHGbFpKgMD8beM0N32v89jkchrmUuCyxMMF1 25nqV0BdfmfPlr4TuqZaYcKuhb1wCCv42knYOEP23BAxIh9tUdgj4UMKbLdPMB4E35Yt EFLs9jLq9k7FR+ik+jCbTi2X831ilj1MK1//EzXjqfZMG+dD4jRVLQZPSazFzxARP00L 0sRmO6wGo/ch3Fb8/s49PXnacu9q5D/dg87atFOOEGdXc7wn+jnlpD47AkiNs1OM5PbK um/bkx1UXhWkjUuZAGuUA2OTGQD2xFRO+nQfkO1oR1eHLoPJrdzo+mSkLLGrdBqrFOt3 FGjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=PtRKjvr2xKdnyYEHitFUee6d7Brs/dWCC9MF1YYO3xM=; b=buBmrN7rfer/2GnAft60ABz6Pu6KmITVuMehJZlgAz599dpiGfVvlz2GwWi/WADpAv KbqDIxpOLCyavYryGzoKXkgpSDbfqucTlOXZSF68equ4Bt6s1URcr1aJWzS1uWmVDe1l 0xY8TK4bsCp80r/84lwFRYhX/fLIIhQPNDMZ+wEkfcbG+WiUNjY54k0BSrWXw2vqR2tG bADjYetKnewXp4JP+07ytaUS2W6sGaBnlum86jG0icb0G92FKd09xUTI7ck8Hyq8mvKp ui2oThA+Wm4EXLdIKGzHjU+R3teN+6fYr9Un2MPRwm+JP/Qp7rRnPvEbSY30OGvlZT4L BQtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IksYDtnu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t23si2937029ejs.552.2020.09.29.07.51.20; Tue, 29 Sep 2020 07:51:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=IksYDtnu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731374AbgI2Orf (ORCPT + 99 others); Tue, 29 Sep 2020 10:47:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:26944 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728607AbgI2Orf (ORCPT ); Tue, 29 Sep 2020 10:47:35 -0400 Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1601390853; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PtRKjvr2xKdnyYEHitFUee6d7Brs/dWCC9MF1YYO3xM=; b=IksYDtnuZyRBSML19JirOJP6+HOk2rU69at/CKVG9PYJQ4JUIhC6ZcYpfdXg3+e0CXp6RM B263CjemAjFMfUb6WiP2yJRNrTiQVCPvacxikZfF8S6OkGSOyAijkfYb+W9BqLrcDWX3Vh jIINX5GqxNURNBZntH5E7z26Td0owm4= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-440-y0hbHeegPjmG-GeAtYHLgA-1; Tue, 29 Sep 2020 10:47:31 -0400 X-MC-Unique: y0hbHeegPjmG-GeAtYHLgA-1 Received: by mail-wm1-f69.google.com with SMTP id 73so68748wma.5 for ; Tue, 29 Sep 2020 07:47:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=PtRKjvr2xKdnyYEHitFUee6d7Brs/dWCC9MF1YYO3xM=; b=msdUZv3dOvTXMSuVgqQPWqry9gIDSKUCUCuK3DvlN/f02eUGJsrwsRky8KHfnhLJJL 3C7KZNMNbVW4l8ZC8QrjVH+vW9vMsNw1c+CeHqOvIrADFcnUGeRZCfFYptTbFa/SG6yW oQ/uuYrWbScsDq3Ohpllxvh6FXURO6UOV5CI95DwiqWkUp6vDc11a2au5udPgGtxykm3 7Df3I9TJYCjoozqIJLWaoqDt5/2/vOsqpiluDPXISumwDm6ENVL/PKLUOuJKWK9/mUXT 1vuu+CaD6oLaXqMU4U8ClmV+yh9Zxr3SDV69wBfX0jAdpZgQ/Y1/IEk0CvPhOO+EAVFS wRlg== X-Gm-Message-State: AOAM5321rztylaZK2lcn2XIPRdFLQjMpsruzkbVTGIb6+RnS/N7/lUJ9 phRHQoXV6sg105KzE5aWNl3nWg4qG9XXInP2p+GwTOQRjO5+JOK9l+zRA9qLscOESoUlz+rcp9x QwLArXiWp5LtjVyoudAghVFJc X-Received: by 2002:a1c:9c4b:: with SMTP id f72mr4941945wme.188.1601390850361; Tue, 29 Sep 2020 07:47:30 -0700 (PDT) X-Received: by 2002:a1c:9c4b:: with SMTP id f72mr4941915wme.188.1601390850039; Tue, 29 Sep 2020 07:47:30 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:9dbe:2c91:3d1b:58c6? ([2001:b07:6468:f312:9dbe:2c91:3d1b:58c6]) by smtp.gmail.com with ESMTPSA id t17sm6687615wrx.82.2020.09.29.07.47.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Sep 2020 07:47:28 -0700 (PDT) Subject: Re: [PATCH] KVM: x86: VMX: Make smaller physical guest address space support user-configurable To: Qian Cai , Mohammed Gamal , kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, sean.j.christopherson@intel.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, Stephen Rothwell , linux-next@vger.kernel.org, Linus Torvalds References: <20200903141122.72908-1-mgamal@redhat.com> <1f42d8f084083cdf6933977eafbb31741080f7eb.camel@redhat.com> <2063b592f82f680edf61dad575f7c092d11d8ba3.camel@redhat.com> From: Paolo Bonzini Message-ID: Date: Tue, 29 Sep 2020 16:47:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <2063b592f82f680edf61dad575f7c092d11d8ba3.camel@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 29/09/20 15:39, Qian Cai wrote: > On Tue, 2020-09-29 at 14:26 +0200, Paolo Bonzini wrote: >> On 29/09/20 13:59, Qian Cai wrote: >>> WARN_ON_ONCE(!allow_smaller_maxphyaddr); >>> >>> I noticed the origin patch did not have this WARN_ON_ONCE(), but the >>> mainline >>> commit b96e6506c2ea ("KVM: x86: VMX: Make smaller physical guest address >>> space >>> support user-configurable") does have it for some reasons. >> >> Because that part of the code should not be reached. The exception >> bitmap is set up with >> >> if (!vmx_need_pf_intercept(vcpu)) >> eb &= ~(1u << PF_VECTOR); >> >> where >> >> static inline bool vmx_need_pf_intercept(struct kvm_vcpu *vcpu) >> { >> if (!enable_ept) >> return true; >> >> return allow_smaller_maxphyaddr && >> cpuid_maxphyaddr(vcpu) < boot_cpu_data.x86_phys_bits; >> } >> >> We shouldn't get here if "enable_ept && !allow_smaller_maxphyaddr", >> which implies vmx_need_pf_intercept(vcpu) == false. So the warning is >> genuine; I've sent a patch. > > Care to provide a link to the patch? Just curious. > Ok, I haven't sent it yet. :) But here it is: commit 608e2791d7353e7d777bf32038ca3e7d548155a4 (HEAD -> kvm-master) Author: Paolo Bonzini Date: Tue Sep 29 08:31:32 2020 -0400 KVM: VMX: update PFEC_MASK/PFEC_MATCH together with PF intercept The PFEC_MASK and PFEC_MATCH fields in the VMCS reverse the meaning of the #PF intercept bit in the exception bitmap when they do not match. This means that, if PFEC_MASK and/or PFEC_MATCH are set, the hypervisor can get a vmexit for #PF exceptions even when the corresponding bit is clear in the exception bitmap. This is unexpected and is promptly reported as a WARN_ON_ONCE. To fix it, reset PFEC_MASK and PFEC_MATCH when the #PF intercept is disabled (as is common with enable_ept && !allow_smaller_maxphyaddr). Reported-by: Qian Cai > Signed-off-by: Paolo Bonzini diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f0384e93548a..f4e9c310032a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -794,6 +794,18 @@ void update_exception_bitmap(struct kvm_vcpu *vcpu) */ if (is_guest_mode(vcpu)) eb |= get_vmcs12(vcpu)->exception_bitmap; + else { + /* + * If EPT is enabled, #PF is only trapped if MAXPHYADDR is mismatched + * between guest and host. In that case we only care about present + * faults. For vmcs02, however, PFEC_MASK and PFEC_MATCH are set in + * prepare_vmcs02_rare. + */ + bool selective_pf_trap = enable_ept && (eb & (1u << PF_VECTOR)); + int mask = selective_pf_trap ? PFERR_PRESENT_MASK : 0; + vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, mask); + vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, mask); + } vmcs_write32(EXCEPTION_BITMAP, eb); } @@ -4355,16 +4367,6 @@ static void init_vmcs(struct vcpu_vmx *vmx) vmx->pt_desc.guest.output_mask = 0x7F; vmcs_write64(GUEST_IA32_RTIT_CTL, 0); } - - /* - * If EPT is enabled, #PF is only trapped if MAXPHYADDR is mismatched - * between guest and host. In that case we only care about present - * faults. - */ - if (enable_ept) { - vmcs_write32(PAGE_FAULT_ERROR_CODE_MASK, PFERR_PRESENT_MASK); - vmcs_write32(PAGE_FAULT_ERROR_CODE_MATCH, PFERR_PRESENT_MASK); - } } static void vmx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)